From d960ee0ba369ca9bf4cb7421b669f790969cdb9d Mon Sep 17 00:00:00 2001 From: npm CLI robot Date: Sun, 23 Jul 2023 03:11:27 -0700 Subject: [PATCH] deps: upgrade npm to 9.8.1 PR-URL: https://github.com/nodejs/node/pull/48838 Reviewed-By: Luke Karrys Reviewed-By: Luigi Pinca Reviewed-By: Mohammed Keyvanzadeh --- deps/npm/docs/content/commands/npm-ls.md | 2 +- deps/npm/docs/content/commands/npm.md | 2 +- deps/npm/docs/output/commands/npm-ls.html | 2 +- deps/npm/docs/output/commands/npm.html | 2 +- deps/npm/lib/commands/publish.js | 13 +- deps/npm/man/man1/npm-ls.1 | 2 +- deps/npm/man/man1/npm.1 | 2 +- .../@npmcli/arborist/package.json | 4 +- .../node_modules/@npmcli/config/package.json | 4 +- .../@npmcli/package-json/lib/index.js | 2 - .../@npmcli/package-json/lib/normalize.js | 236 ++++++++++++++++-- .../@npmcli/package-json/package.json | 11 +- .../node_modules/bin-links/lib/link-gently.js | 2 +- deps/npm/node_modules/bin-links/package.json | 7 +- deps/npm/node_modules/chalk/package.json | 6 +- .../source/vendor/supports-color/index.js | 3 +- .../node_modules/libnpmaccess/package.json | 4 +- deps/npm/node_modules/libnpmdiff/package.json | 4 +- deps/npm/node_modules/libnpmexec/lib/index.js | 8 +- deps/npm/node_modules/libnpmexec/package.json | 6 +- deps/npm/node_modules/libnpmfund/package.json | 4 +- deps/npm/node_modules/libnpmhook/package.json | 4 +- deps/npm/node_modules/libnpmorg/package.json | 4 +- deps/npm/node_modules/libnpmpack/package.json | 4 +- .../node_modules/libnpmpublish/package.json | 4 +- .../node_modules/libnpmsearch/package.json | 4 +- deps/npm/node_modules/libnpmteam/package.json | 4 +- .../node_modules/libnpmversion/package.json | 4 +- .../node_modules/minimatch/dist/cjs/ast.js | 71 ++++-- .../node_modules/minimatch/dist/mjs/ast.js | 71 ++++-- deps/npm/node_modules/minimatch/package.json | 6 +- deps/npm/node_modules/semver/README.md | 4 +- deps/npm/node_modules/semver/classes/range.js | 5 +- .../node_modules/semver/internal/constants.js | 5 + deps/npm/node_modules/semver/internal/re.js | 45 +++- deps/npm/node_modules/semver/package.json | 6 +- deps/npm/node_modules/supports-color/index.js | 2 +- .../node_modules/supports-color/package.json | 11 +- deps/npm/package.json | 26 +- .../test/lib/commands/publish.js.test.cjs | 105 ++++++++ deps/npm/test/lib/commands/exec.js | 35 +++ 41 files changed, 580 insertions(+), 166 deletions(-) diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md index 9f9e07445353f7..5a8056f18a8589 100644 --- a/deps/npm/docs/content/commands/npm-ls.md +++ b/deps/npm/docs/content/commands/npm-ls.md @@ -27,7 +27,7 @@ packages will *also* show the paths to the specified packages. For example, running `npm ls promzard` in npm's source tree will show: ```bash -npm@9.8.0 /path/to/npm +npm@9.8.1 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 ``` diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md index bf73b4670cf418..05d229bd3f6dcb 100644 --- a/deps/npm/docs/content/commands/npm.md +++ b/deps/npm/docs/content/commands/npm.md @@ -14,7 +14,7 @@ Note: This command is unaware of workspaces. ### Version -9.8.0 +9.8.1 ### Description diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 85cc2d7a9a64cb..9be585ffa291ee 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -160,7 +160,7 @@

Description

the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@9.8.0 /path/to/npm
+
npm@9.8.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 

diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 5e34bb2bffaad4..41932731f72d39 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -150,7 +150,7 @@ 
Table of contents

Note: This command is unaware of workspaces.

Version

-

9.8.0

+

9.8.1

Description

npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency diff --git a/deps/npm/lib/commands/publish.js b/deps/npm/lib/commands/publish.js index 8d2aa9e0e47f68..7b3e930922ecab 100644 --- a/deps/npm/lib/commands/publish.js +++ b/deps/npm/lib/commands/publish.js @@ -89,7 +89,7 @@ class Publish extends BaseCommand { // The purpose of re-reading the manifest is in case it changed, // so that we send the latest and greatest thing to the registry // note that publishConfig might have changed as well! - manifest = await this.getManifest(spec, opts) + manifest = await this.getManifest(spec, opts, true) // JSON already has the package contents if (!json) { @@ -196,11 +196,18 @@ class Publish extends BaseCommand { // if it's a directory, read it from the file system // otherwise, get the full metadata from whatever it is // XXX can't pacote read the manifest from a directory? - async getManifest (spec, opts) { + async getManifest (spec, opts, logWarnings = false) { let manifest if (spec.type === 'directory') { + const changes = [] + const pkg = await pkgJson.fix(spec.fetchSpec, { changes }) + if (changes.length && logWarnings) { + /* eslint-disable-next-line max-len */ + log.warn('publish', 'npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors.') + log.warn('publish', `errors corrected:\n${changes.join('\n')}`) + } // Prepare is the special function for publishing, different than normalize - const { content } = await pkgJson.prepare(spec.fetchSpec) + const { content } = await pkg.prepare() manifest = content } else { manifest = await pacote.manifest(spec, { diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1 index 18be3b12c6599e..af399edb102b6f 100644 --- a/deps/npm/man/man1/npm-ls.1 +++ b/deps/npm/man/man1/npm-ls.1 @@ -20,7 +20,7 @@ Positional arguments are \fBname@version-range\fR identifiers, which will limit .P .RS 2 .nf -npm@9.8.0 /path/to/npm +npm@9.8.1 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 .fi diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1 index 114d4defc34b8b..cbb25b2aa1a32d 100644 --- a/deps/npm/man/man1/npm.1 +++ b/deps/npm/man/man1/npm.1 @@ -12,7 +12,7 @@ npm Note: This command is unaware of workspaces. .SS "Version" .P -9.8.0 +9.8.1 .SS "Description" .P npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency conflicts intelligently. diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json index 712d01b47b3345..a9ec27bacb0035 100644 --- a/deps/npm/node_modules/@npmcli/arborist/package.json +++ b/deps/npm/node_modules/@npmcli/arborist/package.json @@ -39,7 +39,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "benchmark": "^2.1.4", "minify-registry-metadata": "^3.0.0", "nock": "^13.3.0", @@ -91,7 +91,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" } } diff --git a/deps/npm/node_modules/@npmcli/config/package.json b/deps/npm/node_modules/@npmcli/config/package.json index 420981b4659fc1..76d193ba23ec4c 100644 --- a/deps/npm/node_modules/@npmcli/config/package.json +++ b/deps/npm/node_modules/@npmcli/config/package.json @@ -32,7 +32,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-globals": "^1.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "tap": "^16.3.4" }, "dependencies": { @@ -50,6 +50,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1" + "version": "4.18.0" } } diff --git a/deps/npm/node_modules/@npmcli/package-json/lib/index.js b/deps/npm/node_modules/@npmcli/package-json/lib/index.js index 53558a3977e4d1..0cc41c685a39e7 100644 --- a/deps/npm/node_modules/@npmcli/package-json/lib/index.js +++ b/deps/npm/node_modules/@npmcli/package-json/lib/index.js @@ -42,9 +42,7 @@ class PackageJson { 'fixNameField', 'fixVersionField', 'fixRepositoryField', - 'fixBinField', 'fixDependencies', - 'fixScriptsField', 'devDependencies', 'scriptpath', ]) diff --git a/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js b/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js index 726b3f031115b9..204d4d8a8e7dd6 100644 --- a/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js +++ b/deps/npm/node_modules/@npmcli/package-json/lib/normalize.js @@ -1,11 +1,89 @@ +const semver = require('semver') const fs = require('fs/promises') const { glob } = require('glob') -const normalizePackageBin = require('npm-normalize-package-bin') const legacyFixer = require('normalize-package-data/lib/fixer.js') const legacyMakeWarning = require('normalize-package-data/lib/make_warning.js') const path = require('path') const log = require('proc-log') const git = require('@npmcli/git') +const hostedGitInfo = require('hosted-git-info') + +// used to be npm-normalize-package-bin +function normalizePackageBin (pkg, changes) { + if (pkg.bin) { + if (typeof pkg.bin === 'string' && pkg.name) { + changes?.push('"bin" was converted to an object') + pkg.bin = { [pkg.name]: pkg.bin } + } else if (Array.isArray(pkg.bin)) { + changes?.push('"bin" was converted to an object') + pkg.bin = pkg.bin.reduce((acc, k) => { + acc[path.basename(k)] = k + return acc + }, {}) + } + if (typeof pkg.bin === 'object') { + for (const binKey in pkg.bin) { + if (typeof pkg.bin[binKey] !== 'string') { + delete pkg.bin[binKey] + changes?.push(`removed invalid "bin[${binKey}]"`) + continue + } + const base = path.join('/', path.basename(binKey.replace(/\\|:/g, '/'))).slice(1) + if (!base) { + delete pkg.bin[binKey] + changes?.push(`removed invalid "bin[${binKey}]"`) + continue + } + + const binTarget = path.join('/', pkg.bin[binKey].replace(/\\/g, '/')) + .replace(/\\/g, '/').slice(1) + + if (!binTarget) { + delete pkg.bin[binKey] + changes?.push(`removed invalid "bin[${binKey}]"`) + continue + } + + if (base !== binKey) { + delete pkg.bin[binKey] + changes?.push(`"bin[${binKey}]" was renamed to "bin[${base}]"`) + } + if (binTarget !== pkg.bin[binKey]) { + changes?.push(`"bin[${base}]" script name was cleaned`) + } + pkg.bin[base] = binTarget + } + + if (Object.keys(pkg.bin).length === 0) { + changes?.push('empty "bin" was removed') + delete pkg.bin + } + + return pkg + } + } + delete pkg.bin +} + +function isCorrectlyEncodedName (spec) { + return !spec.match(/[/@\s+%:]/) && + spec === encodeURIComponent(spec) +} + +function isValidScopedPackageName (spec) { + if (spec.charAt(0) !== '@') { + return false + } + + const rest = spec.slice(1).split('/') + if (rest.length !== 2) { + return false + } + + return rest[0] && rest[1] && + rest[0] === encodeURIComponent(rest[0]) && + rest[1] === encodeURIComponent(rest[1]) +} // We don't want the `changes` array in here by default because this is a hot // path for parsing packuments during install. So the calling method passes it @@ -18,17 +96,49 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) const scripts = data.scripts || {} const pkgId = `${data.name ?? ''}@${data.version ?? ''}` - legacyFixer.warn = function () { - changes?.push(legacyMakeWarning.apply(null, arguments)) - } - // name and version are load bearing so we have to clean them up first if (steps.includes('fixNameField') || steps.includes('normalizeData')) { - legacyFixer.fixNameField(data, { strict, allowLegacyCase }) + if (!data.name && !strict) { + changes?.push('Missing "name" field was set to an empty string') + data.name = '' + } else { + if (typeof data.name !== 'string') { + throw new Error('name field must be a string.') + } + if (!strict) { + const name = data.name.trim() + if (data.name !== name) { + changes?.push(`Whitespace was trimmed from "name"`) + data.name = name + } + } + + if (data.name.startsWith('.') || + !(isValidScopedPackageName(data.name) || isCorrectlyEncodedName(data.name)) || + (strict && (!allowLegacyCase) && data.name !== data.name.toLowerCase()) || + data.name.toLowerCase() === 'node_modules' || + data.name.toLowerCase() === 'favicon.ico') { + throw new Error('Invalid name: ' + JSON.stringify(data.name)) + } + } } if (steps.includes('fixVersionField') || steps.includes('normalizeData')) { - legacyFixer.fixVersionField(data, strict) + // allow "loose" semver 1.0 versions in non-strict mode + // enforce strict semver 2.0 compliance in strict mode + const loose = !strict + if (!data.version) { + data.version = '' + } else { + if (!semver.valid(data.version, loose)) { + throw new Error(`Invalid version: "${data.version}"`) + } + const version = semver.clean(data.version, loose) + if (version !== data.version) { + changes?.push(`"version" was cleaned and set to "${version}"`) + data.version = version + } + } } // remove attributes that start with "_" if (steps.includes('_attributes')) { @@ -49,6 +159,7 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) } // fix bundledDependencies typo + // normalize bundleDependencies if (steps.includes('bundledDependencies')) { if (data.bundleDependencies === undefined && data.bundledDependencies !== undefined) { data.bundleDependencies = data.bundledDependencies @@ -70,7 +181,7 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) changes?.push(`"bundleDependencies" was changed from an object to an array`) data.bundleDependencies = Object.keys(bd) } - } else { + } else if ('bundleDependencies' in data) { changes?.push(`"bundleDependencies" was removed`) delete data.bundleDependencies } @@ -84,11 +195,11 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) if (data.dependencies && data.optionalDependencies && typeof data.optionalDependencies === 'object') { for (const name in data.optionalDependencies) { - changes?.push(`optionalDependencies entry "${name}" was removed`) + changes?.push(`optionalDependencies."${name}" was removed`) delete data.dependencies[name] } if (!Object.keys(data.dependencies).length) { - changes?.push(`empty "optionalDependencies" was removed`) + changes?.push(`Empty "optionalDependencies" was removed`) delete data.dependencies } } @@ -121,20 +232,21 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) } // strip "node_modules/.bin" from scripts entries + // remove invalid scripts entries (non-strings) if (steps.includes('scripts') || steps.includes('scriptpath')) { const spre = /^(\.[/\\])?node_modules[/\\].bin[\\/]/ if (typeof data.scripts === 'object') { for (const name in data.scripts) { if (typeof data.scripts[name] !== 'string') { delete data.scripts[name] - changes?.push(`invalid scripts entry "${name}" was removed`) - } else if (steps.includes('scriptpath')) { + changes?.push(`Invalid scripts."${name}" was removed`) + } else if (steps.includes('scriptpath') && spre.test(data.scripts[name])) { data.scripts[name] = data.scripts[name].replace(spre, '') changes?.push(`scripts entry "${name}" was fixed to remove node_modules/.bin reference`) } } } else { - changes?.push(`removed invalid "scripts"`) + changes?.push(`Removed invalid "scripts"`) delete data.scripts } } @@ -154,7 +266,7 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) .map(line => line.replace(/^\s*#.*$/, '').trim()) .filter(line => line) data.contributors = authors - changes.push('"contributors" was auto-populated with the contents of the "AUTHORS" file') + changes?.push('"contributors" was auto-populated with the contents of the "AUTHORS" file') } catch { // do nothing } @@ -201,7 +313,7 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) } if (steps.includes('bin') || steps.includes('binDir') || steps.includes('binRefs')) { - normalizePackageBin(data) + normalizePackageBin(data, changes) } // expand "directories.bin" @@ -216,7 +328,7 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) return acc }, {}) // *sigh* - normalizePackageBin(data) + normalizePackageBin(data, changes) } // populate "gitHead" attribute @@ -320,22 +432,96 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase }) // Some steps are isolated so we can do a limited subset of these in `fix` if (steps.includes('fixRepositoryField') || steps.includes('normalizeData')) { - legacyFixer.fixRepositoryField(data) - } - - if (steps.includes('fixBinField') || steps.includes('normalizeData')) { - legacyFixer.fixBinField(data) + if (data.repositories) { + /* eslint-disable-next-line max-len */ + changes?.push(`"repository" was set to the first entry in "repositories" (${data.repository})`) + data.repository = data.repositories[0] + } + if (data.repository) { + if (typeof data.repository === 'string') { + changes?.push('"repository" was changed from a string to an object') + data.repository = { + type: 'git', + url: data.repository, + } + } + if (data.repository.url) { + const hosted = hostedGitInfo.fromUrl(data.repository.url) + let r + if (hosted) { + if (hosted.getDefaultRepresentation() === 'shortcut') { + r = hosted.https() + } else { + r = hosted.toString() + } + if (r !== data.repository.url) { + changes?.push(`"repository.url" was normalized to "${r}"`) + data.repository.url = r + } + } + } + } } if (steps.includes('fixDependencies') || steps.includes('normalizeData')) { - legacyFixer.fixDependencies(data, strict) - } + // peerDependencies? + // devDependencies is meaningless here, it's ignored on an installed package + for (const type of ['dependencies', 'devDependencies', 'optionalDependencies']) { + if (data[type]) { + let secondWarning = true + if (typeof data[type] === 'string') { + changes?.push(`"${type}" was converted from a string into an object`) + data[type] = data[type].trim().split(/[\n\r\s\t ,]+/) + secondWarning = false + } + if (Array.isArray(data[type])) { + if (secondWarning) { + changes?.push(`"${type}" was converted from an array into an object`) + } + const o = {} + for (const d of data[type]) { + if (typeof d === 'string') { + const dep = d.trim().split(/(:?[@\s><=])/) + const dn = dep.shift() + const dv = dep.join('').replace(/^@/, '').trim() + o[dn] = dv + } + } + data[type] = o + } + } + } + // normalize-package-data used to put optional dependencies BACK into + // dependencies here, we no longer do this - if (steps.includes('fixScriptsField') || steps.includes('normalizeData')) { - legacyFixer.fixScriptsField(data) + for (const deps of ['dependencies', 'devDependencies']) { + if (deps in data) { + if (!data[deps] || typeof data[deps] !== 'object') { + changes?.push(`Removed invalid "${deps}"`) + delete data[deps] + } else { + for (const d in data[deps]) { + const r = data[deps][d] + if (typeof r !== 'string') { + changes?.push(`Removed invalid "${deps}.${d}"`) + delete data[deps][d] + } + const hosted = hostedGitInfo.fromUrl(data[deps][d])?.toString() + if (hosted && hosted !== data[deps][d]) { + changes?.push(`Normalized git reference to "${deps}.${d}"`) + data[deps][d] = hosted.toString() + } + } + } + } + } } if (steps.includes('normalizeData')) { + legacyFixer.warn = function () { + changes?.push(legacyMakeWarning.apply(null, arguments)) + } + const legacySteps = [ 'fixDescriptionField', 'fixModulesField', diff --git a/deps/npm/node_modules/@npmcli/package-json/package.json b/deps/npm/node_modules/@npmcli/package-json/package.json index 4b9584dcad3707..33215b638db6ee 100644 --- a/deps/npm/node_modules/@npmcli/package-json/package.json +++ b/deps/npm/node_modules/@npmcli/package-json/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/package-json", - "version": "4.0.0", + "version": "4.0.1", "description": "Programmatic API to update package.json", "main": "lib/index.js", "files": [ @@ -25,7 +25,7 @@ "license": "ISC", "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.15.1", + "@npmcli/template-oss": "4.17.0", "read-package-json": "^6.0.4", "read-package-json-fast": "^3.0.2", "tap": "^16.0.1" @@ -33,10 +33,11 @@ "dependencies": { "@npmcli/git": "^4.1.0", "glob": "^10.2.2", + "hosted-git-info": "^6.1.1", "json-parse-even-better-errors": "^3.0.0", "normalize-package-data": "^5.0.0", - "npm-normalize-package-bin": "^3.0.1", - "proc-log": "^3.0.0" + "proc-log": "^3.0.0", + "semver": "^7.5.3" }, "repository": { "type": "git", @@ -47,7 +48,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.15.1", + "version": "4.17.0", "publish": "true" }, "tap": { diff --git a/deps/npm/node_modules/bin-links/lib/link-gently.js b/deps/npm/node_modules/bin-links/lib/link-gently.js index 89ca0f6bf6b995..d1e955ec99b029 100644 --- a/deps/npm/node_modules/bin-links/lib/link-gently.js +++ b/deps/npm/node_modules/bin-links/lib/link-gently.js @@ -28,7 +28,7 @@ const CLOBBER = Symbol('clobber - ours or in forceful mode') const linkGently = async ({ path, to, from, absFrom, force }) => { if (seen.has(to)) { - return true + return false } seen.add(to) diff --git a/deps/npm/node_modules/bin-links/package.json b/deps/npm/node_modules/bin-links/package.json index 589245a9313911..e6abb0b589808b 100644 --- a/deps/npm/node_modules/bin-links/package.json +++ b/deps/npm/node_modules/bin-links/package.json @@ -1,6 +1,6 @@ { "name": "bin-links", - "version": "4.0.1", + "version": "4.0.2", "description": "JavaScript package binary linker", "main": "./lib/index.js", "scripts": { @@ -30,7 +30,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.5.1", + "@npmcli/template-oss": "4.15.1", "require-inject": "^1.4.4", "tap": "^16.0.1" }, @@ -53,6 +53,7 @@ "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", "windowsCI": false, - "version": "4.5.1" + "version": "4.15.1", + "publish": true } } diff --git a/deps/npm/node_modules/chalk/package.json b/deps/npm/node_modules/chalk/package.json index ddcf7589e9797d..3c500105bcbf25 100644 --- a/deps/npm/node_modules/chalk/package.json +++ b/deps/npm/node_modules/chalk/package.json @@ -1,6 +1,6 @@ { "name": "chalk", - "version": "5.2.0", + "version": "5.3.0", "description": "Terminal string styling done right", "license": "MIT", "repository": "chalk/chalk", @@ -61,12 +61,14 @@ "xo": "^0.53.0", "yoctodelay": "^2.0.0" }, + "sideEffects": false, "xo": { "rules": { "unicorn/prefer-string-slice": "off", "@typescript-eslint/consistent-type-imports": "off", "@typescript-eslint/consistent-type-exports": "off", - "@typescript-eslint/consistent-type-definitions": "off" + "@typescript-eslint/consistent-type-definitions": "off", + "unicorn/expiring-todo-comments": "off" } }, "c8": { diff --git a/deps/npm/node_modules/chalk/source/vendor/supports-color/index.js b/deps/npm/node_modules/chalk/source/vendor/supports-color/index.js index a7cea61e9eb5fd..4ce0a2da8d2242 100644 --- a/deps/npm/node_modules/chalk/source/vendor/supports-color/index.js +++ b/deps/npm/node_modules/chalk/source/vendor/supports-color/index.js @@ -3,6 +3,7 @@ import os from 'node:os'; import tty from 'node:tty'; // From: https://github.com/sindresorhus/has-flag/blob/main/index.js +/// function hasFlag(flag, argv = globalThis.Deno?.args ?? process.argv) { function hasFlag(flag, argv = globalThis.Deno ? globalThis.Deno.args : process.argv) { const prefix = flag.startsWith('-') ? '' : (flag.length === 1 ? '-' : '--'); const position = argv.indexOf(prefix + flag); @@ -111,7 +112,7 @@ function _supportsColor(haveStream, {streamIsTTY, sniffFlags = true} = {}) { } if ('CI' in env) { - if ('GITHUB_ACTIONS' in env) { + if ('GITHUB_ACTIONS' in env || 'GITEA_ACTIONS' in env) { return 3; } diff --git a/deps/npm/node_modules/libnpmaccess/package.json b/deps/npm/node_modules/libnpmaccess/package.json index 42ea3c661c2911..713cf8c264c986 100644 --- a/deps/npm/node_modules/libnpmaccess/package.json +++ b/deps/npm/node_modules/libnpmaccess/package.json @@ -17,7 +17,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -41,7 +41,7 @@ ], "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmdiff/package.json b/deps/npm/node_modules/libnpmdiff/package.json index 2ef51fb8e03b70..ce6eb3531b32ed 100644 --- a/deps/npm/node_modules/libnpmdiff/package.json +++ b/deps/npm/node_modules/libnpmdiff/package.json @@ -42,7 +42,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "tap": "^16.3.4" }, "dependencies": { @@ -58,7 +58,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmexec/lib/index.js b/deps/npm/node_modules/libnpmexec/lib/index.js index b7aa43588c0fd8..34bb20769bc2c7 100644 --- a/deps/npm/node_modules/libnpmexec/lib/index.js +++ b/deps/npm/node_modules/libnpmexec/lib/index.js @@ -245,9 +245,12 @@ const exec = async (opts) => { if (add.length) { if (!yes) { + const missingPackages = add.map(a => `${a.replace(/@$/, '')}`) // set -n to always say no if (yes === false) { - throw new Error('canceled') + // Error message lists missing package(s) when process is canceled + /* eslint-disable-next-line max-len */ + throw new Error(`npx canceled due to missing packages and no YES option: ${JSON.stringify(missingPackages)}`) } if (noTTY() || ciInfo.isCI) { @@ -257,8 +260,7 @@ const exec = async (opts) => { add.map((pkg) => pkg.replace(/@$/, '')).join(', ') }`) } else { - const addList = add.map(a => ` ${a.replace(/@$/, '')}`) - .join('\n') + '\n' + const addList = missingPackages.join('\n') + '\n' const prompt = `Need to install the following packages:\n${ addList }Ok to proceed? ` diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json index 290d895f5ee60e..9b86b81a998ef7 100644 --- a/deps/npm/node_modules/libnpmexec/package.json +++ b/deps/npm/node_modules/libnpmexec/package.json @@ -1,6 +1,6 @@ { "name": "libnpmexec", - "version": "6.0.2", + "version": "6.0.3", "files": [ "bin/", "lib/" @@ -51,7 +51,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "bin-links": "^4.0.1", "chalk": "^5.2.0", "just-extend": "^6.2.0", @@ -73,7 +73,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" } } diff --git a/deps/npm/node_modules/libnpmfund/package.json b/deps/npm/node_modules/libnpmfund/package.json index 8e0b6d083715e3..0c863c2f92203a 100644 --- a/deps/npm/node_modules/libnpmfund/package.json +++ b/deps/npm/node_modules/libnpmfund/package.json @@ -41,7 +41,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "tap": "^16.3.4" }, "dependencies": { @@ -52,7 +52,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmhook/package.json b/deps/npm/node_modules/libnpmhook/package.json index bc439929e7c7a1..05b34dda75c416 100644 --- a/deps/npm/node_modules/libnpmhook/package.json +++ b/deps/npm/node_modules/libnpmhook/package.json @@ -35,7 +35,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -44,7 +44,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmorg/package.json b/deps/npm/node_modules/libnpmorg/package.json index 0ee6abd7455a60..675d03b5b2437a 100644 --- a/deps/npm/node_modules/libnpmorg/package.json +++ b/deps/npm/node_modules/libnpmorg/package.json @@ -28,7 +28,7 @@ ], "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "minipass": "^5.0.0", "nock": "^13.3.0", "tap": "^16.3.4" @@ -49,7 +49,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmpack/package.json b/deps/npm/node_modules/libnpmpack/package.json index 12cf7aa8ee3b10..d8861c337c4d99 100644 --- a/deps/npm/node_modules/libnpmpack/package.json +++ b/deps/npm/node_modules/libnpmpack/package.json @@ -23,7 +23,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "nock": "^13.3.0", "spawk": "^1.7.1", "tap": "^16.3.4" @@ -46,7 +46,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmpublish/package.json b/deps/npm/node_modules/libnpmpublish/package.json index 6ea6a7181b0b71..7c7533a82c735f 100644 --- a/deps/npm/node_modules/libnpmpublish/package.json +++ b/deps/npm/node_modules/libnpmpublish/package.json @@ -26,7 +26,7 @@ "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-globals": "^1.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "lodash.clonedeep": "^4.5.0", "nock": "^13.3.0", "tap": "^16.3.4" @@ -53,7 +53,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmsearch/package.json b/deps/npm/node_modules/libnpmsearch/package.json index e7dd7aca9baf16..32cb1f21b64221 100644 --- a/deps/npm/node_modules/libnpmsearch/package.json +++ b/deps/npm/node_modules/libnpmsearch/package.json @@ -26,7 +26,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -45,7 +45,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmteam/package.json b/deps/npm/node_modules/libnpmteam/package.json index 5558224050eec7..33a77095fe8489 100644 --- a/deps/npm/node_modules/libnpmteam/package.json +++ b/deps/npm/node_modules/libnpmteam/package.json @@ -16,7 +16,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -39,7 +39,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/deps/npm/node_modules/libnpmversion/package.json b/deps/npm/node_modules/libnpmversion/package.json index 7bae86d8afe228..469f9c2bc00d67 100644 --- a/deps/npm/node_modules/libnpmversion/package.json +++ b/deps/npm/node_modules/libnpmversion/package.json @@ -32,7 +32,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "require-inject": "^1.4.4", "tap": "^16.3.4" }, @@ -48,7 +48,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "../../scripts/template-oss/index.js" } } diff --git a/deps/npm/node_modules/minimatch/dist/cjs/ast.js b/deps/npm/node_modules/minimatch/dist/cjs/ast.js index 191e7e871c51d9..0b0cc8f3c50b3d 100644 --- a/deps/npm/node_modules/minimatch/dist/cjs/ast.js +++ b/deps/npm/node_modules/minimatch/dist/cjs/ast.js @@ -10,7 +10,7 @@ const isExtglobType = (c) => types.has(c); // entire string, or just a single path portion, to prevent dots // and/or traversal patterns, when needed. // Exts don't need the ^ or / bit, because the root binds that already. -const startNoTraversal = '(?!\\.\\.?(?:$|/))'; +const startNoTraversal = '(?!(?:^|/)\\.\\.?(?:$|/))'; const startNoDot = '(?!\\.)'; // characters that indicate a start of pattern needs the "no dots" bit, // because a dot *might* be matched. ( is not in the list, because in @@ -407,7 +407,8 @@ class AST { // - Since the start for a join is eg /(?!\.) and the start for a part // is ^(?!\.), we can just prepend (?!\.) to the pattern (either root // or start or whatever) and prepend ^ or / at the Regexp construction. - toRegExpSource() { + toRegExpSource(allowDot) { + const dot = allowDot ?? !!this.#options.dot; if (this.#root === this) this.#fillNegs(); if (!this.type) { @@ -416,7 +417,7 @@ class AST { .map(p => { const [re, _, hasMagic, uflag] = typeof p === 'string' ? AST.#parseGlob(p, this.#hasMagic, noEmpty) - : p.toRegExpSource(); + : p.toRegExpSource(allowDot); this.#hasMagic = this.#hasMagic || hasMagic; this.#uflag = this.#uflag || uflag; return re; @@ -436,14 +437,14 @@ class AST { // and prevent that. const needNoTrav = // dots are allowed, and the pattern starts with [ or . - (this.#options.dot && aps.has(src.charAt(0))) || + (dot && aps.has(src.charAt(0))) || // the pattern starts with \., and then [ or . (src.startsWith('\\.') && aps.has(src.charAt(2))) || // the pattern starts with \.\., and then [ or . (src.startsWith('\\.\\.') && aps.has(src.charAt(4))); // no need to prevent dots if it can't match a dot, or if a // sub-pattern will be preventing it anyway. - const needNoDot = !this.#options.dot && aps.has(src.charAt(0)); + const needNoDot = !dot && !allowDot && aps.has(src.charAt(0)); start = needNoTrav ? startNoTraversal : needNoDot ? startNoDot : ''; } } @@ -463,23 +464,13 @@ class AST { this.#uflag, ]; } + // We need to calculate the body *twice* if it's a repeat pattern + // at the start, once in nodot mode, then again in dot mode, so a + // pattern like *(?) can match 'x.y' + const repeated = this.type === '*' || this.type === '+'; // some kind of extglob const start = this.type === '!' ? '(?:(?!(?:' : '(?:'; - const body = this.#parts - .map(p => { - // extglob ASTs should only contain parent ASTs - /* c8 ignore start */ - if (typeof p === 'string') { - throw new Error('string type in extglob ast??'); - } - /* c8 ignore stop */ - // can ignore hasMagic, because extglobs are already always magic - const [re, _, _hasMagic, uflag] = p.toRegExpSource(); - this.#uflag = this.#uflag || uflag; - return re; - }) - .filter(p => !(this.isStart() && this.isEnd()) || !!p) - .join('|'); + let body = this.#partsToRegExp(dot); if (this.isStart() && this.isEnd() && !body && this.type !== '!') { // invalid extglob, has to at least be *something* present, if it's // the entire path portion. @@ -489,22 +480,37 @@ class AST { this.#hasMagic = undefined; return [s, (0, unescape_js_1.unescape)(this.toString()), false, false]; } + // XXX abstract out this map method + let bodyDotAllowed = !repeated || allowDot || dot || !startNoDot + ? '' + : this.#partsToRegExp(true); + if (bodyDotAllowed === body) { + bodyDotAllowed = ''; + } + if (bodyDotAllowed) { + body = `(?:${body})(?:${bodyDotAllowed})*?`; + } // an empty !() is exactly equivalent to a starNoEmpty let final = ''; if (this.type === '!' && this.#emptyExt) { - final = - (this.isStart() && !this.#options.dot ? startNoDot : '') + starNoEmpty; + final = (this.isStart() && !dot ? startNoDot : '') + starNoEmpty; } else { const close = this.type === '!' ? // !() must match something,but !(x) can match '' '))' + - (this.isStart() && !this.#options.dot ? startNoDot : '') + + (this.isStart() && !dot && !allowDot ? startNoDot : '') + star + ')' : this.type === '@' ? ')' - : `)${this.type}`; + : this.type === '?' + ? ')?' + : this.type === '+' && bodyDotAllowed + ? ')' + : this.type === '*' && bodyDotAllowed + ? `)?` + : `)${this.type}`; final = start + body + close; } return [ @@ -514,6 +520,23 @@ class AST { this.#uflag, ]; } + #partsToRegExp(dot) { + return this.#parts + .map(p => { + // extglob ASTs should only contain parent ASTs + /* c8 ignore start */ + if (typeof p === 'string') { + throw new Error('string type in extglob ast??'); + } + /* c8 ignore stop */ + // can ignore hasMagic, because extglobs are already always magic + const [re, _, _hasMagic, uflag] = p.toRegExpSource(dot); + this.#uflag = this.#uflag || uflag; + return re; + }) + .filter(p => !(this.isStart() && this.isEnd()) || !!p) + .join('|'); + } static #parseGlob(glob, hasMagic, noEmpty = false) { let escaping = false; let re = ''; diff --git a/deps/npm/node_modules/minimatch/dist/mjs/ast.js b/deps/npm/node_modules/minimatch/dist/mjs/ast.js index 9836fe7b1db023..7fb1f83e6182a0 100644 --- a/deps/npm/node_modules/minimatch/dist/mjs/ast.js +++ b/deps/npm/node_modules/minimatch/dist/mjs/ast.js @@ -7,7 +7,7 @@ const isExtglobType = (c) => types.has(c); // entire string, or just a single path portion, to prevent dots // and/or traversal patterns, when needed. // Exts don't need the ^ or / bit, because the root binds that already. -const startNoTraversal = '(?!\\.\\.?(?:$|/))'; +const startNoTraversal = '(?!(?:^|/)\\.\\.?(?:$|/))'; const startNoDot = '(?!\\.)'; // characters that indicate a start of pattern needs the "no dots" bit, // because a dot *might* be matched. ( is not in the list, because in @@ -404,7 +404,8 @@ export class AST { // - Since the start for a join is eg /(?!\.) and the start for a part // is ^(?!\.), we can just prepend (?!\.) to the pattern (either root // or start or whatever) and prepend ^ or / at the Regexp construction. - toRegExpSource() { + toRegExpSource(allowDot) { + const dot = allowDot ?? !!this.#options.dot; if (this.#root === this) this.#fillNegs(); if (!this.type) { @@ -413,7 +414,7 @@ export class AST { .map(p => { const [re, _, hasMagic, uflag] = typeof p === 'string' ? AST.#parseGlob(p, this.#hasMagic, noEmpty) - : p.toRegExpSource(); + : p.toRegExpSource(allowDot); this.#hasMagic = this.#hasMagic || hasMagic; this.#uflag = this.#uflag || uflag; return re; @@ -433,14 +434,14 @@ export class AST { // and prevent that. const needNoTrav = // dots are allowed, and the pattern starts with [ or . - (this.#options.dot && aps.has(src.charAt(0))) || + (dot && aps.has(src.charAt(0))) || // the pattern starts with \., and then [ or . (src.startsWith('\\.') && aps.has(src.charAt(2))) || // the pattern starts with \.\., and then [ or . (src.startsWith('\\.\\.') && aps.has(src.charAt(4))); // no need to prevent dots if it can't match a dot, or if a // sub-pattern will be preventing it anyway. - const needNoDot = !this.#options.dot && aps.has(src.charAt(0)); + const needNoDot = !dot && !allowDot && aps.has(src.charAt(0)); start = needNoTrav ? startNoTraversal : needNoDot ? startNoDot : ''; } } @@ -460,23 +461,13 @@ export class AST { this.#uflag, ]; } + // We need to calculate the body *twice* if it's a repeat pattern + // at the start, once in nodot mode, then again in dot mode, so a + // pattern like *(?) can match 'x.y' + const repeated = this.type === '*' || this.type === '+'; // some kind of extglob const start = this.type === '!' ? '(?:(?!(?:' : '(?:'; - const body = this.#parts - .map(p => { - // extglob ASTs should only contain parent ASTs - /* c8 ignore start */ - if (typeof p === 'string') { - throw new Error('string type in extglob ast??'); - } - /* c8 ignore stop */ - // can ignore hasMagic, because extglobs are already always magic - const [re, _, _hasMagic, uflag] = p.toRegExpSource(); - this.#uflag = this.#uflag || uflag; - return re; - }) - .filter(p => !(this.isStart() && this.isEnd()) || !!p) - .join('|'); + let body = this.#partsToRegExp(dot); if (this.isStart() && this.isEnd() && !body && this.type !== '!') { // invalid extglob, has to at least be *something* present, if it's // the entire path portion. @@ -486,22 +477,37 @@ export class AST { this.#hasMagic = undefined; return [s, unescape(this.toString()), false, false]; } + // XXX abstract out this map method + let bodyDotAllowed = !repeated || allowDot || dot || !startNoDot + ? '' + : this.#partsToRegExp(true); + if (bodyDotAllowed === body) { + bodyDotAllowed = ''; + } + if (bodyDotAllowed) { + body = `(?:${body})(?:${bodyDotAllowed})*?`; + } // an empty !() is exactly equivalent to a starNoEmpty let final = ''; if (this.type === '!' && this.#emptyExt) { - final = - (this.isStart() && !this.#options.dot ? startNoDot : '') + starNoEmpty; + final = (this.isStart() && !dot ? startNoDot : '') + starNoEmpty; } else { const close = this.type === '!' ? // !() must match something,but !(x) can match '' '))' + - (this.isStart() && !this.#options.dot ? startNoDot : '') + + (this.isStart() && !dot && !allowDot ? startNoDot : '') + star + ')' : this.type === '@' ? ')' - : `)${this.type}`; + : this.type === '?' + ? ')?' + : this.type === '+' && bodyDotAllowed + ? ')' + : this.type === '*' && bodyDotAllowed + ? `)?` + : `)${this.type}`; final = start + body + close; } return [ @@ -511,6 +517,23 @@ export class AST { this.#uflag, ]; } + #partsToRegExp(dot) { + return this.#parts + .map(p => { + // extglob ASTs should only contain parent ASTs + /* c8 ignore start */ + if (typeof p === 'string') { + throw new Error('string type in extglob ast??'); + } + /* c8 ignore stop */ + // can ignore hasMagic, because extglobs are already always magic + const [re, _, _hasMagic, uflag] = p.toRegExpSource(dot); + this.#uflag = this.#uflag || uflag; + return re; + }) + .filter(p => !(this.isStart() && this.isEnd()) || !!p) + .join('|'); + } static #parseGlob(glob, hasMagic, noEmpty = false) { let escaping = false; let re = ''; diff --git a/deps/npm/node_modules/minimatch/package.json b/deps/npm/node_modules/minimatch/package.json index d5ee74e334d6a4..061c3b9f343306 100644 --- a/deps/npm/node_modules/minimatch/package.json +++ b/deps/npm/node_modules/minimatch/package.json @@ -2,7 +2,7 @@ "author": "Isaac Z. Schlueter (http://blog.izs.me)", "name": "minimatch", "description": "a glob matcher in javascript", - "version": "9.0.1", + "version": "9.0.3", "repository": { "type": "git", "url": "git://github.com/isaacs/minimatch.git" @@ -60,12 +60,12 @@ "devDependencies": { "@types/brace-expansion": "^1.1.0", "@types/node": "^18.15.11", - "@types/tap": "^15.0.7", + "@types/tap": "^15.0.8", "c8": "^7.12.0", "eslint-config-prettier": "^8.6.0", "mkdirp": "1", "prettier": "^2.8.2", - "tap": "^16.3.3", + "tap": "^16.3.7", "ts-node": "^10.9.1", "typedoc": "^0.23.21", "typescript": "^4.9.3" diff --git a/deps/npm/node_modules/semver/README.md b/deps/npm/node_modules/semver/README.md index 33c762cb225dcb..043bdaed6b5fc3 100644 --- a/deps/npm/node_modules/semver/README.md +++ b/deps/npm/node_modules/semver/README.md @@ -159,7 +159,9 @@ of primitive `operators` is: For example, the comparator `>=1.2.7` would match the versions `1.2.7`, `1.2.8`, `2.5.3`, and `1.3.9`, but not the versions `1.2.6` -or `1.1.0`. +or `1.1.0`. The comparator `>1` is equivalent to `>=2.0.0` and +would match the versions `2.0.0` and `3.1.0`, but not the versions +`1.0.1` or `1.1.0`. Comparators can be joined by whitespace to form a `comparator set`, which is satisfied by the **intersection** of all of the comparators diff --git a/deps/npm/node_modules/semver/classes/range.js b/deps/npm/node_modules/semver/classes/range.js index 53c2540fd012ef..7e7c41410cbfdd 100644 --- a/deps/npm/node_modules/semver/classes/range.js +++ b/deps/npm/node_modules/semver/classes/range.js @@ -38,7 +38,7 @@ class Range { this.set = this.raw .split('||') // map the range to a 2d array of comparators - .map(r => this.parseRange(r)) + .map(r => this.parseRange(r.trim())) // throw out any comparator lists that are empty // this generally means that it was not a valid range, which is allowed // in loose mode, but will still throw if the WHOLE range is invalid. @@ -98,15 +98,18 @@ class Range { const hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE] range = range.replace(hr, hyphenReplace(this.options.includePrerelease)) debug('hyphen replace', range) + // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5` range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace) debug('comparator trim', range) // `~ 1.2.3` => `~1.2.3` range = range.replace(re[t.TILDETRIM], tildeTrimReplace) + debug('tilde trim', range) // `^ 1.2.3` => `^1.2.3` range = range.replace(re[t.CARETTRIM], caretTrimReplace) + debug('caret trim', range) // At this point, the range is completely trimmed and // ready to be split into comparators. diff --git a/deps/npm/node_modules/semver/internal/constants.js b/deps/npm/node_modules/semver/internal/constants.js index 25fab1ea01233b..94be1c570277a5 100644 --- a/deps/npm/node_modules/semver/internal/constants.js +++ b/deps/npm/node_modules/semver/internal/constants.js @@ -9,6 +9,10 @@ const MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER || // Max safe segment length for coercion. const MAX_SAFE_COMPONENT_LENGTH = 16 +// Max safe length for a build identifier. The max length minus 6 characters for +// the shortest version with a build 0.0.0+BUILD. +const MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6 + const RELEASE_TYPES = [ 'major', 'premajor', @@ -22,6 +26,7 @@ const RELEASE_TYPES = [ module.exports = { MAX_LENGTH, MAX_SAFE_COMPONENT_LENGTH, + MAX_SAFE_BUILD_LENGTH, MAX_SAFE_INTEGER, RELEASE_TYPES, SEMVER_SPEC_VERSION, diff --git a/deps/npm/node_modules/semver/internal/re.js b/deps/npm/node_modules/semver/internal/re.js index f73ef1aa06263a..21150b3ec53b7d 100644 --- a/deps/npm/node_modules/semver/internal/re.js +++ b/deps/npm/node_modules/semver/internal/re.js @@ -1,4 +1,8 @@ -const { MAX_SAFE_COMPONENT_LENGTH } = require('./constants') +const { + MAX_SAFE_COMPONENT_LENGTH, + MAX_SAFE_BUILD_LENGTH, + MAX_LENGTH, +} = require('./constants') const debug = require('./debug') exports = module.exports = {} @@ -9,16 +13,31 @@ const src = exports.src = [] const t = exports.t = {} let R = 0 +const LETTERDASHNUMBER = '[a-zA-Z0-9-]' + +// Replace some greedy regex tokens to prevent regex dos issues. These regex are +// used internally via the safeRe object since all inputs in this library get +// normalized first to trim and collapse all extra whitespace. The original +// regexes are exported for userland consumption and lower level usage. A +// future breaking change could export the safer regex only with a note that +// all input should have extra whitespace removed. +const safeRegexReplacements = [ + ['\\s', 1], + ['\\d', MAX_LENGTH], + [LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH], +] + +const makeSafeRegex = (value) => { + for (const [token, max] of safeRegexReplacements) { + value = value + .split(`${token}*`).join(`${token}{0,${max}}`) + .split(`${token}+`).join(`${token}{1,${max}}`) + } + return value +} + const createToken = (name, value, isGlobal) => { - // Replace all greedy whitespace to prevent regex dos issues. These regex are - // used internally via the safeRe object since all inputs in this library get - // normalized first to trim and collapse all extra whitespace. The original - // regexes are exported for userland consumption and lower level usage. A - // future breaking change could export the safer regex only with a note that - // all input should have extra whitespace removed. - const safe = value - .split('\\s*').join('\\s{0,1}') - .split('\\s+').join('\\s') + const safe = makeSafeRegex(value) const index = R++ debug(name, index, value) t[name] = index @@ -34,13 +53,13 @@ const createToken = (name, value, isGlobal) => { // A single `0`, or a non-zero digit followed by zero or more digits. createToken('NUMERICIDENTIFIER', '0|[1-9]\\d*') -createToken('NUMERICIDENTIFIERLOOSE', '[0-9]+') +createToken('NUMERICIDENTIFIERLOOSE', '\\d+') // ## Non-numeric Identifier // Zero or more digits, followed by a letter or hyphen, and then zero or // more letters, digits, or hyphens. -createToken('NONNUMERICIDENTIFIER', '\\d*[a-zA-Z-][a-zA-Z0-9-]*') +createToken('NONNUMERICIDENTIFIER', `\\d*[a-zA-Z-]${LETTERDASHNUMBER}*`) // ## Main Version // Three dot-separated numeric identifiers. @@ -75,7 +94,7 @@ createToken('PRERELEASELOOSE', `(?:-?(${src[t.PRERELEASEIDENTIFIERLOOSE] // ## Build Metadata Identifier // Any combination of digits, letters, or hyphens. -createToken('BUILDIDENTIFIER', '[0-9A-Za-z-]+') +createToken('BUILDIDENTIFIER', `${LETTERDASHNUMBER}+`) // ## Build Metadata // Plus sign, followed by one or more period-separated build metadata diff --git a/deps/npm/node_modules/semver/package.json b/deps/npm/node_modules/semver/package.json index 7d0aff3c03c270..c145eca2f6d125 100644 --- a/deps/npm/node_modules/semver/package.json +++ b/deps/npm/node_modules/semver/package.json @@ -1,6 +1,6 @@ { "name": "semver", - "version": "7.5.2", + "version": "7.5.4", "description": "The semantic version parser used by npm.", "main": "index.js", "scripts": { @@ -14,7 +14,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.15.1", + "@npmcli/template-oss": "4.17.0", "tap": "^16.0.0" }, "license": "ISC", @@ -53,7 +53,7 @@ "author": "GitHub Inc.", "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.15.1", + "version": "4.17.0", "engines": ">=10", "ciVersions": [ "10.0.0", diff --git a/deps/npm/node_modules/supports-color/index.js b/deps/npm/node_modules/supports-color/index.js index ca95e9f2202a6f..4ce0a2da8d2242 100644 --- a/deps/npm/node_modules/supports-color/index.js +++ b/deps/npm/node_modules/supports-color/index.js @@ -112,7 +112,7 @@ function _supportsColor(haveStream, {streamIsTTY, sniffFlags = true} = {}) { } if ('CI' in env) { - if ('GITHUB_ACTIONS' in env) { + if ('GITHUB_ACTIONS' in env || 'GITEA_ACTIONS' in env) { return 3; } diff --git a/deps/npm/node_modules/supports-color/package.json b/deps/npm/node_modules/supports-color/package.json index eb6011c6bcdc64..738684722643c9 100644 --- a/deps/npm/node_modules/supports-color/package.json +++ b/deps/npm/node_modules/supports-color/package.json @@ -1,6 +1,6 @@ { "name": "supports-color", - "version": "9.3.1", + "version": "9.4.0", "description": "Detect whether a terminal supports color", "license": "MIT", "repository": "chalk/supports-color", @@ -20,7 +20,7 @@ }, "scripts": { "//test": "xo && ava && tsd", - "test": "xo && tsd" + "test": "tsd" }, "files": [ "index.js", @@ -51,11 +51,10 @@ "16m" ], "devDependencies": { - "@types/node": "^16.11.7", - "ava": "^3.15.0", + "@types/node": "^20.3.2", + "ava": "^5.3.1", "import-fresh": "^3.3.0", "tsd": "^0.18.0", - "typescript": "^4.4.3", - "xo": "^0.49.0" + "xo": "^0.54.2" } } diff --git a/deps/npm/package.json b/deps/npm/package.json index c6ab8029946fd1..6e719a073893b0 100644 --- a/deps/npm/package.json +++ b/deps/npm/package.json @@ -1,5 +1,5 @@ { - "version": "9.8.0", + "version": "9.8.1", "name": "npm", "description": "a package manager for JavaScript", "workspaces": [ @@ -54,13 +54,15 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/arborist": "^6.3.0", "@npmcli/config": "^6.2.1", + "@npmcli/fs": "^3.1.0", "@npmcli/map-workspaces": "^3.0.4", - "@npmcli/package-json": "^4.0.0", + "@npmcli/package-json": "^4.0.1", + "@npmcli/promise-spawn": "^6.0.2", "@npmcli/run-script": "^6.0.2", "abbrev": "^2.0.0", "archy": "~1.0.0", "cacache": "^17.1.3", - "chalk": "^5.2.0", + "chalk": "^5.3.0", "ci-info": "^3.8.0", "cli-columns": "^4.0.0", "cli-table3": "^0.6.3", @@ -76,7 +78,7 @@ "json-parse-even-better-errors": "^3.0.0", "libnpmaccess": "^7.0.2", "libnpmdiff": "^5.0.19", - "libnpmexec": "^6.0.2", + "libnpmexec": "^6.0.3", "libnpmfund": "^4.0.19", "libnpmhook": "^9.0.3", "libnpmorg": "^5.0.4", @@ -86,7 +88,7 @@ "libnpmteam": "^5.0.3", "libnpmversion": "^4.0.2", "make-fetch-happen": "^11.1.1", - "minimatch": "^9.0.0", + "minimatch": "^9.0.3", "minipass": "^5.0.0", "minipass-pipeline": "^1.2.4", "ms": "^2.1.2", @@ -106,10 +108,10 @@ "proc-log": "^3.0.0", "qrcode-terminal": "^0.12.0", "read": "^2.1.0", - "semver": "^7.5.2", + "semver": "^7.5.4", "sigstore": "^1.7.0", "ssri": "^10.0.4", - "supports-color": "^9.3.1", + "supports-color": "^9.4.0", "tar": "^6.1.15", "text-table": "~0.2.0", "tiny-relative-date": "^1.3.0", @@ -122,8 +124,10 @@ "@isaacs/string-locale-compare", "@npmcli/arborist", "@npmcli/config", + "@npmcli/fs", "@npmcli/map-workspaces", "@npmcli/package-json", + "@npmcli/promise-spawn", "@npmcli/run-script", "abbrev", "archy", @@ -188,13 +192,11 @@ ], "devDependencies": { "@npmcli/docs": "^1.0.0", - "@npmcli/eslint-config": "^4.0.0", - "@npmcli/fs": "^3.1.0", + "@npmcli/eslint-config": "^4.0.2", "@npmcli/git": "^4.1.0", "@npmcli/mock-globals": "^1.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/promise-spawn": "^6.0.2", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.18.0", "@tufjs/repo-mock": "^1.3.1", "diff": "^5.1.0", "licensee": "^10.0.0", @@ -247,7 +249,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.18.0", "content": "./scripts/template-oss/root.js" }, "license": "Artistic-2.0", diff --git a/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs index d88244d7a15460..7a5c2ddcc3882b 100644 --- a/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs @@ -245,6 +245,17 @@ exports[`test/lib/commands/publish.js TAP no auth dry-run > must match snapshot exports[`test/lib/commands/publish.js TAP no auth dry-run > warns about auth being needed 1`] = ` Array [ + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + ), + ], Array [ "", "This command requires you to be logged in to https://registry.npmjs.org/ (dry-run)", @@ -416,6 +427,53 @@ exports[`test/lib/commands/publish.js TAP workspaces all workspaces - color > al exports[`test/lib/commands/publish.js TAP workspaces all workspaces - color > warns about skipped private workspace in color 1`] = ` Array [ + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + "repository" was changed from a string to an object + ), + ], + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + "repository" was changed from a string to an object + "repository.url" was normalized to "git+https://github.com/npm/workspace-b.git" + ), + ], + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + ), + ], + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + ), + ], Array [ "publish", "Skipping workspace \\u001b[32mworkspace-p\\u001b[39m, marked as \\u001b[1mprivate\\u001b[22m", @@ -431,6 +489,53 @@ exports[`test/lib/commands/publish.js TAP workspaces all workspaces - no color > exports[`test/lib/commands/publish.js TAP workspaces all workspaces - no color > warns about skipped private workspace 1`] = ` Array [ + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + "repository" was changed from a string to an object + ), + ], + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + "repository" was changed from a string to an object + "repository.url" was normalized to "git+https://github.com/npm/workspace-b.git" + ), + ], + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + ), + ], + Array [ + "publish", + "npm auto-corrected some errors in your package.json when publishing. Please run \\"npm pkg fix\\" to address these errors.", + ], + Array [ + "publish", + String( + errors corrected: + Removed invalid "scripts" + ), + ], Array [ "publish", "Skipping workspace workspace-p, marked as private", diff --git a/deps/npm/test/lib/commands/exec.js b/deps/npm/test/lib/commands/exec.js index 2fd11f40379f1f..07a3e6ebd8ed95 100644 --- a/deps/npm/test/lib/commands/exec.js +++ b/deps/npm/test/lib/commands/exec.js @@ -129,3 +129,38 @@ t.test('workspaces', async t => { const exists = await fs.stat(path.join(npm.prefix, 'workspace-a', 'npm-exec-test-success')) t.ok(exists.isFile(), 'bin ran, creating file inside workspace') }) + +t.test('npx --no-install @npmcli/npx-test', async t => { + const registry = new MockRegistry({ + tap: t, + registry: 'https://registry.npmjs.org/', + }) + + const manifest = registry.manifest({ name: '@npmcli/npx-test' }) + manifest.versions['1.0.0'].bin = { 'npx-test': 'index.js' } + + const { npm } = await loadMockNpm(t, { + config: { + audit: false, + yes: false, + }, + prefixDir: { + 'npm-exec-test': { + 'package.json': JSON.stringify(manifest), + 'index.js': `#!/usr/bin/env node + require('fs').writeFileSync('npm-exec-test-success', '')`, + }, + }, + }) + + try { + await npm.exec('exec', ['@npmcli/npx-test']) + t.fail('Expected error was not thrown') + } catch (error) { + t.match( + error.message, + 'npx canceled due to missing packages and no YES option: ', + 'Expected error message thrown' + ) + } +})