Update dependency npm to v7 #284
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mend-for-github-com[bot]](https://avatars.githubusercontent.com/in/30796?s=60&v=4){kind=small}
mend-for-github-com
bot
added
the
security fix
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
force-pushed
the
whitesource-remediate/npm-7.x
branch
from
e26300b to
5aa8726
Compare
mend-for-github-com
bot
force-pushed
the
whitesource-remediate/npm-7.x
branch
from
5aa8726 to
822b94c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^6.4.0->^7.0.0By merging this PR, the below issues will be automatically resolved and closed:
Release Notes
npm/cli (npm)
v7.0.0Compare Source
v7.0.0 (2020-10-12)
BUG FIXES
7bcdb3636#1949 fix: ensurepublishConfigis passed through (@nlf)97978462efix: patchconfig.jsto remove duplicate vals (@darcyclarke)DOCUMENTATION
60769d757#1911 docs: v7 npm-install refresh (@ruyadorno)08de49042#1938 docs: v7 using npm config updates (@ruyadorno)DEPENDENCIES
15366a1cfnpm-registry-fetch@8.1.5f04a74140init-package-json@2.0.01de21dce0fix: support dot-separated aliases defined in a.npmrcini files forinit-*configs (@ruyadorno)a67275cd9eslint@7.11.06fb83b78dhosted-git-info@3.0.61ca30cc9blibnpmfund@1.0.028a2d2ba4@npmcli/arborist@1.0.0peerDependenciesin transitive dependencies, so that--forcewill always accept a best effort override, and--strict-peer-depswill fail faster on conflicts.9306c6833libnpmfund@1.0.1fafb348efnpm-package-arg@8.1.0365f2e756read-package-json@3.0.0v6.14.18Compare Source
6.14.18 (2022-12-21)
DEPENDENCIES
f55bd65darimraf@2.7.1cd4894696bluebird@3.7.2023d7e96bcacache@12.0.4dd2811c0bconfig-chain@1.1.1:3e21b6ebd9deep-equal@1.1.12bec581c6dezalgo@1.0.4273485157figgy-pudding@3.5.2720f8ae5eglob@7.2.35f1200e33graceful-fs@4.2.1:058b74a38bis-cidr@3.1.14b609655fjsdom@16.7.014c7a1a85meant@1.0.306d9cefc4minimatch@3.1.21d2da355cmkdirp@0.5.622eda3a26node-gyp@5.1.1b77a7f1b0npm-registry-mock@1.3.2de37398afquery-string@6.14.1196650baaqw@1.0.23218c16b5read-package-json@2.1.20f5d57919request@2.88.243ed5c23bsafe-buffer@5.2.131b51c564tar-stream@2.2.0209a79d1fuuid@3.4.04778a8d95yaml@1.10.28b357e558decode-uri-component@0.2.2d3e7eed13lock-verify@2.2.2v6.14.17Compare Source
6.14.17 (2022-04-28)
DEPENDENCIES
a869ec48bansi-regex@4.1.1a869ec48bminimist@1.2.6v6.14.16Compare Source
6.14.16 (2022-01-19)
CHORE
0afe4f12fupdate one-time password prompt (@ruyadorno)DEPENDENCIES
2c534f801json-schema@0.4.0v6.14.15Compare Source
6.14.15 (2021-08-23)
DEPENDENCIES
8160e6e4bpath-parse@1.0.73079f5038tar@4.4.19v6.14.14Compare Source
6.14.14 (2021-07-27)
DEPENDENCIES
4627c0670tar@4.4.15v6.14.13Compare Source
6.14.13 (2021-04-08)
DEPENDENCIES
285ab3f65hosted-git-info@2.8.963b5c56c5ssri@6.0.2v6.14.12Compare Source
6.14.12 (2021-03-25)
DEPENDENCIES
e47654048#2737 Update y18n to fix CVE-2020-7774 (@vecerek)v6.14.11Compare Source
6.14.11 (2021-01-07)
DEPENDENCIES
19108ca5bini@1.3.87a0574074bl@3.0.1- devDepDOCUMENTATION
1d235b230#1881 docs: update link to CLI issuesTESTING
c0f8ce8fe#1751 add s390x, ppc64 and ppc64el in supported cpu listv6.14.10Compare Source
6.14.10 (2020-12-18)
DEPENDENCIES
906d647e1opener@1.5.2#36445addressingGHSL-2020-145v6.14.9Compare Source
6.14.9 (2020-11-20)
BUG FIXES
4a91e48aafix: docs generation breaking buildsDEPENDDENCIES
ab80a7cf0npm-user-validate@1.0.16b2ab9d53har-validator@5.1.5v6.14.8Compare Source
6.14.8 (2020-08-17)
BUG FIXES
9262e8c88#1575 npm install --dev deprecation message (@sandratatarevicova)765cfe0bc#1658 remove unused broken require (@aduh95)4e28de79a#1663 Do not send user secret in the referer header (@assapir)DOCUMENTATION
8abdf30c9#1572 docs: add missing metadata in semver page (@tripu)8cedcca46#1614 Node-gyp supports both Python and legacy Python (@cclauss)DEPENDENCIES
a303b75fdupdate-notifier@2.5.0c48600832npm-registry-fetch@4.0.7a6e9fc4dfmeant@1.0.2v6.14.7Compare Source
BUG FIXES
de5108836#784 npm explore spawn shell correctly (@jasisk)36e6c01d3git tag handling regression on shrinkwrap (@claudiahdz)1961c9369#288 Fix package id in shrinkwrap lifecycle step output (@bz2)87888892a#1009 gracefully handle error during npm install (@danielleadams)6fe2bdc25#1547 npm ls --parseable --long output (@ruyadorno)DEPENDENCIES
2d78481c7update mkdirp on tacks (@claudiahdz)4e129d105uninstall npm-registry-couchapp (@claudiahdz)8e1869e27update marked dev dep (@claudiahdz)6a6151f37libnpx@10.2.4(@claudiahdz)dc21422ebbin-links@1.1.8(@claudiahdz)d341f88cegentle-fs@2.3.1(@claudiahdz)3e168d49blibcipm@4.0.8(@claudiahdz)6ae942a51npm-audit-report@1.3.3(@claudiahdz)6a35e3deenpm-lifecycle@3.1.5(@claudiahdz)v6.14.6Compare Source
6.14.6 (2020-07-07)
BUG FIXES
a9857b8f6chore: remove auth info from logs (@claudiahdz)b7ad77598#1416 fix: wrongnpm doctorcommand result (@vanishcode)DEPENDENCIES
94eca6377npm-registry-fetch@4.0.5(@claudiahdz)c49b6ae28#1418spdx-license-ids@3.0.5(@kemitchell)v6.14.5Compare Source
6.14.5 (2020-05-04)
BUG FIXES
33ec41f18#758 fix: relativize file links when inflating shrinkwrap (@jsnajdr)94ed456df#1162 fix: npm init help output (@mum-never-proud)DEPENDENCIES
5587ac01fnpm-registry-fetch@4.0.4fc5d94c39fix: removed default timeout07a4d8884graceful-fs@4.2.48228d1f2emkdirp@0.5.5e6d208317nopt@4.0.3v6.14.4Compare Source
6.14.4 (2020-03-25)
DEPENDENCIES
136832dcamkdirp@0.5.4minimist@1.2.5transitive dep to resolve security issue9c554fd8cupdate-notifier@2.5.0deep-extend@1.2.5is-ci@1.2.1is-retry-allowed@1.2.0rc@1.2.8registry-auth-token@3.4.0widest-line@2.0.18bf99b2b5#1053 deps: updates term-size to use signed binaryv6.14.3Compare Source
6.14.3 (2020-03-19)
DOCUMENTATION
4ad221487#1020 docs(teams): updated team docs to reflect MFA workflow (@blkdm0n)4a31a4ba2#1034 docs: cleanup (@ruyadorno)0eac801cd#1013 docs: fix links to cli commands (@alenros)7d8e5b99c#755 docs: correction tonpm update -gbehaviour (@johnkennedy9147)DEPENDENCIES
e11167646mkdirp@0.5.3c5b97d17dfix: bumpminimistdep to resolve security issue (@isaacs)c50d679c6rimraf@2.7.1a2de99ff9npm-registry-mock@1.3.1217debeb9npm-registry-couchapp@2.7.4v6.14.2Compare Source
6.14.2 (2020-03-03)
DOCUMENTATION
f9248c0be#730 chore(docs): update unpublish docs & policy reference (@nomadtechie, @mikemimik)DEPENDENCIES
909cc3918hosted-git-info@2.8.8(@darcyclarke)5038b1891fix: regression in old node versions w/ respect to url.URL implmentation9204ffa58npm-profile@4.0.4(@isaacs)6bcf0860afix: treat non-http/https login urls as invalid0365d39bdglob@7.1.6(@isaacs)dab030536node-gyp@5.1.0(@rvagg)v6.14.1Compare Source
6.14.1 (2020-02-26)
303e5c11ehosted-git-info@2.8.7Fixes a regression where scp-style git urls are passed to the WhatWG URL parser, which does not handle them properly. (@isaacs)v6.14.0Compare Source
6.14.0 (2020-02-25)
FEATURES
30f170877#731 add support for multiple funding sources (@ljharb & @ruyadorno)BUG FIXES
55916b130#508 fix: checknpm.configbefore accessing its members (@kaiyoma)7d0cd65b2#733 fix: access grant with unscoped packages (@netanelgilad)28c3d40d6,0769c5b20#945, #697 fix: allow new major versions of node to be automatically considered "supported" (@isaacs, @ljharb)DEPENDENCIES
6f39e93hosted-git-info@2.8.6(@darcyclarke)f14b594eechownr@1.1.4(@isaacs)77044150bnpm-packlist@1.4.8(@isaacs)1d112461anpm-registry-fetch@4.0.3(@isaacs)ba8b4fefix: always bypass cache when ?write=truea47fed760readable-stream@3.6.03bbf2d6fix: babel's "loose mode" class transform enbrittles BufferList (@ljharb)DOCUMENTATION
284c1c055,fbb5f0e50#729 update lifecycle hooks docs(@seanhealy, @mikemimik)
1c272832d#787 fix: trademarks typo (@dnicolson)f6ff41776#936 fix: postinstall example (@ajaymathur)373224b16#939 fix: bad links in publish docs (@vit100)MISCELLANEOUS
85c79636d#736 add script to update dist-tags (@mikemimik)v6.13.7Compare Source
6.13.7 (2020-01-28)
BUG FIXES
7dbb91438#655 Update CI detection cases (@isaacs)DEPENDENCIES
0fb1296c7libnpx@10.2.2(@mikemimik)c9b69d569node-gyp@5.0.7(@mikemimik)e8dbaf452bin-links@1.1.7(@mikemimik)v6.13.6Compare Source
6.13.6 (2020-01-09)
DEPENDENCIES
6dba897a1pacote@9.5.12:d2f4176fix(git): Do not drop uid/gid when executing in root-owned directory (@isaacs)v6.13.5Compare Source
6.13.5 (2020-01-09)
BUG FIXES
fd0a802ec#550 Fix cache location fornpm ci(@zhenyavinogradov)4b30f3cca#648 fix(version): using 'allow-same-version', git commit --allow-empty and git tag -f (@rhengles)TESTING
e16f68d30test(ci): add failing cache config test (@ruyadorno)3f009fbf2#659 test: fix bin-overwriting test on Windows (@isaacs)43ae0791f#601 ci: Allow builds to run even if one fails (@XhmikosR)4a669bee4#603 Remove the unused appveyor.yml (@XhmikosR)9295046ac#600 ci: switch toactions/checkout@v2(@XhmikosR)DOCUMENTATION
f2d770ac7#569 fix netlify publish path config (@claudiahdz)462cf0983#627 update gatsby dependencies (@felixonmars)6fb5dbb72#532 docs: clarify usage of global prefix (@jgehrcke)v6.13.4Compare Source
6.13.4 (2019-12-11)
BUGFIXES
320ac9aeenpm/bin-links#12 npm/gentle-fs#7 Do not remove global bin/man links inappropriately (@isaacs)DEPENDENCIES
52fd21061gentle-fs@2.3.0(@isaacs)d06f5c0b0bin-links@1.1.6(@isaacs)v6.13.3Compare Source
6.13.3 (2019-12-09)
DEPENDENCIES
19ce061a2bin-links@1.1.5Properly normalize, sanitize, and verifybinentries inpackage.json.59c836aaenpm-packlist@1.4.7fb4ecd7d2pacote@9.5.115f33040#476 npm/pacote#22 npm/pacote#14 fix: Do not drop perms in git when not root (isaacs, @darcyclarke)6f229f7sanitize and normalize package bin field (isaacs)1743cb339read-package-json@2.1.1v6.13.2Compare Source
6.13.2 (2019-12-03)
BUG FIXES
4429645b3#546 fix docs target typo (@richardlau)867642942#142 fix(packageRelativePath): fix 'where' for file deps (@larsgw)d480f2c17#527 Revert "windows: Add preliminary WSL support for npm and npx" (@craigloewen-msft)e4b97962e#504 remove unnecessary package.json read when reading shrinkwrap (@Lighting-Jack)1c65d26ac#501 fix(fund): open url for string shorthand (@ruyadorno)ae7afe565#263 Don't log error message if git tagging is disabled (@woppa684)4c1b16f6a#182 Warn the user that it is uninstalling npm-install (@Hoidberg)v6.13.1Compare Source
6.13.1 (2019-11-18)
BUG FIXES
938d6124d#472 fix(fund): support funding string shorthand (@ruyadorno)b49c5535b#471 should not publish tap-snapshot folder (@ruyadorno)3471d5200#253 Add preliminary WSL support for npm and npx (@infinnie)3ef295f23#486 print quick audit report for human output (@isaacs)TESTING
dbbf977ac#278 added workflow to trigger and run benchmarks (@mikemimik)b4f5e3825#457 feat(docs): adding tests and updating docs to reflect changes in registry teams API. (@nomadtechie)454c7dd60#456 fix git configs for git 2.23 and above (@isaacs)DOCUMENTATION
b8c1576a430b013ae826c1b2ef69f943a765c0346b1588e09d5ad64a2f551ee87d67258c5c3b32722b150eaeff7555a743cb89423e2f#463 #285 #268 #232 #485 #453 docs cleanup: typos, styling and content (@claudiahdz) (@XhmikosR) (@mugli) (@brettz9) (@mkotsollaris)DEPENDENCIES
661d86cd2make-fetch-happen@5.0.2(@claudiahdz)v6.13.0Compare Source
6.13.0 (2019-11-05)
NEW FEATURES
4414b06d9#273 add fund command (@ruyadorno)DOCUMENTATION
ae4c74d04#274 migrate existing docs to gatsby (@claudiahdz)4ff1bb180#277 updated documentation copy (@oletizi)BUG FIXES
e4455409f#281 delete ps1 files on package removal (@NoDocCat)cd14d4701#279 update supported node list to remove v6.0, v6.1, v9.0 - v9.2 (@ljharb)DEPENDENCIES
a37296b20pacote@9.5.9d3cb3abe8read-cmd-shim@1.0.5TESTING
688cd97be#272 use github actions for CI (@JasonEtco)9a2d8af84#240 Clean up some flakiness and inconsistency (@isaacs)v6.12.1Compare Source
6.12.1 (2019-10-29)
BUG FIXES
6508e833d#269 add node v13 as a supported version (@ljharb)b6588a8f7#265 Fix regression in lockfile repair for sub-deps (@feelepxyz)d5dfe57a1#266 resolve circular dependency in pack.js (@addaleax)DEPENDENCIES
73678bb59chownr@1.1.34b76926e2graceful-fs@4.2.3c691f36a9libcipm@4.0.75e1a14975npm-packlist@1.4.6c194482d6npm-registry-fetch@4.0.2bc6a8e0ectar@4.4.14dcca3cbbuuid@3.3.3v6.12.0Compare Source
6.12.0 (2019-10-08):
Now
npm ciruns prepare scripts for git dependencies, and respects the--no-optionalargument. Warnings forenginemismatches are printed again. Various other fixes and cleanups.BUG FIXES
890b245dc#252 ci: add dirPacker to options (@claudiahdz)f3299acd0#257 npm.community#4792 warn message on engine mismatch (@ruyadorno)bbc92fb8f#259 npm.community#10288 Fix figgyPudding error innpm token(@benblank)70f54dcb5#241 doctor: Make OK more consistent (@gemal)FEATURES
ed993a29c#249 Add CI environment variables to user-agent (@isaacs)f6b0459a4#248 Add option to save package-lock without formatting Adds a new config--format-package-lock, which defaults to true. (@bl00mber)DEPENDENCIES
0ca063c5dnpm-lifecycle@3.1.4:5df6b0ea2libcipm@4.0.4:7e04f728ctar@4.4.125c380e5a3stringify-package@1.0.1(@isaacs)62f2ca692node-gyp@5.0.5(@isaacs)0ff0ea47anpm-install-checks@3.0.2(@isaacs)f46edae94hosted-git-info@2.8.5(@isaacs)TESTING
44a2b036b#262 fix root-ownership race conditions in meta-test (@isaacs)v6.11.3Compare Source
6.11.3 (2019-09-03):
Fix npm ci regressions and npm outdated depth.
BUG FIXES
235ed1d28#239 Don't override user specified depth in outdated. Restores ability to update packages using--depthas suggested bynpm audit. (@G-Rath)1fafb5151#242 npm.community#9586 Revert "install: do not descend into directory deps' child modules" (@isaacs)cebf542e6#243 npm.community#9720 ci: pass appropriate configs for file/dir modes (@isaacs)DEPENDENCIES
e5fbb7ed1read-cmd-shim@1.0.4(@claudiahdz)23ce65616npm-pick-manifest@3.0.2(@claudiahdz)v6.11.2Compare Source
6.11.2 (2019-08-22):
Fix a recent Windows regression, and two long-standing Windows bugs. Also, get CI running on Windows, so these things are less likely in the future.
DEPENDENCIES
9778a1b87cmd-shim@3.0.3: Fix regression where shims fail to preserve exit code (@isaacs)bf93e91d8npm-package-arg@6.1.1: Properly handle git+file: urls on Windows when a drive letter is included. (@isaacs)BUGFIXES
6cc4cc66fescape args properly on Windows Bash Despite being bash, Node.js running on windows git mingw bash still executes child processes using cmd.exe. As a result, arguments in this environment need to be escaped in the style of cmd.exe, not bash. (@isaacs)TESTS
291aba7b8make tests pass on Windows (@isaacs)fea3a023atravis: run tests on Windows as well (@isaacs)v6.11.1Compare Source
6.11.1 (2019-08-20):
Fix a regression for windows command shim syntax.
37db29647cmd-shim@3.0.2(@isaacs)v6.11.0Compare Source
v6.11.0 (2019-08-20):
A few meaty bugfixes, and introducing
peerDependenciesMeta.FEATURES
a12341088#224 Implements peerDependenciesMeta (@arcanis)2f3b79bba#234 add new forbidden 403 error code (@claudiahdz)BUGFIXES
24acc9fc8and45772af0d#217 npm.community#8863 npm.community#9327 do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages (@isaacs and @salomvary)50cfe113d#229 fixed typo in semver doc (@gall0ws)e8fb2a1bd#231 Fix spelling mistakes in CHANGELOG-3.md (@XhmikosR)769d2e057](https://redirect.github.com/npm