-
Notifications
You must be signed in to change notification settings - Fork 997
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency @npmcli/arborist to v6.5.0 #9517
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jtoar
pushed a commit
that referenced
this pull request
Nov 17, 2023
[![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@npmcli/arborist](https://togithub.com/npm/cli) | [`6.2.10` -> `6.5.0`](https://renovatebot.com/diffs/npm/@npmcli%2farborist/6.2.10/6.5.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@npmcli%2farborist/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@npmcli%2farborist/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@npmcli%2farborist/6.2.10/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@npmcli%2farborist/6.2.10/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>npm/cli (@​npmcli/arborist)</summary> ### [`v6.5.0`](https://togithub.com/npm/cli/releases/tag/v6.5.0) [Compare Source](https://togithub.com/npm/cli/compare/v6.4.0...v6.5.0) ##### NEW FEATURES - [`fc1a8d185`](https://togithub.com/npm/cli/commit/fc1a8d185fc678cdf3784d9df9eef9094e0b2dec) Backronym `npm ci` to `npm clean-install`. ([@​zkat](https://togithub.com/zkat)) - [`4be51a9cc`](https://togithub.com/npm/cli/commit/4be51a9cc65635bb26fa4ce62233f26e0104bc20) [#​81](https://togithub.com/npm/cli/pull/81) Adds 'Homepage' to outdated --long output. ([@​jbottigliero](https://togithub.com/jbottigliero)) ##### BUGFIXES - [`89652cb9b`](https://togithub.com/npm/cli/commit/89652cb9b810f929f5586fc90cc6794d076603fb) [npm.community#1661](https://npm.community/t/https://npm.community/t/1661) Fix sign-git-commit options. They were previously totally wrong. ([@​zkat](https://togithub.com/zkat)) - [`414f2d1a1`](https://togithub.com/npm/cli/commit/414f2d1a1bdffc02ed31ebb48a43216f284c21d4) [npm.community#1742](https://npm.community/t/npm-audit-making-non-rfc-compliant-requests-to-server-resulting-in-400-bad-request-pr-with-fix/1742) Set lowercase headers for npm audit requests. ([@​maartenba](https://togithub.com/maartenba)) - [`a34246baf`](https://togithub.com/npm/cli/commit/a34246bafe73218dc9e3090df9ee800451db2c7d) [#​75](https://togithub.com/npm/cli/pull/75) Fix `npm edit` handling of scoped packages. ([@​larsgw](https://togithub.com/larsgw))\* [`d3e8a7c72`](https://togithub.com/npm/cli/commit/d3e8a7c7240dd25379a5bcad324a367c58733c73) [npm.community#2303](https://npm.community/t/npm-ci-logs-success-to-stderr/2303) Make summary output for `npm ci` go to `stdout`, not `stderr`. ([@​alopezsanchez](https://togithub.com/alopezsanchez)) - [`71d8fb4a9`](https://togithub.com/npm/cli/commit/71d8fb4a94d65e1855f6d0c5f2ad2b7c3202e3c4) [npm.community#1377](https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3) Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make sure cleanup happens correctly. ([@​macdja38](https://togithub.com/macdja38)) ##### DOCS UPDATES - [`b1a8729c8`](https://togithub.com/npm/cli/commit/b1a8729c80175243fbbeecd164e9ddd378a09a50) [#​60](https://togithub.com/npm/cli/pull/60) Mention --otp flag when prompting for OTP. ([@​bakkot](https://togithub.com/bakkot)) - [`bcae4ea81`](https://togithub.com/npm/cli/commit/bcae4ea8173e489a76cc226bbd30dd9eabe21ec6) [#​64](https://togithub.com/npm/cli/pull/64) Clarify that git dependencies use the default branch, not just `master`. ([@​zckrs](https://togithub.com/zckrs)) - [`15da82690`](https://togithub.com/npm/cli/commit/15da8269032bf509ade3252978e934f2a61d4499) [#​72](https://togithub.com/npm/cli/pull/72) `bash_completion.d` dir is sometimes found in `/etc` not `/usr/local`. ([@​RobertKielty](https://togithub.com/RobertKielty)) - [`8a6ecc793`](https://togithub.com/npm/cli/commit/8a6ecc7936dae2f51638397ff5a1d35cccda5495) [#​74](https://togithub.com/npm/cli/pull/74) Update OTP documentation for `dist-tag add` to clarify `--otp` is needed right now. ([@​scotttrinh](https://togithub.com/scotttrinh)) - [`dcc03ec85`](https://togithub.com/npm/cli/commit/dcc03ec858bddd7aa2173b5a86b55c1c2385a2a3) [#​82](https://togithub.com/npm/cli/pull/82) Note that `prepare` runs when installing git dependencies. ([@​seishun](https://togithub.com/seishun)) - [`a91a470b7`](https://togithub.com/npm/cli/commit/a91a470b71e08ccf6a75d4fb8c9937789fa8d067) [#​83](https://togithub.com/npm/cli/pull/83) Specify that --dry-run isn't available in older versions of npm publish. ([@​kjin](https://togithub.com/kjin)) - [`1b2fabcce`](https://togithub.com/npm/cli/commit/1b2fabccede37242233755961434c52536224de5) [#​96](https://togithub.com/npm/cli/pull/96) Fix inline code tag issue in docs. ([@​midare](https://togithub.com/midare)) - [`6cc70cc19`](https://togithub.com/npm/cli/commit/6cc70cc1977e58a3e1ea48e660ffc6b46b390e59) [#​68](https://togithub.com/npm/cli/pull/68) Add semver link and a note on empty string format to `deprecate` doc. ([@​neverett](https://togithub.com/neverett)) - [`61dbbb7c3`](https://togithub.com/npm/cli/commit/61dbbb7c3474834031bce88c423850047e8131dc) Fix semver docs after version update. ([@​zkat](https://togithub.com/zkat)) - [`4acd45a3d`](https://togithub.com/npm/cli/commit/4acd45a3d0ce92f9999446226fe7dfb89a90ba2e) [#​78](https://togithub.com/npm/cli/pull/78) Correct spelling across various docs. ([@​hugovk](https://togithub.com/hugovk)) ##### DEPENDENCIES - [`4f761283e`](https://togithub.com/npm/cli/commit/4f761283e8896d0ceb5934779005646463a030e8) `[email protected]` ([@​zkat](https://togithub.com/zkat)) - [`3706db0bc`](https://togithub.com/npm/cli/commit/3706db0bcbc306d167bb902362e7f6962f2fe1a1) [npm.community#1764](https://npm.community/t/crash-invalid-config-key-requested-error/1764) `[email protected]` ([@​zkat](https://togithub.com/zkat)) - [`83c2b117d`](https://togithub.com/npm/cli/commit/83c2b117d0b760d0ea8d667e5e4bdfa6a7a7a8f6) `[email protected]` ([@​petkaantonov](https://togithub.com/petkaantonov)) - [`2702f46bd`](https://togithub.com/npm/cli/commit/2702f46bd7284fb303ca2119d23c52536811d705) `[email protected]` ([@​watson](https://togithub.com/watson)) - [`4db6c3898`](https://togithub.com/npm/cli/commit/4db6c3898b07100e3a324e4aae50c2fab4b93a04) `[email protected]`:2 ([@​dawsbot](https://togithub.com/dawbot)) - [`70bee4f69`](https://togithub.com/npm/cli/commit/70bee4f69bb4ce4e18c48582fe2b48d8b4aba566) `[email protected]` ([@​isaacs](https://togithub.com/isaacs)) - [`e469fd6be`](https://togithub.com/npm/cli/commit/e469fd6be95333dcaa7cf377ca3620994ca8d0de) `[email protected]`: Fix browser opening under Windows Subsystem for Linux (WSL). ([@​thijsputman](https://togithub.com/thijsputman)) - [`03840dced`](https://togithub.com/npm/cli/commit/03840dced865abdca6e6449ea030962e5b19db0c) `[email protected]` ([@​iarna](https://togithub.com/iarna)) - [`161dc0b41`](https://togithub.com/npm/cli/commit/161dc0b4177e76306a0e3b8660b3b496cc3db83b) `[email protected]` ([@​petkaantonov](https://togithub.com/petkaantonov)) - [`bb6f94395`](https://togithub.com/npm/cli/commit/bb6f94395491576ec42996ff6665df225f6b4377) `[email protected]`:5 ([@​isaacs](https://togithub.com/isaacs)) - [`43b1f4c91`](https://togithub.com/npm/cli/commit/43b1f4c91fa1d7b3ebb6aa2d960085e5f3ac7607) `[email protected]` ([@​isaacs](https://togithub.com/isaacs)) - [`ab62afcc4`](https://togithub.com/npm/cli/commit/ab62afcc472de82c479bf91f560a0bbd6a233c80) `[email protected]`:2 ([@​isaacs](https://togithub.com/isaacs)) - [`027f06be3`](https://togithub.com/npm/cli/commit/027f06be35bb09f390e46fcd2b8182539939d1f7) `[email protected]` ([@​watson](https://togithub.com/watson)) ##### MISCELLANEOUS - [`27217dae8`](https://togithub.com/npm/cli/commit/27217dae8adbc577ee9cb323b7cfe9c6b2493aca) [#​70](https://togithub.com/npm/cli/pull/70) Automatically audit dependency licenses for npm itself. ([@​kemitchell](https://togithub.com/kemitchell)) ### [`v6.4.0`](https://togithub.com/npm/cli/releases/tag/v6.4.0) [Compare Source](https://togithub.com/npm/cli/compare/v6.3.0...v6.4.0) ##### NEW FEATURES - [`6e9f04b0b`](https://togithub.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7) [npm/cli#8](https://togithub.com/npm/cli/pull/8) Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking `:_authToken`. ([@​mkhl](https://togithub.com/mkhl)) - [`84bfd23e7`](https://togithub.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022) [npm/cli#35](https://togithub.com/npm/cli/pull/35) Stop filtering out non-IPv4 addresses from `local-addrs`, making npm actually use IPv6 addresses when it must. ([@​valentin2105](https://togithub.com/valentin2105)) - [`792c8c709`](https://togithub.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd) [npm/cli#31](https://togithub.com/npm/cli/pull/31) configurable audit level for non-zero exit `npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected. ([@​lennym](https://togithub.com/lennym)) ##### BUGFIXES - [`d81146181`](https://togithub.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c) [npm/cli#32](https://togithub.com/npm/cli/pull/32) Don't check for updates to npm when we are updating npm itself. ([@​olore](https://togithub.com/olore)) ##### DEPENDENCY UPDATES A very special dependency update event! Since the [release of `[email protected]`](https://togithub.com/nodejs/node-gyp/pull/1521), an awkward version conflict that was preventing `request` from begin flattened was resolved. This means two things: 1. We've cut down the npm tarball size by another 200kb, to 4.6MB 2. `npm audit` now shows no vulnerabilities for npm itself! Thanks, [@​rvagg](https://togithub.com/rvagg)! - [`866d776c2`](https://togithub.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6) `[email protected]` ([@​simov](https://togithub.com/simov)) - [`f861c2b57`](https://togithub.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f) `[email protected]` ([@​rvagg](https://togithub.com/rvagg)) - [`32e6947c6`](https://togithub.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9) [npm/cli#39](https://togithub.com/npm/cli/pull/39) `[email protected]`: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. ([@​iarna](https://togithub.com/iarna)) - [`beb96b92c`](https://togithub.com/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335) `[email protected]` ([@​zkat](https://togithub.com/zkat)) - [`348fc91ad`](https://togithub.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1) `[email protected]`: Fixes errors with empty or string-only license fields. ([@​Gudahtt](https://togithub.com/Gudahtt)) - [`e57d34575`](https://togithub.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550) `[email protected]` ([@​shesek](https://togithub.com/shesek)) - [`46f1c6ad4`](https://togithub.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c) `[email protected]` ([@​isaacs](https://togithub.com/isaacs)) - [`50df1bf69`](https://togithub.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561) `[email protected]` ([@​iarna](https://togithub.com/iarna)) ([@​Erveon](https://togithub.com/Erveon)) ([@​huochunpeng](https://togithub.com/huochunpeng)) ##### DOCUMENTATION - [`af98e76ed`](https://togithub.com/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a) [npm/cli#34](https://togithub.com/npm/cli/pull/34) Remove `npm publish` from list of commands not affected by `--dry-run`. ([@​joebowbeer](https://togithub.com/joebowbeer)) - [`e2b0f0921`](https://togithub.com/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce) [npm/cli#36](https://togithub.com/npm/cli/pull/36) Tweak formatting in repository field examples. ([@​noahbenham](https://togithub.com/noahbenham)) - [`e2346e770`](https://togithub.com/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a) [npm/cli#14](https://togithub.com/npm/cli/pull/14) Used `process.env` examples to make accessing certain `npm run-scripts` environment variables more clear. ([@​mwarger](https://togithub.com/mwarger)) ### [`v6.3.0`](https://togithub.com/npm/cli/blob/HEAD/workspaces/arborist/CHANGELOG.md#630-2023-07-05) ##### Features - [`67459e7`](https://togithub.com/npm/cli/commit/67459e7b56a5e8d2b4f8eb3a0487183013c63b99) [#​6626](https://togithub.com/npm/cli/pull/6626) add `pkg fix` subcommand ([@​wraithgar](https://togithub.com/wraithgar)) ##### Bug Fixes - [`c61e037`](https://togithub.com/npm/cli/commit/c61e0376408240590bfc712fe9fdadd7dc9a48bc) [#​6626](https://togithub.com/npm/cli/pull/6626) use new load/create syntax for package-json ([@​wraithgar](https://togithub.com/wraithgar)) ##### Dependencies - [`b252164`](https://togithub.com/npm/cli/commit/b252164dd5c866bf2d25c96836ad829d4d6909ee) [#​6626](https://togithub.com/npm/cli/pull/6626) `@npmcli/[email protected]` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.2.10
->6.5.0
Release Notes
npm/cli (@npmcli/arborist)
v6.5.0
Compare Source
NEW FEATURES
fc1a8d185
Backronymnpm ci
tonpm clean-install
. (@zkat)4be51a9cc
#81 Adds 'Homepage' to outdated --long output. (@jbottigliero)BUGFIXES
89652cb9b
npm.community#1661 Fix sign-git-commit options. They were previously totally wrong. (@zkat)414f2d1a1
npm.community#1742 Set lowercase headers for npm audit requests. (@maartenba)a34246baf
#75 Fixnpm edit
handling of scoped packages.(@larsgw)*
d3e8a7c72
npm.community#2303 Make summary output fornpm ci
go tostdout
, notstderr
. (@alopezsanchez)71d8fb4a9
npm.community#1377 Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make surecleanup happens correctly. (@macdja38)
DOCS UPDATES
b1a8729c8
#60 Mention --otp flag when prompting for OTP. (@bakkot)bcae4ea81
#64 Clarify that git dependencies use the default branch, not justmaster
. (@zckrs)15da82690
#72bash_completion.d
dir is sometimes found in/etc
not/usr/local
. (@RobertKielty)8a6ecc793
#74 Update OTP documentation fordist-tag add
to clarify--otp
is needed right now. (@scotttrinh)dcc03ec85
#82 Note thatprepare
runs when installing git dependencies. (@seishun)a91a470b7
#83 Specify that --dry-run isn't available in older versions of npm publish. (@kjin)1b2fabcce
#96 Fix inline code tag issue in docs. (@midare)6cc70cc19
#68 Add semver link and a note on empty string format todeprecate
doc. (@neverett)61dbbb7c3
Fix semver docs after version update. (@zkat)4acd45a3d
#78 Correct spelling across various docs. (@hugovk)DEPENDENCIES
4f761283e
[email protected]
(@zkat)3706db0bc
npm.community#1764[email protected]
(@zkat)83c2b117d
[email protected]
(@petkaantonov)2702f46bd
[email protected]
(@watson)4db6c3898
[email protected]
:2 (@dawsbot)70bee4f69
[email protected]
(@isaacs)e469fd6be
[email protected]
: Fix browser opening under Windows Subsystem for Linux (WSL). (@thijsputman)03840dced
[email protected]
(@iarna)161dc0b41
[email protected]
(@petkaantonov)bb6f94395
[email protected]
:5 (@isaacs)43b1f4c91
[email protected]
(@isaacs)ab62afcc4
[email protected]
:2 (@isaacs)027f06be3
[email protected]
(@watson)MISCELLANEOUS
27217dae8
#70 Automatically audit dependency licenses for npm itself. (@kemitchell)v6.4.0
Compare Source
NEW FEATURES
6e9f04b0b
npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking:_authToken
. (@mkhl)84bfd23e7
npm/cli#35 Stop filtering out non-IPv4 addresses fromlocal-addrs
, making npm actually use IPv6 addresses when it must. (@valentin2105)792c8c709
npm/cli#31 configurable audit level for non-zero exitnpm audit
currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of--audit-level
tonpm audit
to allow it to pass if only vulnerabilities below a certain level are found. Example:npm audit --audit-level=high
will exit with 0 if only low or moderate level vulns are detected. (@lennym)BUGFIXES
d81146181
npm/cli#32 Don't check for updates to npm when we are updating npm itself. (@olore)DEPENDENCY UPDATES
A very special dependency update event! Since the release of
[email protected]
, an awkward version conflict that was preventingrequest
from begin flattened was resolved. This means two things:npm audit
now shows no vulnerabilities for npm itself!Thanks, @rvagg!
866d776c2
[email protected]
(@simov)f861c2b57
[email protected]
(@rvagg)32e6947c6
npm/cli#39[email protected]
: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. (@iarna)beb96b92c
[email protected]
(@zkat)348fc91ad
[email protected]
: Fixes errors with empty or string-only license fields. (@Gudahtt)e57d34575
[email protected]
(@shesek)46f1c6ad4
[email protected]
(@isaacs)50df1bf69
[email protected]
(@iarna)(@Erveon) (@huochunpeng)
DOCUMENTATION
af98e76ed
npm/cli#34 Removenpm publish
from list of commands not affected by--dry-run
. (@joebowbeer)e2b0f0921
npm/cli#36 Tweak formatting in repository field examples. (@noahbenham)e2346e770
npm/cli#14 Usedprocess.env
examples to make accessing certainnpm run-scripts
environment variables more clear. (@mwarger)v6.3.0
Features
67459e7
#6626 addpkg fix
subcommand (@wraithgar)Bug Fixes
c61e037
#6626 use new load/create syntax for package-json (@wraithgar)Dependencies
b252164
#6626@npmcli/[email protected]
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.