fix(deps): update dependency @npmcli/arborist to v9 #106
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^4.0.0->^9.0.0Release Notes
npm/cli (@npmcli/arborist)
v9.1.6Compare Source
Bug Fixes
0a8b8c2#8621 typo bugs and other spelling fixes (#8621) (@jsoref)54fd27f#8602 refactor node.ideallyInert to node.inert (#8602) (@liamcmitchell)13d8df6#8537 optional set calculation (#8537) (@liamcmitchell)Chores
180e9f7#8610 fix spelling in workspaces/arborist (#8610) (@jsoref)91393de#8599 Update references for arborist to cli (#8599) (@jsoref)v9.1.5Compare Source
Bug Fixes
60aa94b#8576 attach path to json parse error (@wraithgar)1eedf82#8576 use @npmcli/package-json to parse package.json (@wraithgar)f6c868d#8566 calculate omit in diff (#8566) (@liamcmitchell, Liam Mitchell)d389614#8579 corrects peer dependency flag propagation (@owlstronaut)Dependencies
566f1b7#8576minimatch@10.0.3ea7ca5f#8576lru-cache@11.2.1bf6b686#8576npm-package-arg@13.0.09392488#8576npm-package-manifest@11.0.1633c4ed#8576hosted-git-info@9.0.01149971#8576npm-registry-fetch@19.0.06221e27#8576@npmcli/metavuln-calculator@9.0.2da81a37#8576cacache@20.0.16b4c5f9#8576@npmcli/run-script@10.0.0b6bb9ae#8576pacote@21.0.31b4433f#8576@npmcli/map-workspaces@5.0.0ceae674#8576@npmcli/package-json@7.0.14f37534#8576 remove read-package-json-fastChores
4059dfa#8576 properly use arborist and cache in test (@owlstronaut)402a0ab#8576@npmcli/template-oss@4.25.1(@wraithgar)v9.1.4Compare Source
Bug Fixes
208c06e#8448 peer edge crash due to no parent or detached node (#8448) (@milaninfy)3b54e9c#8534 installLinks works with transitive external file dependencies (#8534) (@owlstronaut)ed71acb#8473 arborist: #8472 Keeps the registry protocol when modifying resolve URL (#8473) (@Jeepsboucher, Jean-Philippe Boucher)Chores
619d43e#8540 fix pruner and reify tests for optional peer deps (#8540) (@liamcmitchell, Liam Mitchell)v9.1.3Compare Source
Bug Fixes
6dbe21a#8436 local transitive dependencies with --install-links=true (@owlstronaut)8042af3#8431 prune optional peer dependencies that are no longer explicitly depended on (#8431) (@G-Rath)c457c75#8430 remove duplicate loop (#8430) (@G-Rath)f7b056f#8400 clean up audit-report code (#8400) (@wraithgar)f163d01#8372 use omit when checking ideal tree engine (#8372) (@owlstronaut)Chores
3f60b5f#8383@npmcli/template-oss@4.24.4(#8383) (@wraithgar)01f8cc6#8381@npmcli/template-oss@4.24.3(#8381) (@wraithgar)v9.1.2Compare Source
Bug Fixes
887385d#8356 arborist: use hosted-git-info to correctly parse resolved git urls (#8356) (@milaninfy)v9.1.1Compare Source
Bug Fixes
8f6eb6b#8312 arborist: fix file dep making wrong link (#8312) (@alexsch01)v9.1.0Compare Source
Features
57aa89f#8265 use run by default and run-script as the alias (#8265) (@owlstronaut)Bug Fixes
d5bcf38#8268 arborist: Add better error message when lockfile is malformed (#8268) (@owlstronaut)5e1fed9#8290 arborist: improve README markdown (#8290) (@mbtools)0886e7a#8222 preserve registry path when replacing a host (@owlstronaut)815311b#8206 arborist: workspaces correctly path to file: packages from overrides (@owlstronaut)v9.0.2Compare Source
Bug Fixes
a96d8f6#8184 arborist: omit failed optional dependencies from installed deps (#8184) (@owlstronaut, @zkat)04f53ce#8180 arborist: safely fallback on unresolved $ dependency references (#8180) (@owlstronaut)885accd#8185 arborist: only replace hostname for resolved URL (#8185) (@billy-briggs-dev)8b7bb12#8168 arborist: Allow downgrades to hoisted version dedupe workspace i… (#8168) (@owlstronaut)1642556#8160 arborist: workspaces respect overrides on subsequent installs (#8160) (@owlstronaut)Chores
88a7b52#8174 add load-virtual and reify tests for workspace override test coverage (#8174) (@owlstronaut, @TrevorBurnham)v9.0.1Compare Source
Bug Fixes
b9225e5#8089 resolve override conflicts and apply correct versions (#8089) (@owlstronaut)d586f3b#8117 remove duplicate var (#8117) (@TrevorBurnham)811ca29#8115 stop working around bug fixed innpm-package-arg@12.0.2(@TrevorBurnham)v9.0.0Features
a7bfc6d#7972 trigger release process (#7972) (@wraithgar)Chores
a07f4e0#7976@npmcli/template-oss@4.23.6(@wraithgar)v8.0.0Compare Source
@npmcli/arboristnow supports node^18.17.0 || >=20.5.0Features
4d57928#7766 devEngines (#7766) (@reggi)Bug Fixes
365580a#7803 align @npmcli/arborist to npm 10 node engine range (@reggi)Dependencies
5795987#7803 updateproggy@3.0.099ccae3#7803 updatebin-links@5.0.075786ad#7803 update@npmcli/query@4.0.01c25a1d#7803 update@npmcli/node-gyp@4.0.02d7fc3d#7803 update@npmcli/name-from-folder@3.0.01e09334#7803 update@npmcli/metavuln-calculator@8.0.0820e983#7803 update@npmcli/installed-package-contents@3.0.09cd6603#7803 updateread-package-json-fast@4.0.08206c4f#7803 updatessri@12.0.0f6909a0#7803 updateproc-log@5.0.0f9b2e18#7803 updateparse-conflict-json@4.0.0e7ab206#7803 updatepacote@19.0.0d13a20b#7803 updatenpm-registry-fetch@18.0.1092f41f#7803 updatenpm-pick-manifest@10.0.050a7bc8#7803 updatenpm-package-arg@12.0.0591130d#7803 updatenpm-install-checks@7.1.0105fa2b#7803 updatenopt@8.0.07214149#7803 updatejson-parse-even-better-errors@4.0.06deae9e#7803 updatehosted-git-info@8.0.0034c729#7803 updatecacache@19.0.1538a4cc#7803 update@npmcli/run-script@9.0.1b80d048#7803 update@npmcli/redact@3.0.02076368#7803 update@npmcli/package-json@6.0.1feac87c#7803 update@npmcli/map-workspaces@4.0.1dd90f9e#7803 update@npmcli/fs@4.0.0Chores
be1e6da#7803 updateminify-registry-metadata@4.0.0(@reggi)2072705#7803 update@npmcli/eslint-config@5.0.1(@reggi)8035725#7756@npmcli/template-oss@4.23.3(@wraithgar)v7.5.4Compare Source
Bug Fixes
6f33d74#7579 arborist: safeguard against null node.target in flag calculation (#7579) (@AmirSa12)a8e666e#7602 arborist: condition to include name field in package-lock fixed (#7602) (@milaninfy)v7.5.3Compare Source
Bug Fixes
2d1d8d0#7559 addsnode:specifier to all native node modules (#7559) (@reggi)Chores
4a36d78#7568 fix linting in arborist debugger (@wraithgar)v7.5.2Compare Source
Bug Fixes
12f103c#7533 add first param titles to logs where missing (#7533) (@lukekarrys)e290352#7499 revert DepsQueue to re-sort on pop() (#7499) (@lukekarrys)56a27fa#7494 avoid caching manifests as promises (@wraithgar)722c0fa#7463 limit packument cache size based on heap size (@wraithgar)effe910#7475 don't omit license from stored manifests (#7475) (@lukekarrys)Dependencies
fd42986#7498@npmcli/fs@3.1.1ea0b07d#7482pacote@18.0.65b2317b#7463 add lru-cache7e15b6d#7480@npmcli/metavuln-calculator@7.1.18b20f8c#7480ssri@10.0.6a9a6dcd#7480pacote@18.0.5e2fdb65#7480npm-pick-manifest@9.0.1e71f541#7480nopt@7.2.118c3b40#7480json-parse-even-better-errors@3.0.2714e3e1#7480hosted-git-info@7.0.2f94d672#7480cacache@18.0.343331e4#7480bin-links@4.0.463ef498#7457npm-registry-fetch@17.0.1Chores
9c4d3c4#7467 template-oss-apply (@lukekarrys)2b7ec54#7467template-oss@4.22.0(@lukekarrys)v7.5.1Compare Source
Bug Fixes
a1b95eb#7453 linting: no-unused-vars (@wraithgar)abcbc54#7430 reify: cleanup of Symbols (#7430) (@wraithgar)57ebebf#7418 update repository.url in package.json (#7418) (@wraithgar)Dependencies
80eec03#7453@npmcli/redact@2.0.0a7145d4#7453npm-registry-fetch@17.0.09da5738#7437@npmcli/run-script@8.1.0(#7437)v7.5.0Compare Source
Features
9123de4#7373 do all output over proc-log events (@lukekarrys)9622597#7339 refactor terminal display (#7339) (@lukekarrys)Bug Fixes
78447d7#7399 prefer fs/promises over promisify (#7399) (@lukekarrys)6512112#7378 use proc-log for all timers (@lukekarrys)Dependencies
36adff3#7408pacote@18.0.2486d46c#7408@npmcli/installed-package-contents@2.1.0157d0ae#7408@npmcli/package-json@5.1.0fc6e291#7392proc-log@4.2.0(#7392)38ed048#7378@npmcli/metavuln-calculator@7.1.07678a3d#7378proc-log@4.1.087f6c09#7373@npmcli/metavuln-calculator@7.0.1b8f8b41#7373@npmcli/run-script@8.0.079f79c7#7373proc-log@4.0.09027266#7373pacote@18.0.0ee4b3e0#7373npm-registry-fetch@16.2.1ac98fd3#7373npm-package-arg@11.0.29351570#7373@npmcli/package-json@5.0.3Chores
dd39de7#7411 disable selflink test on apple silicon (#7411) (@lukekarrys)v7.4.2Compare Source
Bug Fixes
ef381b1#7363 use @npmcli/redact for url cleaning (#7363) (@lukekarrys)v7.4.1Compare Source
Bug Fixes
8cab136#7324 ensure maxSockets is respected (#7324) (@lukekarrys)9bffa13#7320 query: properly return :missing nodes (#7320) (@wraithgar)Dependencies
87a61fc#7334npm-registry-fetch@16.2.06fd94f2#7329minimatch@9.0.48cab136#7324agent-base@7.1.1(@lukekarrys)Chores
8cab136#7324 add smoke-test for large prod installs (@lukekarrys)v7.4.0Features
2366edc#7218 query: add :vuln pseudo selector (@wraithgar)Bug Fixes
6d1789c#7237 Arborist code cleanup (#7237) (@wraithgar)ed17276#7218 query-selector: don't look up private packages on :outdated (@wraithgar)Dependencies
16d4c9f#7218@npmcli/query@3.1.0v7.3.1Bug Fixes
d3f1845#7124 clean up idealTree code (@wraithgar)8382fb3#7126 fetch full packument so that libc can be assessed (@styfle, @ljharb)Dependencies
ec77e81#7124promise-call-limit@3.0.1v7.3.0Features
6673c77#6914 add--libcoption to override platform specific install (#6914) (@wraithgar, @Brooooooklyn)v7.2.2Bug Fixes
ae2d982#7027 arborist:node.targetcan benullwhen it is a file dep or symlink (#7027) (@ljharb, @lukekarrys)f875caa#6998 clean up shrinkwrap code (#6998) (@wraithgar)Chores
f656b66#7062@npmcli/template-oss@4.21.3(#7062) (@lukekarrys)9754b17#7051 use global npm for workspace tests (@lukekarrys)3891757#7051@npmcli/template-oss@4.21.2(@lukekarrys)v7.2.1Compare Source
Dependencies
dfb6298#6937node-gyp@10.0.0(#6937)v7.2.0Compare Source
Features
81a460f#6732 add package-lock-only mode to npm query (@wraithgar)0d29855#6732 add no-package-lock mode to npm audit (@wraithgar)Bug Fixes
0860159#6829 ensure workspace links query parents correctly (#6829) (@Carl-Foster)bef7481#6782 query with workspace descendents (#6782) (@bdehamer)Dependencies
aa6728b#6859tar@6.2.0ce9089f#6859npm-package-arg@11.0.10a47af5#6859hosted-git-info@7.0.13ebc474#6859@npmcli/query@3.0.1v7.1.0Compare Source
Features
1c93c44#6755 Add--cpuand--osoption to override platform specific install (#6755) (@yukukotani)v7.0.0Features
fb31c7etrigger release process (@lukekarrys)v6.5.0Compare Source
NEW FEATURES
fc1a8d185Backronymnpm citonpm clean-install. (@zkat)4be51a9cc#81 Adds 'Homepage' to outdated --long output. (@jbottigliero)BUGFIXES
89652cb9bnpm.community#1661 Fix sign-git-commit options. They were previously totally wrong. (@zkat)414f2d1a1npm.community#1742 Set lowercase headers for npm audit requests. (@maartenba)a34246baf#75 Fixnpm edithandling of scoped packages.(@larsgw)*
d3e8a7c72npm.community#2303 Make summary output fornpm cigo tostdout, notstderr. (@alopezsanchez)71d8fb4a9npm.community#1377 Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make surecleanup happens correctly. (@macdja38)
DOCS UPDATES
b1a8729c8#60 Mention --otp flag when prompting for OTP. (@bakkot)bcae4ea81#64 Clarify that git dependencies use the default branch, not justmaster. (@zckrs)15da82690#72bash_completion.ddir is sometimes found in/etcnot/usr/local. (@RobertKielty)8a6ecc793#74 Update OTP documentation fordist-tag addto clarify--otpis needed right now. (@scotttrinh)dcc03ec85#82 Note thatprepareruns when installing git dependencies. (@seishun)a91a470b7#83 Specify that --dry-run isn't available in older versions of npm publish. (@kjin)1b2fabcce#96 Fix inline code tag issue in docs. (@midare)6cc70cc19#68 Add semver link and a note on empty string format todeprecatedoc. (@neverett)61dbbb7c3Fix semver docs after version update. (@zkat)4acd45a3d#78 Correct spelling across various docs. (@hugovk)DEPENDENCIES
4f761283efiggy-pudding@3.5.1(@zkat)3706db0bcnpm.community#1764ssri@6.0.1(@zkat)83c2b117dbluebird@3.5.2(@petkaantonov)2702f46bdci-info@1.5.1(@watson)4db6c3898config-chain@1.1.1:2 (@dawsbot)70bee4f69glob@7.1.3(@isaacs)e469fd6beopener@1.5.1: Fix browser opening under Windows Subsystem for Linux (WSL). (@thijsputman)03840dcedsemver@5.5.1(@iarna)161dc0b41bluebird@3.5.3(@petkaantonov)bb6f94395graceful-fs@4.1.1:5 (@isaacs)43b1f4c91tar@4.4.8(@isaacs)ab62afcc4npm-packlist@1.1.1:2 (@isaacs)027f06be3ci-info@1.6.0(@watson)MISCELLANEOUS
27217dae8#70 Automatically audit dependency licenses for npm itself. (@kemitchell)v6.4.0Compare Source
NEW FEATURES
6e9f04b0bnpm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking:_authToken. (@mkhl)84bfd23e7npm/cli#35 Stop filtering out non-IPv4 addresses fromlocal-addrs, making npm actually use IPv6 addresses when it must. (@valentin2105)792c8c709npm/cli#31 configurable audit level for non-zero exitnpm auditcurrently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of--audit-leveltonpm auditto allow it to pass if only vulnerabilities below a certain level are found. Example:npm audit --audit-level=highwill exit with 0 if only low or moderate level vulns are detected. (@lennym)BUGFIXES
d81146181[cli: don't check for updates to npm when we are updating npm itself npm/cli#32](https://redirect.github.com/npm/Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.