chore(deps): update npm to v11

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
npm (source)	10.9.2 -> 11.6.2

---

Release Notes

npm/cli (npm)

v11.6.2

Compare Source

Bug Fixes

• c54d1e9 #​8633 progress bar code cleanup (#​8633) (@​wraithgar)
• d352e27 #​8629 do not redact notice logs going to stdout (#​8629) (@​wraithgar)
• 5ac3678 #​8617 spelling in ./lib and ./test/lib (#​8617) (@​jsoref)
• 9197995 #​8619 spelling (#​8619) (@​jsoref)
• dd884e3 #​8618 spelling (#​8618) (@​jsoref)
• f6028e6 #​8614 skip redacting urls meant for opening by the user (#​8614) (@​wraithgar, @​jolyndenning)
• 54fd27f #​8602 refactor node.ideallyInert to node.inert (#​8602) (@​liamcmitchell)
• 79e3c1e #​8593 use @​npmcli/package-json to normalize package data (@​wraithgar)

Documentation

• 0469c5e #​8639 rewrap markdown (#​8639) (@​jsoref)
• 9ceb9c1 #​8636 rewrap markdown (#​8636) (@​jsoref)
• 6324370 #​8616 fix spelling (#​8616) (@​jsoref)
• 1b0429a #​8607 Fix spelling (#​8607) (@​jsoref)
• 7fbe07a #​8603 clean up deprecated npm access commands (#​8603) (@​jsoref)

Dependencies

• fa7cc6f #​8662 ci-info@4.3.1 (#​8662)
• b05461b #​8663 @sigstore/sign@4.0.1 (#​8663)
• c31de22 #​8661 downgrade ci-info to 4.3.0 (#​8661) (@​wraithgar)
• c5191b5 #​8659 ci-info@4.3.1
• f255c92 #​8659 hosted-git-info@9.0.2
• bdaf323 #​8659 is-cidr@6.0.1
• a33f106 #​8659 lru-cache@11.2.2
• 8044e07 #​8659 npm-package-arg@13.0.1
• f577504 #​8659 npm-packlist@10.0.2
• 9aa4fa6 #​8659 semver@7.7.3
• fe9484a #​8593 remove normalize-package-data

Chores

• b3409f4 #​8659 dev dependency updates (@​wraithgar)
• e8de81b #​8643 Add automatically generated annotation to dependencies.md (#​8643) (@​jsoref)
• 67cfaf3 #​8627 fix spelling: different (#​8627) (@​jsoref)
• 17ddc0d #​8622 fix spelling (#​8622) (@​jsoref)
• c3e1790 #​8605 Remove reference to nonexistent calendar (#​8605) (@​jsoref)
• ac9143e #​8604 Improve link accessibility for screen reader users (#​8604) (@​jsoref)
• 62d73e7 #​8601 remove references to benchmarks workflow (#​8601) (@​jsoref)
• bb4b739 #​8598 remove stale comment (#​8598) (@​jsoref)
• f73e65d #​8592 fix build url code for remark-github@​12 (#​8592) (@​wraithgar)
• workspace: @npmcli/arborist@9.1.6
• workspace: @npmcli/config@10.4.2
• workspace: libnpmaccess@10.0.3
• workspace: libnpmdiff@8.0.9
• workspace: libnpmexec@10.1.8
• workspace: libnpmfund@7.0.9
• workspace: libnpmpack@9.0.9
• workspace: libnpmpublish@11.1.2

v11.6.1

Compare Source

Bug Fixes

• d389614 #​8579 corrects peer dependency flag propagation (@​owlstronaut)
• 5db81c3 #​8512 allow concurrent non-local npx calls (#​8512) (@​jenseng, @​wraithgar)

Documentation

• 7a09902 #​8582 bring back certfile (#​8582) (@​jenseng)

Dependencies

• 849dcb6 #​8589 tar@7.5.1 (#​8589)
• ea15731 #​8576 binary-extensions@3.1.0
• 0f41bac #​8576 tiny-relative-date@2.0.2
• 07bf540 #​8576 is-cidr@6.0.0
• ef87ec6 #​8576 diff@8.0.2
• 48285e0 #​8576 add fdir, isexe, and picomatch to node_modules
• 099238a #​8576 fdir@6.5.0
• 6e4d673 #​8576 isexe@3.1.1
• 09a7494 #​8576 supports-color@10.2.2
• c5157c9 #​8576 chalk@5.6.2
• 46035db #​8576 debug@4.4.3
• 5f6664b #​8576 spdx-license-ids@3.0.22
• 5516583 #​8576 socks@2.8.7
• 6a392f3 #​8576 tinyglobby@0.2.15
• 9519f18 #​8576 npm-install-checks@7.1.2
• 34bafd1 #​8576 node-gyp@11.4.2
• dfd034e #​8576 @npmcli/promise-spawn@8.0.3
• d4eef14 #​8576 rimraf@6.0.1
• 566f1b7 #​8576 minimatch@10.0.3
• ac33497 #​8576 mkdirp@3.0.1
• 1676626 #​8576 glob@11.0.3
• 817f0b1 #​8576 ignore-walk@8.0.0
• 79a4e67 #​8576 minizlib@3.0.2
• 38fa2c2 #​8576 negotiator@1.0.0
• 24252a1 #​8576 @npmcli/agent@4.0.0
• ea7ca5f #​8576 lru-cache@11.2.1
• 521823b #​8576 @npmcli/git@7.0.0
• bf6b686 #​8576 npm-package-arg@13.0.0
• 9392488 #​8576 npm-package-manifest@11.0.1
• 0082083 #​8576 normalize-package-data@8.0.0
• 633c4ed #​8576 hosted-git-info@9.0.0
• 66f64eb #​8576 make-fetch-happen@15.0.2
• 1f85f94 #​8576 @sigstore/tuf@4.0.0
• a2bdecc #​8576 sigstore@4.0.0
• 1149971 #​8576 npm-registry-fetch@19.0.0
• b5bd5e3 #​8576 npm-profile@12.0.0
• 6221e27 #​8576 @npmcli/metavuln-calculator@9.0.2
• da81a37 #​8576 cacache@20.0.1
• 6b4c5f9 #​8576 @npmcli/run-script@10.0.0
• cb36a8a #​8576 init-package-json@8.2.2
• b6bb9ae #​8576 pacote@21.0.3
• 1b4433f #​8576 @npmcli/map-workspaces@5.0.0
• ceae674 #​8576 @npmcli/package-json@7.0.1
• 4f37534 #​8576 remove read-package-json-fast

Chores

• 7eb5c09 #​8576 update package-lock with peer flag fixes (@​wraithgar)
• 0d00fd8 #​8576 jsdom@27.0.0 (@​wraithgar)
• 420a569 #​8576 unified@11.0.5 (@​wraithgar)
• 064deb3 #​8576 remark-rehype@11.1.2 (@​wraithgar)
• 30fe3ba #​8576 remark-man@9.0.0 (@​wraithgar)
• 1c6bb4c #​8576 rehype-stringify@10.0.1 (@​wraithgar)
• 208cb93 #​8576 remark-gfm@4.0.1 (@​wraithgar)
• 4a46b5a #​8576 remark-github@12.0.0 (@​wraithgar)
• 93d190b #​8576 remark-parse@11.0.0 (@​wraithgar)
• 05301a4 #​8576 remark@15.0.1 (@​wraithgar)
• 6afdda9 #​8576 ajv-formats@3.0.1 (@​wraithgar)
• 402a0ab #​8576 @npmcli/template-oss@4.25.1 (@​wraithgar)
• 3b43bf7 #​8576 dev dependency updates (@​wraithgar)
• 9f9146f #​8576 @tufjs/repo-mock@4.0.0 (@​wraithgar)
• eed8a10 #​8576 use latest/local arborist in mock-registry (@​wraithgar)
• workspace: @npmcli/arborist@9.1.5
• workspace: @npmcli/config@10.4.1
• workspace: libnpmaccess@10.0.2
• workspace: libnpmdiff@8.0.8
• workspace: libnpmexec@10.1.7
• workspace: libnpmfund@7.0.8
• workspace: libnpmorg@8.0.1
• workspace: libnpmpack@9.0.8
• workspace: libnpmpublish@11.1.1
• workspace: libnpmsearch@9.0.1
• workspace: libnpmteam@8.0.2
• workspace: libnpmversion@8.0.2

v11.6.0

Compare Source

Features

• bdcc10d #​8359 add support for optional env var replacements in .npmrc (#​8359) (@​aczekajski, @​owlstronaut)

Bug Fixes

• dd4cee9 #​8539 powershell: improve argument parsing (#​8539) (@​alexsch01)
• 5f18557 #​8532 powershell: fix issue with modified InvocationName (#​8532) (@​alexsch01)
• 9e5abf1 #​8529 add redaction to log format egress (#​8529) (@​wraithgar)
• 75ce64a #​8524 revert handle signal exits gracefully (#​8524) (@​owlstronaut)
• 5d82d0b #​8469 ps1 scripts in powershell 5.1 (#​8469) (@​splatteredbits)

Dependencies

• workspace: @npmcli/arborist@9.1.4
• workspace: @npmcli/config@10.4.0
• workspace: libnpmdiff@8.0.7
• workspace: libnpmexec@10.1.6
• workspace: libnpmfund@7.0.7
• workspace: libnpmpack@9.0.7

v11.5.2

Compare Source

Bug Fixes

• 7d900c4 #​8467 oidc visibility check for provenance (#​8467) (@​reggi, @​wraithgar)

Documentation

• d4e56b2 #​8459 update snapshot generation command (#​8459) (@​MikeMcC399)

v11.5.1

Compare Source

Bug Fixes

• 476bf17 #​8457 provenance should only default for oidc (@​reggi)

v11.5.0

Compare Source

Features

• 1cce318 #​8336 adds support for oidc publish (#​8336) (@​reggi)

Bug Fixes

• 7f66f0a #​8447 add better hint for before and clean up description (@​wraithgar)
• 280817a #​8447 add --before param to command help output (@​wraithgar)
• 6e47325 #​8441 Makes 404 errors less scary without revealing existence (#​8441) (@​owlstronaut)
• 0a97ffd #​8429 handle signal exits gracefully (@​owlstronaut)
• 5b858c6 #​8411 ensure progress bars display consistently across all environments (#​8411) (@​owlstronaut)

Documentation

• ef3529e #​8435 add test snapshot (#​8435) (@​reggi, @​wraithgar)
• b7758d7 #​8418 remove reference to Node.js download less common os (#​8418) (@​MikeMcC399)
• 746ac5d #​8380 remove duplicate info (#​8380) (@​alexsch01)
• 4673e9c #​8371 rebrand OS X references to macOS (@​MikeMcC399)

Dependencies

• 398fed4 #​8450 normalize-package-data@7.0.1
• 5b242c9 #​8450 validate-npm-package-name@6.0.2
• d4e8a8a #​8450 tuf-js@3.1.0
• e1b37b2 #​8450 picomatch@4.0.3
• 3cb5884 #​8450 socks@2.8.6
• daea981 #​8450 ci-info@4.3.0
• 39ad47d #​8450 aproba@2.1.0
• a789f33 #​8450 agent-base@7.1.4
• 1c0d257 #​8450 @npmcli/metavuln-calculator@9.0.1

Chores

• 804a964 #​8450 update devDependencies in lockfile (@​wraithgar)
• 643ae71 #​8450 update mock-registry to use local arborist (@​wraithgar)
• cf023d7 #​8421 contributing: prepare easier copy-paste contributing commands (#​8421) (@​MikeMcC399)
• 3f60b5f #​8383 @npmcli/template-oss@4.24.4 (#​8383) (@​wraithgar)
• 01f8cc6 #​8381 @npmcli/template-oss@4.24.3 (#​8381) (@​wraithgar)
• workspace: @npmcli/arborist@9.1.3
• workspace: @npmcli/config@10.3.1
• workspace: libnpmdiff@8.0.6
• workspace: libnpmexec@10.1.5
• workspace: libnpmfund@7.0.6
• workspace: libnpmpack@9.0.6
• workspace: libnpmpublish@11.1.0

v11.4.2

Compare Source

Bug Fixes

• d389614 #​8579 corrects peer dependency flag propagation (@​owlstronaut)
• 5db81c3 #​8512 allow concurrent non-local npx calls (#​8512) (@​jenseng, @​wraithgar)

Documentation

• 7a09902 #​8582 bring back certfile (#​8582) (@​jenseng)

Dependencies

• 849dcb6 #​8589 tar@7.5.1 (#​8589)
• ea15731 #​8576 binary-extensions@3.1.0
• 0f41bac #​8576 tiny-relative-date@2.0.2
• 07bf540 #​8576 is-cidr@6.0.0
• ef87ec6 #​8576 diff@8.0.2
• 48285e0 #​8576 add fdir, isexe, and picomatch to node_modules
• 099238a #​8576 fdir@6.5.0
• 6e4d673 #​8576 isexe@3.1.1
• 09a7494 #​8576 supports-color@10.2.2
• c5157c9 #​8576 chalk@5.6.2
• 46035db #​8576 debug@4.4.3
• 5f6664b #​8576 spdx-license-ids@3.0.22
• 5516583 #​8576 socks@2.8.7
• 6a392f3 #​8576 tinyglobby@0.2.15
• 9519f18 #​8576 npm-install-checks@7.1.2
• 34bafd1 #​8576 node-gyp@11.4.2
• dfd034e #​8576 @npmcli/promise-spawn@8.0.3
• d4eef14 #​8576 rimraf@6.0.1
• 566f1b7 #​8576 minimatch@10.0.3
• ac33497 #​8576 mkdirp@3.0.1
• 1676626 #​8576 glob@11.0.3
• 817f0b1 #​8576 ignore-walk@8.0.0
• 79a4e67 #​8576 minizlib@3.0.2
• 38fa2c2 #​8576 negotiator@1.0.0
• 24252a1 #​8576 @npmcli/agent@4.0.0
• ea7ca5f #​8576 lru-cache@11.2.1
• 521823b #​8576 @npmcli/git@7.0.0
• bf6b686 #​8576 npm-package-arg@13.0.0
• 9392488 #​8576 npm-package-manifest@11.0.1
• 0082083 #​8576 normalize-package-data@8.0.0
• 633c4ed #​8576 hosted-git-info@9.0.0
• 66f64eb #​8576 make-fetch-happen@15.0.2
• 1f85f94 #​8576 @sigstore/tuf@4.0.0
• a2bdecc #​8576 sigstore@4.0.0
• 1149971 #​8576 npm-registry-fetch@19.0.0
• b5bd5e3 #​8576 npm-profile@12.0.0
• 6221e27 #​8576 @npmcli/metavuln-calculator@9.0.2
• da81a37 #​8576 cacache@20.0.1
• 6b4c5f9 #​8576 @npmcli/run-script@10.0.0
• cb36a8a #​8576 init-package-json@8.2.2
• b6bb9ae #​8576 pacote@21.0.3
• 1b4433f #​8576 @npmcli/map-workspaces@5.0.0
• ceae674 #​8576 @npmcli/package-json@7.0.1
• 4f37534 #​8576 remove read-package-json-fast

Chores

• 7eb5c09 #​8576 update package-lock with peer flag fixes (@​wraithgar)
• 0d00fd8 #​8576 jsdom@27.0.0 (@​wraithgar)
• 420a569 #​8576 unified@11.0.5 (@​wraithgar)
• 064deb3 #​8576 remark-rehype@11.1.2 (@​wraithgar)
• 30fe3ba #​8576 remark-man@9.0.0 (@​wraithgar)
• 1c6bb4c #​8576 rehype-stringify@10.0.1 (@​wraithgar)
• 208cb93 #​8576 remark-gfm@4.0.1 (@​wraithgar)
• 4a46b5a #​8576 remark-github@12.0.0 (@​wraithgar)
• 93d190b #​8576 remark-parse@11.0.0 (@​wraithgar)
• 05301a4 #​8576 remark@15.0.1 (@​wraithgar)
• 6afdda9 #​8576 ajv-formats@3.0.1 (@​wraithgar)
• 402a0ab #​8576 @npmcli/template-oss@4.25.1 (@​wraithgar)
• 3b43bf7 #​8576 dev dependency updates (@​wraithgar)
• 9f9146f #​8576 @tufjs/repo-mock@4.0.0 (@​wraithgar)
• eed8a10 #​8576 use latest/local arborist in mock-registry (@​wraithgar)
• workspace: @npmcli/arborist@9.1.5
• workspace: @npmcli/config@10.4.1
• workspace: libnpmaccess@10.0.2
• workspace: libnpmdiff@8.0.8
• workspace: libnpmexec@10.1.7
• workspace: libnpmfund@7.0.8
• workspace: libnpmorg@8.0.1
• workspace: libnpmpack@9.0.8
• workspace: libnpmpublish@11.1.1
• workspace: libnpmsearch@9.0.1
• workspace: libnpmteam@8.0.2
• workspace: libnpmversion@8.0.2

v11.4.1

Compare Source

Documentation

• 3ed764a #​8308 Clarify script working directory behavior (fixes #​8305) (#​8308) (@​tarekwfa0110, @​owlstronaut)

Chores

• 2f30251 #​8314 remove references to skimdb.npmjs.com (#​8314) (@​shmam)
• 9cb9d50 #​8298 add contributor to changelog entry (#​8298) (@​wraithgar)

Dependencies

• workspace: @npmcli/arborist@9.1.1
• workspace: libnpmdiff@8.0.4
• workspace: libnpmexec@10.1.3
• workspace: libnpmfund@7.0.4
• workspace: libnpmpack@9.0.4

v11.4.0

Compare Source

Features

• a0e60fb #​8246 added init-private option (@​owlstronaut)
• 57aa89f #​8265 use run by default and run-script as the alias (#​8265) (@​owlstronaut)
• 0d4c023 #​8234 install: add package info to json output (#​8234) (@​wraithgar)

Bug Fixes

• 8794fd9 #​8297 powershell: support pipeline input with Invoke-Expression (#​8297) (@​alexsch01)
• b5173d1 #​8293 docs: corrected github_path (#​8293) (@​xaos7991)
• 2210d7a #​8278 powershell: use Invoke-Expression to pass args (#​8278) (@​alexsch01, @​mbtools)
• 8669d09 #​8228 add otplease for enable-2fa, disable-2fa, access (#​8228) (@​reggi, @​wraithgar)
• 78b5a6f #​8269 correctly handle scenario where prefix is the cwd (#​8269) (@​owlstronaut, @​ficocelliguy)
• fdc3413 #​8221 exec: Fails to Execute Binaries Named After Shell Keywords (#​8221) (@​13sfaith)
• 4b08e2e #​8245 docs: prepare script runs for local package links (@​milaninfy)
• 1622ac4 #​8241 handle missing time in packument to prevent crash on npm view (@​owlstronaut)
• db8f5da #​8110 outdated: add dependent location in long output (#​8110) (@​milaninfy, @​wraithgar)

Documentation

• d2498df [#​8295](

---

Configuration

📅 Schedule: Branch creation - "every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[apify-service-account]

Preview for this PR was built for commit 68e1813 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 5481ad7 and is ready at https://pr-1358.preview.docs.apify.com!

[cursor]

Comment bugbot run to trigger another review on this PR

[cursor]

Bug: Axios Downgrade Causes Security Vulnerabilities

The axios dependency in the apify-docs-theme workspace was unexpectedly downgraded from ^1.11.0 to ^1.7.9. This is an unintended side effect of updating npm from v10 to v11, likely due to different dependency resolution behavior. This downgrade could reintroduce security vulnerabilities, bugs, or compatibility issues.

Locations (1)

• package-lock.json#L83-L85

Fix in Cursor • Fix in Web

[apify-service-account]

Preview for this PR was built for commit 5fe371e and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 6de97792 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit d4a6e0b and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit d4a6e0b and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 3579185 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 795a755 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 4c1c62c and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit e196c09 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 7ed1bc3 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 5bfbc38 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit c2e5bb4 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 9f99ea7 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 6d542e2 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 29ea010 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 8e487f4 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit b7492030 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit ea71462 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit edaeca6e and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 9ead362 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 04ddc36 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 0078417 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit ea671d9 and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit 86c706c and is ready at https://pr-1358.preview.docs.apify.com!

[apify-service-account]

Preview for this PR was built for commit ba04e41 and is ready at https://pr-1358.preview.docs.apify.com!