fix(deps): update dependency @npmcli/arborist to v7 - autoclosed #92
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
This was referenced Mar 2, 2024
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^4.0.0->^7.0.0Release Notes
npm/cli (@npmcli/arborist)
v7.5.4Compare Source
Bug Fixes
6f33d74#7579 arborist: safeguard against null node.target in flag calculation (#7579) (@AmirSa12)a8e666e#7602 arborist: condition to include name field in package-lock fixed (#7602) (@milaninfy)v7.5.3Compare Source
Bug Fixes
2d1d8d0#7559 addsnode:specifier to all native node modules (#7559) (@reggi)Chores
4a36d78#7568 fix linting in arborist debugger (@wraithgar)v7.5.2Compare Source
Bug Fixes
12f103c#7533 add first param titles to logs where missing (#7533) (@lukekarrys)e290352#7499 revert DepsQueue to re-sort on pop() (#7499) (@lukekarrys)56a27fa#7494 avoid caching manifests as promises (@wraithgar)722c0fa#7463 limit packument cache size based on heap size (@wraithgar)effe910#7475 dont omit license from stored manifests (#7475) (@lukekarrys)Dependencies
fd42986#7498@npmcli/fs@3.1.1ea0b07d#7482pacote@18.0.65b2317b#7463 add lru-cache7e15b6d#7480@npmcli/metavuln-calculator@7.1.18b20f8c#7480ssri@10.0.6a9a6dcd#7480pacote@18.0.5e2fdb65#7480npm-pick-manifest@9.0.1e71f541#7480nopt@7.2.118c3b40#7480json-parse-even-better-errors@3.0.2714e3e1#7480hosted-git-info@7.0.2f94d672#7480cacache@18.0.343331e4#7480bin-links@4.0.463ef498#7457npm-registry-fetch@17.0.1Chores
9c4d3c4#7467 template-oss-apply (@lukekarrys)2b7ec54#7467template-oss@4.22.0(@lukekarrys)v7.5.1Compare Source
Bug Fixes
a1b95eb#7453 linting: no-unused-vars (@wraithgar)abcbc54#7430 reify: cleanup of Symbols (#7430) (@wraithgar)57ebebf#7418 update repository.url in package.json (#7418) (@wraithgar)Dependencies
80eec03#7453@npmcli/redact@2.0.0a7145d4#7453npm-registry-fetch@17.0.09da5738#7437@npmcli/run-script@8.1.0(#7437)v7.5.0Compare Source
Features
9123de4#7373 do all ouput over proc-log events (@lukekarrys)9622597#7339 refactor terminal display (#7339) (@lukekarrys)Bug Fixes
78447d7#7399 prefer fs/promises over promisify (#7399) (@lukekarrys)6512112#7378 use proc-log for all timers (@lukekarrys)Dependencies
36adff3#7408pacote@18.0.2486d46c#7408@npmcli/installed-package-contents@2.1.0157d0ae#7408@npmcli/package-json@5.1.0fc6e291#7392proc-log@4.2.0(#7392)38ed048#7378@npmcli/metavuln-calculator@7.1.07678a3d#7378proc-log@4.1.087f6c09#7373@npmcli/metavuln-calculator@7.0.1b8f8b41#7373@npmcli/run-script@8.0.079f79c7#7373proc-log@4.0.09027266#7373pacote@18.0.0ee4b3e0#7373npm-registry-fetch@16.2.1ac98fd3#7373npm-package-arg@11.0.29351570#7373@npmcli/package-json@5.0.3Chores
dd39de7#7411 disable selflink test on apple silicon (#7411) (@lukekarrys)v7.4.2Compare Source
Bug Fixes
ef381b1#7363 use @npmcli/redact for url cleaning (#7363) (@lukekarrys)v7.4.1Compare Source
Bug Fixes
8cab136#7324 ensure maxSockets is respected (#7324) (@lukekarrys)9bffa13#7320 query: properly return :missing nodes (#7320) (@wraithgar)Dependencies
87a61fc#7334npm-registry-fetch@16.2.06fd94f2#7329minimatch@9.0.48cab136#7324agent-base@7.1.1(@lukekarrys)Chores
8cab136#7324 add smoke-test for large prod installs (@lukekarrys)v7.4.0Features
2366edc#7218 query: add :vuln pseudo selector (@wraithgar)Bug Fixes
6d1789c#7237 Arborist code cleanup (#7237) (@wraithgar)ed17276#7218 query-selector: don't look up private packages on :outdated (@wraithgar)Dependencies
16d4c9f#7218@npmcli/query@3.1.0v7.3.1Bug Fixes
d3f1845#7124 clean up idealTree code (@wraithgar)8382fb3#7126 fetch full packument so that libc can be assessed (@styfle, @ljharb)Dependencies
ec77e81#7124promise-call-limit@3.0.1v7.3.0Features
6673c77#6914 add--libcoption to override platform specific install (#6914) (@wraithgar, @Brooooooklyn)v7.2.2Bug Fixes
ae2d982#7027 arborist:node.targetcan benullwhen it is a file dep or symlink (#7027) (@ljharb, @lukekarrys)f875caa#6998 clean up shrinkwrap code (#6998) (@wraithgar)Chores
f656b66#7062@npmcli/template-oss@4.21.3(#7062) (@lukekarrys)9754b17#7051 use global npm for workspace tests (@lukekarrys)3891757#7051@npmcli/template-oss@4.21.2(@lukekarrys)v7.2.1Compare Source
Dependencies
dfb6298#6937node-gyp@10.0.0(#6937)v7.2.0Compare Source
Features
81a460f#6732 add package-lock-only mode to npm query (@wraithgar)0d29855#6732 add no-package-lock mode to npm audit (@wraithgar)Bug Fixes
0860159#6829 ensure workspace links query parents correctly (#6829) (@Carl-Foster)bef7481#6782 query with workspace descendents (#6782) (@bdehamer)Dependencies
aa6728b#6859tar@6.2.0ce9089f#6859npm-package-arg@11.0.10a47af5#6859hosted-git-info@7.0.13ebc474#6859@npmcli/query@3.0.1v7.1.0Compare Source
Features
1c93c44#6755 Add--cpuand--osoption to override platform specific install (#6755) (@yukukotani)v7.0.0Features
fb31c7etrigger release process (@lukekarrys)v6.5.0Compare Source
NEW FEATURES
fc1a8d185Backronymnpm citonpm clean-install. (@zkat)4be51a9cc#81 Adds 'Homepage' to outdated --long output. (@jbottigliero)BUGFIXES
89652cb9bnpm.community#1661 Fix sign-git-commit options. They were previously totally wrong. (@zkat)414f2d1a1npm.community#1742 Set lowercase headers for npm audit requests. (@maartenba)a34246baf#75 Fixnpm edithandling of scoped packages.(@larsgw)*
d3e8a7c72npm.community#2303 Make summary output fornpm cigo tostdout, notstderr. (@alopezsanchez)71d8fb4a9npm.community#1377 Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make surecleanup happens correctly. (@macdja38)
DOCS UPDATES
b1a8729c8#60 Mention --otp flag when prompting for OTP. (@bakkot)bcae4ea81#64 Clarify that git dependencies use the default branch, not justmaster. (@zckrs)15da82690#72bash_completion.ddir is sometimes found in/etcnot/usr/local. (@RobertKielty)8a6ecc793#74 Update OTP documentation fordist-tag addto clarify--otpis needed right now. (@scotttrinh)dcc03ec85#82 Note thatprepareruns when installing git dependencies. (@seishun)a91a470b7#83 Specify that --dry-run isn't available in older versions of npm publish. (@kjin)1b2fabcce#96 Fix inline code tag issue in docs. (@midare)6cc70cc19#68 Add semver link and a note on empty string format todeprecatedoc. (@neverett)61dbbb7c3Fix semver docs after version update. (@zkat)4acd45a3d#78 Correct spelling across various docs. (@hugovk)DEPENDENCIES
4f761283efiggy-pudding@3.5.1(@zkat)3706db0bcnpm.community#1764ssri@6.0.1(@zkat)83c2b117dbluebird@3.5.2(@petkaantonov)2702f46bdci-info@1.5.1(@watson)4db6c3898config-chain@1.1.1:2 (@dawsbot)70bee4f69glob@7.1.3(@isaacs)e469fd6beopener@1.5.1: Fix browser opening under Windows Subsystem for Linux (WSL). (@thijsputman)03840dcedsemver@5.5.1(@iarna)161dc0b41bluebird@3.5.3(@petkaantonov)bb6f94395graceful-fs@4.1.1:5 (@isaacs)43b1f4c91tar@4.4.8(@isaacs)ab62afcc4npm-packlist@1.1.1:2 (@isaacs)027f06be3ci-info@1.6.0(@watson)MISCELLANEOUS
27217dae8#70 Automatically audit dependency licenses for npm itself. (@kemitchell)v6.4.0Compare Source
NEW FEATURES
6e9f04b0bnpm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking:_authToken. (@mkhl)84bfd23e7npm/cli#35 Stop filtering out non-IPv4 addresses fromlocal-addrs, making npm actually use IPv6 addresses when it must. (@valentin2105)792c8c709npm/cli#31 configurable audit level for non-zero exitnpm auditcurrently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of--audit-leveltonpm auditto allow it to pass if only vulnerabilities below a certain level are found. Example:npm audit --audit-level=highwill exit with 0 if only low or moderate level vulns are detected. (@lennym)BUGFIXES
d81146181npm/cli#32 Don't check for updates to npm when we are updating npm itself. (@olore)DEPENDENCY UPDATES
A very special dependency update event! Since the release of
node-gyp@3.8.0, an awkward version conflict that was preventingrequestfrom begin flattened was resolved. This means two things:npm auditnow shows no vulnerabilities for npm itself!Thanks, @rvagg!
866d776c2request@2.87.0(@simov)f861c2b57node-gyp@3.8.0(@rvagg)32e6947c6npm/cli#39colors@1.1.2: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. (@iarna)beb96b92clibcipm@2.0.1(@zkat)348fc91advalidate-npm-package-license@3.0.4: Fixes errors with empty or string-only license fields. (@Gudahtt)e57d34575iferr@1.0.2(@shesek)46f1c6ad4tar@4.4.6(@isaacs)50df1bf69hosted-git-info@2.7.1(@iarna)(@Erveon) (@huochunpeng)
DOCUMENTATION
af98e76ednpm/cli#34 Removenpm publishfrom list of commands not affected by--dry-run. (@joebowbeer)e2b0f0921npm/cli#36 Tweak formatting in repository field examples. (@noahbenham)e2346e770npm/cli#14 Usedprocess.envexamples to make accessing certainnpm run-scriptsenvironment variables more clear. (@mwarger)v6.3.0Features
67459e7#6626 addpkg fixsubcommand (@wraithgar)Bug Fixes
c61e037#6626 use new load/create syntax for package-json (@wraithgar)Dependencies
b252164#6626@npmcli/package-json@4.0.0v6.2.10Bug Fixes
f5b9713#6549 make omit flags work properly with workspaces (#6549) (@Rayyan98, @lukekarrys)40d7e09#6555 remove unnecessary package.json values (#6555) (@lukekarrys)v6.2.9Bug Fixes
a558bbd#6393 code cleanup (#6393) (@wraithgar)Dependencies
e498f82#6416minimatch@9.0.0v6.2.8Bug Fixes
82879f6#6225 lazy loading of arborist and pacote (#6225) (@wraithgar)Dependencies
3fa9542#6363semver@7.5.0357cc29#6363walk-up-path@3.0.1v6.2.7Dependencies
f1388b4#6317 npm updatedeca335#6317promise-call-limit@1.0.2v6.2.6Dependencies
ea12627#6275minimatch@7.4.2v6.2.5Compare Source
Bug Fixes
8a78c6f#6222 only add directories we made to _sparseTreeRoots (#6222) (@nlf)v6.2.4Bug Fixes
962a12e#6193 arborist: dependencies from registries with a peerDependency on a workspace (#6193) (@ixalon)Dependencies
71ae406#6218@npmcli/installed-package-contents@2.0.2v6.2.3Bug Fixes
6ed3535#6175 linked-strategy lifecycle missing bins (#6175) (@fritzy)Documentation
9bc455b#6188 fixing typos (#6188) (@deining)v6.2.2Compare Source
Bug Fixes
12ec7eeremove unused package.json scripts (@lukekarrys)Dependencies
d43f881map-workspaces@3.0.299457f1minimatch@6.1.6v6.2.1Compare Source
Bug Fixes
f5b9713#6549 make omit flags work properly with workspaces (#6549) (@Rayyan98, @lukekarrys)40d7e09#6555 remove unnecessary package.json values (#6555) (@lukekarrys)v6.2.0Compare Source
Features
8d6d851#6078 added --install-strategy=linked (#6078) (@fritzy)v6.1.6Compare Source
Bug Fixes
b584af0#6022 remove unneeded param default (@wraithgar)2ba1171streamline workspace loading code (@wraithgar)2383deb#6037 clean urls from arborist, owner, and ping commands (#6037) (@lukekarrys)c52cf6b#5960 properly handle directory, file, git and alias specs in overrides (@nlf)v6.1.5Compare Source
Bug Fixes
83fb125#5923 audit package mismatch in special case (@fritzy)Dependencies
372d158#5935minimatch@5.1.1(#5935)0a3fe00#5933minipass@4.0.0cf0a174ssri@10.0.13da9a1apacote@15.0.7fee9b66npm-registry-fetch@14.0.3e940917cacache@17.0.3875bd56npm-package-arg@10.1.0v6.1.4Bug Fixes
80c6c4a#5907 do not reset hidden lockfile data before saving (#5907) (@nlf)v6.1.3Bug Fixes
3f13818#5859 refactor / inline single use code (#5859) (@wraithgar)v6.1.2Dependencies
335c7e4#5813cacache@17.0.2878ddfb@npmcli/fs@3.1.0v6.1.1Bug Fixes
1f5382d#5789 don't setstdioStringfor any spawn/run-script calls (@lukekarrys)0c5834e#5758 use hosted-git-info to parse registry urls (#5758) (@lukekarrys)Dependencies
b89c19e#5795cli-table3@​0.6.366f9bcdnopt@7.0.0abfb28b@npmcli/run-script@6.0.0v6.1.0Compare Source
Features
3dd8d68#5751 sort and quote yarn lock keys according to yarn rules (#5751) (@wraithgar, @shalvah)Dependencies
de6618e#5757@npmcli/promise-spawn@5.0.0(#5757)v6.0.0Features
586e78dempty commit to trigger all workspace releases (@lukekarrys)v5.6.2Compare Source
v5.6.1Compare Source
Bug Fixes
1e84102#5350 fix: create links relative to the target (@wraithgar)ea5e3a3#5350 fix: inline single-use functions (@wraithgar)645c680#5329 fix: updateindex.jsspelling error in comment (@KevinBrother)bd2ae5d#5323 fix: linting (@wraithgar)Dependencies
1286f03#5381 deps:unique-filename@2.0.12c4e387#5381 deps:hosted-git-info@5.1.0b12ac01#5381 deps:npm-pick-manifest@7.0.27fbf6f7#5381 deps:bin-links@3.0.326d2e55#5381 deps:@npmcli/query@1.2.0a79ee00#5381 deps:cacache@16.1.38ab12dc#5323 deps:@npmcli/eslint-config@3.1.0v5.6.0Compare Source
Features
v5.5.0Compare Source
Features
Bug Fixes
Dependencies
v5.4.0Compare Source
Features
Bug Fixes
Dependencies
v5.3.1Compare Source
Bug Fixes
v5.3.0Compare Source
Features
v5.2.3Compare Source
Dependencies
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.