From 2e50cb83e84cf25fee93ba0ca5a0343fbdb33c41 Mon Sep 17 00:00:00 2001 From: nlf Date: Tue, 21 Jun 2022 12:50:33 -0700 Subject: [PATCH] deps: pacote@13.6.1 --- .../node_modules/@npmcli/run-script/LICENSE | 15 +++ .../@npmcli/run-script/lib/escape.js | 67 +++++++++++++ .../run-script/lib/is-server-package.js | 12 +++ .../@npmcli/run-script/lib/is-windows.js | 2 + .../@npmcli/run-script/lib/make-spawn-args.js | 68 +++++++++++++ .../run-script/lib/node-gyp-bin/node-gyp | 2 + .../run-script/lib/node-gyp-bin/node-gyp.cmd | 1 + .../@npmcli/run-script/lib/package-envs.js | 26 +++++ .../@npmcli/run-script/lib/run-script-pkg.js | 97 +++++++++++++++++++ .../@npmcli/run-script/lib/run-script.js | 14 +++ .../@npmcli/run-script/lib/set-path.js | 45 +++++++++ .../@npmcli/run-script/lib/signal-manager.js | 47 +++++++++ .../run-script/lib/validate-options.js | 39 ++++++++ .../@npmcli/run-script/package.json | 53 ++++++++++ node_modules/pacote/package.json | 4 +- package-lock.json | 54 ++++++++--- package.json | 2 +- workspaces/arborist/package.json | 2 +- workspaces/libnpmdiff/package.json | 2 +- workspaces/libnpmexec/package.json | 2 +- workspaces/libnpmpack/package.json | 2 +- 21 files changed, 536 insertions(+), 20 deletions(-) create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/LICENSE create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/escape.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/is-server-package.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/is-windows.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/make-spawn-args.js create mode 100755 node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp create mode 100755 node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp.cmd create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/package-envs.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script-pkg.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/set-path.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/signal-manager.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/lib/validate-options.js create mode 100644 node_modules/pacote/node_modules/@npmcli/run-script/package.json diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/LICENSE b/node_modules/pacote/node_modules/@npmcli/run-script/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/escape.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/escape.js new file mode 100644 index 0000000000000..29d24a8bc4065 --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/escape.js @@ -0,0 +1,67 @@ +'use strict' + +// eslint-disable-next-line max-len +// this code adapted from: https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/ +const cmd = (input) => { + if (!input.length) { + return '""' + } + + let result + if (!/[ \t\n\v"]/.test(input)) { + result = input + } else { + result = '"' + for (let i = 0; i <= input.length; ++i) { + let slashCount = 0 + while (input[i] === '\\') { + ++i + ++slashCount + } + + if (i === input.length) { + result += '\\'.repeat(slashCount * 2) + break + } + + if (input[i] === '"') { + result += '\\'.repeat(slashCount * 2 + 1) + result += input[i] + } else { + result += '\\'.repeat(slashCount) + result += input[i] + } + } + result += '"' + } + + // and finally, prefix shell meta chars with a ^ + result = result.replace(/[!^&()<>|"]/g, '^$&') + // except for % which is escaped with another % + result = result.replace(/%/g, '%%') + + return result +} + +const sh = (input) => { + if (!input.length) { + return `''` + } + + if (!/[\t\n\r "#$&'()*;<>?\\`|~]/.test(input)) { + return input + } + + // replace single quotes with '\'' and wrap the whole result in a fresh set of quotes + const result = `'${input.replace(/'/g, `'\\''`)}'` + // if the input string already had single quotes around it, clean those up + .replace(/^(?:'')+(?!$)/, '') + .replace(/\\'''/g, `\\'`) + + return result +} + +module.exports = { + cmd, + sh, +} diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/is-server-package.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/is-server-package.js new file mode 100644 index 0000000000000..d168623247527 --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/is-server-package.js @@ -0,0 +1,12 @@ +const util = require('util') +const fs = require('fs') +const { stat } = fs.promises || { stat: util.promisify(fs.stat) } +const { resolve } = require('path') +module.exports = async path => { + try { + const st = await stat(resolve(path, 'server.js')) + return st.isFile() + } catch (er) { + return false + } +} diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/is-windows.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/is-windows.js new file mode 100644 index 0000000000000..651917e6ad27a --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/is-windows.js @@ -0,0 +1,2 @@ +const platform = process.env.__FAKE_TESTING_PLATFORM__ || process.platform +module.exports = platform === 'win32' diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/make-spawn-args.js new file mode 100644 index 0000000000000..6f3aa4c00a14c --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/make-spawn-args.js @@ -0,0 +1,68 @@ +/* eslint camelcase: "off" */ +const isWindows = require('./is-windows.js') +const setPATH = require('./set-path.js') +const { chmodSync: chmod, unlinkSync: unlink, writeFileSync: writeFile } = require('fs') +const { tmpdir } = require('os') +const { resolve } = require('path') +const which = require('which') +const npm_config_node_gyp = require.resolve('node-gyp/bin/node-gyp.js') +const escape = require('./escape.js') + +const makeSpawnArgs = options => { + const { + event, + path, + scriptShell = isWindows ? process.env.ComSpec || 'cmd' : 'sh', + env = {}, + stdio, + cmd, + args = [], + stdioString = false, + } = options + + let scriptFile + let script = '' + const isCmd = /(?:^|\\)cmd(?:\.exe)?$/i.test(scriptShell) + if (isCmd) { + scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.cmd`) + script += '@echo off\n' + script += `${cmd} ${args.map((arg) => escape.cmd(arg)).join(' ')}` + } else { + const shellPath = which.sync(scriptShell) + scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.sh`) + script += `#!${shellPath}\n` + script += `${cmd} ${args.map((arg) => escape.sh(arg)).join(' ')}` + } + writeFile(scriptFile, script) + if (!isCmd) { + chmod(scriptFile, '0775') + } + const spawnArgs = isCmd ? ['/d', '/s', '/c', scriptFile] : ['-c', scriptFile] + + const spawnOpts = { + env: setPATH(path, { + // we need to at least save the PATH environment var + ...process.env, + ...env, + npm_package_json: resolve(path, 'package.json'), + npm_lifecycle_event: event, + npm_lifecycle_script: cmd, + npm_config_node_gyp, + }), + stdioString, + stdio, + cwd: path, + ...(isCmd ? { windowsVerbatimArguments: true } : {}), + } + + const cleanup = () => { + // delete the script, this is just a best effort + try { + unlink(scriptFile) + } catch (err) {} + } + + return [scriptShell, spawnArgs, spawnOpts, cleanup] +} + +module.exports = makeSpawnArgs diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp b/node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp new file mode 100755 index 0000000000000..5bec64d961a3a --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp @@ -0,0 +1,2 @@ +#!/usr/bin/env sh +node "$npm_config_node_gyp" "$@" diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp.cmd b/node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp.cmd new file mode 100755 index 0000000000000..4c6987ac9868b --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp.cmd @@ -0,0 +1 @@ +@node "%npm_config_node_gyp%" %* diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/package-envs.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/package-envs.js new file mode 100644 index 0000000000000..6b538e50247fd --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/package-envs.js @@ -0,0 +1,26 @@ +// https://github.com/npm/rfcs/pull/183 + +const envVal = val => Array.isArray(val) ? val.map(v => envVal(v)).join('\n\n') + : val === null || val === false ? '' + : String(val) + +const packageEnvs = (env, vals, prefix) => { + for (const [key, val] of Object.entries(vals)) { + if (val === undefined) { + continue + } else if (val && !Array.isArray(val) && typeof val === 'object') { + packageEnvs(env, val, `${prefix}${key}_`) + } else { + env[`${prefix}${key}`] = envVal(val) + } + } + return env +} + +module.exports = (env, pkg) => packageEnvs({ ...env }, { + name: pkg.name, + version: pkg.version, + config: pkg.config, + engines: pkg.engines, + bin: pkg.bin, +}, 'npm_package_') diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script-pkg.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script-pkg.js new file mode 100644 index 0000000000000..84c5e2bfe0c52 --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script-pkg.js @@ -0,0 +1,97 @@ +const makeSpawnArgs = require('./make-spawn-args.js') +const promiseSpawn = require('@npmcli/promise-spawn') +const packageEnvs = require('./package-envs.js') +const { isNodeGypPackage, defaultGypInstallScript } = require('@npmcli/node-gyp') +const signalManager = require('./signal-manager.js') +const isServerPackage = require('./is-server-package.js') + +// you wouldn't like me when I'm angry... +const bruce = (id, event, cmd) => + `\n> ${id ? id + ' ' : ''}${event}\n> ${cmd.trim().replace(/\n/g, '\n> ')}\n` + +const runScriptPkg = async options => { + const { + event, + path, + scriptShell, + env = {}, + stdio = 'pipe', + pkg, + args = [], + stdioString = false, + // note: only used when stdio:inherit + banner = true, + // how long to wait for a process.kill signal + // only exposed here so that we can make the test go a bit faster. + signalTimeout = 500, + } = options + + const { scripts = {}, gypfile } = pkg + let cmd = null + if (options.cmd) { + cmd = options.cmd + } else if (pkg.scripts && pkg.scripts[event]) { + cmd = pkg.scripts[event] + } else if ( + // If there is no preinstall or install script, default to rebuilding node-gyp packages. + event === 'install' && + !scripts.install && + !scripts.preinstall && + gypfile !== false && + await isNodeGypPackage(path) + ) { + cmd = defaultGypInstallScript + } else if (event === 'start' && await isServerPackage(path)) { + cmd = 'node server.js' + } + + if (!cmd) { + return { code: 0, signal: null } + } + + if (stdio === 'inherit' && banner !== false) { + // we're dumping to the parent's stdout, so print the banner + console.log(bruce(pkg._id, event, cmd)) + } + + const [spawnShell, spawnArgs, spawnOpts, cleanup] = makeSpawnArgs({ + event, + path, + scriptShell, + env: packageEnvs(env, pkg), + stdio, + cmd, + args, + stdioString, + }) + + const p = promiseSpawn(spawnShell, spawnArgs, spawnOpts, { + event, + script: cmd, + pkgid: pkg._id, + path, + }) + + if (stdio === 'inherit') { + signalManager.add(p.process) + } + + if (p.stdin) { + p.stdin.end() + } + + return p.catch(er => { + const { signal } = er + if (stdio === 'inherit' && signal) { + process.kill(process.pid, signal) + // just in case we don't die, reject after 500ms + // this also keeps the node process open long enough to actually + // get the signal, rather than terminating gracefully. + return new Promise((res, rej) => setTimeout(() => rej(er), signalTimeout)) + } else { + throw er + } + }).finally(cleanup) +} + +module.exports = runScriptPkg diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script.js new file mode 100644 index 0000000000000..e9d18261a2c1f --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/run-script.js @@ -0,0 +1,14 @@ +const rpj = require('read-package-json-fast') +const runScriptPkg = require('./run-script-pkg.js') +const validateOptions = require('./validate-options.js') +const isServerPackage = require('./is-server-package.js') + +const runScript = options => { + validateOptions(options) + const { pkg, path } = options + return pkg ? runScriptPkg(options) + : rpj(path + '/package.json') + .then(readPackage => runScriptPkg({ ...options, pkg: readPackage })) +} + +module.exports = Object.assign(runScript, { isServerPackage }) diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/set-path.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/set-path.js new file mode 100644 index 0000000000000..07671f44579dc --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/set-path.js @@ -0,0 +1,45 @@ +const { resolve, dirname } = require('path') +const isWindows = require('./is-windows.js') +// the path here is relative, even though it does not need to be +// in order to make the posix tests pass in windows +const nodeGypPath = resolve(__dirname, '../lib/node-gyp-bin') + +// Windows typically calls its PATH environ 'Path', but this is not +// guaranteed, nor is it guaranteed to be the only one. Merge them +// all together in the order they appear in the object. +const setPATH = (projectPath, env) => { + // not require('path').delimiter, because we fake this for testing + const delimiter = isWindows ? ';' : ':' + const PATH = Object.keys(env).filter(p => /^path$/i.test(p) && env[p]) + .map(p => env[p].split(delimiter)) + .reduce((set, p) => set.concat(p.filter(concatted => !set.includes(concatted))), []) + .join(delimiter) + + const pathArr = [] + // unshift the ./node_modules/.bin from every folder + // walk up until dirname() does nothing, at the root + // XXX should we specify a cwd that we don't go above? + let p = projectPath + let pp + do { + pathArr.push(resolve(p, 'node_modules', '.bin')) + pp = p + p = dirname(p) + } while (p !== pp) + pathArr.push(nodeGypPath, PATH) + + const pathVal = pathArr.join(delimiter) + + // XXX include the node-gyp-bin path somehow? Probably better for + // npm or arborist or whoever to just provide that by putting it in + // the PATH environ, since that's preserved anyway. + for (const key of Object.keys(env)) { + if (/^path$/i.test(key)) { + env[key] = pathVal + } + } + + return env +} + +module.exports = setPATH diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/signal-manager.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/signal-manager.js new file mode 100644 index 0000000000000..7e10f859e0a68 --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/signal-manager.js @@ -0,0 +1,47 @@ +const runningProcs = new Set() +let handlersInstalled = false + +const forwardedSignals = [ + 'SIGINT', + 'SIGTERM', +] + +const handleSignal = signal => { + for (const proc of runningProcs) { + proc.kill(signal) + } +} + +const setupListeners = () => { + for (const signal of forwardedSignals) { + process.on(signal, handleSignal) + } + handlersInstalled = true +} + +const cleanupListeners = () => { + if (runningProcs.size === 0) { + for (const signal of forwardedSignals) { + process.removeListener(signal, handleSignal) + } + handlersInstalled = false + } +} + +const add = proc => { + runningProcs.add(proc) + if (!handlersInstalled) { + setupListeners() + } + + proc.once('exit', () => { + runningProcs.delete(proc) + cleanupListeners() + }) +} + +module.exports = { + add, + handleSignal, + forwardedSignals, +} diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/lib/validate-options.js b/node_modules/pacote/node_modules/@npmcli/run-script/lib/validate-options.js new file mode 100644 index 0000000000000..8d855916ecd15 --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/lib/validate-options.js @@ -0,0 +1,39 @@ +const validateOptions = options => { + if (typeof options !== 'object' || !options) { + throw new TypeError('invalid options object provided to runScript') + } + + const { + event, + path, + scriptShell, + env = {}, + stdio = 'pipe', + args = [], + cmd, + } = options + + if (!event || typeof event !== 'string') { + throw new TypeError('valid event not provided to runScript') + } + if (!path || typeof path !== 'string') { + throw new TypeError('valid path not provided to runScript') + } + if (scriptShell !== undefined && typeof scriptShell !== 'string') { + throw new TypeError('invalid scriptShell option provided to runScript') + } + if (typeof env !== 'object' || !env) { + throw new TypeError('invalid env option provided to runScript') + } + if (typeof stdio !== 'string' && !Array.isArray(stdio)) { + throw new TypeError('invalid stdio option provided to runScript') + } + if (!Array.isArray(args) || args.some(a => typeof a !== 'string')) { + throw new TypeError('invalid args option provided to runScript') + } + if (cmd !== undefined && typeof cmd !== 'string') { + throw new TypeError('invalid cmd option provided to runScript') + } +} + +module.exports = validateOptions diff --git a/node_modules/pacote/node_modules/@npmcli/run-script/package.json b/node_modules/pacote/node_modules/@npmcli/run-script/package.json new file mode 100644 index 0000000000000..38c4862e1db2f --- /dev/null +++ b/node_modules/pacote/node_modules/@npmcli/run-script/package.json @@ -0,0 +1,53 @@ +{ + "name": "@npmcli/run-script", + "version": "4.1.0", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "author": "GitHub Inc.", + "license": "ISC", + "scripts": { + "test": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags", + "eslint": "eslint", + "lint": "eslint \"**/*.js\"", + "lintfix": "npm run lint -- --fix", + "postlint": "template-oss-check", + "snap": "tap", + "posttest": "npm run lint", + "template-oss-apply": "template-oss-apply --force" + }, + "tap": { + "check-coverage": true, + "coverage-map": "map.js" + }, + "devDependencies": { + "@npmcli/eslint-config": "^3.0.1", + "@npmcli/template-oss": "3.5.0", + "minipass": "^3.1.6", + "require-inject": "^1.4.4", + "tap": "^16.0.1" + }, + "dependencies": { + "@npmcli/node-gyp": "^2.0.0", + "@npmcli/promise-spawn": "^3.0.0", + "node-gyp": "^9.0.0", + "read-package-json-fast": "^2.0.3" + }, + "files": [ + "bin/", + "lib/" + ], + "main": "lib/run-script.js", + "repository": { + "type": "git", + "url": "https://github.com/npm/run-script.git" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + }, + "templateOSS": { + "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", + "version": "3.5.0" + } +} diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index af100fa8d6bfa..696c925d35320 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "13.6.0", + "version": "13.6.1", "description": "JavaScript package downloader", "author": "GitHub Inc.", "bin": { @@ -45,7 +45,7 @@ "@npmcli/git": "^3.0.0", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/promise-spawn": "^3.0.0", - "@npmcli/run-script": "^3.0.1", + "@npmcli/run-script": "^4.1.0", "cacache": "^16.0.0", "chownr": "^2.0.0", "fs-minipass": "^2.1.0", diff --git a/package-lock.json b/package-lock.json index 2880a4c70e1ca..d51f272309ef5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -138,7 +138,7 @@ "npm-user-validate": "^1.0.1", "npmlog": "^6.0.2", "opener": "^1.5.2", - "pacote": "^13.6.0", + "pacote": "^13.6.1", "parse-conflict-json": "^2.0.2", "proc-log": "^2.0.1", "qrcode-terminal": "^0.12.0", @@ -5553,15 +5553,15 @@ } }, "node_modules/pacote": { - "version": "13.6.0", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.6.0.tgz", - "integrity": "sha512-zHmuCwG4+QKnj47LFlW3LmArwKoglx2k5xtADiMCivVWPgNRP5QyLDGOIjGjwOe61lhl1rO63m/VxT16pEHLWg==", + "version": "13.6.1", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.6.1.tgz", + "integrity": "sha512-L+2BI1ougAPsFjXRyBhcKmfT016NscRFLv6Pz5EiNf1CCFJFU0pSKKQwsZTyAQB+sTuUL4TyFyp6J1Ork3dOqw==", "inBundle": true, "dependencies": { "@npmcli/git": "^3.0.0", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/promise-spawn": "^3.0.0", - "@npmcli/run-script": "^3.0.1", + "@npmcli/run-script": "^4.1.0", "cacache": "^16.0.0", "chownr": "^2.0.0", "fs-minipass": "^2.1.0", @@ -5587,6 +5587,21 @@ "node": "^12.13.0 || ^14.15.0 || >=16.0.0" } }, + "node_modules/pacote/node_modules/@npmcli/run-script": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.0.tgz", + "integrity": "sha512-bVX9/2YhQscdlC5WEDQ8HH7bw32klCiAvOSvUHJcmeUTUuaQ7z42KiwmnkXWqhVKKhbWPBp+5H0kN6WDyfknzw==", + "inBundle": true, + "dependencies": { + "@npmcli/node-gyp": "^2.0.0", + "@npmcli/promise-spawn": "^3.0.0", + "node-gyp": "^9.0.0", + "read-package-json-fast": "^2.0.3" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, "node_modules/parent-module": { "version": "1.0.1", "dev": true, @@ -10018,7 +10033,7 @@ "npm-pick-manifest": "^7.0.0", "npm-registry-fetch": "^13.0.0", "npmlog": "^6.0.2", - "pacote": "^13.0.5", + "pacote": "^13.6.1", "parse-conflict-json": "^2.0.1", "proc-log": "^2.0.0", "promise-all-reject-late": "^1.0.0", @@ -10077,7 +10092,7 @@ "diff": "^5.0.0", "minimatch": "^5.0.1", "npm-package-arg": "^9.0.1", - "pacote": "^13.0.5", + "pacote": "^13.6.1", "tar": "^6.1.0" }, "devDependencies": { @@ -10100,7 +10115,7 @@ "mkdirp-infer-owner": "^2.0.0", "npm-package-arg": "^9.0.1", "npmlog": "^6.0.2", - "pacote": "^13.0.5", + "pacote": "^13.6.1", "proc-log": "^2.0.0", "read": "^1.0.7", "read-package-json-fast": "^2.0.2", @@ -10172,7 +10187,7 @@ "dependencies": { "@npmcli/run-script": "^3.0.0", "npm-package-arg": "^9.0.1", - "pacote": "^13.5.0" + "pacote": "^13.6.1" }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", @@ -13901,14 +13916,14 @@ } }, "pacote": { - "version": "13.6.0", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.6.0.tgz", - "integrity": "sha512-zHmuCwG4+QKnj47LFlW3LmArwKoglx2k5xtADiMCivVWPgNRP5QyLDGOIjGjwOe61lhl1rO63m/VxT16pEHLWg==", + "version": "13.6.1", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.6.1.tgz", + "integrity": "sha512-L+2BI1ougAPsFjXRyBhcKmfT016NscRFLv6Pz5EiNf1CCFJFU0pSKKQwsZTyAQB+sTuUL4TyFyp6J1Ork3dOqw==", "requires": { "@npmcli/git": "^3.0.0", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/promise-spawn": "^3.0.0", - "@npmcli/run-script": "^3.0.1", + "@npmcli/run-script": "^4.1.0", "cacache": "^16.0.0", "chownr": "^2.0.0", "fs-minipass": "^2.1.0", @@ -13926,6 +13941,19 @@ "rimraf": "^3.0.2", "ssri": "^9.0.0", "tar": "^6.1.11" + }, + "dependencies": { + "@npmcli/run-script": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.0.tgz", + "integrity": "sha512-bVX9/2YhQscdlC5WEDQ8HH7bw32klCiAvOSvUHJcmeUTUuaQ7z42KiwmnkXWqhVKKhbWPBp+5H0kN6WDyfknzw==", + "requires": { + "@npmcli/node-gyp": "^2.0.0", + "@npmcli/promise-spawn": "^3.0.0", + "node-gyp": "^9.0.0", + "read-package-json-fast": "^2.0.3" + } + } } }, "parent-module": { diff --git a/package.json b/package.json index ed03fde449120..b0feb22972206 100644 --- a/package.json +++ b/package.json @@ -107,7 +107,7 @@ "npm-user-validate": "^1.0.1", "npmlog": "^6.0.2", "opener": "^1.5.2", - "pacote": "^13.6.0", + "pacote": "^13.6.1", "parse-conflict-json": "^2.0.2", "proc-log": "^2.0.1", "qrcode-terminal": "^0.12.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index baae74e25ac7b..18b44ca3ad900 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -25,7 +25,7 @@ "npm-pick-manifest": "^7.0.0", "npm-registry-fetch": "^13.0.0", "npmlog": "^6.0.2", - "pacote": "^13.0.5", + "pacote": "^13.6.1", "parse-conflict-json": "^2.0.1", "proc-log": "^2.0.0", "promise-all-reject-late": "^1.0.0", diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index 3630980ccb30b..e9754379d23e2 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -56,7 +56,7 @@ "diff": "^5.0.0", "minimatch": "^5.0.1", "npm-package-arg": "^9.0.1", - "pacote": "^13.0.5", + "pacote": "^13.6.1", "tar": "^6.1.0" }, "templateOSS": { diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index dfe40b0d9f7ad..2d98e529ee007 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -62,7 +62,7 @@ "mkdirp-infer-owner": "^2.0.0", "npm-package-arg": "^9.0.1", "npmlog": "^6.0.2", - "pacote": "^13.0.5", + "pacote": "^13.6.1", "proc-log": "^2.0.0", "read": "^1.0.7", "read-package-json-fast": "^2.0.2", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index 02f06a8bbfa3c..628aef5d1ed41 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -40,7 +40,7 @@ "dependencies": { "@npmcli/run-script": "^3.0.0", "npm-package-arg": "^9.0.1", - "pacote": "^13.5.0" + "pacote": "^13.6.1" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16.0.0"