-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade npm to 9.1.1 #45395
deps: upgrade npm to 9.1.1 #45395
Conversation
Fast-track has been requested by @nodejs-github-bot. Please 👍 to approve. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rubber stamp
I would recommend we tag this as a "backing for LTS". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please include a curated list of the breaking changes in the PR description and why we should not consider them breaking.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RSLGTM
Closing in favor of #45491 |
This PR contains changes from:
npm@9.0.0
npm@9.0.1
npm@9.1.0
npm@9.1.1
This PR replaces: nodejs/node#45323
9.0.0
9.0.0 (2022-10-19)
npm
is now compatible with the following semver range for node:^14.17.0 || ^16.13.0 || >=18.0.0
npm
will no longer attempt to modify ownership of files it createslogin
,adduser
, andauth-type
changessso
,saml
&legacy
have been consolidated into"legacy"
auth-type
defaults to"web"
login
andadduser
are now separate commands that send different data tothe registry.
auth-type
config valuesweb
andlegacy
only trytheir respective methods, npm no longer tries them all and waits to see
which one doesn't fail.
npm pack
now follows a strict order of operations when applying ignore rules. If afiles
array is present in thepackage.json
, then rules in.gitignore
and.npmignore
files from the root will be ignored.HEAD
instead ofmaster
as the default reftiming
andloglevel
changestiming
has been removed as a value for--loglevel
--timing
will show timing information regardless of--loglevel
, except when--silent
--timing
file changes:--timing
flag,npm
now writes timing data to afile alongside the debug log data, respecting the
logs-dir
option andfalling back to
<CACHE>/_logs/
dir, instead of directly inside thecache directory.
each run will create a uniquely named
<ID>-timing.json
file, with the<ID>
portion being the same as the debug log.metadata
,timers
, andunfinishedTimers
instead of everything beinga top level key.
npm
now outputs some json errors on stdout. Previouslynpm
would output all json formatted errors on stderr, making it difficult to parse as the stderr stream usually has logs already written to it. In the future,npm
will differentiate between errors and crashes. Errors, such asE404
andERESOLVE
, will be handled and will continue to be output on stdout. In the case of a crash,npm
will log the error as usual but will not attempt to display it as json, even in--json
mode. Moving a case from the category of an error to a crash will not be considered a breaking change. For more information see npm/rfcs#482.--install-strategy
--global-style
,--global
now sets--install-strategy=shallow
--legacy-bundling
, now sets--install-strategy=nested
npm config set
will no longer accept deprecated or invalid config optionsinstall-links
config defaults to"true"
node-version
config has been removednpm-version
config has been removednpm access
subcommands have been renamednpm birthday
has been removednpm set-script
has been removednpm bin
has been removed (usenpx
ornpm exec
to execute binaries)Features
a09e19d
#5696 introduce thenpm config fix
command (@nlf)d2963c6
explicitly validate config within the cli (@nlf)a5fec08
rewrite: docs generation (@lukekarrys)9609e9e
#5605 use v3 lockfiles by default (@fritzy)3ae796d
implement newnpm-packlist
behavior (@lukekarrys)e64d69a
#5581 write eresolve error files to the logs directory (@lukekarrys)3445da0
timings are now written alongside debug log files (@lukekarrys)66ed584
#5551 defaultauth-type
to"web"
(@wraithgar)6ee5b32
query: displayqueryContext
in results (@nlf)314311c
#5550 separatelogin
/adduser
& remove unnecessary auth types (@wraithgar)9c32c6c
rewrite:npm access
(@wraithgar)854521b
rewrite:libnpmaccess
(@wraithgar)e95017a
#5485 feat(workspaces): update supported node engines inpackage.json
(@lukekarrys)de2d33f
add--install-strategy=hoisted|nested|shallow
, deprecate--global-style
,--legacy-bundling
(#5709) (@fritzy)49bbb2f
#5455 removenpm birthday
(@wraithgar)926f0ad
#5456 removenpm set-script
(@wraithgar)2a8c2fc
#5458 defaultinstall-links
to"true"
(@wraithgar)2e92800
#5459 removenpm bin
(@wraithgar)457d388
#5475 update supported node engines in package.json (@wraithgar)46d038f
#5716 output json formatted errors onstdout
(@lukekarrys)0a69db4
#5719 refuse to set deprecated/invalid config (@wraithgar)6e4961f
separate configs for--timing
and--loglevel
(@lukekarrys)6a27a7b
#5712 deprecatedkey
,cert
config options and updated registry scoped auth docs (@fritzy)Bug Fixes
c3d7549
add tag to publish log message (@wraithgar)a35c784
#5691 config: removenode-version
andnpm-version
(@wraithgar)e4e8ae2
libnpmpack: obeyforegroundScripts
(@winterqt)07fabc9
#5633npm link
should override--install-links
(@fritzy)02fcbb6
#5634 ensureArborist
constructor gets passed around everywhere forpacote
(@nlf)0d90a01
#5480 audit: add a condition to allow third-party registries returning E400 (@juanheyns, Juan Heyns)41481f8
#5475 attempt more graceful failure in older node versions (@wraithgar)fc82298
#5295npm hook ls
duplicates hook name prefixes (@gennadiygashev)3f1fcf0
account for newnpm-package-arg
behavior (@wraithgar)353b5bb
#5710 removechownr
andmkdirp-infer-owner
(@nlf)Documentation
285b39f
#5324 add documentation for expanded:semver
selector (@nlf)fd0eebe
update registry docs header (@hughlilly)542efdb
updatefolders
page for modern npm (@shalvah)f37caad
#5606 accurately describeinstall-links
effect on relative paths (@lukekarrys)130bc9f
#5626 remove circular reference (#5626) (@giovanniPepi)f0e7584
#5601 update docs/logging for new--access
default (@wraithgar)2d756cb
#5527 add instruction to query objects withnpm view
(@moonith)8743366
#5519 add hash to "tag" config link (@mrienstra, @lukekarrys)5645c51
#5521 link mentions of config parameters (@mrienstra)19762b4
#5529 modify misleading doc about bins (@Hafizur046)19762b4
#5529 modify misleading doc about package.json:bin (@Hafizur046)8402fd8
#5547 add:outdated
pseudo selector to docs (@nlf)Dependencies
df77a1f
#5707 Update Major Versions of DependenciesUpdated:
@npmcli/config@6.0.1
@npmcli/disparity-colors@3.0.0
@npmcli/git@4.0.1
@npmcli/installed-package-contents@2.0.0
@npmcli/map-workspaces@3.0.0
@npmcli/metavuln-calculator@5.0.0
@npmcli/move-file@3.0.0
@npmcli/node-gyp@3.0.0
@npmcli/package-json@3.0.0
@npmcli/promise-spawn@4.0.0
@npmcli/query@3.0.0
@npmcli/run-script@5.0.0
bin-links@4.0.1
cacache@17.0.1
ignore-walk@6.0.0
init-package-json@4.0.1
json-parse-even-better-errors@3.0.0
make-fetch-happen@11.0.1
normalize-package-data@5.0.0
npm-audit-report@4.0.0
npm-install-checks@6.0.0
npm-packlist@7.0.1
npm-pick-manifest@8.0.1
npm-profile@7.0.1
npm-registry-fetch@14.0.2
npmlog@7.0.0
pacote@15.0.1
parse-conflict-json@3.0.0
proc-log@3.0.0
read-package-json-fast@3.0.1
read-package-json@6.0.0
ssri@10.0.0
treeverse@3.0.0
validate-npm-package-name@5.0.0
write-file-atomic@5.0.0
Removed:
@npmcli/fs
9.0.1
9.0.1 (2022-10-26)
Documentation
b5fadd0
#5742 Better npx link (#5742) (@mrienstra)Dependencies
de6618e
#5757@npmcli/promise-spawn@5.0.0
(#5757)5625274
#5755hosted-git-info@6.1.0
(#5755)32bdd68
#5754npm-packlist@7.0.2
(#5754)@npmcli/arborist@6.1.0
libnpmdiff@5.0.1
libnpmexec@5.0.1
libnpmfund@4.0.1
libnpmpack@5.0.1
libnpmpublish@7.0.1
9.1.0
9.1.0 (2022-11-02)
Features
706b3d3
#5779 set --no-audit when installing outside of a project (like --global) (@fritzy)Bug Fixes
1f5382d
#5789 don't setstdioString
for any spawn/run-script calls (@lukekarrys)8fd614a
use promiseSpawn.open instead of opener (@nlf)41843ad
use an absolute path to notepad.exe by default, correct docs (@nlf)0c5834e
#5758 use hosted-git-info to parse registry urls (#5758) (@lukekarrys)Documentation
ce6745c
#5763 fixed some typos (#5763) (@AndrewDawes)Dependencies
b89c19e
#5795cli-table3@0.6.3
6b6dfca
fastest-levenshtein@1.0.16
9972ed1
@npmcli/ci-detect@3.0.1
024e612
abbrev@2.0.0
66f9bcd
nopt@7.0.0
5730d17
tar@6.1.12
2fef570
node-gyp@9.3.0
abfb28b
@npmcli/run-script@6.0.0
205e2fd
pacote@15.0.6
ac25863
remove opener,@npmcli/promise-spawn@6.0.1
,@npmcli/run-script@5.1.1
,@npmcli/git@4.0.3
,pacote@15.0.5
,which@3.0.0
@npmcli/arborist@6.1.1
@npmcli/config@6.1.0
libnpmdiff@5.0.2
libnpmexec@5.0.2
libnpmfund@4.0.2
libnpmpack@5.0.2
libnpmpublish@7.0.2
libnpmversion@4.0.1
9.1.1
9.1.1 (2022-11-09)
Documentation
1bff064
#5819 config: documentnpm config fix
(#5819) (@wraithgar)Dependencies
335c7e4
#5813cacache@17.0.2
878ddfb
@npmcli/fs@3.1.0
@npmcli/arborist@6.1.2
libnpmdiff@5.0.3
libnpmexec@5.0.3
libnpmfund@4.0.3
libnpmpack@5.0.3
libnpmpublish@7.0.3