Open
Conversation
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
335ccd7 to
8190a09
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
8190a09 to
c8f3b15
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
c8f3b15 to
0081a26
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
0081a26 to
93d72cb
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
93d72cb to
8386923
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
8386923 to
76aa4ff
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
76aa4ff to
631a731
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
631a731 to
536f650
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
536f650 to
2c32c67
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
2c32c67 to
9c8f3b0
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
9c8f3b0 to
e1f0fbd
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
e1f0fbd to
58d57df
Compare
renovate
bot
force-pushed
the
renovate/npm-6.x
branch
from
58d57df to
0c0ca1c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.10.10->6.14.8Release Notes
npm/cli
v6.14.8Compare Source
BUG FIXES
9262e8c88#1575
npm install --dev deprecation message
(@sandratatarevicova)
765cfe0bc#1658
remove unused broken require
(@aduh95)
4e28de79a#1663
Do not send user secret in the referer header
(@assapir)
DOCUMENTATION
8abdf30c9#1572
docs: add missing metadata in semver page
(@tripu)
8cedcca46#1614
Node-gyp supports both Python and legacy Python
(@cclauss)
DEPENDENCIES
a303b75fdupdate-notifier@2.5.0c48600832npm-registry-fetch@4.0.7a6e9fc4dfmeant@1.0.2:v6.14.7Compare Source
BUG FIXES
de5108836#784 npm explore spawn shell correctly (@jasisk)36e6c01d3git tag handling regression on shrinkwrap (@claudiahdz)1961c9369#288 Fix package id in shrinkwrap lifecycle step output (@bz2)87888892a#1009 gracefully handle error during npm install (@danielleadams)6fe2bdc25#1547 npm ls --parseable --long output (@ruyadorno)DEPENDENCIES
2d78481c7update mkdirp on tacks (@claudiahdz)4e129d105uninstall npm-registry-couchapp (@claudiahdz)8e1869e27update marked dev dep (@claudiahdz)6a6151f37libnpx@10.2.4(@claudiahdz)dc21422ebbin-links@1.1.8(@claudiahdz)d341f88cegentle-fs@2.3.1(@claudiahdz)3e168d49blibcipm@4.0.8(@claudiahdz)6ae942a51npm-audit-report@1.3.3(@claudiahdz)6a35e3deenpm-lifecycle@3.1.5(@claudiahdz)v6.14.6Compare Source
BUG FIXES
a9857b8f6chore: remove auth info from logs (@claudiahdz)b7ad77598#1416 fix: wrongnpm doctorcommand result (@vanishcode)DEPENDENCIES
94eca6377npm-registry-fetch@4.0.5(@claudiahdz)c49b6ae28#1418spdx-license-ids@3.0.5(@kemitchell)DOCUMENTATION
2e052984b#1459
chore(docs): fixed links to cli commands (@claudiahdz)
0ca3509ca#1283 Update npm-link.md (@peterfich)
3dd429e9a#1377
Add note about dropped
*filenames (@maxwellgerber)9a2e2e797#1429 Fix typo (@seanpoulter)
v6.14.5Compare Source
BUG FIXES
33ec41f18#758 fix: relativize file links when inflating shrinkwrap (@jsnajdr)94ed456df#1162 fix: npm init help output (@mum-never-proud)DEPENDENCIES
5587ac01fnpm-registry-fetch@4.0.4fc5d94c39fix: removed default timeout07a4d8884graceful-fs@4.2.48228d1f2emkdirp@0.5.5e6d208317nopt@4.0.3v6.14.4Compare Source
DEPENDENCIES
minimist@1.2.5transitive dep to resolve security issue9c554fd8cupdate-notifier@2.5.0deep-extend@1.2.5deep-extend@0.6.0is-ci@1.2.1is-retry-allowed@1.2.0rc@1.2.8registry-auth-token@3.4.0widest-line@2.0.1136832dcamkdirp@0.5.48bf99b2b5#1053 deps: updates term-size to use signed binaryd2f08a1bdb(@rvagg)v6.14.3Compare Source
DOCUMENTATION
4ad221487#1020 docs(teams): updated team docs to reflect MFA workflow (@blkdm0n)4a31a4ba2#1034 docs: cleanup (@ruyadorno)0eac801cd#1013 docs: fix links to cli commands (@alenros)7d8e5b99c#755 docs: correction tonpm update -gbehaviour (@johnkennedy9147)DEPENDENCIES
e11167646mkdirp@0.5.3c5b97d17dfix: bumpminimistdep to resolve security issue (@isaacs)c50d679c6rimraf@2.7.1a2de99ff9npm-registry-mock@1.3.1217debeb9npm-registry-couchapp@2.7.4v6.14.2Compare Source
DOCUMENTATION
f9248c0be#730 chore(docs): update unpublish docs & policy reference (@nomadtechie, @mikemimik)DEPENDENCIES
909cc3918hosted-git-info@2.8.8(@darcyclarke)5038b1891fix: regression in old node versions w/ respect to url.URL implmentation9204ffa58npm-profile@4.0.4(@isaacs)6bcf0860afix: treat non-http/https login urls as invalid0365d39bdglob@7.1.6(@isaacs)dab030536node-gyp@5.1.0(@rvagg)v6.14.1Compare Source
303e5c11ehosted-git-info@2.8.7Fixes a regression where scp-style git urls are passed to the WhatWG URL
parser, which does not handle them properly.
(@isaacs)
v6.14.0Compare Source
FEATURES
30f170877#731 add support for multiple funding sources (@ljharb & @ruyadorno)BUG FIXES
55916b130#508 fix: checknpm.configbefore accessing its members (@kaiyoma)7d0cd65b2#733 fix: access grant with unscoped packages (@netanelgilad)28c3d40d6,0769c5b20#945, #697 fix: allow new major versions of node to be automatically considered "supported" (@isaacs, @ljharb)DEPENDENCIES
6f39e93hosted-git-info@2.8.6(@darcyclarke)f14b594eechownr@1.1.4(@isaacs)77044150bnpm-packlist@1.4.8(@isaacs)1d112461anpm-registry-fetch@4.0.3(@isaacs)ba8b4fefix: always bypass cache when ?write=truea47fed760readable-stream@3.6.03bbf2d6fix: babel's "loose mode" class transform enbrittles BufferList (@ljharb)DOCUMENTATION
284c1c055,fbb5f0e50#729 update lifecycle hooks docs(@seanhealy, @mikemimik)
1c272832d#787 fix: trademarks typo (@dnicolson)f6ff41776#936 fix: postinstall example (@ajaymathur)373224b16#939 fix: bad links in publish docs (@vit100)MISCELLANEOUS
85c79636d#736 add script to update dist-tags (@mikemimik)v6.13.7Compare Source
BUG FIXES
7dbb91438#655
Update CI detection cases
(@isaacs)
DEPENDENCIES
0fb1296c7libnpx@10.2.2(@mikemimik)
c9b69d569node-gyp@5.0.7(@mikemimik)
e8dbaf452bin-links@1.1.7(@mikemimik)
v6.13.6Compare Source
DEPENDENCIES
6dba897a1pacote@9.5.12:d2f4176fix(git): Do not drop uid/gid when executing in root-owned directory
(@isaacs)
v6.13.5Compare Source
BUG FIXES
fd0a802ec#550 Fix cache location fornpm ci(@zhenyavinogradov)4b30f3cca#648 fix(version): using 'allow-same-version', git commit --allow-empty and git tag -f (@rhengles)TESTING
e16f68d30test(ci): add failing cache config test (@ruyadorno)3f009fbf2#659 test: fix bin-overwriting test on Windows (@isaacs)43ae0791f#601 ci: Allow builds to run even if one fails (@XhmikosR)4a669bee4#603 Remove the unused appveyor.yml (@XhmikosR)9295046ac#600 ci: switch toactions/checkout@v2(@XhmikosR)DOCUMENTATION
f2d770ac7#569 fix netlify publish path config (@claudiahdz)462cf0983#627 update gatsby dependencies (@felixonmars)6fb5dbb72#532 docs: clarify usage of global prefix (@jgehrcke)
v6.13.4Compare Source
v6.13.3Compare Source
DEPENDENCIES
19ce061a2bin-links@1.1.5Properly normalize, sanitize, and verifybinentriesin
package.json.59c836aaenpm-packlist@1.4.7fb4ecd7d2pacote@9.5.115f33040#476
npm/pacote#22
npm/pacote#14 fix: Do not
drop perms in git when not root (isaacs,
@darcyclarke)
6f229f7sanitize and normalize package bin field
(isaacs)
1743cb339read-package-json@2.1.1v6.13.2Compare Source
BUG FIXES
4429645b3#546
fix docs target typo
(@richardlau)
867642942#142
fix(packageRelativePath): fix 'where' for file deps
(@larsgw)
d480f2c17#527
Revert "windows: Add preliminary WSL support for npm and npx"
(@craigloewen-msft)
e4b97962e#504
remove unnecessary package.json read when reading shrinkwrap
(@Lighting-Jack)
1c65d26ac#501
fix(fund): open url for string shorthand
(@ruyadorno)
ae7afe565#263
Don't log error message if git tagging is disabled
(@woppa684)
4c1b16f6a#182
Warn the user that it is uninstalling npm-install
(@Hoidberg)
v6.13.1Compare Source
BUG FIXES
938d6124d#472
fix(fund): support funding string shorthand
(@ruyadorno)
b49c5535b#471
should not publish tap-snapshot folder
(@ruyadorno)
3471d5200#253
Add preliminary WSL support for npm and npx
(@infinnie)
3ef295f23#486
print quick audit report for human output
(@isaacs)
TESTING
dbbf977ac#278
added workflow to trigger and run benchmarks
(@mikemimik)
b4f5e3825#457
feat(docs): adding tests and updating docs to reflect changes in registry teams API.
(@nomadtechie)
454c7dd60#456
fix git configs for git 2.23 and above
(@isaacs)
DOCUMENTATION
b8c1576a430b013ae826c1b2ef69f943a765c0346b1588e09d5ad64a2f551ee87d67258c5c3b32722b150eaeff7555a743cb89423e2f#463
#285
#268
#232
#485
#453
docs cleanup: typos, styling and content
(@claudiahdz)
(@XhmikosR)
(@mugli)
(@brettz9)
(@mkotsollaris)
DEPENDENCIES
661d86cd2make-fetch-happen@5.0.2(@claudiahdz)
v6.13.0Compare Source
NEW FEATURES
4414b06d9#273
add fund command
(@ruyadorno)
DOCUMENTATION
ae4c74d04#274
migrate existing docs to gatsby
(@claudiahdz)
4ff1bb180#277
updated documentation copy
(@oletizi)
BUG FIXES
e4455409f#281
delete ps1 files on package removal
(@NoDocCat)
cd14d4701#279
update supported node list to remove v6.0, v6.1, v9.0 - v9.2
(@ljharb)
DEPENDENCIES
a37296b20pacote@9.5.9d3cb3abe8read-cmd-shim@1.0.5TESTING
688cd97be#272
use github actions for CI
(@JasonEtco)
9a2d8af84#240
Clean up some flakiness and inconsistency
(@isaacs)
v6.12.1Compare Source
BUG FIXES
6508e833d#269
add node v13 as a supported version
(@ljharb)
b6588a8f7#265
Fix regression in lockfile repair for sub-deps
(@feelepxyz)
d5dfe57a1#266
resolve circular dependency in pack.js
(@addaleax)
DEPENDENCIES
73678bb59chownr@1.1.34b76926e2graceful-fs@4.2.3c691f36a9libcipm@4.0.75e1a14975npm-packlist@1.4.6c194482d6npm-registry-fetch@4.0.2bc6a8e0ectar@4.4.14dcca3cbbuuid@3.3.3v6.12.0Compare Source
Now
npm ciruns prepare scripts for git dependencies, and respects the--no-optionalargument. Warnings forenginemismatches are printedagain. Various other fixes and cleanups.
BUG FIXES
890b245dc#252 ci: add dirPacker to options
(@claudiahdz)
f3299acd0#257
npm.community#4792
warn message on engine mismatch
(@ruyadorno)
bbc92fb8f#259
npm.community#10288
Fix figgyPudding error in
npm token(@benblank)
70f54dcb5#241 doctor: Make OK more
consistent (@gemal)
FEATURES
ed993a29c#249 Add CI environment variables
to user-agent (@isaacs)
f6b0459a4#248 Add option to save
package-lock without formatting Adds a new config
--format-package-lock, which defaults to true.(@bl00mber)
DEPENDENCIES
0ca063c5dnpm-lifecycle@3.1.4:(@isaacs)
5df6b0ea2libcipm@4.0.4:(@claudiahdz)
(@cruzdanilo)
7e04f728ctar@4.4.125c380e5a3stringify-package@1.0.1(@isaacs)62f2ca692node-gyp@5.0.5(@isaacs)0ff0ea47anpm-install-checks@3.0.2(@isaacs)f46edae94hosted-git-info@2.8.5(@isaacs)TESTING
44a2b036b#262 fix root-ownership race
conditions in meta-test (@isaacs)
v6.11.3Compare Source
Fix npm ci regressions and npm outdated depth.
BUG FIXES
235ed1d28#239
Don't override user specified depth in outdated
Restores ability to update packages using
--depthas suggested bynpm audit.(@G-Rath)
1fafb5151#242
npm.community#9586
Revert "install: do not descend into directory deps' child modules"
(@isaacs)
cebf542e6#243
npm.community#9720
ci: pass appropriate configs for file/dir modes
(@isaacs)
DEPENDENCIES
e5fbb7ed1read-cmd-shim@1.0.4(@claudiahdz)
23ce65616npm-pick-manifest@3.0.2(@claudiahdz)
v6.11.2Compare Source
Fix a recent Windows regression, and two long-standing Windows bugs. Also,
get CI running on Windows, so these things are less likely in the future.
DEPENDENCIES
9778a1b87cmd-shim@3.0.3: Fix regression where shims fail to preserve exit code(@isaacs)
bf93e91d8npm-package-arg@6.1.1: Properly handle git+file: urls on Windows when adrive letter is included. (@isaacs)
BUGFIXES
6cc4cc66fescape args properly on Windows Bash Despite being bash, Node.js running
on windows git mingw bash still executes child processes using cmd.exe.
As a result, arguments in this environment need to be escaped in the
style of cmd.exe, not bash. (@isaacs)
TESTS
291aba7b8make tests pass on Windows (@isaacs)
fea3a023atravis: run tests on Windows as well
(@isaacs)
v6.11.1Compare Source
Fix a regression for windows command shim syntax.
37db29647cmd-shim@3.0.2(@isaacs)v6.11.0Compare Source
A few meaty bugfixes, and introducing
peerDependenciesMeta.FEATURES
a12341088#224 Implements
peerDependenciesMeta (@arcanis)
2f3b79bba#234 add new forbidden 403 error
code (@claudiahdz)
BUGFIXES
24acc9fc8and
45772af0d#217
npm.community#8863
npm.community#9327
do not descend into directory deps' child modules, fix shrinkwrap files
that inappropriately list child nodes of symlink packages
(@isaacs and
@salomvary)
50cfe113d#229 fixed typo in semver doc
(@gall0ws)
e8fb2a1bd#231 Fix spelling mistakes in
CHANGELOG-3.md (@XhmikosR)
769d2e057npm/uid-number#7 Better
error on invalid
--user/--groupconfigs. This addresses the issuewhen people fail to install binary packages on Docker and other
environments where there is no 'nobody' user.
(@isaacs)
8b43c9624nodejs/node#28987
npm.community#6032
npm.community#6658
npm.community#6069
npm.community#9323
Fix the regression where random config values in a .npmrc file are not
passed to lifecycle scripts, breaking build processes which rely on them.
(@isaacs)
8b85eaa47save files with inferred ownership rather than relying on
SUDO_UIDandSUDO_GID. (@isaacs)b7f6e5f02Infer ownership of shrinkwrap files
(@isaacs)
54b095d77#235 Add spec to dist-tag remove
function (@theberbie)
DEPENDENCIES
dc8f9e52fpacote@9.5.7: Infer the ownership of all unpacked files innode_modules, so that we never have user-owned files in root-ownedfolders, or root-owned files in user-owned folders.
(@isaacs)
bb33940c3cmd-shim@3.0.0:9c93ac3#2
npm#3380 Handle environment
variables properly (@basbossink)
2d277f8#25
#36
#35 Fix 'no shebang' case by
always providing
$basedirin shell script(@igorklopov)
adaf20b#26 Fix
$*causing anerror when arguments contain parentheses
(@satazor)
49f0c13#30 Fix paths for MSYS/MINGW
bash (@dscho)
51a8af3#34 Add proper support for
PowerShell (@ExE-Boss)
4c37e04#10 Work around quoted
batch file names (@isaacs)
a4e279544npm-lifecycle@3.1.3(@isaacs):uid-numberraises an error7086a1809libcipm@4.0.3(@isaacs)8845141f9read-package-json@2.1.0(@isaacs)51c028215bin-links@1.1.3(@isaacs)534a5548cread-cmd-shim@1.0.3(@isaacs)3038f2fd5gentle-fs@2.2.1(@isaacs)a609a1648graceful-fs@4.2.2(@isaacs)f0346f754cacache@12.0.3(@isaacs)ca9c615c8npm-pick-manifest@3.0.0(@isaacs)b417affbfpacote@9.5.8(@isaacs)TESTS
b6df0913c#228 Proper handing of
/usr/bin/node lifecycle-path test
(@olivr70)
aaf98e88cnpm-registry-mock@1.3.0(@isaacs)v6.10.3Compare Source
BUGFIXES
27cccfbda#223 vulns → vulnerabilities in
npm audit output (@sapegin)
d5e865eb7#222
#226 install, doctor: don't crash
if registry unset (@dmitrydvorkin,
@isaacs)
5b3890226#227
npm.community#9167
Handle unhandledRejections, tell user what to do when encountering an
EACCESerror in the cache. (@isaacs)DEPENDENCIES
77516df6elicensee@7.0.3(@isaacs)ceb993590query-string@6.8.2(@isaacs)4050b9189hosted-git-info@2.8.2#43
#47
#44 Add support for
GitLab subgroups (@mterrel,
@isaacs,
@ybiquitous)
3b1d629#48 fix http
protocol using sshurl by default
(@fengmk2)
5d4a8d7ignore noCommittish on tarball url generation
(@isaacs)
1692435use gist tarball url that works for anonymous gists
(@isaacs)
d5cf830Do not allow invalid gist urls (@isaacs)
e518222Use LRU cache to prevent unbounded memory consumption
(@iarna)
v6.10.2Compare Source
tl;dr - Fixes several issues with the cache when npm is run as
sudoonUnix systems.
TESTING
2a78b96f8check test cache for root-owned files
(@isaacs)
108646ebcrun sudo tests on Travis-CI (@isaacs)
cf984e946set --no-esm tap flag (@isaacs)
8e0a3100dadd script to run tests and leave fixtures for inspection and debugging
(@isaacs)
BUGFIXES
25f4f73f6add a util for writing arbitrary files to cache This prevents metrics
timing and debug logs from becoming root-owned.
(@isaacs)
2c61ce65dinfer cache owner from parent dir in
correct-mkdirutil(@isaacs)
235e5d6dfensure correct owner on cached all-packages metadata
(@isaacs)
e2d377bb6npm.community#8540
audit: report server error on failure
(@isaacs)
52576a39e#216
npm.community#5385
npm.community#6076
Fix
npm ciwithfile:dependencies. Partially reverts#40/#86,
recording dependencies of linked deps in order for
npm cito work.(@jfirebaugh)
DEPENDENCIES
0fefdee13cacache@12.0.2(@isaacs)overwhelming majority of cases where root-owned files end up in the
cache folder.
(ac84d14)
(@isaacs)
(#1)
(676cb32)
(@zkat)
e1d87a392pacote@9.5.4(@isaacs)(7f07b5d)
#1
(@lddubeau)
3f035bf09infer-owner@1.0.4(@isaacs)ba3283112npm-registry-fetch@4.0.0(@isaacs)ee90c334dlibnpm@3.0.1(@isaacs)1e480c384libnpmaccess@3.0.2(@isaacs)7662ee850libnpmhook@5.0.3(@isaacs)1357fadc6libnpmorg@1.0.1(@isaacs)a621b5cb6libnpmsearch@2.0.2(@isaacs)560cd31ddlibnpmteam@1.0.2(@isaacs)de7ae0867npm-profile@4.0.2(@isaacs)e95da463clibnpm@3.0.1(@isaacs)554b641d4npm-registry-fetch@4.0.0(@isaacs)06772f34anode-gyp@5.0.3(@isaacs)85358db80npm-lifecycle@3.1.2(@isaacs)051cf20#26 fix switches for
alternative shells on Windows
(@gucong3000)
3aaf954#25 set only one PATH
env variable for child process on Windows
(@zkochan)
ea18ed2]Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.