Release proposal: v0.12.13

ChangeLog

@@ -1,3 +1,17 @@
+2016-03-31, Version 0.12.13 (LTS), @rvagg
+
+Notable changes:
+
+* npm: Upgrade to v2.15.1. (Forrest L Norvell)
+* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (https://github.com/nodejs/LTS/issues/85). (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
+
+* [2ce29165a1] - deps: upgrade npm in LTS to 2.15.1 (Forrest L Norvell)
+* [a115779026] - deps: Disable EXPORT and LOW ciphers in openssl (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
+* [ab907eb5a8] - test: skip cluster-disconnect-race on Windows (Gibson Fahnestock) https://github.com/nodejs/node/pull/5621
+* [9c06db7444] - test: change tls tests not to use LOW cipher (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
+* [154098a3dc] - test: bp fix for test-http-get-pipeline-problem.js (Michael Dawson) https://github.com/nodejs/node/pull/3013
+* [ff2bed6e86] - win,build: support Visual C++ Build Tools 2015 (João Reis) https://github.com/nodejs/node/pull/5627
+
 2016-03-08, Version 0.12.12 (LTS), @rvagg
 
 Notable changes:

deps/npm/.npmignore

@@ -7,6 +7,7 @@ npm-debug.log
 /test/packages/npm-test-depends-on-spark/which-spark.log
 /test/packages/test-package/random-data.txt
 /test/root
+/test/npm_cache
 node_modules/marked
 node_modules/ronn
 node_modules/tap

deps/npm/.travis.yml

@@ -1,7 +1,8 @@
 language: node_js
+sudo: false
 node_js:
-  - "4.1"
-  - "4.0"
+  - "5"
+  - "4"
   - iojs
   - "0.12"
   - "0.10"
@@ -11,7 +12,7 @@ env:
 before_install:
   - "npm config set spin false"
   - "npm install -g npm/npm#2.x"
-  - "sudo mkdir -p /var/run/couchdb"
-script: "npm run-script test-all"
+  - "mkdir -p /var/run/couchdb"
+script: "npm test"
 notifications:
     slack: npm-inc:kRqQjto7YbINqHPb1X6nS3g8

deps/npm/AUTHORS

@@ -313,3 +313,42 @@ Jon Hall <jon_hall@outlook.com>
 James Hartig <james@levenlabs.com>
 snopeks <stephaniesnopek@gmail.com>
 Jason Kurian <JaKXz@users.noreply.github.com>
+Juan Caicedo <retiredcanadianpoet@gmail.com>
+Ashley Williams <ashley@bocoup.com>
+Andrew Marcinkevičius <andrew.web@ifdattic.com>
+Jorrit Schippers <jorrit@ncode.nl>
+Alex Lukin <alex.lukin@softgrad.com>
+Aria Stewart <aredridel@dinhe.net>
+Tim <tim-github@baverstock.org.uk>
+Nick Williams <WickyNilliams@users.noreply.github.com>
+Louis Larry <louis.larry@gmail.com>
+Jakub Gieryluk <jakub.g.opensource@gmail.com>
+Martin von Gagern <Martin.vGagern@gmx.net>
+Eymen Gunay <eymen@egunay.com>
+ekmartin <mail@ekmartin.com>
+Rafał Pocztarski <r.pocztarski@gmail.com>
+Ashley Williams <ashley666ashley@gmail.com>
+Mark Reeder <mreeder@uber.com>
+Tiago Rodrigues <tmcrodrigues@gmail.com>
+Chris Rebert <github@chrisrebert.com>
+Jeff McMahan <jeffrey.lee.mcmahan@gmail.com>
+Scott Addie <tobias.addie@gmail.com>
+Julian Simioni <julian@simioni.org>
+Jimb Esser <jimb@yahoo-inc.com>
+Hal Henke <halhenke@gmail.com>
+Alexis Campailla <alexis@janeasystems.com>
+Beau Gunderson <beau@beaugunderson.com>
+s100 <shughes1@uk.ibm.com>
+Jonathan Persson <persson.jonathan@gmail.com>
+Vedat Mahir YILMAZ <mahir@vedatmahir.com>
+Jan Schär <jscissr@gmail.com>
+Xcat Liu <xcatliu@gmail.com>
+Neil Kistner <neil.kistner@gmail.com>
+Hutson Betts <hbetts@factset.com>
+Sergey Simonchik <sergey.simonchik@jetbrains.com>
+Lewis Cowper <lewis.cowper@googlemail.com>
+Arturo Coronel <aoitsu3@gmail.com>
+Scott Plumlee <scott@plumlee.org>
+gnerkus <ifeanyioraelosi@gmail.com>
+Robert Ludwig <rob.ludwig@rideamigos.com>
+Adam Byrne <misterbyrne@gmail.com>

deps/npm/LICENSE

@@ -1,11 +1,29 @@
+The npm application
 Copyright (c) npm, Inc. and Contributors
-All rights reserved.
+Licensed on the terms of The Artistic License 2.0
 
-npm is released under the Artistic License 2.0, subject to additional terms
-that are listed below.
+Node package dependencies of the npm application
+Copyright (c) their respective copyright owners
+Licensed on their respective license terms
 
-The text of the npm License follows and the text of the additional terms
-follows the Artistic License 2.0 terms:
+The npm public registry at https://registry.npmjs.org
+and the npm website at https://www.npmjs.com
+Operated by npm, Inc.
+Use governed by terms published on https://www.npmjs.com
+
+"Node.js"
+Trademark Joyent, Inc., https://joyent.com
+Neither npm nor npm, Inc. are affiliated with Joyent, Inc.
+
+The Node.js application
+Project of Node Foundation, https://nodejs.org
+
+The npm Logo
+Copyright (c) Mathias Pettersson and Brian Hammond
+
+"Gubblebum Blocky" typeface
+Copyright (c) Tjarda Koster, https://jelloween.deviantart.com
+Used with permission
 
 
 --------
@@ -251,11 +269,11 @@ details.
 Any data published to The npm Registry (including user account information) may
 be removed or modified at the sole discretion of the npm server administrators.
 
-"npm Logo" created by Mathias Pettersson and Brian Hammond,
-used with permission.
+"npm Logo" contributed by Mathias Pettersson and Brian Hammond,
+use is subject to https://www.npmjs.com/policies/trademark
 
 "Gubblebum Blocky" font
-Copyright (c) by Tjarda Koster, http://jelloween.deviantart.com
+Copyright (c) by Tjarda Koster, https://jelloween.deviantart.com
 included for use in the npm website and documentation,
 used with permission.
 

deps/npm/README.md

@@ -14,6 +14,17 @@ Much more info available via `npm help` once it's installed.
 To install an old **and unsupported** version of npm that works on node 0.3
 and prior, clone the git repo and dig through the old tags and branches.
 
+**npm is configured to use npm, Inc.'s public package registry at
+<https://registry.npmjs.org> by default.**
+
+You can configure npm to use any compatible registry you
+like, and even run your own registry. Check out the [doc on
+registries](https://docs.npmjs.com/misc/registry).
+
+Use of someone else's registry may be governed by terms of use. The
+terms of use for the default public registry are available at
+<https://www.npmjs.com>.
+
 ## Super Easy Install
 
 npm is bundled with [node](http://nodejs.org/download/).
@@ -127,52 +138,6 @@ must remove them yourself manually if you want them gone.  Note that
 this means that future npm installs will not remember the settings that
 you have chosen.
 
-## Using npm Programmatically
-
-Although npm can be used programmatically, its API is meant for use by the CLI
-*only*, and no guarantees are made regarding its fitness for any other purpose.
-If you want to use npm to reliably perform some task, the safest thing to do is
-to invoke the desired `npm` command with appropriate arguments.
-
-The semantic version of npm refers to the CLI itself, rather than the
-underlying API. _The internal API is not guaranteed to remain stable even when
-npm's version indicates no breaking changes have been made according to
-semver._
-
-If you _still_ would like to use npm programmatically, it's _possible_. The API
-isn't very well documented, but it _is_ rather simple.
-
-Eventually, npm will be just a thin CLI wrapper around the modules that it
-depends on, but for now, there are some things that only the CLI can do. You
-should try using one of npm's dependencies first, and only use the API if what
-you're trying to do is only supported by npm itself.
-
-```javascript
-var npm = require("npm")
-npm.load(myConfigObject, function (er) {
-  if (er) return handlError(er)
-  npm.commands.install(["some", "args"], function (er, data) {
-    if (er) return commandFailed(er)
-    // command succeeded, and data might have some info
-  })
-  npm.registry.log.on("log", function (message) { .... })
-})
-```
-
-The `load` function takes an object hash of the command-line configs.
-The various `npm.commands.<cmd>` functions take an **array** of
-positional argument **strings**.  The last argument to any
-`npm.commands.<cmd>` function is a callback.  Some commands take other
-optional arguments.  Read the source.
-
-You cannot set configs individually for any single npm function at this
-time.  Since `npm` is a singleton, any call to `npm.config.set` will
-change the value for *all* npm commands in that process.
-
-See `./bin/npm-cli.js` for an example of pulling config values off of the
-command line arguments using nopt.  You may also want to check out `npm
-help config` to learn about all the options you can set there.
-
 ## More Docs
 
 Check out the [docs](https://docs.npmjs.com/),
@@ -183,47 +148,6 @@ You can use the `npm help` command to read any of them.
 If you're a developer, and you want to use npm to publish your program,
 you should [read this](https://docs.npmjs.com/misc/developers)
 
-## Legal Stuff
-
-"npm" and "The npm Registry" are owned by npm, Inc.
-All rights reserved.  See the included LICENSE file for more details.
-
-"Node.js" and "node" are trademarks owned by Joyent, Inc.
-
-Modules published on the npm registry are not officially endorsed by
-npm, Inc. or the Node.js project.
-
-Data published to the npm registry is not part of npm itself, and is
-the sole property of the publisher.  While every effort is made to
-ensure accountability, there is absolutely no guarantee, warranty, or
-assertion expressed or implied as to the quality, fitness for a
-specific purpose, or lack of malice in any given npm package.
-
-If you have a complaint about a package in the public npm registry,
-and cannot [resolve it with the package
-owner](https://docs.npmjs.com/misc/disputes), please email
-<support@npmjs.com> and explain the situation.
-
-Any data published to The npm Registry (including user account
-information) may be removed or modified at the sole discretion of the
-npm server administrators.
-
-### In plainer english
-
-npm is the property of npm, Inc.
-
-If you publish something, it's yours, and you are solely accountable
-for it.
-
-If other people publish something, it's theirs.
-
-Users can publish Bad Stuff.  It will be removed promptly if reported.
-But there is no vetting process for published modules, and you use
-them at your own risk.  Please inspect the source.
-
-If you publish Bad Stuff, we may delete it from the registry, or even
-ban your account in extreme cases.  So don't do that.
-
 ## BUGS
 
 When you find issues, please report them:

deps/npm/bin/node-gyp-bin/node-gyp.cmd

@@ -1,5 +1,5 @@
-if not defined npm_config_node_gyp (
-  node "%~dp0\..\..\node_modules\node-gyp\bin\node-gyp.js" %*
-) else (
-  node %npm_config_node_gyp% %*
-)
+if not defined npm_config_node_gyp (
+  node "%~dp0\..\..\node_modules\node-gyp\bin\node-gyp.js" %*
+) else (
+  node "%npm_config_node_gyp%" %*
+)

deps/npm/bin/npm

@@ -15,6 +15,13 @@ fi
 NPM_CLI_JS="$basedir/node_modules/npm/bin/npm-cli.js"
 
 case `uname` in
+  *MINGW*)
+    NPM_PREFIX=`"$NODE_EXE" "$NPM_CLI_JS" prefix -g`
+    NPM_PREFIX_NPM_CLI_JS="$NPM_PREFIX/node_modules/npm/bin/npm-cli.js"
+    if [ -f "$NPM_PREFIX_NPM_CLI_JS" ]; then
+      NPM_CLI_JS="$NPM_PREFIX_NPM_CLI_JS"
+    fi
+    ;;
   *CYGWIN*)
     NPM_PREFIX=`"$NODE_EXE" "$NPM_CLI_JS" prefix -g`
     NPM_PREFIX_NPM_CLI_JS="$NPM_PREFIX/node_modules/npm/bin/npm-cli.js"

deps/npm/doc/cli/npm-adduser.md

@@ -5,6 +5,8 @@ npm-adduser(1) -- Add a registry user account
 
     npm adduser [--registry=url] [--scope=@orgname] [--always-auth]
 
+    aliases: login, add-user
+
 ## DESCRIPTION
 
 Create or verify a user named `<username>` in the specified registry, and
@@ -28,7 +30,7 @@ your existing record.
 
 ### registry
 
-Default: http://registry.npmjs.org/
+Default: https://registry.npmjs.org/
 
 The base URL of the npm package registry. If `scope` is also specified,
 this registry will only be used for packages with that scope. See `npm-scope(7)`.
@@ -57,9 +59,11 @@ registries. Can be used with `--registry` and / or `--scope`, e.g.
     npm adduser --registry=http://private-registry.example.com --always-auth
 
 This will ensure that all requests to that registry (including for tarballs)
-include an authorization header. See `always-auth` in `npm-config(7)` for more
-details on always-auth. Registry-specific configuration of `always-auth` takes
-precedence over any global configuration.
+include an authorization header. This setting may be necessary for use with
+private registries where metadata and package tarballs are stored on hosts with
+different hostnames. See `always-auth` in `npm-config(7)` for more details on
+always-auth. Registry-specific configuration of `always-auth` takes precedence
+over any global configuration.
 
 ## SEE ALSO
 

deps/npm/doc/cli/npm-bugs.md

@@ -6,6 +6,8 @@ npm-bugs(1) -- Bugs for a package in a web browser maybe
     npm bugs <pkgname>
     npm bugs (with no args in a package dir)
 
+    aliases: issues
+
 ## DESCRIPTION
 
 This command tries to guess at the likely location of a package's

deps/npm/doc/cli/npm-config.md

@@ -12,6 +12,8 @@ npm-config(1) -- Manage the npm configuration files
     npm get <key>
     npm set <key> <value> [--global]
 
+    aliases: c
+
 ## DESCRIPTION
 
 npm gets its config settings from the command line, environment

deps/npm/doc/cli/npm-dedupe.md

@@ -6,6 +6,8 @@ npm-dedupe(1) -- Reduce duplication
     npm dedupe [package names...]
     npm ddp [package names...]
 
+    aliases: find-dupes, ddp
+
 ## DESCRIPTION
 
 Searches the local package tree and attempts to simplify the overall

deps/npm/doc/cli/npm-dist-tag.md

@@ -7,6 +7,8 @@ npm-dist-tag(1) -- Modify package distribution tags
     npm dist-tag rm <pkg> <tag>
     npm dist-tag ls [<pkg>]
 
+    aliases: dist-tags
+
 ## DESCRIPTION
 
 Add, remove, and enumerate distribution tags on a package:
@@ -33,17 +35,30 @@ When installing dependencies, a preferred tagged version may be specified:
 
 This also applies to `npm dedupe`.
 
-Publishing a package sets the "latest" tag to the published version unless the
+Publishing a package sets the `latest` tag to the published version unless the
 `--tag` option is used. For example, `npm publish --tag=beta`.
 
+By default, `npm install <pkg>` (without any `@<version>` or `@<tag>`
+specifier) installs the `latest` tag.
+
 ## PURPOSE
 
-Tags can be used to provide an alias instead of version numbers.  For
-example, `npm` currently uses the tag "next" to identify the upcoming
-version, and the tag "latest" to identify the current version.
+Tags can be used to provide an alias instead of version numbers.
+
+For example, a project might choose to have multiple streams of development
+and use a different tag for each stream,
+e.g., `stable`, `beta`, `dev`, `canary`.
+
+By default, the `latest` tag is used by npm to identify the current version of
+a package, and `npm install <pkg>` (without any `@<version>` or `@<tag>`
+specifier) installs the `latest` tag. Typically, projects only use the `latest`
+tag for stable release versions, and use other tags for unstable versions such
+as prereleases.
+
+The `next` tag is used by some projects to identify the upcoming version.
 
-A project might choose to have multiple streams of development, e.g.,
-"stable", "canary".
+By default, other than `latest`, no tag has any special significance to npm
+itself.
 
 ## CAVEATS
 
@@ -69,5 +84,4 @@ begin with a number or the letter `v`.
 * npm-registry(7)
 * npm-config(1)
 * npm-config(7)
-* npm-tag(3)
 * npmrc(5)