From 81da28b709bbea129474a0fe4d021fc3b740b9af Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 16 Feb 2022 13:51:37 -0700 Subject: [PATCH] deps: update major versions of top level and nested npm deps - @npmcli/metavuln-calculator@3.0.0 - @npmcli/git@3.0.0 - @npmcli/config@4.0.0 - pacote@13.0.2 - npm-pick-manifest@7.0.0 - npm-package-arg@9.0.0 - proc-log@2.0.0 - npm-registry-fetch@13.0.0 - npm-profile@6.0.2 --- .../@npmcli/config/lib/env-replace.js | 2 +- node_modules/@npmcli/config/lib/index.js | 15 +- node_modules/@npmcli/config/lib/proc-log.js | 4 - node_modules/@npmcli/config/package.json | 11 +- node_modules/@npmcli/git/lib/clone.js | 24 +- node_modules/@npmcli/git/lib/errors.js | 2 +- node_modules/@npmcli/git/lib/index.js | 2 +- node_modules/@npmcli/git/lib/lines-to-revs.js | 14 +- node_modules/@npmcli/git/lib/make-error.js | 4 +- node_modules/@npmcli/git/lib/opts.js | 4 +- node_modules/@npmcli/git/lib/proc-log.js | 21 - node_modules/@npmcli/git/lib/revs.js | 2 +- node_modules/@npmcli/git/lib/spawn.js | 9 +- .../git/node_modules/lru-cache/LICENSE | 15 + .../git/node_modules/lru-cache/index.js | 581 ++++++++++++++++++ .../git/node_modules/lru-cache/package.json | 34 + node_modules/@npmcli/git/package.json | 29 +- .../metavuln-calculator/lib/advisory.js | 94 ++- .../@npmcli/metavuln-calculator/lib/hash.js | 4 +- .../@npmcli/metavuln-calculator/lib/index.js | 14 +- .../@npmcli/metavuln-calculator/package.json | 28 +- .../node_modules/npm-package-arg/LICENSE | 15 + .../node_modules}/npm-package-arg/npa.js | 0 .../node_modules/npm-package-arg/package.json | 46 ++ node_modules/npm-package-arg/lib/npa.js | 366 +++++++++++ node_modules/npm-package-arg/package.json | 33 +- .../npm-pick-manifest/{ => lib}/index.js | 14 +- node_modules/npm-pick-manifest/package.json | 35 +- node_modules/npm-profile/lib/index.js | 19 +- node_modules/npm-profile/package.json | 16 +- .../npm-registry-fetch/lib/check-response.js | 13 +- .../npm-registry-fetch/lib/default-opts.js | 1 - node_modules/npm-registry-fetch/package.json | 8 +- node_modules/pacote/lib/bin.js | 30 +- node_modules/pacote/lib/dir.js | 17 +- node_modules/pacote/lib/fetcher.js | 101 +-- node_modules/pacote/lib/file.js | 41 +- node_modules/pacote/lib/git.js | 87 +-- node_modules/pacote/lib/registry.js | 39 +- node_modules/pacote/lib/remote.js | 8 +- node_modules/pacote/lib/util/cache-dir.js | 2 +- .../pacote/lib/util/is-package-bin.js | 7 +- node_modules/pacote/lib/util/npm.js | 1 - node_modules/pacote/lib/util/proc-log.js | 21 - .../pacote/lib/util/tar-create-options.js | 5 +- .../pacote/lib/util/trailing-slashes.js | 10 + node_modules/pacote/package.json | 45 +- node_modules/proc-log/{ => lib}/index.js | 3 +- node_modules/proc-log/package.json | 30 +- package-lock.json | 369 ++++++----- package.json | 14 +- workspaces/arborist/package.json | 12 +- workspaces/libnpmaccess/package.json | 4 +- workspaces/libnpmdiff/package.json | 4 +- workspaces/libnpmexec/package.json | 6 +- workspaces/libnpmhook/package.json | 2 +- workspaces/libnpmorg/package.json | 2 +- workspaces/libnpmpack/package.json | 4 +- workspaces/libnpmpublish/package.json | 4 +- workspaces/libnpmsearch/package.json | 2 +- workspaces/libnpmteam/package.json | 2 +- workspaces/libnpmversion/package.json | 2 +- 62 files changed, 1794 insertions(+), 559 deletions(-) delete mode 100644 node_modules/@npmcli/config/lib/proc-log.js delete mode 100644 node_modules/@npmcli/git/lib/proc-log.js create mode 100644 node_modules/@npmcli/git/node_modules/lru-cache/LICENSE create mode 100644 node_modules/@npmcli/git/node_modules/lru-cache/index.js create mode 100644 node_modules/@npmcli/git/node_modules/lru-cache/package.json create mode 100644 node_modules/init-package-json/node_modules/npm-package-arg/LICENSE rename node_modules/{ => init-package-json/node_modules}/npm-package-arg/npa.js (100%) create mode 100644 node_modules/init-package-json/node_modules/npm-package-arg/package.json create mode 100644 node_modules/npm-package-arg/lib/npa.js rename node_modules/npm-pick-manifest/{ => lib}/index.js (96%) delete mode 100644 node_modules/pacote/lib/util/proc-log.js create mode 100644 node_modules/pacote/lib/util/trailing-slashes.js rename node_modules/proc-log/{ => lib}/index.js (91%) diff --git a/node_modules/@npmcli/config/lib/env-replace.js b/node_modules/@npmcli/config/lib/env-replace.js index a6e4b2968d04e..e0f7276b1ec2b 100644 --- a/node_modules/@npmcli/config/lib/env-replace.js +++ b/node_modules/@npmcli/config/lib/env-replace.js @@ -1,6 +1,6 @@ // replace any ${ENV} values with the appropriate environ. -const envExpr = /(\\*)\$\{([^}]+)\}/g +const envExpr = /(? f.replace(envExpr, (orig, esc, name) => { const val = env[name] !== undefined ? env[name] : `$\{${name}}` diff --git a/node_modules/@npmcli/config/lib/index.js b/node_modules/@npmcli/config/lib/index.js index dc839a5389c3a..82e369938db9c 100644 --- a/node_modules/@npmcli/config/lib/index.js +++ b/node_modules/@npmcli/config/lib/index.js @@ -5,6 +5,7 @@ const nopt = require('nopt') const mkdirp = require('mkdirp-infer-owner') const mapWorkspaces = require('@npmcli/map-workspaces') const rpj = require('read-package-json-fast') +const log = require('proc-log') /* istanbul ignore next */ const myUid = process.getuid && process.getuid() @@ -88,7 +89,6 @@ class Config { // options just to override in tests, mostly env = process.env, argv = process.argv, - log = require('./proc-log.js'), platform = process.platform, execPath = process.execPath, cwd = process.cwd(), @@ -114,7 +114,6 @@ class Config { this.defaults = defaults this.npmPath = npmPath - this.log = log this.argv = argv this.env = env this.execPath = execPath @@ -436,7 +435,7 @@ class Config { } invalidHandler (k, val, type, source, where) { - this.log.warn( + log.warn( 'invalid config', k + '=' + JSON.stringify(val), `set in ${source}` @@ -469,7 +468,7 @@ class Config { : mustBe.filter(m => m !== Array) .map(n => typeof n === 'string' ? n : JSON.stringify(n)) .join(', ') - this.log.warn('invalid config', msg, desc) + log.warn('invalid config', msg, desc) } [_loadObject] (obj, where, source, er = null) { @@ -491,7 +490,7 @@ class Config { if (er) { conf.loadError = er if (er.code !== 'ENOENT') { - this.log.verbose('config', `error loading ${where} config`, er) + log.verbose('config', `error loading ${where} config`, er) } } else { conf.raw = obj @@ -510,7 +509,7 @@ class Config { // XXX a future npm version will make this a warning. // An even more future npm version will make this an error. if (this.deprecated[key]) { - this.log.verbose('config', key, this.deprecated[key]) + log.verbose('config', key, this.deprecated[key]) } } @@ -607,14 +606,14 @@ class Config { .catch(() => false) if (hasNpmrc) { - this.log.warn(`ignoring workspace config at ${this.localPrefix}/.npmrc`) + log.warn(`ignoring workspace config at ${this.localPrefix}/.npmrc`) } // set the workspace in the default layer, which allows it to be overridden easily const { data } = this.data.get('default') data.workspace = [this.localPrefix] this.localPrefix = p - this.log.info(`found workspace root at ${this.localPrefix}`) + log.info(`found workspace root at ${this.localPrefix}`) // we found a root, so we return now return } diff --git a/node_modules/@npmcli/config/lib/proc-log.js b/node_modules/@npmcli/config/lib/proc-log.js deleted file mode 100644 index 0492a26180756..0000000000000 --- a/node_modules/@npmcli/config/lib/proc-log.js +++ /dev/null @@ -1,4 +0,0 @@ -const log = (level) => (...args) => process.emit('log', level, ...args) -for (const level of ['silly', 'verbose', 'warn', 'error']) { - exports[level] = log(level) -} diff --git a/node_modules/@npmcli/config/package.json b/node_modules/@npmcli/config/package.json index b0722db413e5b..ea03f957f83c5 100644 --- a/node_modules/@npmcli/config/package.json +++ b/node_modules/@npmcli/config/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/config", - "version": "3.0.0", + "version": "4.0.0", "files": [ "bin", "lib" @@ -30,22 +30,23 @@ "coverage-map": "map.js" }, "devDependencies": { - "@npmcli/template-oss": "^2.5.1", - "tap": "^15.0.4" + "@npmcli/template-oss": "^2.7.1", + "tap": "^15.1.6" }, "dependencies": { "@npmcli/map-workspaces": "^2.0.0", "ini": "^2.0.0", "mkdirp-infer-owner": "^2.0.0", "nopt": "^5.0.0", + "proc-log": "^2.0.0", "read-package-json-fast": "^2.0.3", - "semver": "^7.3.4", + "semver": "^7.3.5", "walk-up-path": "^1.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" }, "templateOSS": { - "version": "2.6.0" + "version": "2.7.1" } } diff --git a/node_modules/@npmcli/git/lib/clone.js b/node_modules/@npmcli/git/lib/clone.js index 6754fd7606009..ac5f86b14494c 100644 --- a/node_modules/@npmcli/git/lib/clone.js +++ b/node_modules/@npmcli/git/lib/clone.js @@ -15,7 +15,7 @@ const shallowHosts = new Set([ 'gist.github.com', 'gitlab.com', 'bitbucket.com', - 'bitbucket.org' + 'bitbucket.org', ]) // we have to use url.parse until we add the same shim that hosted-git-info has // to handle scp:// urls @@ -113,10 +113,14 @@ const branch = (repo, revDoc, target, opts) => { revDoc.ref, repo, target, - '--recurse-submodules' + '--recurse-submodules', ] - if (maybeShallow(repo, opts)) { args.push('--depth=1') } - if (isWindows(opts)) { args.push('--config', 'core.longpaths=true') } + if (maybeShallow(repo, opts)) { + args.push('--depth=1') + } + if (isWindows(opts)) { + args.push('--config', 'core.longpaths=true') + } return spawn(args, opts).then(() => revDoc.sha) } @@ -126,10 +130,14 @@ const plain = (repo, revDoc, target, opts) => { 'clone', repo, target, - '--recurse-submodules' + '--recurse-submodules', ] - if (maybeShallow(repo, opts)) { args.push('--depth=1') } - if (isWindows(opts)) { args.push('--config', 'core.longpaths=true') } + if (maybeShallow(repo, opts)) { + args.push('--depth=1') + } + if (isWindows(opts)) { + args.push('--config', 'core.longpaths=true') + } return spawn(args, opts).then(() => revDoc.sha) } @@ -143,7 +151,7 @@ const updateSubmodules = (target, opts) => new Promise(resolve => 'update', '-q', '--init', - '--recursive' + '--recursive', ], { ...opts, cwd: target })) })) diff --git a/node_modules/@npmcli/git/lib/errors.js b/node_modules/@npmcli/git/lib/errors.js index 25b2b9f9fd6a6..7aeac4762866f 100644 --- a/node_modules/@npmcli/git/lib/errors.js +++ b/node_modules/@npmcli/git/lib/errors.js @@ -32,5 +32,5 @@ class GitUnknownError extends GitError { module.exports = { GitConnectionError, GitPathspecError, - GitUnknownError + GitUnknownError, } diff --git a/node_modules/@npmcli/git/lib/index.js b/node_modules/@npmcli/git/lib/index.js index 20d7cfd01cfd1..10a65f782e6da 100644 --- a/node_modules/@npmcli/git/lib/index.js +++ b/node_modules/@npmcli/git/lib/index.js @@ -5,5 +5,5 @@ module.exports = { is: require('./is.js'), find: require('./find.js'), isClean: require('./is-clean.js'), - errors: require('./errors.js') + errors: require('./errors.js'), } diff --git a/node_modules/@npmcli/git/lib/lines-to-revs.js b/node_modules/@npmcli/git/lib/lines-to-revs.js index 9f879ca2475f5..3cf3778fe9178 100644 --- a/node_modules/@npmcli/git/lib/lines-to-revs.js +++ b/node_modules/@npmcli/git/lib/lines-to-revs.js @@ -7,7 +7,7 @@ module.exports = lines => finish(lines.reduce(linesToRevsReducer, { versions: {}, 'dist-tags': {}, refs: {}, - shas: {} + shas: {}, })) const finish = revs => distTags(shaList(peelTags(revs))) @@ -52,7 +52,9 @@ const distTags = revs => { revs['dist-tags'].latest = v } else if (ver.sha === HEAD.sha) { revs['dist-tags'].HEAD = v - if (!revs.refs.latest) { revs['dist-tags'].latest = v } + if (!revs.refs.latest) { + revs['dist-tags'].latest = v + } } }) return revs @@ -79,7 +81,9 @@ const refType = ref => { // return the doc, or null if we should ignore it. const lineToRevDoc = line => { const split = line.trim().split(/\s+/, 2) - if (split.length < 2) { return null } + if (split.length < 2) { + return null + } const sha = split[0].trim() const rawRef = split[1].trim() @@ -122,7 +126,9 @@ const lineToRevDoc = line => { const linesToRevsReducer = (revs, line) => { const doc = lineToRevDoc(line) - if (!doc) { return revs } + if (!doc) { + return revs + } revs.refs[doc.ref] = doc revs.refs[doc.rawRef] = doc diff --git a/node_modules/@npmcli/git/lib/make-error.js b/node_modules/@npmcli/git/lib/make-error.js index 043a8e6e95181..7540ec7c8b9f7 100644 --- a/node_modules/@npmcli/git/lib/make-error.js +++ b/node_modules/@npmcli/git/lib/make-error.js @@ -1,7 +1,7 @@ const { GitConnectionError, GitPathspecError, - GitUnknownError + GitUnknownError, } = require('./errors.js') const connectionErrorRe = new RegExp([ @@ -12,7 +12,7 @@ const connectionErrorRe = new RegExp([ 'Failed to connect to .* Timed out', 'Connection reset by peer', 'SSL_ERROR_SYSCALL', - 'The requested URL returned error: 503' + 'The requested URL returned error: 503', ].join('|')) const missingPathspecRe = /pathspec .* did not match any file\(s\) known to git/ diff --git a/node_modules/@npmcli/git/lib/opts.js b/node_modules/@npmcli/git/lib/opts.js index 144e0a3aaf03f..3119af16e0cf1 100644 --- a/node_modules/@npmcli/git/lib/opts.js +++ b/node_modules/@npmcli/git/lib/opts.js @@ -2,11 +2,11 @@ // This defaults to accepting new ssh host key fingerprints const gitEnv = { GIT_ASKPASS: 'echo', - GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new' + GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new', } module.exports = (opts = {}) => ({ stdioString: true, ...opts, shell: false, - env: opts.env || { ...gitEnv, ...process.env } + env: opts.env || { ...gitEnv, ...process.env }, }) diff --git a/node_modules/@npmcli/git/lib/proc-log.js b/node_modules/@npmcli/git/lib/proc-log.js deleted file mode 100644 index b2bdd9dc90205..0000000000000 --- a/node_modules/@npmcli/git/lib/proc-log.js +++ /dev/null @@ -1,21 +0,0 @@ -// default logger. -// emits 'log' events on the process -const LEVELS = [ - 'notice', - 'error', - 'warn', - 'info', - 'verbose', - 'http', - 'silly', - 'pause', - 'resume' -] - -const log = level => (...args) => process.emit('log', level, ...args) - -const logger = {} -for (const level of LEVELS) { - logger[level] = log(level) -} -module.exports = logger diff --git a/node_modules/@npmcli/git/lib/revs.js b/node_modules/@npmcli/git/lib/revs.js index 81059594f7aee..ee72370d5b7ec 100644 --- a/node_modules/@npmcli/git/lib/revs.js +++ b/node_modules/@npmcli/git/lib/revs.js @@ -4,7 +4,7 @@ const LRU = require('lru-cache') const revsCache = new LRU({ max: 100, - maxAge: 5 * 60 * 1000 + ttl: 5 * 60 * 1000, }) const linesToRevs = require('./lines-to-revs.js') diff --git a/node_modules/@npmcli/git/lib/spawn.js b/node_modules/@npmcli/git/lib/spawn.js index 1c89a4c53cf86..40972a509caa5 100644 --- a/node_modules/@npmcli/git/lib/spawn.js +++ b/node_modules/@npmcli/git/lib/spawn.js @@ -1,28 +1,29 @@ const spawn = require('@npmcli/promise-spawn') const promiseRetry = require('promise-retry') +const log = require('proc-log') const makeError = require('./make-error.js') const whichGit = require('./which.js') const makeOpts = require('./opts.js') -const procLog = require('./proc-log.js') module.exports = (gitArgs, opts = {}) => { const gitPath = whichGit(opts) - if (gitPath instanceof Error) { return Promise.reject(gitPath) } + if (gitPath instanceof Error) { + return Promise.reject(gitPath) + } // undocumented option, mostly only here for tests const args = opts.allowReplace || gitArgs[0] === '--no-replace-objects' ? gitArgs : ['--no-replace-objects', ...gitArgs] - const log = opts.log || procLog let retry = opts.retry if (retry === null || retry === undefined) { retry = { retries: opts.fetchRetries || 2, factor: opts.fetchRetryFactor || 10, maxTimeout: opts.fetchRetryMaxtimeout || 60000, - minTimeout: opts.fetchRetryMintimeout || 1000 + minTimeout: opts.fetchRetryMintimeout || 1000, } } return promiseRetry((retry, number) => { diff --git a/node_modules/@npmcli/git/node_modules/lru-cache/LICENSE b/node_modules/@npmcli/git/node_modules/lru-cache/LICENSE new file mode 100644 index 0000000000000..9b58a3e03d1df --- /dev/null +++ b/node_modules/@npmcli/git/node_modules/lru-cache/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) 2010-2022 Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/@npmcli/git/node_modules/lru-cache/index.js b/node_modules/@npmcli/git/node_modules/lru-cache/index.js new file mode 100644 index 0000000000000..ede2f30cc4b23 --- /dev/null +++ b/node_modules/@npmcli/git/node_modules/lru-cache/index.js @@ -0,0 +1,581 @@ +const perf = typeof performance === 'object' && performance && + typeof performance.now === 'function' ? performance : Date + +const warned = new Set() +const deprecatedOption = (opt, msg) => { + const code = `LRU_CACHE_OPTION_${opt}` + if (shouldWarn(code)) { + warn(code, `The ${opt} option is deprecated. ${msg}`, LRUCache) + } +} +const deprecatedMethod = (method, msg) => { + const code = `LRU_CACHE_METHOD_${method}` + if (shouldWarn(code)) { + const { prototype } = LRUCache + const { get } = Object.getOwnPropertyDescriptor(prototype, method) + warn(code, `The ${method} method is deprecated. ${msg}`, get) + } +} +const deprecatedProperty = (field, msg) => { + const code = `LRU_CACHE_PROPERTY_${field}` + if (shouldWarn(code)) { + const { prototype } = LRUCache + const { get } = Object.getOwnPropertyDescriptor(prototype, field) + warn(code, `The ${field} property is deprecated. ${msg}`, get) + } +} +const shouldWarn = (code) => !(process.noDeprecation || warned.has(code)) +const warn = (code, msg, fn) => { + warned.add(code) + process.emitWarning(msg, 'DeprecationWarning', code, fn) +} + +const isPosInt = n => n && n === Math.floor(n) && n > 0 && isFinite(n) + +/* istanbul ignore next - This is a little bit ridiculous, tbh. + * The maximum array length is 2^32-1 or thereabouts on most JS impls. + * And well before that point, you're caching the entire world, I mean, + * that's ~32GB of just integers for the next/prev links, plus whatever + * else to hold that many keys and values. Just filling the memory with + * zeroes at init time is brutal when you get that big. + * But why not be complete? + * Maybe in the future, these limits will have expanded. */ +const getUintArray = max => !isPosInt(max) ? null +: max <= Math.pow(2, 8) ? Uint8Array +: max <= Math.pow(2, 16) ? Uint16Array +: max <= Math.pow(2, 32) ? Uint32Array +: max <= Number.MAX_SAFE_INTEGER ? ZeroArray +: null + +class ZeroArray extends Array { + constructor (size) { + super(size) + this.fill(0) + } +} + +class Stack { + constructor (max) { + const UintArray = getUintArray(max) + this.heap = new UintArray(max) + this.length = 0 + } + push (n) { + this.heap[this.length++] = n + } + pop () { + return this.heap[--this.length] + } +} + +class LRUCache { + constructor (options = {}) { + const { + max, + ttl, + ttlResolution = 1, + ttlAutopurge, + updateAgeOnGet, + allowStale, + dispose, + disposeAfter, + noDisposeOnSet, + maxSize, + sizeCalculation, + } = options + + // deprecated options, don't trigger a warning for getting them if + // the thing being passed in is another LRUCache we're copying. + const { + length, + maxAge, + stale, + } = options instanceof LRUCache ? {} : options + + if (!isPosInt(max)) { + throw new TypeError('max option must be an integer') + } + + const UintArray = getUintArray(max) + if (!UintArray) { + throw new Error('invalid max value: ' + max) + } + + this.max = max + this.maxSize = maxSize || 0 + this.sizeCalculation = sizeCalculation || length + if (this.sizeCalculation) { + if (!this.maxSize) { + throw new TypeError('cannot set sizeCalculation without setting maxSize') + } + if (typeof this.sizeCalculation !== 'function') { + throw new TypeError('sizeCalculating set to non-function') + } + } + this.keyMap = new Map() + this.keyList = new Array(max).fill(null) + this.valList = new Array(max).fill(null) + this.next = new UintArray(max) + this.prev = new UintArray(max) + this.head = 0 + this.tail = 0 + this.free = new Stack(max) + this.initialFill = 1 + this.size = 0 + + if (typeof dispose === 'function') { + this.dispose = dispose + } + if (typeof disposeAfter === 'function') { + this.disposeAfter = disposeAfter + this.disposed = [] + } else { + this.disposeAfter = null + this.disposed = null + } + this.noDisposeOnSet = !!noDisposeOnSet + + if (this.maxSize) { + if (!isPosInt(this.maxSize)) { + throw new TypeError('maxSize must be a positive integer if specified') + } + this.initializeSizeTracking() + } + + this.allowStale = !!allowStale || !!stale + this.updateAgeOnGet = !!updateAgeOnGet + this.ttlResolution = isPosInt(ttlResolution) || ttlResolution === 0 + ? ttlResolution : 1 + this.ttlAutopurge = !!ttlAutopurge + this.ttl = ttl || maxAge || 0 + if (this.ttl) { + if (!isPosInt(this.ttl)) { + throw new TypeError('ttl must be a positive integer if specified') + } + this.initializeTTLTracking() + } + + if (stale) { + deprecatedOption('stale', 'please use options.allowStale instead') + } + if (maxAge) { + deprecatedOption('maxAge', 'please use options.ttl instead') + } + if (length) { + deprecatedOption('length', 'please use options.sizeCalculation instead') + } + } + + initializeTTLTracking () { + this.ttls = new ZeroArray(this.max) + this.starts = new ZeroArray(this.max) + this.setItemTTL = (index, ttl) => { + this.starts[index] = ttl !== 0 ? perf.now() : 0 + this.ttls[index] = ttl + if (ttl !== 0 && this.ttlAutopurge) { + const t = setTimeout(() => { + if (this.isStale(index)) { + this.delete(this.keyList[index]) + } + }, ttl + 1) + /* istanbul ignore else - unref() not supported on all platforms */ + if (t.unref) { + t.unref() + } + } + } + this.updateItemAge = (index) => { + this.starts[index] = this.ttls[index] !== 0 ? perf.now() : 0 + } + // debounce calls to perf.now() to 1s so we're not hitting + // that costly call repeatedly. + let cachedNow = 0 + const getNow = () => { + const n = perf.now() + if (this.ttlResolution > 0) { + cachedNow = n + const t = setTimeout(() => cachedNow = 0, this.ttlResolution) + /* istanbul ignore else - not available on all platforms */ + if (t.unref) { + t.unref() + } + } + return n + } + this.isStale = (index) => { + return this.ttls[index] !== 0 && this.starts[index] !== 0 && + ((cachedNow || getNow()) - this.starts[index] > this.ttls[index]) + } + } + updateItemAge (index) {} + setItemTTL (index, ttl) {} + isStale (index) { return false } + + initializeSizeTracking () { + this.calculatedSize = 0 + this.sizes = new ZeroArray(this.max) + this.removeItemSize = index => this.calculatedSize -= this.sizes[index] + this.addItemSize = (index, v, k, size, sizeCalculation) => { + const s = size || (sizeCalculation ? sizeCalculation(v, k) : 0) + this.sizes[index] = isPosInt(s) ? s : 0 + const maxSize = this.maxSize - this.sizes[index] + while (this.calculatedSize > maxSize) { + this.evict() + } + this.calculatedSize += this.sizes[index] + } + this.delete = k => { + if (this.size !== 0) { + const index = this.keyMap.get(k) + if (index !== undefined) { + this.calculatedSize -= this.sizes[index] + } + } + return LRUCache.prototype.delete.call(this, k) + } + } + removeItemSize (index) {} + addItemSize (index, v, k, size, sizeCalculation) {} + + *indexes () { + if (this.size) { + for (let i = this.tail; true; i = this.prev[i]) { + if (!this.isStale(i)) { + yield i + } + if (i === this.head) { + break + } + } + } + } + *rindexes () { + if (this.size) { + for (let i = this.head; true; i = this.next[i]) { + if (!this.isStale(i)) { + yield i + } + if (i === this.tail) { + break + } + } + } + } + + *entries () { + for (const i of this.indexes()) { + yield [this.keyList[i], this.valList[i]] + } + } + + *keys () { + for (const i of this.indexes()) { + yield this.keyList[i] + } + } + + *values () { + for (const i of this.indexes()) { + yield this.valList[i] + } + } + + [Symbol.iterator] () { + return this.entries() + } + + find (fn, getOptions = {}) { + for (const i of this.indexes()) { + if (fn(this.valList[i], this.keyList[i], this)) { + return this.get(this.keyList[i], getOptions) + } + } + } + + forEach (fn, thisp = this) { + for (const i of this.indexes()) { + fn.call(thisp, this.valList[i], this.keyList[i], this) + } + } + + rforEach (fn, thisp = this) { + for (const i of this.rindexes()) { + fn.call(thisp, this.valList[i], this.keyList[i], this) + } + } + + get prune () { + deprecatedMethod('prune', 'Please use cache.purgeStale() instead.') + return this.purgeStale + } + + purgeStale () { + let deleted = false + if (this.size) { + for (let i = this.head; true; i = this.next[i]) { + const b = i === this.tail + if (this.isStale(i)) { + this.delete(this.keyList[i]) + deleted = true + } + if (b) { + break + } + } + } + return deleted + } + + dump () { + const arr = [] + for (const i of this.indexes()) { + const key = this.keyList[i] + const value = this.valList[i] + const entry = { value } + if (this.ttls) { + entry.ttl = this.ttls[i] + } + if (this.sizes) { + entry.size = this.sizes[i] + } + arr.unshift([key, entry]) + } + return arr + } + + load (arr) { + this.clear() + for (const [key, entry] of arr) { + this.set(key, entry.value, entry) + } + } + + dispose (v, k, reason) {} + + set (k, v, { + ttl = this.ttl, + noDisposeOnSet = this.noDisposeOnSet, + size = 0, + sizeCalculation = this.sizeCalculation, + } = {}) { + let index = this.size === 0 ? undefined : this.keyMap.get(k) + if (index === undefined) { + // addition + index = this.newIndex() + this.keyList[index] = k + this.valList[index] = v + this.keyMap.set(k, index) + this.next[this.tail] = index + this.prev[index] = this.tail + this.tail = index + this.size ++ + this.addItemSize(index, v, k, size, sizeCalculation) + } else { + // update + const oldVal = this.valList[index] + if (v !== oldVal) { + if (!noDisposeOnSet) { + this.dispose(oldVal, k, 'set') + if (this.disposeAfter) { + this.disposed.push([oldVal, k, 'set']) + } + } + this.removeItemSize(index) + this.valList[index] = v + this.addItemSize(index, v, k, size, sizeCalculation) + } + this.moveToTail(index) + } + if (ttl !== 0 && this.ttl === 0 && !this.ttls) { + this.initializeTTLTracking() + } + this.setItemTTL(index, ttl) + if (this.disposeAfter) { + while (this.disposed.length) { + this.disposeAfter(...this.disposed.shift()) + } + } + return this + } + + newIndex () { + if (this.size === 0) { + return this.tail + } + if (this.size === this.max) { + return this.evict() + } + if (this.free.length !== 0) { + return this.free.pop() + } + // initial fill, just keep writing down the list + return this.initialFill++ + } + + pop () { + if (this.size) { + const val = this.valList[this.head] + this.evict() + return val + } + } + + evict () { + const head = this.head + const k = this.keyList[head] + const v = this.valList[head] + this.dispose(v, k, 'evict') + if (this.disposeAfter) { + this.disposed.push([v, k, 'evict']) + } + this.removeItemSize(head) + this.head = this.next[head] + this.keyMap.delete(k) + this.size -- + return head + } + + has (k) { + return this.keyMap.has(k) && !this.isStale(this.keyMap.get(k)) + } + + // like get(), but without any LRU updating or TTL expiration + peek (k, { allowStale = this.allowStale } = {}) { + const index = this.keyMap.get(k) + if (index !== undefined && (allowStale || !this.isStale(index))) { + return this.valList[index] + } + } + + get (k, { + allowStale = this.allowStale, + updateAgeOnGet = this.updateAgeOnGet, + } = {}) { + const index = this.keyMap.get(k) + if (index !== undefined) { + if (this.isStale(index)) { + const value = allowStale ? this.valList[index] : undefined + this.delete(k) + return value + } else { + this.moveToTail(index) + if (updateAgeOnGet) { + this.updateItemAge(index) + } + return this.valList[index] + } + } + } + + connect (p, n) { + this.prev[n] = p + this.next[p] = n + } + + moveToTail (index) { + // if tail already, nothing to do + // if head, move head to next[index] + // else + // move next[prev[index]] to next[index] (head has no prev) + // move prev[next[index]] to prev[index] + // prev[index] = tail + // next[tail] = index + // tail = index + if (index !== this.tail) { + if (index === this.head) { + this.head = this.next[index] + } else { + this.connect(this.prev[index], this.next[index]) + } + this.connect(this.tail, index) + this.tail = index + } + } + + get del () { + deprecatedMethod('del', 'Please use cache.delete() instead.') + return this.delete + } + delete (k) { + let deleted = false + if (this.size !== 0) { + const index = this.keyMap.get(k) + if (index !== undefined) { + deleted = true + if (this.size === 1) { + this.clear() + } else { + this.removeItemSize(index) + this.dispose(this.valList[index], k, 'delete') + if (this.disposeAfter) { + this.disposed.push([this.valList[index], k, 'delete']) + } + this.keyMap.delete(k) + this.keyList[index] = null + this.valList[index] = null + if (index === this.tail) { + this.tail = this.prev[index] + } else if (index === this.head) { + this.head = this.next[index] + } else { + this.next[this.prev[index]] = this.next[index] + this.prev[this.next[index]] = this.prev[index] + } + this.size -- + this.free.push(index) + } + } + } + if (this.disposed) { + while (this.disposed.length) { + this.disposeAfter(...this.disposed.shift()) + } + } + return deleted + } + + clear () { + if (this.dispose !== LRUCache.prototype.dispose) { + for (const index of this.rindexes()) { + this.dispose(this.valList[index], this.keyList[index], 'delete') + } + } + if (this.disposeAfter) { + for (const index of this.rindexes()) { + this.disposed.push([this.valList[index], this.keyList[index], 'delete']) + } + } + this.keyMap.clear() + this.valList.fill(null) + this.keyList.fill(null) + if (this.ttls) { + this.ttls.fill(0) + this.starts.fill(0) + } + if (this.sizes) { + this.sizes.fill(0) + } + this.head = 0 + this.tail = 0 + this.initialFill = 1 + this.free.length = 0 + this.calculatedSize = 0 + this.size = 0 + if (this.disposed) { + while (this.disposed.length) { + this.disposeAfter(...this.disposed.shift()) + } + } + } + get reset () { + deprecatedMethod('reset', 'Please use cache.clear() instead.') + return this.clear + } + + get length () { + deprecatedProperty('length', 'Please use cache.size instead.') + return this.size + } +} + +module.exports = LRUCache diff --git a/node_modules/@npmcli/git/node_modules/lru-cache/package.json b/node_modules/@npmcli/git/node_modules/lru-cache/package.json new file mode 100644 index 0000000000000..66dbbd9c11503 --- /dev/null +++ b/node_modules/@npmcli/git/node_modules/lru-cache/package.json @@ -0,0 +1,34 @@ +{ + "name": "lru-cache", + "description": "A cache object that deletes the least-recently-used items.", + "version": "7.3.1", + "author": "Isaac Z. Schlueter ", + "keywords": [ + "mru", + "lru", + "cache" + ], + "scripts": { + "test": "tap", + "snap": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags" + }, + "main": "index.js", + "repository": "git://github.com/isaacs/node-lru-cache.git", + "devDependencies": { + "benchmark": "^2.1.4", + "tap": "^15.1.6" + }, + "license": "ISC", + "files": [ + "index.js" + ], + "engines": { + "node": ">=12" + }, + "tap": { + "coverage-map": "map.js" + } +} diff --git a/node_modules/@npmcli/git/package.json b/node_modules/@npmcli/git/package.json index 9475da5007a7d..02cd37fa225ad 100644 --- a/node_modules/@npmcli/git/package.json +++ b/node_modules/@npmcli/git/package.json @@ -1,44 +1,57 @@ { "name": "@npmcli/git", - "version": "2.1.0", + "version": "3.0.0", "main": "lib/index.js", "files": [ - "lib/*.js" + "bin", + "lib" ], "description": "a util for spawning git from npm CLI contexts", "repository": { "type": "git", "url": "git+https://github.com/npm/git" }, - "author": "Isaac Z. Schlueter (https://izs.me)", + "author": "GitHub Inc.", "license": "ISC", "scripts": { - "lint": "standard", + "lint": "eslint '**/*.js'", "lint:fix": "standard --fix", "postversion": "npm publish", "prepublishOnly": "git push origin --follow-tags", "preversion": "npm test", "snap": "tap", "test": "tap", - "posttest": "npm run lint" + "posttest": "npm run lint", + "postlint": "npm-template-check", + "template-copy": "npm-template-copy --force", + "lintfix": "npm run lint -- --fix" }, "tap": { "check-coverage": true, "coverage-map": "map.js" }, "devDependencies": { + "@npmcli/template-oss": "^2.7.1", "slash": "^3.0.0", "standard": "^16.0.3", - "tap": "^15.0.6" + "tap": "^15.1.6" }, "dependencies": { "@npmcli/promise-spawn": "^1.3.2", - "lru-cache": "^6.0.0", + "lru-cache": "^7.3.1", "mkdirp": "^1.0.4", - "npm-pick-manifest": "^6.1.1", + "npm-pick-manifest": "^7.0.0", + "proc-log": "^2.0.0", "promise-inflight": "^1.0.1", "promise-retry": "^2.0.1", "semver": "^7.3.5", "which": "^2.0.2" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16" + }, + "templateOSS": { + "windowsCI": false, + "version": "2.7.1" } } diff --git a/node_modules/@npmcli/metavuln-calculator/lib/advisory.js b/node_modules/@npmcli/metavuln-calculator/lib/advisory.js index d0900e3732846..5b58ef6370724 100644 --- a/node_modules/@npmcli/metavuln-calculator/lib/advisory.js +++ b/node_modules/@npmcli/metavuln-calculator/lib/advisory.js @@ -22,8 +22,9 @@ class Advisory { this[_source] = source this[_options] = options this.name = name - if (!source.name) + if (!source.name) { source.name = name + } this.dependency = source.name @@ -70,11 +71,13 @@ class Advisory { // load up the data from a cache entry and a fetched packument load (cached, packument) { // basic data integrity gutcheck - if (!cached || typeof cached !== 'object') + if (!cached || typeof cached !== 'object') { throw new TypeError('invalid cached data, expected object') + } - if (!packument || typeof packument !== 'object') + if (!packument || typeof packument !== 'object') { throw new TypeError('invalid packument data, expected object') + } if (cached.id && cached.id !== this.id) { throw Object.assign(new Error('loading from incorrect cache entry'), { @@ -88,14 +91,16 @@ class Advisory { actual: packument.name, }) } - if (this[_packument]) + if (this[_packument]) { throw new Error('advisory object already loaded') + } // if we have a range from the initialization, and the cached // data has a *different* range, then we know we have to recalc. // just don't use the cached data, so we will definitely not match later - if (!this.range || cached.range && cached.range === this.range) + if (!this.range || cached.range && cached.range === this.range) { Object.assign(this, cached) + } this[_packument] = packument @@ -107,8 +112,9 @@ class Advisory { if (!this.versions.includes(v)) { versionsAdded.push(v) this.versions.push(v) - } else if (!pakuVersions.includes(v)) + } else if (!pakuVersions.includes(v)) { versionsRemoved.push(v) + } } // strip out any removed versions from our lists, and sort by semver @@ -138,14 +144,16 @@ class Advisory { this[_updated] = true // test any versions newly added - if (!unchanged || versionsAdded.length) + if (!unchanged || versionsAdded.length) { this[_testVersions](unchanged ? versionsAdded : this.versions) + } this.vulnerableVersions = semver.sort(this.vulnerableVersions, semverOpt) // metavulns have to calculate their range, since cache is invalidated // advisories just get their range from the advisory above - if (this.type === 'metavuln') + if (this.type === 'metavuln') { this[_calculateRange]() + } return this } @@ -170,10 +178,11 @@ class Advisory { } break } - if (vr.length > 1) + if (vr.length > 1) { vr[1] = this.versions[v] - else + } else { vr.push(this.versions[v]) + } v++ vulnVer++ } @@ -198,26 +207,30 @@ class Advisory { // we use the dependency version from the manifest. testVersion (version, spec = null) { const sv = String(version) - if (this[_versionVulnMemo].has(sv)) + if (this[_versionVulnMemo].has(sv)) { return this[_versionVulnMemo].get(sv) + } const result = this[_testVersion](version, spec) - if (result) + if (result) { this[_markVulnerable](version) + } this[_versionVulnMemo].set(sv, !!result) return result } [_markVulnerable] (version) { const sv = String(version) - if (!this.vulnerableVersions.includes(sv)) + if (!this.vulnerableVersions.includes(sv)) { this.vulnerableVersions.push(sv) + } } [_testVersion] (version, spec) { const sv = String(version) - if (this.vulnerableVersions.includes(sv)) + if (this.vulnerableVersions.includes(sv)) { return true + } if (this.type === 'advisory') { // advisory, just test range @@ -233,12 +246,14 @@ class Advisory { }, } - if (!spec) + if (!spec) { spec = getDepSpec(mani, this.dependency) + } // no dep, no vuln - if (spec === null) + if (spec === null) { return false + } if (!semver.validRange(spec, semverOpt)) { // not a semver range, nothing we can hope to do about it @@ -252,8 +267,9 @@ class Advisory { // try to pick a version of the dep that isn't vulnerable const avoid = this[_source].range - if (bundled) + if (bundled) { return semver.intersects(spec, avoid, semverOpt) + } return this[_source].testSpec(spec) } @@ -263,8 +279,9 @@ class Advisory { // consistent across multiple versions, so memoize this as well, in case // we're testing lots of versions. const memo = this[_specVulnMemo] - if (memo.has(spec)) + if (memo.has(spec)) { return memo.get(spec) + } const res = this[_testSpec](spec) memo.set(spec, res) @@ -274,10 +291,12 @@ class Advisory { [_testSpec] (spec) { for (const v of this.versions) { const satisfies = semver.satisfies(v, spec) - if (!satisfies) + if (!satisfies) { continue - if (!this.testVersion(v)) + } + if (!this.testVersion(v)) { return false + } } // either vulnerable, or not installable because nothing satisfied // either way, best avoided. @@ -285,8 +304,9 @@ class Advisory { } [_testVersions] (versions) { - if (!versions.length) + if (!versions.length) { return + } // set of lists of versions const versionSets = new Set() @@ -328,30 +348,34 @@ class Advisory { // version in the list, then start there instead. let h = 0 const origHeadVuln = this.testVersion(list[h]) - while (h < list.length && /-/.test(String(list[h]))) + while (h < list.length && /-/.test(String(list[h]))) { h++ + } // don't filter out the whole list! they might all be pr's - if (h === list.length) + if (h === list.length) { h = 0 - else if (origHeadVuln) { + } else if (origHeadVuln) { // if the original was vulnerable, assume so are all of these - for (let hh = 0; hh < h; hh++) + for (let hh = 0; hh < h; hh++) { this[_markVulnerable](list[hh]) + } } let t = list.length - 1 const origTailVuln = this.testVersion(list[t]) - while (t > h && /-/.test(String(list[t]))) + while (t > h && /-/.test(String(list[t]))) { t-- + } // don't filter out the whole list! might all be pr's - if (t === h) + if (t === h) { t = list.length - 1 - else if (origTailVuln) { + } else if (origTailVuln) { // if original tail was vulnerable, assume these are as well - for (let tt = list.length - 1; tt > t; tt--) + for (let tt = list.length - 1; tt > t; tt--) { this[_markVulnerable](list[tt]) + } } const headVuln = h === 0 ? origHeadVuln @@ -362,14 +386,16 @@ class Advisory { // if head and tail both vulnerable, whole list is thrown out if (headVuln && tailVuln) { - for (let v = h; v < t; v++) + for (let v = h; v < t; v++) { this[_markVulnerable](list[v]) + } continue } // if length is 2 or 1, then we marked them all already - if (t < h + 2) + if (t < h + 2) { continue + } const mid = Math.floor(list.length / 2) const pre = list.slice(0, mid) @@ -382,8 +408,9 @@ class Advisory { const midVuln = this.testVersion(pre[pre.length - 1]) while (/-/.test(String(pre[pre.length - 1]))) { const v = pre.pop() - if (midVuln) + if (midVuln) { this[_markVulnerable](v) + } } } @@ -391,8 +418,9 @@ class Advisory { const midVuln = this.testVersion(post[0]) while (/-/.test(String(post[0]))) { const v = post.shift() - if (midVuln) + if (midVuln) { this[_markVulnerable](v) + } } } diff --git a/node_modules/@npmcli/metavuln-calculator/lib/hash.js b/node_modules/@npmcli/metavuln-calculator/lib/hash.js index 79c0678c7581a..634bf99de0494 100644 --- a/node_modules/@npmcli/metavuln-calculator/lib/hash.js +++ b/node_modules/@npmcli/metavuln-calculator/lib/hash.js @@ -1,5 +1,5 @@ -const {createHash} = require('crypto') +const { createHash } = require('crypto') -module.exports = ({name, source}) => createHash('sha512') +module.exports = ({ name, source }) => createHash('sha512') .update(JSON.stringify([name, source])) .digest('base64') diff --git a/node_modules/@npmcli/metavuln-calculator/lib/index.js b/node_modules/@npmcli/metavuln-calculator/lib/index.js index 02c1ed018b8b5..668f55942c506 100644 --- a/node_modules/@npmcli/metavuln-calculator/lib/index.js +++ b/node_modules/@npmcli/metavuln-calculator/lib/index.js @@ -4,7 +4,7 @@ const pacote = require('pacote') const cacache = require('cacache') const Advisory = require('./advisory.js') -const {homedir} = require('os') +const { homedir } = require('os') const jsonParse = require('json-parse-even-better-errors') const _packument = Symbol('packument') @@ -37,8 +37,9 @@ class Calculator { async calculate (name, source) { const k = `security-advisory:${name}:${source.id}` - if (this[_advisories].has(k)) + if (this[_advisories].has(k)) { return this[_advisories].get(k) + } const p = this[_calculate](name, source) this[_advisories].set(k, p) @@ -58,8 +59,9 @@ class Calculator { process.emit('time', `metavuln:load:${k}`) advisory.load(cached, packument) process.emit('timeEnd', `metavuln:load:${k}`) - if (advisory.updated) + if (advisory.updated) { await this[_cachePut](advisory) + } this[_advisories].set(k, advisory) process.emit('timeEnd', t) return advisory @@ -81,8 +83,9 @@ class Calculator { const key = `security-advisory:${name}:${id}` /* istanbul ignore if - should be impossible, since we memoize the * advisory object itself using the same key, just being cautious */ - if (this[_cacheData].has(key)) + if (this[_cacheData].has(key)) { return this[_cacheData].get(key) + } process.emit('time', `metavuln:cache:get:${key}`) const p = cacache.get(this[_cache], key, { ...this[_options] }) @@ -98,8 +101,9 @@ class Calculator { } async [_packument] (name) { - if (this[_packuments].has(name)) + if (this[_packuments].has(name)) { return this[_packuments].get(name) + } process.emit('time', `metavuln:packument:${name}`) const p = pacote.packument(name, { ...this[_options] }) diff --git a/node_modules/@npmcli/metavuln-calculator/package.json b/node_modules/@npmcli/metavuln-calculator/package.json index 131cff672332d..385a34b85af27 100644 --- a/node_modules/@npmcli/metavuln-calculator/package.json +++ b/node_modules/@npmcli/metavuln-calculator/package.json @@ -1,13 +1,14 @@ { "name": "@npmcli/metavuln-calculator", - "version": "2.0.0", + "version": "3.0.0", "main": "lib/index.js", "files": [ + "bin", "lib" ], "description": "Calculate meta-vulnerabilities from package security advisories", "repository": "https://github.com/npm/metavuln-calculator", - "author": "Isaac Z. Schlueter (https://izs.me)", + "author": "GitHub Inc.", "license": "ISC", "scripts": { "test": "tap", @@ -18,29 +19,30 @@ "postversion": "npm publish", "prepublishOnly": "git push origin --follow-tags", "eslint": "eslint", - "lint": "npm run eslint -- \"lib/**/*.js\" \"test/**/*.js\"", - "lintfix": "npm run lint -- --fix" + "lint": "eslint '**/*.js'", + "lintfix": "npm run lint -- --fix", + "postlint": "npm-template-check", + "template-copy": "npm-template-copy --force" }, "tap": { "check-coverage": true, "coverage-map": "map.js" }, "devDependencies": { - "eslint": "^7.20.0", - "eslint-plugin-import": "^2.22.1", - "eslint-plugin-node": "^11.1.0", - "eslint-plugin-promise": "^4.3.1", - "eslint-plugin-standard": "^4.1.0", + "@npmcli/template-oss": "^2.7.1", "require-inject": "^1.4.4", - "tap": "^14.10.8" + "tap": "^15.1.6" }, "dependencies": { - "cacache": "^15.0.5", + "cacache": "^15.3.0", "json-parse-even-better-errors": "^2.3.1", - "pacote": "^12.0.0", - "semver": "^7.3.2" + "pacote": "^13.0.1", + "semver": "^7.3.5" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" + }, + "templateOSS": { + "version": "2.7.1" } } diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/LICENSE b/node_modules/init-package-json/node_modules/npm-package-arg/LICENSE new file mode 100644 index 0000000000000..19cec97b18468 --- /dev/null +++ b/node_modules/init-package-json/node_modules/npm-package-arg/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) npm, Inc. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/npm-package-arg/npa.js b/node_modules/init-package-json/node_modules/npm-package-arg/npa.js similarity index 100% rename from node_modules/npm-package-arg/npa.js rename to node_modules/init-package-json/node_modules/npm-package-arg/npa.js diff --git a/node_modules/init-package-json/node_modules/npm-package-arg/package.json b/node_modules/init-package-json/node_modules/npm-package-arg/package.json new file mode 100644 index 0000000000000..bf5f597e6d8df --- /dev/null +++ b/node_modules/init-package-json/node_modules/npm-package-arg/package.json @@ -0,0 +1,46 @@ +{ + "name": "npm-package-arg", + "version": "8.1.5", + "description": "Parse the things that can be arguments to `npm install`", + "main": "npa.js", + "directories": { + "test": "test" + }, + "files": [ + "npa.js" + ], + "dependencies": { + "hosted-git-info": "^4.0.1", + "semver": "^7.3.4", + "validate-npm-package-name": "^3.0.0" + }, + "devDependencies": { + "@npmcli/lint": "^1.0.1", + "tap": "^15.0.9" + }, + "scripts": { + "preversion": "npm test", + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags", + "test": "tap", + "snap": "tap", + "npmclilint": "npmcli-lint", + "lint": "npm run npmclilint -- \"*.*js\" \"test/**/*.*js\"", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint --", + "postsnap": "npm run lintfix --" + }, + "repository": { + "type": "git", + "url": "https://github.com/npm/npm-package-arg" + }, + "author": "Isaac Z. Schlueter (http://blog.izs.me/)", + "license": "ISC", + "bugs": { + "url": "https://github.com/npm/npm-package-arg/issues" + }, + "homepage": "https://github.com/npm/npm-package-arg", + "engines": { + "node": ">=10" + } +} diff --git a/node_modules/npm-package-arg/lib/npa.js b/node_modules/npm-package-arg/lib/npa.js new file mode 100644 index 0000000000000..cc1eddaec74b4 --- /dev/null +++ b/node_modules/npm-package-arg/lib/npa.js @@ -0,0 +1,366 @@ +'use strict' +module.exports = npa +module.exports.resolve = resolve +module.exports.Result = Result + +const url = require('url') +const HostedGit = require('hosted-git-info') +const semver = require('semver') +const path = global.FAKE_WINDOWS ? require('path').win32 : require('path') +const validatePackageName = require('validate-npm-package-name') +const { homedir } = require('os') + +const isWindows = process.platform === 'win32' || global.FAKE_WINDOWS +const hasSlashes = isWindows ? /\\|[/]/ : /[/]/ +const isURL = /^(?:git[+])?[a-z]+:/i +const isGit = /^[^@]+@[^:.]+\.[^:]+:.+$/i +const isFilename = /[.](?:tgz|tar.gz|tar)$/i + +function npa (arg, where) { + let name + let spec + if (typeof arg === 'object') { + if (arg instanceof Result && (!where || where === arg.where)) { + return arg + } else if (arg.name && arg.rawSpec) { + return npa.resolve(arg.name, arg.rawSpec, where || arg.where) + } else { + return npa(arg.raw, where || arg.where) + } + } + const nameEndsAt = arg[0] === '@' ? arg.slice(1).indexOf('@') + 1 : arg.indexOf('@') + const namePart = nameEndsAt > 0 ? arg.slice(0, nameEndsAt) : arg + if (isURL.test(arg)) { + spec = arg + } else if (isGit.test(arg)) { + spec = `git+ssh://${arg}` + } else if (namePart[0] !== '@' && (hasSlashes.test(namePart) || isFilename.test(namePart))) { + spec = arg + } else if (nameEndsAt > 0) { + name = namePart + spec = arg.slice(nameEndsAt + 1) + } else { + const valid = validatePackageName(arg) + if (valid.validForOldPackages) { + name = arg + } else { + spec = arg + } + } + return resolve(name, spec, where, arg) +} + +const isFilespec = isWindows ? /^(?:[.]|~[/]|[/\\]|[a-zA-Z]:)/ : /^(?:[.]|~[/]|[/]|[a-zA-Z]:)/ + +function resolve (name, spec, where, arg) { + const res = new Result({ + raw: arg, + name: name, + rawSpec: spec, + fromArgument: arg != null, + }) + + if (name) { + res.setName(name) + } + + if (spec && (isFilespec.test(spec) || /^file:/i.test(spec))) { + return fromFile(res, where) + } else if (spec && /^npm:/i.test(spec)) { + return fromAlias(res, where) + } + + const hosted = HostedGit.fromUrl(spec, { + noGitPlus: true, + noCommittish: true, + }) + if (hosted) { + return fromHostedGit(res, hosted) + } else if (spec && isURL.test(spec)) { + return fromURL(res) + } else if (spec && (hasSlashes.test(spec) || isFilename.test(spec))) { + return fromFile(res, where) + } else { + return fromRegistry(res) + } +} + +function invalidPackageName (name, valid, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid package name "${name}" of package "${raw}": ${valid.errors.join('; ')}.`) + err.code = 'EINVALIDPACKAGENAME' + return err +} + +function invalidTagName (name, raw) { + // eslint-disable-next-line max-len + const err = new Error(`Invalid tag name "${name}" of package "${raw}": Tags may not have any characters that encodeURIComponent encodes.`) + err.code = 'EINVALIDTAGNAME' + return err +} + +function Result (opts) { + this.type = opts.type + this.registry = opts.registry + this.where = opts.where + if (opts.raw == null) { + this.raw = opts.name ? opts.name + '@' + opts.rawSpec : opts.rawSpec + } else { + this.raw = opts.raw + } + + this.name = undefined + this.escapedName = undefined + this.scope = undefined + this.rawSpec = opts.rawSpec == null ? '' : opts.rawSpec + this.saveSpec = opts.saveSpec + this.fetchSpec = opts.fetchSpec + if (opts.name) { + this.setName(opts.name) + } + this.gitRange = opts.gitRange + this.gitCommittish = opts.gitCommittish + this.hosted = opts.hosted +} + +Result.prototype.setName = function (name) { + const valid = validatePackageName(name) + if (!valid.validForOldPackages) { + throw invalidPackageName(name, valid, this.raw) + } + + this.name = name + this.scope = name[0] === '@' ? name.slice(0, name.indexOf('/')) : undefined + // scoped packages in couch must have slash url-encoded, e.g. @foo%2Fbar + this.escapedName = name.replace('/', '%2f') + return this +} + +Result.prototype.toString = function () { + const full = [] + if (this.name != null && this.name !== '') { + full.push(this.name) + } + const spec = this.saveSpec || this.fetchSpec || this.rawSpec + if (spec != null && spec !== '') { + full.push(spec) + } + return full.length ? full.join('@') : this.raw +} + +Result.prototype.toJSON = function () { + const result = Object.assign({}, this) + delete result.hosted + return result +} + +function setGitCommittish (res, committish) { + if (committish != null && committish.length >= 7 && committish.slice(0, 7) === 'semver:') { + res.gitRange = decodeURIComponent(committish.slice(7)) + res.gitCommittish = null + } else { + res.gitCommittish = committish === '' ? null : committish + } + + return res +} + +function fromFile (res, where) { + if (!where) { + where = process.cwd() + } + res.type = isFilename.test(res.rawSpec) ? 'file' : 'directory' + res.where = where + + // always put the '/' on where when resolving urls, or else + // file:foo from /path/to/bar goes to /path/to/foo, when we want + // it to be /path/to/bar/foo + + let specUrl + let resolvedUrl + const prefix = (!/^file:/.test(res.rawSpec) ? 'file:' : '') + const rawWithPrefix = prefix + res.rawSpec + let rawNoPrefix = rawWithPrefix.replace(/^file:/, '') + try { + resolvedUrl = new url.URL(rawWithPrefix, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawWithPrefix) + } catch (originalError) { + const er = new Error('Invalid file: URL, must comply with RFC 8909') + throw Object.assign(er, { + raw: res.rawSpec, + spec: res, + where, + originalError, + }) + } + + // environment switch for testing + if (process.env.NPM_PACKAGE_ARG_8909_STRICT !== '1') { + // XXX backwards compatibility lack of compliance with 8909 + // Remove when we want a breaking change to come into RFC compliance. + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const rawSpec = res.rawSpec.replace(/^file:\/\//, 'file:///') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // turn file:/../foo into file:../foo + if (/^\/\.\.?(\/|$)/.test(rawNoPrefix)) { + const rawSpec = res.rawSpec.replace(/^file:\//, 'file:') + resolvedUrl = new url.URL(rawSpec, `file://${path.resolve(where)}/`) + specUrl = new url.URL(rawSpec) + rawNoPrefix = rawSpec.replace(/^file:/, '') + } + // XXX end 8909 violation backwards compatibility section + } + + // file:foo - relative url to ./foo + // file:/foo - absolute path /foo + // file:///foo - absolute path to /foo, no authority host + // file://localhost/foo - absolute path to /foo, on localhost + // file://foo - absolute path to / on foo host (error!) + if (resolvedUrl.host && resolvedUrl.host !== 'localhost') { + const msg = `Invalid file: URL, must be absolute if // present` + throw Object.assign(new Error(msg), { + raw: res.rawSpec, + parsed: resolvedUrl, + }) + } + + // turn /C:/blah into just C:/blah on windows + let specPath = decodeURIComponent(specUrl.pathname) + let resolvedPath = decodeURIComponent(resolvedUrl.pathname) + if (isWindows) { + specPath = specPath.replace(/^\/+([a-z]:\/)/i, '$1') + resolvedPath = resolvedPath.replace(/^\/+([a-z]:\/)/i, '$1') + } + + // replace ~ with homedir, but keep the ~ in the saveSpec + // otherwise, make it relative to where param + if (/^\/~(\/|$)/.test(specPath)) { + res.saveSpec = `file:${specPath.substr(1)}` + resolvedPath = path.resolve(homedir(), specPath.substr(3)) + } else if (!path.isAbsolute(rawNoPrefix)) { + res.saveSpec = `file:${path.relative(where, resolvedPath)}` + } else { + res.saveSpec = `file:${path.resolve(resolvedPath)}` + } + + res.fetchSpec = path.resolve(where, resolvedPath) + return res +} + +function fromHostedGit (res, hosted) { + res.type = 'git' + res.hosted = hosted + res.saveSpec = hosted.toString({ noGitPlus: false, noCommittish: false }) + res.fetchSpec = hosted.getDefaultRepresentation() === 'shortcut' ? null : hosted.toString() + return setGitCommittish(res, hosted.committish) +} + +function unsupportedURLType (protocol, spec) { + const err = new Error(`Unsupported URL Type "${protocol}": ${spec}`) + err.code = 'EUNSUPPORTEDPROTOCOL' + return err +} + +function matchGitScp (spec) { + // git ssh specifiers are overloaded to also use scp-style git + // specifiers, so we have to parse those out and treat them special. + // They are NOT true URIs, so we can't hand them to `url.parse`. + // + // This regex looks for things that look like: + // git+ssh://git@my.custom.git.com:username/project.git#deadbeef + // + // ...and various combinations. The username in the beginning is *required*. + const matched = spec.match(/^git\+ssh:\/\/([^:#]+:[^#]+(?:\.git)?)(?:#(.*))?$/i) + return matched && !matched[1].match(/:[0-9]+\/?.*$/i) && { + fetchSpec: matched[1], + gitCommittish: matched[2] == null ? null : matched[2], + } +} + +function fromURL (res) { + // eslint-disable-next-line node/no-deprecated-api + const urlparse = url.parse(res.rawSpec) + res.saveSpec = res.rawSpec + // check the protocol, and then see if it's git or not + switch (urlparse.protocol) { + case 'git:': + case 'git+http:': + case 'git+https:': + case 'git+rsync:': + case 'git+ftp:': + case 'git+file:': + case 'git+ssh:': { + res.type = 'git' + const match = urlparse.protocol === 'git+ssh:' ? matchGitScp(res.rawSpec) + : null + if (match) { + setGitCommittish(res, match.gitCommittish) + res.fetchSpec = match.fetchSpec + } else { + setGitCommittish(res, urlparse.hash != null ? urlparse.hash.slice(1) : '') + urlparse.protocol = urlparse.protocol.replace(/^git[+]/, '') + if (urlparse.protocol === 'file:' && /^git\+file:\/\/[a-z]:/i.test(res.rawSpec)) { + // keep the drive letter : on windows file paths + urlparse.host += ':' + urlparse.hostname += ':' + } + delete urlparse.hash + res.fetchSpec = url.format(urlparse) + } + break + } + case 'http:': + case 'https:': + res.type = 'remote' + res.fetchSpec = res.saveSpec + break + + default: + throw unsupportedURLType(urlparse.protocol, res.rawSpec) + } + + return res +} + +function fromAlias (res, where) { + const subSpec = npa(res.rawSpec.substr(4), where) + if (subSpec.type === 'alias') { + throw new Error('nested aliases not supported') + } + + if (!subSpec.registry) { + throw new Error('aliases only work for registry deps') + } + + res.subSpec = subSpec + res.registry = true + res.type = 'alias' + res.saveSpec = null + res.fetchSpec = null + return res +} + +function fromRegistry (res) { + res.registry = true + const spec = res.rawSpec === '' ? 'latest' : res.rawSpec.trim() + // no save spec for registry components as we save based on the fetched + // version, not on the argument so this can't compute that. + res.saveSpec = null + res.fetchSpec = spec + const version = semver.valid(spec, true) + const range = semver.validRange(spec, true) + if (version) { + res.type = 'version' + } else if (range) { + res.type = 'range' + } else { + if (encodeURIComponent(spec) !== spec) { + throw invalidTagName(spec, res.raw) + } + res.type = 'tag' + } + return res +} diff --git a/node_modules/npm-package-arg/package.json b/node_modules/npm-package-arg/package.json index bf5f597e6d8df..b0821312a7f0d 100644 --- a/node_modules/npm-package-arg/package.json +++ b/node_modules/npm-package-arg/package.json @@ -1,22 +1,23 @@ { "name": "npm-package-arg", - "version": "8.1.5", + "version": "9.0.0", "description": "Parse the things that can be arguments to `npm install`", - "main": "npa.js", + "main": "./lib/npa.js", "directories": { "test": "test" }, "files": [ - "npa.js" + "bin", + "lib" ], "dependencies": { - "hosted-git-info": "^4.0.1", - "semver": "^7.3.4", + "hosted-git-info": "^4.1.0", + "semver": "^7.3.5", "validate-npm-package-name": "^3.0.0" }, "devDependencies": { - "@npmcli/lint": "^1.0.1", - "tap": "^15.0.9" + "@npmcli/template-oss": "^2.7.1", + "tap": "^15.1.6" }, "scripts": { "preversion": "npm test", @@ -25,22 +26,30 @@ "test": "tap", "snap": "tap", "npmclilint": "npmcli-lint", - "lint": "npm run npmclilint -- \"*.*js\" \"test/**/*.*js\"", + "lint": "eslint '**/*.js'", "lintfix": "npm run lint -- --fix", - "posttest": "npm run lint --", - "postsnap": "npm run lintfix --" + "posttest": "npm run lint", + "postsnap": "npm run lintfix --", + "postlint": "npm-template-check", + "template-copy": "npm-template-copy --force" }, "repository": { "type": "git", "url": "https://github.com/npm/npm-package-arg" }, - "author": "Isaac Z. Schlueter (http://blog.izs.me/)", + "author": "GitHub Inc.", "license": "ISC", "bugs": { "url": "https://github.com/npm/npm-package-arg/issues" }, "homepage": "https://github.com/npm/npm-package-arg", "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16" + }, + "tap": { + "branches": 97 + }, + "templateOSS": { + "version": "2.7.1" } } diff --git a/node_modules/npm-pick-manifest/index.js b/node_modules/npm-pick-manifest/lib/index.js similarity index 96% rename from node_modules/npm-pick-manifest/index.js rename to node_modules/npm-pick-manifest/lib/index.js index 695450524dc13..f2934e9ca1822 100644 --- a/node_modules/npm-pick-manifest/index.js +++ b/node_modules/npm-pick-manifest/lib/index.js @@ -34,7 +34,7 @@ const pickManifest = (packument, wanted, opts) => { npmVersion = null, includeStaged = false, avoid = null, - avoidStrict = false + avoidStrict = false, } = opts const { name, time: verTimes } = packument @@ -43,7 +43,7 @@ const pickManifest = (packument, wanted, opts) => { if (avoidStrict) { const looseOpts = { ...opts, - avoidStrict: false + avoidStrict: false, } const result = pickManifest(packument, wanted, looseOpts) @@ -56,7 +56,7 @@ const pickManifest = (packument, wanted, opts) => { return { ...caret, _outsideDependencyRange: true, - _isSemVerMajor: false + _isSemVerMajor: false, } } @@ -65,7 +65,7 @@ const pickManifest = (packument, wanted, opts) => { return { ...star, _outsideDependencyRange: true, - _isSemVerMajor: true + _isSemVerMajor: true, } } @@ -75,7 +75,7 @@ const pickManifest = (packument, wanted, opts) => { wanted, avoid, before, - versions: Object.keys(versions) + versions: Object.keys(versions), }) } @@ -143,7 +143,7 @@ const pickManifest = (packument, wanted, opts) => { type, wanted, before, - versions: Object.keys(versions) + versions: Object.keys(versions), }) } @@ -213,6 +213,6 @@ module.exports = (packument, wanted, opts = {}) => { versions: Object.keys(packument.versions), name, distTags: packument['dist-tags'], - defaultTag + defaultTag, }) } diff --git a/node_modules/npm-pick-manifest/package.json b/node_modules/npm-pick-manifest/package.json index 4b4866cbf8832..ece1d174dbc0c 100644 --- a/node_modules/npm-pick-manifest/package.json +++ b/node_modules/npm-pick-manifest/package.json @@ -1,19 +1,24 @@ { "name": "npm-pick-manifest", - "version": "6.1.1", + "version": "7.0.0", "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", - "main": "index.js", + "main": "./lib", "files": [ - "*.js" + "bin", + "lib" ], "scripts": { "coverage": "tap", - "lint": "standard", + "lint": "eslint '**/*.js'", "test": "tap", "posttest": "npm run lint", "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" + "prepublishOnly": "git push origin --follow-tags", + "postlint": "npm-template-check", + "template-copy": "npm-template-copy --force", + "lintfix": "npm run lint -- --fix", + "snap": "tap" }, "repository": "https://github.com/npm/npm-pick-manifest", "keywords": [ @@ -21,23 +26,25 @@ "semver", "package manager" ], - "author": { - "name": "Kat Marchán", - "email": "kzm@sykosomatic.org", - "twitter": "maybekatz" - }, + "author": "GitHub Inc.", "license": "ISC", "dependencies": { "npm-install-checks": "^4.0.0", "npm-normalize-package-bin": "^1.0.1", - "npm-package-arg": "^8.1.2", - "semver": "^7.3.4" + "npm-package-arg": "^9.0.0", + "semver": "^7.3.5" }, "devDependencies": { - "standard": "^14.3.1", - "tap": "^14.11.0" + "@npmcli/template-oss": "^2.7.1", + "tap": "^15.1.6" }, "tap": { "check-coverage": true + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16" + }, + "templateOSS": { + "version": "2.7.1" } } diff --git a/node_modules/npm-profile/lib/index.js b/node_modules/npm-profile/lib/index.js index aa322e37f4824..74a8084292a6c 100644 --- a/node_modules/npm-profile/lib/index.js +++ b/node_modules/npm-profile/lib/index.js @@ -4,13 +4,14 @@ const fetch = require('npm-registry-fetch') const { HttpErrorBase } = require('npm-registry-fetch/lib/errors') const os = require('os') const { URL } = require('url') +const log = require('proc-log') // try loginWeb, catch the "not supported" message and fall back to couch const login = (opener, prompter, opts = {}) => { const { creds } = opts return loginWeb(opener, opts).catch(er => { if (er instanceof WebLoginNotSupported) { - process.emit('log', 'verbose', 'web login not supported, trying couch') + log.verbose('web login not supported, trying couch') return prompter(creds) .then(data => loginCouch(data.username, data.password, opts)) } else { @@ -23,7 +24,7 @@ const adduser = (opener, prompter, opts = {}) => { const { creds } = opts return adduserWeb(opener, opts).catch(er => { if (er instanceof WebLoginNotSupported) { - process.emit('log', 'verbose', 'web adduser not supported, trying couch') + log.verbose('web adduser not supported, trying couch') return prompter(creds) .then(data => adduserCouch(data.username, data.email, data.password, opts)) } else { @@ -33,12 +34,12 @@ const adduser = (opener, prompter, opts = {}) => { } const adduserWeb = (opener, opts = {}) => { - process.emit('log', 'verbose', 'web adduser', 'before first POST') + log.verbose('web adduser', 'before first POST') return webAuth(opener, opts, { create: true }) } const loginWeb = (opener, opts = {}) => { - process.emit('log', 'verbose', 'web login', 'before first POST') + log.verbose('web login', 'before first POST') return webAuth(opener, opts, {}) } @@ -62,13 +63,13 @@ const webAuth = (opener, opts, body) => { return Promise.all([res, res.json()]) }).then(([res, content]) => { const { doneUrl, loginUrl } = content - process.emit('log', 'verbose', 'web auth', 'got response', content) + log.verbose('web auth', 'got response', content) if (!isValidUrl(doneUrl) || !isValidUrl(loginUrl)) { throw new WebLoginInvalidResponse('POST', res, content) } return content }).then(({ doneUrl, loginUrl }) => { - process.emit('log', 'verbose', 'web auth', 'opening url pair') + log.verbose('web auth', 'opening url pair') return opener(loginUrl).then( () => webAuthCheckLogin(doneUrl, { ...opts, cache: false }) ) @@ -121,7 +122,7 @@ const adduserCouch = (username, email, password, opts = {}) => { ...body, password: 'XXXXX', } - process.emit('log', 'verbose', 'adduser', 'before first PUT', logObj) + log.verbose('adduser', 'before first PUT', logObj) const target = '/-/user/org.couchdb.user:' + encodeURIComponent(username) return fetch.json(target, { @@ -147,9 +148,9 @@ const loginCouch = (username, password, opts = {}) => { ...body, password: 'XXXXX', } - process.emit('log', 'verbose', 'login', 'before first PUT', logObj) + log.verbose('login', 'before first PUT', logObj) - const target = '-/user/org.couchdb.user:' + encodeURIComponent(username) + const target = '/-/user/org.couchdb.user:' + encodeURIComponent(username) return fetch.json(target, { ...opts, method: 'PUT', diff --git a/node_modules/npm-profile/package.json b/node_modules/npm-profile/package.json index 8745c2559f33f..68b04bba6d900 100644 --- a/node_modules/npm-profile/package.json +++ b/node_modules/npm-profile/package.json @@ -1,12 +1,13 @@ { "name": "npm-profile", - "version": "6.0.0", + "version": "6.0.2", "description": "Library for updating an npmjs.com profile", "keywords": [], "author": "GitHub Inc.", "license": "ISC", "dependencies": { - "npm-registry-fetch": "^12.0.0" + "npm-registry-fetch": "^13.0.0", + "proc-log": "^2.0.0" }, "main": "./lib/index.js", "repository": { @@ -18,9 +19,9 @@ "lib" ], "devDependencies": { - "@npmcli/template-oss": "^2.5.1", - "nock": "^13.2.1", - "tap": "^15.1.5" + "@npmcli/template-oss": "^2.7.1", + "nock": "^13.2.4", + "tap": "^15.1.6" }, "scripts": { "preversion": "npm test", @@ -31,7 +32,8 @@ "snap": "tap", "lint": "eslint '**/*.js'", "postlint": "npm-template-check", - "lintfix": "npm run lint -- --fix" + "lintfix": "npm run lint -- --fix", + "template-copy": "npm-template-copy --force" }, "tap": { "check-coverage": true @@ -40,6 +42,6 @@ "node": "^12.13.0 || ^14.15.0 || >=16" }, "templateOSS": { - "version": "2.5.1" + "version": "2.7.1" } } diff --git a/node_modules/npm-registry-fetch/lib/check-response.js b/node_modules/npm-registry-fetch/lib/check-response.js index 26043a96de854..872ec8a888694 100644 --- a/node_modules/npm-registry-fetch/lib/check-response.js +++ b/node_modules/npm-registry-fetch/lib/check-response.js @@ -3,23 +3,24 @@ const errors = require('./errors.js') const { Response } = require('minipass-fetch') const defaultOpts = require('./default-opts.js') +const log = require('proc-log') /* eslint-disable-next-line max-len */ const moreInfoUrl = 'https://github.com/npm/cli/wiki/No-auth-for-URI,-but-auth-present-for-scoped-registry' const checkResponse = - async ({ method, uri, res, registry, startTime, auth, opts }) => { + async ({ method, uri, res, startTime, auth, opts }) => { opts = { ...defaultOpts, ...opts } if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) { - opts.log.notice('', res.headers.get('npm-notice')) + log.notice('', res.headers.get('npm-notice')) } if (res.status >= 400) { - logRequest(method, res, startTime, opts) + logRequest(method, res, startTime) if (auth && auth.scopeAuthKey && !auth.token && !auth.auth) { // we didn't have auth for THIS request, but we do have auth for // requests to the registry indicated by the spec's scope value. // Warn the user. - opts.log.warn('registry', `No auth for URI, but auth present for scoped registry. + log.warn('registry', `No auth for URI, but auth present for scoped registry. URI: ${uri} Scoped Registry Key: ${auth.scopeAuthKey} @@ -38,7 +39,7 @@ More info here: ${moreInfoUrl}`) } module.exports = checkResponse -function logRequest (method, res, startTime, opts) { +function logRequest (method, res, startTime) { const elapsedTime = Date.now() - startTime const attempt = res.headers.get('x-fetch-attempts') const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : '' @@ -58,7 +59,7 @@ function logRequest (method, res, startTime, opts) { urlStr = res.url } - opts.log.http( + log.http( 'fetch', `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}` ) diff --git a/node_modules/npm-registry-fetch/lib/default-opts.js b/node_modules/npm-registry-fetch/lib/default-opts.js index e8e8221da4a58..f0847f0b507e2 100644 --- a/node_modules/npm-registry-fetch/lib/default-opts.js +++ b/node_modules/npm-registry-fetch/lib/default-opts.js @@ -1,6 +1,5 @@ const pkg = require('../package.json') module.exports = { - log: require('./silentlog.js'), maxSockets: 12, method: 'GET', registry: 'https://registry.npmjs.org/', diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index f1aab5c7bb4a8..9349619e99e61 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,6 +1,6 @@ { "name": "npm-registry-fetch", - "version": "12.0.2", + "version": "13.0.0", "description": "Fetch-based http client for use with npm registry APIs", "main": "lib", "files": [ @@ -31,18 +31,18 @@ "author": "GitHub Inc.", "license": "ISC", "dependencies": { - "make-fetch-happen": "^10.0.1", + "make-fetch-happen": "^10.0.2", "minipass": "^3.1.6", "minipass-fetch": "^1.4.1", "minipass-json-stream": "^1.0.1", "minizlib": "^2.1.2", - "npm-package-arg": "^8.1.5" + "npm-package-arg": "^9.0.0", + "proc-log": "^2.0.0" }, "devDependencies": { "@npmcli/template-oss": "^2.7.1", "cacache": "^15.3.0", "nock": "^13.2.4", - "npmlog": "^6.0.0", "require-inject": "^1.4.4", "ssri": "^8.0.1", "tap": "^15.1.6" diff --git a/node_modules/pacote/lib/bin.js b/node_modules/pacote/lib/bin.js index c0409be1ff085..369304adaa879 100755 --- a/node_modules/pacote/lib/bin.js +++ b/node_modules/pacote/lib/bin.js @@ -4,26 +4,28 @@ const run = conf => { const pacote = require('../') switch (conf._[0]) { case 'resolve': - if (conf.long) + case 'manifest': + case 'packument': + if (conf._[0] === 'resolve' && conf.long) { return pacote.manifest(conf._[1], conf).then(mani => ({ resolved: mani._resolved, integrity: mani._integrity, from: mani._from, })) - case 'manifest': - case 'packument': + } return pacote[conf._[0]](conf._[1], conf) case 'tarball': if (!conf._[2] || conf._[2] === '-') { return pacote.tarball.stream(conf._[1], stream => { stream.pipe(conf.testStdout || - /* istanbul ignore next */ process.stdout) + /* istanbul ignore next */ process.stdout) // make sure it resolves something falsey return stream.promise().then(() => {}) }, conf) - } else + } else { return pacote.tarball.file(conf._[1], conf._[2], conf) + } case 'extract': return pacote.extract(conf._[1], conf._[2], conf) @@ -81,8 +83,9 @@ const pretty = (conf, result) => let addedLogListener = false const main = args => { const conf = parse(args) - if (conf.help || conf.h) + if (conf.help || conf.h) { return console.log(usage()) + } if (!addedLogListener) { process.on('log', console.error) @@ -121,14 +124,14 @@ const parse = args => { } let dashdash = false args.forEach(arg => { - if (dashdash) + if (dashdash) { conf._.push(arg) - else if (arg === '--') + } else if (arg === '--') { dashdash = true - else if (arg === '-h') + } else if (arg === '-h') { conf.help = true - else if (/^--/.test(arg)) { - const {key, value} = parseArg(arg) + } else if (/^--/.test(arg)) { + const { key, value } = parseArg(arg) conf[key] = value } else { conf._.push(arg) @@ -137,9 +140,9 @@ const parse = args => { return conf } -if (module === require.main) +if (module === require.main) { main(process.argv.slice(2)) -else +} else { module.exports = { main, run, @@ -147,3 +150,4 @@ else parseArg, parse, } +} diff --git a/node_modules/pacote/lib/dir.js b/node_modules/pacote/lib/dir.js index 0d3a00d95ae7c..598b029f7ad48 100644 --- a/node_modules/pacote/lib/dir.js +++ b/node_modules/pacote/lib/dir.js @@ -1,14 +1,12 @@ const Fetcher = require('./fetcher.js') const FileFetcher = require('./file.js') -const cacache = require('cacache') const Minipass = require('minipass') -const { promisify } = require('util') -const readPackageJson = require('read-package-json-fast') const tarCreateOptions = require('./util/tar-create-options.js') const packlist = require('npm-packlist') const tar = require('tar') const _prepareDir = Symbol('_prepareDir') const { resolve } = require('path') +const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') const runScript = require('@npmcli/run-script') @@ -31,18 +29,18 @@ class DirFetcher extends Fetcher { [_prepareDir] () { return this.manifest().then(mani => { - if (!mani.scripts || !mani.scripts.prepare) + if (!mani.scripts || !mani.scripts.prepare) { return + } // we *only* run prepare. // pre/post-pack is run by the npm CLI for publish and pack, // but this function is *also* run when installing git deps const stdio = this.opts.foregroundScripts ? 'inherit' : 'pipe' - // hide the banner if loglevel is silent, or if prepare running + // hide the banner if silent opt is passed in, or if prepare running // in the background. - const banner = this.opts.log && this.opts.log.level === 'silent' ? false - : stdio === 'inherit' + const banner = this.opts.silent ? false : stdio === 'inherit' return runScript({ pkg: mani, @@ -76,10 +74,11 @@ class DirFetcher extends Fetcher { } manifest () { - if (this.package) + if (this.package) { return Promise.resolve(this.package) + } - return readPackageJson(this.resolved + '/package.json') + return this[_readPackageJson](this.resolved + '/package.json') .then(mani => this.package = { ...mani, _integrity: this.integrity && String(this.integrity), diff --git a/node_modules/pacote/lib/fetcher.js b/node_modules/pacote/lib/fetcher.js index 69dd025b7bd98..78b13a9637c4f 100644 --- a/node_modules/pacote/lib/fetcher.js +++ b/node_modules/pacote/lib/fetcher.js @@ -9,12 +9,15 @@ const { promisify } = require('util') const { basename, dirname } = require('path') const rimraf = promisify(require('rimraf')) const tar = require('tar') -const procLog = require('./util/proc-log.js') +const log = require('proc-log') const retry = require('promise-retry') const fsm = require('fs-minipass') const cacache = require('cacache') const isPackageBin = require('./util/is-package-bin.js') +const removeTrailingSlashes = require('./util/trailing-slashes.js') const getContents = require('@npmcli/installed-package-contents') +const readPackageJsonFast = require('read-package-json-fast') +const readPackageJson = promisify(require('read-package-json')) // we only change ownership on unix platforms, and only if uid is 0 const selfOwner = process.getuid && process.getuid() === 0 ? { @@ -41,11 +44,13 @@ const _assertType = Symbol('_assertType') const _tarballFromCache = Symbol('_tarballFromCache') const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') const _cacheFetches = Symbol.for('pacote.Fetcher._cacheFetches') +const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') class FetcherBase { constructor (spec, opts) { - if (!opts || typeof opts !== 'object') + if (!opts || typeof opts !== 'object') { throw new TypeError('options object is required') + } this.spec = npa(spec, opts.where) this.allowGitIgnore = !!opts.allowGitIgnore @@ -62,7 +67,7 @@ class FetcherBase { this[_assertType]() // clone the opts object so that others aren't upset when we mutate it // by adding/modifying the integrity value. - this.opts = {...opts} + this.opts = { ...opts } this.cache = opts.cache || cacheDir() this.resolved = opts.resolved || null @@ -72,8 +77,9 @@ class FetcherBase { // is no longer strong enough. this.defaultIntegrityAlgorithm = opts.defaultIntegrityAlgorithm || 'sha512' - if (typeof opts.integrity === 'string') + if (typeof opts.integrity === 'string') { this.opts.integrity = ssri.parse(opts.integrity) + } this.package = null this.type = this.constructor.name @@ -85,7 +91,6 @@ class FetcherBase { // the process's umask setting do its job. but if configured, we do // respect it. this.umask = opts.umask || 0 - this.log = opts.log || procLog this.preferOnline = !!opts.preferOnline this.preferOffline = !!opts.preferOffline @@ -93,10 +98,15 @@ class FetcherBase { this.before = opts.before this.fullMetadata = this.before ? true : !!opts.fullMetadata + this.fullReadJson = !!opts.fullReadJson + if (this.fullReadJson) { + this[_readPackageJson] = readPackageJson + } else { + this[_readPackageJson] = readPackageJsonFast + } this.defaultTag = opts.defaultTag || 'latest' - this.registry = (opts.registry || 'https://registry.npmjs.org') - .replace(/\/+$/, '') + this.registry = removeTrailingSlashes(opts.registry || 'https://registry.npmjs.org') // command to run 'prepare' scripts on directories and git dirs // To use pacote with yarn, for example, set npmBin to 'yarn' @@ -104,7 +114,7 @@ class FetcherBase { this.npmBin = opts.npmBin || 'npm' // command to install deps for preparing - this.npmInstallCmd = opts.npmInstallCmd || [ 'install', '--force' ] + this.npmInstallCmd = opts.npmInstallCmd || ['install', '--force'] // XXX fill more of this in based on what we know from this.opts // we explicitly DO NOT fill in --tag, though, since we are often @@ -132,19 +142,22 @@ class FetcherBase { get integrity () { return this.opts.integrity || null } + set integrity (i) { - if (!i) + if (!i) { return + } i = ssri.parse(i) const current = this.opts.integrity // do not ever update an existing hash value, but do // merge in NEW algos and hashes that we don't already have. - if (current) + if (current) { current.merge(i) - else + } else { this.opts.integrity = i + } } get notImplementedError () { @@ -212,8 +225,9 @@ class FetcherBase { stream.on('error', er => istream.emit('error', er)) // if not caching this, just pipe through to the istream and return it - if (!this.opts.cache || !this[_cacheFetches]) + if (!this.opts.cache || !this[_cacheFetches]) { return stream.pipe(istream) + } // we have to return a stream that gets ALL the data, and proxies errors, // but then pipe from the original tarball stream into the cache as well. @@ -288,39 +302,42 @@ class FetcherBase { this.integrity && this.resolved ) ? streamHandler(this[_tarballFromCache]()).catch(er => { - if (this.isDataCorruptionError(er)) { - this.log.warn('tarball', `cached data for ${ + if (this.isDataCorruptionError(er)) { + log.warn('tarball', `cached data for ${ this.spec } (${this.integrity}) seems to be corrupted. Refreshing cache.`) - return this.cleanupCached().then(() => { throw er }) - } else { - throw er - } - }) : null + return this.cleanupCached().then(() => { + throw er + }) + } else { + throw er + } + }) : null const fromResolved = er => { if (er) { - if (!this.isRetriableError(er)) + if (!this.isRetriableError(er)) { throw er - this.log.silly('tarball', `no local data for ${ + } + log.silly('tarball', `no local data for ${ this.spec }. Extracting by manifest.`) } return this.resolve().then(() => retry(tryAgain => streamHandler(this[_istream](this[_tarballFromResolved]())) - .catch(er => { + .catch(er => { // Most likely data integrity. A cache ENOENT error is unlikely // here, since we're definitely not reading from the cache, but it // IS possible that the fetch subsystem accessed the cache, and the // entry got blown away or something. Try one more time to be sure. - if (this.isRetriableError(er)) { - this.log.warn('tarball', `tarball data for ${ + if (this.isRetriableError(er)) { + log.warn('tarball', `tarball data for ${ this.spec } (${this.integrity}) seems to be corrupted. Trying again.`) - return this.cleanupCached().then(() => tryAgain(er)) - } - throw er - }), { retries: 1, minTimeout: 0, maxTimeout: 0 })) + return this.cleanupCached().then(() => tryAgain(er)) + } + throw er + }), { retries: 1, minTimeout: 0, maxTimeout: 0 })) } return fromCache ? fromCache.catch(fromResolved) : fromResolved() @@ -337,7 +354,7 @@ class FetcherBase { } [_empty] (path) { - return getContents({path, depth: 1}).then(contents => Promise.all( + return getContents({ path, depth: 1 }).then(contents => Promise.all( contents.map(entry => rimraf(entry)))) } @@ -350,7 +367,7 @@ class FetcherBase { // parent folder (rare, but probably happens sometimes). return !inferOwner ? this[_empty](dest).then(() => mkdirp(dest)).then(() => ({})) - : inferOwner(dest).then(({uid, gid}) => + : inferOwner(dest).then(({ uid, gid }) => this[_empty](dest) .then(() => mkdirp(dest)) .then(made => { @@ -360,13 +377,13 @@ class FetcherBase { const dir = made || /* istanbul ignore next */ dest return this[_chown](dir, uid, gid) }) - .then(() => ({uid, gid}))) + .then(() => ({ uid, gid }))) } // extraction is always the same. the only difference is where // the tarball comes from. extract (dest) { - return this[_mkdir](dest).then(({uid, gid}) => + return this[_mkdir](dest).then(({ uid, gid }) => this.tarballStream(tarball => this[_extract](dest, tarball, uid, gid))) } @@ -389,7 +406,7 @@ class FetcherBase { const dir = dirname(dest) return !inferOwner ? mkdirp(dir).then(() => this[_toFile](dest)) - : inferOwner(dest).then(({uid, gid}) => + : inferOwner(dest).then(({ uid, gid }) => mkdirp(dir).then(made => this[_toFile](dest) .then(res => this[_chown](made || dir, uid, gid) .then(() => res)))) @@ -407,8 +424,8 @@ class FetcherBase { }) extractor.on('error', er => { - this.log.warn('tar', er.message) - this.log.silly('tar', er) + log.warn('tar', er.message) + log.silly('tar', er) reject(er) }) @@ -439,21 +456,23 @@ class FetcherBase { noChmod: true, noMtime: true, filter: (name, entry) => { - if (/Link$/.test(entry.type)) + if (/Link$/.test(entry.type)) { return false + } entry.mode = this[_entryMode](entry.path, entry.mode, entry.type) // this replicates the npm pack behavior where .gitignore files // are treated like .npmignore files, but only if a .npmignore // file is not present. if (/File$/.test(entry.type)) { const base = basename(entry.path) - if (base === '.npmignore') + if (base === '.npmignore') { sawIgnores.add(entry.path) - else if (base === '.gitignore' && !this.allowGitIgnore) { + } else if (base === '.gitignore' && !this.allowGitIgnore) { // rename, but only if there's not already a .npmignore const ni = entry.path.replace(/\.gitignore$/, '.npmignore') - if (sawIgnores.has(ni)) + if (sawIgnores.has(ni)) { return false + } entry.path = ni } return true @@ -462,8 +481,8 @@ class FetcherBase { strip: 1, onwarn: /* istanbul ignore next - we can trust that tar logs */ (code, msg, data) => { - this.log.warn('tar', code, msg) - this.log.silly('tar', code, msg, data) + log.warn('tar', code, msg) + log.silly('tar', code, msg, data) }, uid, gid, diff --git a/node_modules/pacote/lib/file.js b/node_modules/pacote/lib/file.js index d5c601aabd873..bf99bb86e359e 100644 --- a/node_modules/pacote/lib/file.js +++ b/node_modules/pacote/lib/file.js @@ -1,12 +1,11 @@ const Fetcher = require('./fetcher.js') const fsm = require('fs-minipass') const cacache = require('cacache') -const { promisify } = require('util') -const readPackageJson = require('read-package-json-fast') const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') const _exeBins = Symbol('_exeBins') const { resolve } = require('path') const fs = require('fs') +const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') class FileFetcher extends Fetcher { constructor (spec, opts) { @@ -20,24 +19,26 @@ class FileFetcher extends Fetcher { } manifest () { - if (this.package) + if (this.package) { return Promise.resolve(this.package) + } // have to unpack the tarball for this. return cacache.tmp.withTmp(this.cache, this.opts, dir => this.extract(dir) - .then(() => readPackageJson(dir + '/package.json')) - .then(mani => this.package = { - ...mani, - _integrity: this.integrity && String(this.integrity), - _resolved: this.resolved, - _from: this.from, - })) + .then(() => this[_readPackageJson](dir + '/package.json')) + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + })) } [_exeBins] (pkg, dest) { - if (!pkg.bin) + if (!pkg.bin) { return Promise.resolve() + } return Promise.all(Object.keys(pkg.bin).map(k => new Promise(res => { const script = resolve(dest, pkg.bin[k]) @@ -46,11 +47,13 @@ class FileFetcher extends Fetcher { // something, we just leave it for a later stage to trip over // when we can provide a more useful contextual error. fs.stat(script, (er, st) => { - if (er) + if (er) { return res() + } const mode = st.mode | 0o111 - if (mode === st.mode) + if (mode === st.mode) { return res() + } fs.chmod(script, mode, res) }) }))) @@ -61,8 +64,8 @@ class FileFetcher extends Fetcher { // but if not, read the unpacked manifest and chmod properly. return super.extract(dest) .then(result => this.package ? result - : readPackageJson(dest + '/package.json').then(pkg => - this[_exeBins](pkg, dest)).then(() => result)) + : this[_readPackageJson](dest + '/package.json').then(pkg => + this[_exeBins](pkg, dest)).then(() => result)) } [_tarballFromResolved] () { @@ -75,7 +78,7 @@ class FileFetcher extends Fetcher { return this.manifest().then(mani => ({ name: mani.name, 'dist-tags': { - [this.defaultTag]: mani.version + [this.defaultTag]: mani.version, }, versions: { [mani.version]: { @@ -83,9 +86,9 @@ class FileFetcher extends Fetcher { dist: { tarball: `file:${this.resolved}`, integrity: this.integrity && String(this.integrity), - } - } - } + }, + }, + }, })) } } diff --git a/node_modules/pacote/lib/git.js b/node_modules/pacote/lib/git.js index ab87d494ce4ba..cab389ff179c2 100644 --- a/node_modules/pacote/lib/git.js +++ b/node_modules/pacote/lib/git.js @@ -6,11 +6,9 @@ const hashre = /^[a-f0-9]{40}$/ const git = require('@npmcli/git') const pickManifest = require('npm-pick-manifest') const npa = require('npm-package-arg') -const url = require('url') const Minipass = require('minipass') const cacache = require('cacache') -const { promisify } = require('util') -const readPackageJson = require('read-package-json-fast') +const log = require('proc-log') const npm = require('./util/npm.js') const _resolvedFromRepo = Symbol('_resolvedFromRepo') @@ -24,6 +22,7 @@ const _cloneHosted = Symbol('_cloneHosted') const _cloneRepo = Symbol('_cloneRepo') const _setResolvedWithSha = Symbol('_setResolvedWithSha') const _prepareDir = Symbol('_prepareDir') +const _readPackageJson = Symbol.for('package.Fetcher._readPackageJson') // get the repository url. // prefer https if there's auth, since ssh will drop that. @@ -40,8 +39,9 @@ class GitFetcher extends Fetcher { constructor (spec, opts) { super(spec, opts) this.resolvedRef = null - if (this.spec.hosted) + if (this.spec.hosted) { this.from = this.spec.hosted.shortcut({ noCommittish: false }) + } // shortcut: avoid full clone when we can go straight to the tgz // if we have the full sha and it's a hosted git platform @@ -51,8 +51,9 @@ class GitFetcher extends Fetcher { this.resolved = this.spec.hosted ? repoUrl(this.spec.hosted, { noCommittish: false }) : this.spec.rawSpec - } else + } else { this.resolvedSha = '' + } } // just exposed to make it easier to test all the combinations @@ -67,8 +68,9 @@ class GitFetcher extends Fetcher { resolve () { // likely a hosted git repo with a sha, so get the tarball url // but in general, no reason to resolve() more than necessary! - if (this.resolved) + if (this.resolved) { return super.resolve() + } // fetch the git repo and then look at the current hash const h = this.spec.hosted @@ -86,37 +88,41 @@ class GitFetcher extends Fetcher { return this[_resolvedFromRepo](hosted.https && hosted.https()) .catch(er => { // Throw early since we know pathspec errors will fail again if retried - if (er instanceof git.errors.GitPathspecError) + if (er instanceof git.errors.GitPathspecError) { throw er + } const ssh = hosted.sshurl && hosted.sshurl() // no fallthrough if we can't fall through or have https auth - if (!ssh || hosted.auth) + if (!ssh || hosted.auth) { throw er + } return this[_resolvedFromRepo](ssh) }) } [_resolvedFromRepo] (gitRemote) { // XXX make this a custom error class - if (!gitRemote) + if (!gitRemote) { return Promise.reject(new Error(`No git url for ${this.spec}`)) + } const gitRange = this.spec.gitRange const name = this.spec.name return git.revs(gitRemote, this.opts).then(remoteRefs => { return gitRange ? pickManifest({ - versions: remoteRefs.versions, - 'dist-tags': remoteRefs['dist-tags'], - name, - }, gitRange, this.opts) + versions: remoteRefs.versions, + 'dist-tags': remoteRefs['dist-tags'], + name, + }, gitRange, this.opts) : this.spec.gitCommittish ? remoteRefs.refs[this.spec.gitCommittish] || remoteRefs.refs[remoteRefs.shas[this.spec.gitCommittish]] - : remoteRefs.refs.HEAD // no git committish, get default head + : remoteRefs.refs.HEAD // no git committish, get default head }).then(revDoc => { // the committish provided isn't in the rev list // things like HEAD~3 or @yesterday can land here. - if (!revDoc || !revDoc.sha) + if (!revDoc || !revDoc.sha) { return this[_resolvedFromClone]() + } this.resolvedRef = revDoc this.resolvedSha = revDoc.sha @@ -145,16 +151,18 @@ class GitFetcher extends Fetcher { } [_prepareDir] (dir) { - return readPackageJson(dir + '/package.json').then(mani => { + return this[_readPackageJson](dir + '/package.json').then(mani => { // no need if we aren't going to do any preparation. const scripts = mani.scripts - if (!scripts || !( - scripts.postinstall || + if (!mani.workspaces && (!scripts || !( + scripts.postinstall || scripts.build || scripts.preinstall || scripts.install || - scripts.prepare)) + scripts.prepack || + scripts.prepare))) { return + } // to avoid cases where we have an cycle of git deps that depend // on one another, we only ever do preparation for one instance @@ -166,7 +174,7 @@ class GitFetcher extends Fetcher { const noPrepare = !process.env._PACOTE_NO_PREPARE_ ? [] : process.env._PACOTE_NO_PREPARE_.split('\n') if (noPrepare.includes(this.resolved)) { - this.log.info('prepare', 'skip prepare, already seen', this.resolved) + log.info('prepare', 'skip prepare, already seen', this.resolved) return } noPrepare.push(this.resolved) @@ -202,9 +210,9 @@ class GitFetcher extends Fetcher { dirStream.on('end', res) dirStream.pipe(stream) }))).catch( - /* istanbul ignore next: very unlikely and hard to test */ - er => stream.emit('error', er) - ) + /* istanbul ignore next: very unlikely and hard to test */ + er => stream.emit('error', er) + ) return stream } @@ -237,10 +245,11 @@ class GitFetcher extends Fetcher { integrity: null, // it'll always be different, if we have one }).extract(tmp).then(() => handler(tmp), er => { // fall back to ssh download if tarball fails - if (er.constructor.name.match(/^Http/)) + if (er.constructor.name.match(/^Http/)) { return this[_clone](handler, false) - else + } else { throw er + } }) } @@ -249,10 +258,11 @@ class GitFetcher extends Fetcher { : this[_cloneRepo](this.spec.fetchSpec, ref, tmp) ).then(sha => { this.resolvedSha = sha - if (!this.resolved) + if (!this.resolved) { this[_addGitSha](sha) + } }) - .then(() => handler(tmp)) + .then(() => handler(tmp)) }) } @@ -266,12 +276,14 @@ class GitFetcher extends Fetcher { return this[_cloneRepo](hosted.https({ noCommittish: true }), ref, tmp) .catch(er => { // Throw early since we know pathspec errors will fail again if retried - if (er instanceof git.errors.GitPathspecError) + if (er instanceof git.errors.GitPathspecError) { throw er + } const ssh = hosted.sshurl && hosted.sshurl({ noCommittish: true }) // no fallthrough if we can't fall through or have https auth - if (!ssh || hosted.auth) + if (!ssh || hosted.auth) { throw er + } return this[_cloneRepo](ssh, ref, tmp) }) } @@ -282,19 +294,20 @@ class GitFetcher extends Fetcher { } manifest () { - if (this.package) + if (this.package) { return Promise.resolve(this.package) + } return this.spec.hosted && this.resolved ? FileFetcher.prototype.manifest.apply(this) : this[_clone](dir => - readPackageJson(dir + '/package.json') - .then(mani => this.package = { - ...mani, - _integrity: this.integrity && String(this.integrity), - _resolved: this.resolved, - _from: this.from, - })) + this[_readPackageJson](dir + '/package.json') + .then(mani => this.package = { + ...mani, + _integrity: this.integrity && String(this.integrity), + _resolved: this.resolved, + _from: this.from, + })) } packument () { diff --git a/node_modules/pacote/lib/registry.js b/node_modules/pacote/lib/registry.js index e0a310717420d..b4f890d310dfa 100644 --- a/node_modules/pacote/lib/registry.js +++ b/node_modules/pacote/lib/registry.js @@ -2,11 +2,11 @@ const Fetcher = require('./fetcher.js') const RemoteFetcher = require('./remote.js') const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') const pacoteVersion = require('../package.json').version +const removeTrailingSlashes = require('./util/trailing-slashes.js') const npa = require('npm-package-arg') const rpj = require('read-package-json-fast') const pickManifest = require('npm-pick-manifest') const ssri = require('ssri') -const Minipass = require('minipass') // Corgis are cute. 🐕🐶 const corgiDoc = 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*' @@ -32,10 +32,11 @@ class RegistryFetcher extends Fetcher { // handle case when npm-package-arg guesses wrong. if (this.spec.type === 'tag' && this.spec.rawSpec === '' && - this.defaultTag !== 'latest') + this.defaultTag !== 'latest') { this.spec = npa(`${this.spec.name}@${this.defaultTag}`) + } this.registry = fetch.pickRegistry(spec, opts) - this.packumentUrl = this.registry.replace(/\/*$/, '/') + + this.packumentUrl = removeTrailingSlashes(this.registry) + '/' + this.spec.escapedName // XXX pacote <=9 has some logic to ignore opts.resolved if @@ -45,13 +46,15 @@ class RegistryFetcher extends Fetcher { } resolve () { - if (this.resolved) + if (this.resolved) { return Promise.resolve(this.resolved) + } // fetching the manifest sets resolved and (usually) integrity return this.manifest().then(() => { - if (this.resolved) + if (this.resolved) { return this.resolved + } throw Object.assign( new Error('Invalid package manifest: no `dist.tarball` field'), @@ -77,8 +80,9 @@ class RegistryFetcher extends Fetcher { // note this might be either an in-flight promise for a request, // or the actual packument, but we never want to make more than // one request at a time for the same thing regardless. - if (this.packumentCache && this.packumentCache.has(this.packumentUrl)) + if (this.packumentCache && this.packumentCache.has(this.packumentUrl)) { return this.packumentCache.get(this.packumentUrl) + } // npm-registry-fetch the packument // set the appropriate header for corgis if fullMetadata isn't set @@ -92,12 +96,14 @@ class RegistryFetcher extends Fetcher { }).then(res => res.json().then(packument => { packument._cached = res.headers.has('x-local-cache') packument._contentLength = +res.headers.get('content-length') - if (this.packumentCache) + if (this.packumentCache) { this.packumentCache.set(this.packumentUrl, packument) + } return packument })).catch(er => { - if (this.packumentCache) + if (this.packumentCache) { this.packumentCache.delete(this.packumentUrl) + } if (er.code === 'E404' && !this.fullMetadata) { // possible that corgis are not supported by this registry this.fullMetadata = true @@ -105,14 +111,16 @@ class RegistryFetcher extends Fetcher { } throw er }) - if (this.packumentCache) + if (this.packumentCache) { this.packumentCache.set(this.packumentUrl, p) + } return p } manifest () { - if (this.package) + if (this.package) { return Promise.resolve(this.package) + } return this.packument() .then(packument => pickManifest(packument, this.spec.fetchSpec, { @@ -127,12 +135,12 @@ class RegistryFetcher extends Fetcher { this.resolved = mani._resolved = dist.tarball mani._from = this.from const distIntegrity = dist.integrity ? ssri.parse(dist.integrity) - : dist.shasum ? ssri.fromHex(dist.shasum, 'sha1', {...this.opts}) + : dist.shasum ? ssri.fromHex(dist.shasum, 'sha1', { ...this.opts }) : null if (distIntegrity) { - if (!this.integrity) + if (!this.integrity) { this.integrity = distIntegrity - else if (!this.integrity.match(distIntegrity)) { + } else if (!this.integrity.match(distIntegrity)) { // only bork if they have algos in common. // otherwise we end up breaking if we have saved a sha512 // previously for the tarball, but the manifest only @@ -143,7 +151,7 @@ class RegistryFetcher extends Fetcher { for (const algo of Object.keys(this.integrity)) { if (distIntegrity[algo]) { throw Object.assign(new Error( - `Integrity checksum failed when using ${algo}: `+ + `Integrity checksum failed when using ${algo}: ` + `wanted ${this.integrity} but got ${distIntegrity}.` ), { code: 'EINTEGRITY' }) } @@ -155,8 +163,9 @@ class RegistryFetcher extends Fetcher { } } } - if (this.integrity) + if (this.integrity) { mani._integrity = String(this.integrity) + } this.package = rpj.normalize(mani) return this.package }) diff --git a/node_modules/pacote/lib/remote.js b/node_modules/pacote/lib/remote.js index 727a8bfc8e608..5cabfe4fcda44 100644 --- a/node_modules/pacote/lib/remote.js +++ b/node_modules/pacote/lib/remote.js @@ -3,7 +3,6 @@ const FileFetcher = require('./file.js') const _tarballFromResolved = Symbol.for('pacote.Fetcher._tarballFromResolved') const pacoteVersion = require('../package.json').version const fetch = require('npm-registry-fetch') -const ssri = require('ssri') const Minipass = require('minipass') // The default registry URL is a string of great magic. const magic = /^https?:\/\/registry\.npmjs\.org\// @@ -14,8 +13,9 @@ class RemoteFetcher extends Fetcher { constructor (spec, opts) { super(spec, opts) this.resolved = this.spec.fetchSpec - if (magic.test(this.resolved) && !magic.test(this.registry + '/')) + if (magic.test(this.resolved) && !magic.test(this.registry + '/')) { this.resolved = this.resolved.replace(magic, this.registry + '/') + } // nam is a fermented pork sausage that is good to eat const nameat = this.spec.name ? `${this.spec.name}@` : '' @@ -35,7 +35,7 @@ class RemoteFetcher extends Fetcher { headers: this[_headers](), spec: this.spec, integrity: this.integrity, - algorithms: [ this.pickIntegrityAlgorithm() ], + algorithms: [this.pickIntegrityAlgorithm()], } fetch(this.resolved, fetchOpts).then(res => { const hash = res.headers.get('x-local-cache-hash') @@ -62,7 +62,7 @@ class RemoteFetcher extends Fetcher { 'pacote-req-type': 'tarball', 'pacote-pkg-id': this.pkgid, ...(this.integrity ? { 'pacote-integrity': String(this.integrity) } - : {}), + : {}), ...(this.opts.headers || {}), } } diff --git a/node_modules/pacote/lib/util/cache-dir.js b/node_modules/pacote/lib/util/cache-dir.js index abd2453232027..4236213edd409 100644 --- a/node_modules/pacote/lib/util/cache-dir.js +++ b/node_modules/pacote/lib/util/cache-dir.js @@ -1,5 +1,5 @@ const os = require('os') -const {resolve} = require('path') +const { resolve } = require('path') module.exports = (fakePlatform = false) => { const temp = os.tmpdir() diff --git a/node_modules/pacote/lib/util/is-package-bin.js b/node_modules/pacote/lib/util/is-package-bin.js index 35cf0642703c7..49a3f73f537ce 100644 --- a/node_modules/pacote/lib/util/is-package-bin.js +++ b/node_modules/pacote/lib/util/is-package-bin.js @@ -12,10 +12,11 @@ const binObj = (name, bin) => const hasBin = (pkg, path) => { const bin = binObj(pkg.name, pkg.bin) - const p = path.replace(/^[^\\\/]*\//, '') - for (const [k, v] of Object.entries(bin)) { - if (v === p) + const p = path.replace(/^[^\\/]*\//, '') + for (const kv of Object.entries(bin)) { + if (kv[1] === p) { return true + } } return false } diff --git a/node_modules/pacote/lib/util/npm.js b/node_modules/pacote/lib/util/npm.js index f2f29bd0acbd1..c444d788ad192 100644 --- a/node_modules/pacote/lib/util/npm.js +++ b/node_modules/pacote/lib/util/npm.js @@ -1,6 +1,5 @@ // run an npm command const spawn = require('@npmcli/promise-spawn') -const {dirname} = require('path') module.exports = (npmBin, npmCommand, cwd, env, extra) => { const isJS = npmBin.endsWith('.js') diff --git a/node_modules/pacote/lib/util/proc-log.js b/node_modules/pacote/lib/util/proc-log.js deleted file mode 100644 index b2bdd9dc90205..0000000000000 --- a/node_modules/pacote/lib/util/proc-log.js +++ /dev/null @@ -1,21 +0,0 @@ -// default logger. -// emits 'log' events on the process -const LEVELS = [ - 'notice', - 'error', - 'warn', - 'info', - 'verbose', - 'http', - 'silly', - 'pause', - 'resume' -] - -const log = level => (...args) => process.emit('log', level, ...args) - -const logger = {} -for (const level of LEVELS) { - logger[level] = log(level) -} -module.exports = logger diff --git a/node_modules/pacote/lib/util/tar-create-options.js b/node_modules/pacote/lib/util/tar-create-options.js index 31ab34c9d949f..d070f0f7ba2d4 100644 --- a/node_modules/pacote/lib/util/tar-create-options.js +++ b/node_modules/pacote/lib/util/tar-create-options.js @@ -9,7 +9,7 @@ const tarCreateOptions = manifest => ({ // platform specific optimizations that cause // integrity mismatch errors due to differing // end results after compression - level: 9 + level: 9, }, // ensure that package bins are always executable @@ -17,8 +17,9 @@ const tarCreateOptions = manifest => ({ // anything that is not a regular file, ignored by // .npmignore or package.json "files", etc. filter: (path, stat) => { - if (isPackageBin(manifest, path)) + if (isPackageBin(manifest, path)) { stat.mode |= 0o111 + } return true }, diff --git a/node_modules/pacote/lib/util/trailing-slashes.js b/node_modules/pacote/lib/util/trailing-slashes.js new file mode 100644 index 0000000000000..ff75dfd9c0fbc --- /dev/null +++ b/node_modules/pacote/lib/util/trailing-slashes.js @@ -0,0 +1,10 @@ +const removeTrailingSlashes = (input) => { + // in order to avoid regexp redos detection + let output = input + while (output.endsWith('/')) { + output = output.substr(0, output.length - 1) + } + return output +} + +module.exports = removeTrailingSlashes diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index ffbc067f68dee..7e1f07cafdcd3 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,8 +1,8 @@ { "name": "pacote", - "version": "12.0.3", + "version": "13.0.2", "description": "JavaScript package downloader", - "author": "Isaac Z. Schlueter (https://izs.me)", + "author": "GitHub Inc.", "bin": { "pacote": "lib/bin.js" }, @@ -13,19 +13,26 @@ "snap": "tap", "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" + "prepublishOnly": "git push origin --follow-tags", + "lint": "eslint '**/*.js'", + "postlint": "npm-template-check", + "lintfix": "npm run lint -- --fix", + "posttest": "npm run lint", + "template-copy": "npm-template-copy --force" }, "tap": { "timeout": 300, "coverage-map": "map.js" }, "devDependencies": { + "@npmcli/template-oss": "^2.7.1", "mutate-fs": "^2.1.1", "npm-registry-mock": "^1.3.1", - "tap": "^15.0.4" + "tap": "^15.1.6" }, "files": [ - "lib/**/*.js" + "bin", + "lib" ], "keywords": [ "packages", @@ -33,28 +40,34 @@ "git" ], "dependencies": { - "@npmcli/git": "^2.1.0", - "@npmcli/installed-package-contents": "^1.0.6", + "@npmcli/git": "^3.0.0", + "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/promise-spawn": "^1.2.0", "@npmcli/run-script": "^2.0.0", - "cacache": "^15.0.5", + "cacache": "^15.3.0", "chownr": "^2.0.0", "fs-minipass": "^2.1.0", "infer-owner": "^1.0.4", - "minipass": "^3.1.3", - "mkdirp": "^1.0.3", - "npm-package-arg": "^8.0.1", + "minipass": "^3.1.6", + "mkdirp": "^1.0.4", + "npm-package-arg": "^9.0.0", "npm-packlist": "^3.0.0", - "npm-pick-manifest": "^6.0.0", - "npm-registry-fetch": "^12.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-registry-fetch": "^13.0.0", + "proc-log": "^2.0.0", "promise-retry": "^2.0.1", - "read-package-json-fast": "^2.0.1", + "read-package-json": "^4.1.1", + "read-package-json-fast": "^2.0.3", "rimraf": "^3.0.2", "ssri": "^8.0.1", - "tar": "^6.1.0" + "tar": "^6.1.11" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" }, - "repository": "git@github.com:npm/pacote" + "repository": "git@github.com:npm/pacote", + "templateOSS": { + "version": "2.7.1", + "windowsCI": false + } } diff --git a/node_modules/proc-log/index.js b/node_modules/proc-log/lib/index.js similarity index 91% rename from node_modules/proc-log/index.js rename to node_modules/proc-log/lib/index.js index 9b58713ff3f85..7c5dfad3b7ba3 100644 --- a/node_modules/proc-log/index.js +++ b/node_modules/proc-log/lib/index.js @@ -14,8 +14,9 @@ const LEVELS = [ const log = level => (...args) => process.emit('log', level, ...args) const logger = {} -for (const level of LEVELS) +for (const level of LEVELS) { logger[level] = log(level) +} logger.LEVELS = LEVELS diff --git a/node_modules/proc-log/package.json b/node_modules/proc-log/package.json index 178009f61b8d2..17e9249b7ca46 100644 --- a/node_modules/proc-log/package.json +++ b/node_modules/proc-log/package.json @@ -1,28 +1,36 @@ { "name": "proc-log", - "version": "1.0.0", + "version": "2.0.0", "files": [ - "index.js" + "bin", + "lib" ], + "main": "lib/index.js", "description": "just emit 'log' events on the process object", "repository": "https://github.com/npm/proc-log", - "author": "Isaac Z. Schlueter (https://izs.me)", + "author": "GitHub Inc.", "license": "ISC", "scripts": { "test": "tap", "snap": "tap", - "posttest": "eslint index.js test/*.js", + "posttest": "npm run lint", "postsnap": "eslint index.js test/*.js --fix", "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" + "prepublishOnly": "git push origin --follow-tags", + "lint": "eslint '**/*.js'", + "postlint": "npm-template-check", + "template-copy": "npm-template-copy --force", + "lintfix": "npm run lint -- --fix" }, "devDependencies": { - "eslint": "^7.9.0", - "eslint-plugin-import": "^2.22.0", - "eslint-plugin-node": "^11.1.0", - "eslint-plugin-promise": "^4.2.1", - "eslint-plugin-standard": "^4.0.1", - "tap": "^15.0.2" + "@npmcli/template-oss": "^2.7.1", + "tap": "^15.1.6" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16" + }, + "templateOSS": { + "version": "2.7.1" } } diff --git a/package-lock.json b/package-lock.json index 20aaac14907bf..8581f70bf4707 100644 --- a/package-lock.json +++ b/package-lock.json @@ -89,7 +89,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/arborist": "^4.3.1", "@npmcli/ci-detect": "^2.0.0", - "@npmcli/config": "^3.0.0", + "@npmcli/config": "^4.0.0", "@npmcli/map-workspaces": "^2.0.0", "@npmcli/package-json": "^1.0.1", "@npmcli/run-script": "^2.0.0", @@ -132,16 +132,16 @@ "nopt": "^5.0.0", "npm-audit-report": "^2.1.5", "npm-install-checks": "^4.0.0", - "npm-package-arg": "^8.1.5", - "npm-pick-manifest": "^6.1.1", - "npm-profile": "^6.0.0", - "npm-registry-fetch": "^12.0.2", + "npm-package-arg": "^9.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-profile": "^6.0.2", + "npm-registry-fetch": "^13.0.0", "npm-user-validate": "^1.0.1", "npmlog": "^6.0.1", "opener": "^1.5.2", - "pacote": "^12.0.3", + "pacote": "^13.0.2", "parse-conflict-json": "^2.0.1", - "proc-log": "^1.0.0", + "proc-log": "^2.0.0", "qrcode-terminal": "^0.12.0", "read": "~1.0.7", "read-package-json": "^4.1.1", @@ -815,17 +815,18 @@ } }, "node_modules/@npmcli/config": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-3.0.0.tgz", - "integrity": "sha512-2cYe2MCGintq1s6izbLYO2gAHZwNFQ92lIb5QhtpRizwHwqrV9v4+xNpvx1EBaEaqTHFR4QuozgZLA1scao/5Q==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-4.0.0.tgz", + "integrity": "sha512-iywEsUhkA6GSgTS3vHLxHttU6lovSYt7wCGD0MOsjfd1YAUlz8243TXUKhcJiPfWvQYB4FnZkn30m3KmZS8GuA==", "inBundle": true, "dependencies": { "@npmcli/map-workspaces": "^2.0.0", "ini": "^2.0.0", "mkdirp-infer-owner": "^2.0.0", "nopt": "^5.0.0", + "proc-log": "^2.0.0", "read-package-json-fast": "^2.0.3", - "semver": "^7.3.4", + "semver": "^7.3.5", "walk-up-path": "^1.0.0" }, "engines": { @@ -876,19 +877,32 @@ } }, "node_modules/@npmcli/git": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-2.1.0.tgz", - "integrity": "sha512-/hBFX/QG1b+N7PZBFs0bi+evgRZcK9nWBxQKZkGoXUT5hJSwl5c4d7y8/hm+NQZRPhQ67RzFaj5UM9YeyKoryw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-3.0.0.tgz", + "integrity": "sha512-xfSBJ+KBMZWWqRHFbEgIaXG/LtELHrQZMJ72Gkb3yWdHysu/7+VGOs8ME0c3td7QNQX57Ggo3kYL6ylcd70/kA==", "inBundle": true, "dependencies": { "@npmcli/promise-spawn": "^1.3.2", - "lru-cache": "^6.0.0", + "lru-cache": "^7.3.1", "mkdirp": "^1.0.4", - "npm-pick-manifest": "^6.1.1", + "npm-pick-manifest": "^7.0.0", + "proc-log": "^2.0.0", "promise-inflight": "^1.0.1", "promise-retry": "^2.0.1", "semver": "^7.3.5", "which": "^2.0.2" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16" + } + }, + "node_modules/@npmcli/git/node_modules/lru-cache": { + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.3.1.tgz", + "integrity": "sha512-nX1x4qUrKqwbIAhv4s9et4FIUVzNOpeY07bsjGUy8gwJrXH/wScImSQqXErmo/b2jZY2r0mohbLA9zVj7u1cNw==", + "inBundle": true, + "engines": { + "node": ">=12" } }, "node_modules/@npmcli/installed-package-contents": { @@ -923,14 +937,14 @@ } }, "node_modules/@npmcli/metavuln-calculator": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-2.0.0.tgz", - "integrity": "sha512-VVW+JhWCKRwCTE+0xvD6p3uV4WpqocNYYtzyvenqL/u1Q3Xx6fGTJ+6UoIoii07fbuEO9U3IIyuGY0CYHDv1sg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-3.0.0.tgz", + "integrity": "sha512-tIzAdW3DAvlyuQyYvy7WuDKaJs55LoXFAIyglZTrHsc9DGZWP1YVL7+8WFKqx+lHyHUEkfk02Dc8ie4JWtNO6w==", "dependencies": { - "cacache": "^15.0.5", + "cacache": "^15.3.0", "json-parse-even-better-errors": "^2.3.1", - "pacote": "^12.0.0", - "semver": "^7.3.2" + "pacote": "^13.0.1", + "semver": "^7.3.5" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" @@ -4053,6 +4067,20 @@ "node": ">=10" } }, + "node_modules/init-package-json/node_modules/npm-package-arg": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-8.1.5.tgz", + "integrity": "sha512-LhgZrg0n0VgvzVdSm1oiZworPbTxYHUJCgtsJW8mGvlDpxTM1vSJc3m5QZeUkhAHIzbz3VCHd/R4osi1L1Tg/Q==", + "inBundle": true, + "dependencies": { + "hosted-git-info": "^4.0.1", + "semver": "^7.3.4", + "validate-npm-package-name": "^3.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/inline-style-parser": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz", @@ -5594,17 +5622,17 @@ "inBundle": true }, "node_modules/npm-package-arg": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-8.1.5.tgz", - "integrity": "sha512-LhgZrg0n0VgvzVdSm1oiZworPbTxYHUJCgtsJW8mGvlDpxTM1vSJc3m5QZeUkhAHIzbz3VCHd/R4osi1L1Tg/Q==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-9.0.0.tgz", + "integrity": "sha512-yhzXxeor+Zfhe5MGwPdDumz6HtNlj2pMekWB95IX3CC6uDNgde0oPKHDCLDPoJqQfd0HqAWt+y4Hs5m7CK1+9Q==", "inBundle": true, "dependencies": { - "hosted-git-info": "^4.0.1", - "semver": "^7.3.4", + "hosted-git-info": "^4.1.0", + "semver": "^7.3.5", "validate-npm-package-name": "^3.0.0" }, "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16" } }, "node_modules/npm-packlist": { @@ -5626,41 +5654,46 @@ } }, "node_modules/npm-pick-manifest": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-6.1.1.tgz", - "integrity": "sha512-dBsdBtORT84S8V8UTad1WlUyKIY9iMsAmqxHbLdeEeBNMLQDlDWWra3wYUx9EBEIiG/YwAy0XyNHDd2goAsfuA==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-7.0.0.tgz", + "integrity": "sha512-njM1AcdioFaKd0JSGtLO09YA1WRwctjGQJbnHGmKS+u+uwP8oFvtZtOQWPYdxrnY5eJud3wn8OpH4sEIx6+GEQ==", "inBundle": true, "dependencies": { "npm-install-checks": "^4.0.0", "npm-normalize-package-bin": "^1.0.1", - "npm-package-arg": "^8.1.2", - "semver": "^7.3.4" + "npm-package-arg": "^9.0.0", + "semver": "^7.3.5" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16" } }, "node_modules/npm-profile": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-6.0.0.tgz", - "integrity": "sha512-ZiwXx3Fq3wNqJMz+d4AVZ9X4xAw/0TqsvdiyDF5Y+h9lQ7AjYDOxY06lj7AP5vUBqB/7k/0oNFQOx03Ay0iHPw==", + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-6.0.2.tgz", + "integrity": "sha512-0Fq8l+A10YXnnS63E3HThWjOb7+19Wsh1nOVutC2fKuowar8t/5PpINsbcm5xQ2dA28uAu+wjFfUyiEVSMz4Jw==", "inBundle": true, "dependencies": { - "npm-registry-fetch": "^12.0.0" + "npm-registry-fetch": "^13.0.0", + "proc-log": "^2.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" } }, "node_modules/npm-registry-fetch": { - "version": "12.0.2", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-12.0.2.tgz", - "integrity": "sha512-Df5QT3RaJnXYuOwtXBXS9BWs+tHH2olvkCLh6jcR/b/u3DvPMlp3J0TvvYwplPKxHMOwfg287PYih9QqaVFoKA==", + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-13.0.0.tgz", + "integrity": "sha512-MmiMuV9DU5gRuAU0jia952Qq+E4h7ZoUaeltCXivhClcqfOVKqNLZEQsRUOb6a8WQY+um8x97JcUuaWFoPoBBw==", "inBundle": true, "dependencies": { - "make-fetch-happen": "^10.0.1", + "make-fetch-happen": "^10.0.2", "minipass": "^3.1.6", "minipass-fetch": "^1.4.1", "minipass-json-stream": "^1.0.1", "minizlib": "^2.1.2", - "npm-package-arg": "^8.1.5" + "npm-package-arg": "^9.0.0", + "proc-log": "^2.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" @@ -6011,30 +6044,32 @@ } }, "node_modules/pacote": { - "version": "12.0.3", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-12.0.3.tgz", - "integrity": "sha512-CdYEl03JDrRO3x18uHjBYA9TyoW8gy+ThVcypcDkxPtKlw76e4ejhYB6i9lJ+/cebbjpqPW/CijjqxwDTts8Ow==", + "version": "13.0.2", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.0.2.tgz", + "integrity": "sha512-3LyfvDk2BSJNFQZIcDqnLNa7IsYb6KwX3H9uZPwaHJFIX6Gv5N9QHU+s7mEs/RbN4/ta6KUT39LAi2l6EkBi5A==", "inBundle": true, "dependencies": { - "@npmcli/git": "^2.1.0", - "@npmcli/installed-package-contents": "^1.0.6", + "@npmcli/git": "^3.0.0", + "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/promise-spawn": "^1.2.0", "@npmcli/run-script": "^2.0.0", - "cacache": "^15.0.5", + "cacache": "^15.3.0", "chownr": "^2.0.0", "fs-minipass": "^2.1.0", "infer-owner": "^1.0.4", - "minipass": "^3.1.3", - "mkdirp": "^1.0.3", - "npm-package-arg": "^8.0.1", + "minipass": "^3.1.6", + "mkdirp": "^1.0.4", + "npm-package-arg": "^9.0.0", "npm-packlist": "^3.0.0", - "npm-pick-manifest": "^6.0.0", - "npm-registry-fetch": "^12.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-registry-fetch": "^13.0.0", + "proc-log": "^2.0.0", "promise-retry": "^2.0.1", - "read-package-json-fast": "^2.0.1", + "read-package-json": "^4.1.1", + "read-package-json-fast": "^2.0.3", "rimraf": "^3.0.2", "ssri": "^8.0.1", - "tar": "^6.1.0" + "tar": "^6.1.11" }, "bin": { "pacote": "lib/bin.js" @@ -6302,10 +6337,13 @@ } }, "node_modules/proc-log": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-1.0.0.tgz", - "integrity": "sha512-aCk8AO51s+4JyuYGg3Q/a6gnrlDO09NpVWePtjp7xwphcoQ04x5WAfCyugcsbLooWcMJ87CLkD4+604IckEdhg==", - "inBundle": true + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-2.0.0.tgz", + "integrity": "sha512-I/35MfCX2H8jBUhKN8JB8nmqvQo/nKdrBodBY7L3RhDSPPyvOHwLYNmPuhwuJq7a7C3vgFKWGQM+ecPStcvOHA==", + "inBundle": true, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16" + } }, "node_modules/process-nextick-args": { "version": "2.0.1", @@ -10531,7 +10569,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^2.0.0", - "@npmcli/metavuln-calculator": "^2.0.0", + "@npmcli/metavuln-calculator": "^3.0.0", "@npmcli/move-file": "^1.1.0", "@npmcli/name-from-folder": "^1.0.1", "@npmcli/node-gyp": "^1.0.3", @@ -10545,12 +10583,12 @@ "mkdirp": "^1.0.4", "mkdirp-infer-owner": "^2.0.0", "npm-install-checks": "^4.0.0", - "npm-package-arg": "^8.1.5", - "npm-pick-manifest": "^6.1.0", - "npm-registry-fetch": "^12.0.1", - "pacote": "^12.0.2", + "npm-package-arg": "^9.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-registry-fetch": "^13.0.0", + "pacote": "^13.0.2", "parse-conflict-json": "^2.0.1", - "proc-log": "^1.0.0", + "proc-log": "^2.0.0", "promise-all-reject-late": "^1.0.0", "promise-call-limit": "^1.0.1", "read-package-json-fast": "^2.0.2", @@ -10598,8 +10636,8 @@ "dependencies": { "aproba": "^2.0.0", "minipass": "^3.1.1", - "npm-package-arg": "^8.1.2", - "npm-registry-fetch": "^12.0.1" + "npm-package-arg": "^9.0.0", + "npm-registry-fetch": "^13.0.0" }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", @@ -10619,8 +10657,8 @@ "binary-extensions": "^2.2.0", "diff": "^5.0.0", "minimatch": "^3.0.4", - "npm-package-arg": "^8.1.4", - "pacote": "^12.0.0", + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2", "tar": "^6.1.0" }, "devDependencies": { @@ -10641,9 +10679,9 @@ "@npmcli/run-script": "^2.0.0", "chalk": "^4.1.0", "mkdirp-infer-owner": "^2.0.0", - "npm-package-arg": "^8.1.2", - "pacote": "^12.0.0", - "proc-log": "^1.0.0", + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2", + "proc-log": "^2.0.0", "read": "^1.0.7", "read-package-json-fast": "^2.0.2", "walk-up-path": "^1.0.0" @@ -10676,7 +10714,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", @@ -10751,7 +10789,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", @@ -10768,8 +10806,8 @@ "license": "ISC", "dependencies": { "@npmcli/run-script": "^2.0.0", - "npm-package-arg": "^8.1.0", - "pacote": "^12.0.0" + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2" }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", @@ -10800,8 +10838,8 @@ "license": "ISC", "dependencies": { "normalize-package-data": "^3.0.2", - "npm-package-arg": "^8.1.2", - "npm-registry-fetch": "^12.0.1", + "npm-package-arg": "^9.0.0", + "npm-registry-fetch": "^13.0.0", "semver": "^7.1.3", "ssri": "^8.0.1" }, @@ -10820,7 +10858,7 @@ "version": "4.0.1", "license": "ISC", "dependencies": { - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", @@ -10895,7 +10933,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", @@ -10910,7 +10948,7 @@ "version": "2.0.2", "license": "ISC", "dependencies": { - "@npmcli/git": "^2.0.7", + "@npmcli/git": "^3.0.0", "@npmcli/run-script": "^2.0.0", "json-parse-even-better-errors": "^2.3.1", "semver": "^7.3.5", @@ -11442,7 +11480,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^2.0.0", - "@npmcli/metavuln-calculator": "^2.0.0", + "@npmcli/metavuln-calculator": "^3.0.0", "@npmcli/move-file": "^1.1.0", "@npmcli/name-from-folder": "^1.0.1", "@npmcli/node-gyp": "^1.0.3", @@ -11461,12 +11499,12 @@ "mkdirp-infer-owner": "^2.0.0", "nock": "^13.2.0", "npm-install-checks": "^4.0.0", - "npm-package-arg": "^8.1.5", - "npm-pick-manifest": "^6.1.0", - "npm-registry-fetch": "^12.0.1", - "pacote": "^12.0.2", + "npm-package-arg": "^9.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-registry-fetch": "^13.0.0", + "pacote": "^13.0.2", "parse-conflict-json": "^2.0.1", - "proc-log": "^1.0.0", + "proc-log": "^2.0.0", "promise-all-reject-late": "^1.0.0", "promise-call-limit": "^1.0.1", "read-package-json-fast": "^2.0.2", @@ -11500,16 +11538,17 @@ "integrity": "sha512-8yQtQ9ArHh/TzdUDKQwEvwCgpDuhSWTDAbiKMl3854PcT+Dk4UmWaiawuFTLy9n5twzXOBXVflWe+90/ffXQrA==" }, "@npmcli/config": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-3.0.0.tgz", - "integrity": "sha512-2cYe2MCGintq1s6izbLYO2gAHZwNFQ92lIb5QhtpRizwHwqrV9v4+xNpvx1EBaEaqTHFR4QuozgZLA1scao/5Q==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-4.0.0.tgz", + "integrity": "sha512-iywEsUhkA6GSgTS3vHLxHttU6lovSYt7wCGD0MOsjfd1YAUlz8243TXUKhcJiPfWvQYB4FnZkn30m3KmZS8GuA==", "requires": { "@npmcli/map-workspaces": "^2.0.0", "ini": "^2.0.0", "mkdirp-infer-owner": "^2.0.0", "nopt": "^5.0.0", + "proc-log": "^2.0.0", "read-package-json-fast": "^2.0.3", - "semver": "^7.3.4", + "semver": "^7.3.5", "walk-up-path": "^1.0.0" } }, @@ -11540,18 +11579,26 @@ } }, "@npmcli/git": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-2.1.0.tgz", - "integrity": "sha512-/hBFX/QG1b+N7PZBFs0bi+evgRZcK9nWBxQKZkGoXUT5hJSwl5c4d7y8/hm+NQZRPhQ67RzFaj5UM9YeyKoryw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/git/-/git-3.0.0.tgz", + "integrity": "sha512-xfSBJ+KBMZWWqRHFbEgIaXG/LtELHrQZMJ72Gkb3yWdHysu/7+VGOs8ME0c3td7QNQX57Ggo3kYL6ylcd70/kA==", "requires": { "@npmcli/promise-spawn": "^1.3.2", - "lru-cache": "^6.0.0", + "lru-cache": "^7.3.1", "mkdirp": "^1.0.4", - "npm-pick-manifest": "^6.1.1", + "npm-pick-manifest": "^7.0.0", + "proc-log": "^2.0.0", "promise-inflight": "^1.0.1", "promise-retry": "^2.0.1", "semver": "^7.3.5", "which": "^2.0.2" + }, + "dependencies": { + "lru-cache": { + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.3.1.tgz", + "integrity": "sha512-nX1x4qUrKqwbIAhv4s9et4FIUVzNOpeY07bsjGUy8gwJrXH/wScImSQqXErmo/b2jZY2r0mohbLA9zVj7u1cNw==" + } } }, "@npmcli/installed-package-contents": { @@ -11575,14 +11622,14 @@ } }, "@npmcli/metavuln-calculator": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-2.0.0.tgz", - "integrity": "sha512-VVW+JhWCKRwCTE+0xvD6p3uV4WpqocNYYtzyvenqL/u1Q3Xx6fGTJ+6UoIoii07fbuEO9U3IIyuGY0CYHDv1sg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-3.0.0.tgz", + "integrity": "sha512-tIzAdW3DAvlyuQyYvy7WuDKaJs55LoXFAIyglZTrHsc9DGZWP1YVL7+8WFKqx+lHyHUEkfk02Dc8ie4JWtNO6w==", "requires": { - "cacache": "^15.0.5", + "cacache": "^15.3.0", "json-parse-even-better-errors": "^2.3.1", - "pacote": "^12.0.0", - "semver": "^7.3.2" + "pacote": "^13.0.1", + "semver": "^7.3.5" } }, "@npmcli/move-file": { @@ -13892,6 +13939,18 @@ "semver": "^7.3.5", "validate-npm-package-license": "^3.0.4", "validate-npm-package-name": "^3.0.0" + }, + "dependencies": { + "npm-package-arg": { + "version": "8.1.5", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-8.1.5.tgz", + "integrity": "sha512-LhgZrg0n0VgvzVdSm1oiZworPbTxYHUJCgtsJW8mGvlDpxTM1vSJc3m5QZeUkhAHIzbz3VCHd/R4osi1L1Tg/Q==", + "requires": { + "hosted-git-info": "^4.0.1", + "semver": "^7.3.4", + "validate-npm-package-name": "^3.0.0" + } + } } }, "inline-style-parser": { @@ -14441,8 +14500,8 @@ "aproba": "^2.0.0", "minipass": "^3.1.1", "nock": "^12.0.1", - "npm-package-arg": "^8.1.2", - "npm-registry-fetch": "^12.0.1", + "npm-package-arg": "^9.0.0", + "npm-registry-fetch": "^13.0.0", "tap": "^15.1.0" } }, @@ -14456,8 +14515,8 @@ "diff": "^5.0.0", "eslint": "^8.1.0", "minimatch": "^3.0.4", - "npm-package-arg": "^8.1.4", - "pacote": "^12.0.0", + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2", "tap": "^15.0.9", "tar": "^6.1.0" } @@ -14472,9 +14531,9 @@ "bin-links": "^3.0.0", "chalk": "^4.1.0", "mkdirp-infer-owner": "^2.0.0", - "npm-package-arg": "^8.1.2", - "pacote": "^12.0.0", - "proc-log": "^1.0.0", + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2", + "proc-log": "^2.0.0", "read": "^1.0.7", "read-package-json-fast": "^2.0.2", "tap": "^15.0.6", @@ -14495,7 +14554,7 @@ "@npmcli/template-oss": "^2.4.2", "aproba": "^2.0.0", "nock": "^9.6.1", - "npm-registry-fetch": "^12.0.1", + "npm-registry-fetch": "^13.0.0", "tap": "^15.1.0" }, "dependencies": { @@ -14555,7 +14614,7 @@ "aproba": "^2.0.0", "minipass": "^3.1.1", "nock": "^12.0.1", - "npm-registry-fetch": "^12.0.1", + "npm-registry-fetch": "^13.0.0", "tap": "^15.0.0" } }, @@ -14565,8 +14624,8 @@ "@npmcli/run-script": "^2.0.0", "@npmcli/template-oss": "^2.4.2", "nock": "^13.0.7", - "npm-package-arg": "^8.1.0", - "pacote": "^12.0.0", + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2", "tap": "^15.0.0" }, "dependencies": { @@ -14592,8 +14651,8 @@ "lodash.clonedeep": "^4.5.0", "nock": "^12.0.2", "normalize-package-data": "^3.0.2", - "npm-package-arg": "^8.1.2", - "npm-registry-fetch": "^12.0.1", + "npm-package-arg": "^9.0.0", + "npm-registry-fetch": "^13.0.0", "semver": "^7.1.3", "ssri": "^8.0.1", "tap": "^15" @@ -14604,7 +14663,7 @@ "requires": { "@npmcli/template-oss": "^2.4.2", "nock": "^9.6.1", - "npm-registry-fetch": "^12.0.1", + "npm-registry-fetch": "^13.0.0", "tap": "^15" }, "dependencies": { @@ -14663,14 +14722,14 @@ "@npmcli/template-oss": "^2.4.2", "aproba": "^2.0.0", "nock": "^12.0.1", - "npm-registry-fetch": "^12.0.1", + "npm-registry-fetch": "^13.0.0", "tap": "^15" } }, "libnpmversion": { "version": "file:workspaces/libnpmversion", "requires": { - "@npmcli/git": "^2.0.7", + "@npmcli/git": "^3.0.0", "@npmcli/run-script": "^2.0.0", "@npmcli/template-oss": "^2.4.2", "json-parse-even-better-errors": "^2.3.1", @@ -15240,12 +15299,12 @@ "integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==" }, "npm-package-arg": { - "version": "8.1.5", - "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-8.1.5.tgz", - "integrity": "sha512-LhgZrg0n0VgvzVdSm1oiZworPbTxYHUJCgtsJW8mGvlDpxTM1vSJc3m5QZeUkhAHIzbz3VCHd/R4osi1L1Tg/Q==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-9.0.0.tgz", + "integrity": "sha512-yhzXxeor+Zfhe5MGwPdDumz6HtNlj2pMekWB95IX3CC6uDNgde0oPKHDCLDPoJqQfd0HqAWt+y4Hs5m7CK1+9Q==", "requires": { - "hosted-git-info": "^4.0.1", - "semver": "^7.3.4", + "hosted-git-info": "^4.1.0", + "semver": "^7.3.5", "validate-npm-package-name": "^3.0.0" } }, @@ -15261,35 +15320,37 @@ } }, "npm-pick-manifest": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-6.1.1.tgz", - "integrity": "sha512-dBsdBtORT84S8V8UTad1WlUyKIY9iMsAmqxHbLdeEeBNMLQDlDWWra3wYUx9EBEIiG/YwAy0XyNHDd2goAsfuA==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/npm-pick-manifest/-/npm-pick-manifest-7.0.0.tgz", + "integrity": "sha512-njM1AcdioFaKd0JSGtLO09YA1WRwctjGQJbnHGmKS+u+uwP8oFvtZtOQWPYdxrnY5eJud3wn8OpH4sEIx6+GEQ==", "requires": { "npm-install-checks": "^4.0.0", "npm-normalize-package-bin": "^1.0.1", - "npm-package-arg": "^8.1.2", - "semver": "^7.3.4" + "npm-package-arg": "^9.0.0", + "semver": "^7.3.5" } }, "npm-profile": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-6.0.0.tgz", - "integrity": "sha512-ZiwXx3Fq3wNqJMz+d4AVZ9X4xAw/0TqsvdiyDF5Y+h9lQ7AjYDOxY06lj7AP5vUBqB/7k/0oNFQOx03Ay0iHPw==", + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-6.0.2.tgz", + "integrity": "sha512-0Fq8l+A10YXnnS63E3HThWjOb7+19Wsh1nOVutC2fKuowar8t/5PpINsbcm5xQ2dA28uAu+wjFfUyiEVSMz4Jw==", "requires": { - "npm-registry-fetch": "^12.0.0" + "npm-registry-fetch": "^13.0.0", + "proc-log": "^2.0.0" } }, "npm-registry-fetch": { - "version": "12.0.2", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-12.0.2.tgz", - "integrity": "sha512-Df5QT3RaJnXYuOwtXBXS9BWs+tHH2olvkCLh6jcR/b/u3DvPMlp3J0TvvYwplPKxHMOwfg287PYih9QqaVFoKA==", + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-13.0.0.tgz", + "integrity": "sha512-MmiMuV9DU5gRuAU0jia952Qq+E4h7ZoUaeltCXivhClcqfOVKqNLZEQsRUOb6a8WQY+um8x97JcUuaWFoPoBBw==", "requires": { - "make-fetch-happen": "^10.0.1", + "make-fetch-happen": "^10.0.2", "minipass": "^3.1.6", "minipass-fetch": "^1.4.1", "minipass-json-stream": "^1.0.1", "minizlib": "^2.1.2", - "npm-package-arg": "^8.1.5" + "npm-package-arg": "^9.0.0", + "proc-log": "^2.0.0" } }, "npm-user-validate": { @@ -15547,29 +15608,31 @@ } }, "pacote": { - "version": "12.0.3", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-12.0.3.tgz", - "integrity": "sha512-CdYEl03JDrRO3x18uHjBYA9TyoW8gy+ThVcypcDkxPtKlw76e4ejhYB6i9lJ+/cebbjpqPW/CijjqxwDTts8Ow==", + "version": "13.0.2", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-13.0.2.tgz", + "integrity": "sha512-3LyfvDk2BSJNFQZIcDqnLNa7IsYb6KwX3H9uZPwaHJFIX6Gv5N9QHU+s7mEs/RbN4/ta6KUT39LAi2l6EkBi5A==", "requires": { - "@npmcli/git": "^2.1.0", - "@npmcli/installed-package-contents": "^1.0.6", + "@npmcli/git": "^3.0.0", + "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/promise-spawn": "^1.2.0", "@npmcli/run-script": "^2.0.0", - "cacache": "^15.0.5", + "cacache": "^15.3.0", "chownr": "^2.0.0", "fs-minipass": "^2.1.0", "infer-owner": "^1.0.4", - "minipass": "^3.1.3", - "mkdirp": "^1.0.3", - "npm-package-arg": "^8.0.1", + "minipass": "^3.1.6", + "mkdirp": "^1.0.4", + "npm-package-arg": "^9.0.0", "npm-packlist": "^3.0.0", - "npm-pick-manifest": "^6.0.0", - "npm-registry-fetch": "^12.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-registry-fetch": "^13.0.0", + "proc-log": "^2.0.0", "promise-retry": "^2.0.1", - "read-package-json-fast": "^2.0.1", + "read-package-json": "^4.1.1", + "read-package-json-fast": "^2.0.3", "rimraf": "^3.0.2", "ssri": "^8.0.1", - "tar": "^6.1.0" + "tar": "^6.1.11" } }, "parent-module": { @@ -15788,9 +15851,9 @@ "dev": true }, "proc-log": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-1.0.0.tgz", - "integrity": "sha512-aCk8AO51s+4JyuYGg3Q/a6gnrlDO09NpVWePtjp7xwphcoQ04x5WAfCyugcsbLooWcMJ87CLkD4+604IckEdhg==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-2.0.0.tgz", + "integrity": "sha512-I/35MfCX2H8jBUhKN8JB8nmqvQo/nKdrBodBY7L3RhDSPPyvOHwLYNmPuhwuJq7a7C3vgFKWGQM+ecPStcvOHA==" }, "process-nextick-args": { "version": "2.0.1", diff --git a/package.json b/package.json index c7885c2089c31..c1b9b44460b1c 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/arborist": "^4.3.1", "@npmcli/ci-detect": "^2.0.0", - "@npmcli/config": "^3.0.0", + "@npmcli/config": "^4.0.0", "@npmcli/map-workspaces": "^2.0.0", "@npmcli/package-json": "^1.0.1", "@npmcli/run-script": "^2.0.0", @@ -100,16 +100,16 @@ "nopt": "^5.0.0", "npm-audit-report": "^2.1.5", "npm-install-checks": "^4.0.0", - "npm-package-arg": "^8.1.5", - "npm-pick-manifest": "^6.1.1", - "npm-profile": "^6.0.0", - "npm-registry-fetch": "^12.0.2", + "npm-package-arg": "^9.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-profile": "^6.0.2", + "npm-registry-fetch": "^13.0.0", "npm-user-validate": "^1.0.1", "npmlog": "^6.0.1", "opener": "^1.5.2", - "pacote": "^12.0.3", + "pacote": "^13.0.2", "parse-conflict-json": "^2.0.1", - "proc-log": "^1.0.0", + "proc-log": "^2.0.0", "qrcode-terminal": "^0.12.0", "read": "~1.0.7", "read-package-json": "^4.1.1", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index a915c9d8b1f6f..af54743a8819b 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -6,7 +6,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^2.0.0", - "@npmcli/metavuln-calculator": "^2.0.0", + "@npmcli/metavuln-calculator": "^3.0.0", "@npmcli/move-file": "^1.1.0", "@npmcli/name-from-folder": "^1.0.1", "@npmcli/node-gyp": "^1.0.3", @@ -20,12 +20,12 @@ "mkdirp": "^1.0.4", "mkdirp-infer-owner": "^2.0.0", "npm-install-checks": "^4.0.0", - "npm-package-arg": "^8.1.5", - "npm-pick-manifest": "^6.1.0", - "npm-registry-fetch": "^12.0.1", - "pacote": "^12.0.2", + "npm-package-arg": "^9.0.0", + "npm-pick-manifest": "^7.0.0", + "npm-registry-fetch": "^13.0.0", + "pacote": "^13.0.2", "parse-conflict-json": "^2.0.1", - "proc-log": "^1.0.0", + "proc-log": "^2.0.0", "promise-all-reject-late": "^1.0.0", "promise-call-limit": "^1.0.1", "read-package-json-fast": "^2.0.2", diff --git a/workspaces/libnpmaccess/package.json b/workspaces/libnpmaccess/package.json index 760da6cc1be87..f32c1a3c8373e 100644 --- a/workspaces/libnpmaccess/package.json +++ b/workspaces/libnpmaccess/package.json @@ -31,8 +31,8 @@ "dependencies": { "aproba": "^2.0.0", "minipass": "^3.1.1", - "npm-package-arg": "^8.1.2", - "npm-registry-fetch": "^12.0.1" + "npm-package-arg": "^9.0.0", + "npm-registry-fetch": "^13.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index 24846f39cf4fb..2d18763396f1e 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -53,8 +53,8 @@ "binary-extensions": "^2.2.0", "diff": "^5.0.0", "minimatch": "^3.0.4", - "npm-package-arg": "^8.1.4", - "pacote": "^12.0.0", + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2", "tar": "^6.1.0" }, "templateOSS": { diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index 4410f187ec66a..7e91770bb0bc9 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -55,9 +55,9 @@ "@npmcli/run-script": "^2.0.0", "chalk": "^4.1.0", "mkdirp-infer-owner": "^2.0.0", - "npm-package-arg": "^8.1.2", - "pacote": "^12.0.0", - "proc-log": "^1.0.0", + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2", + "proc-log": "^2.0.0", "read": "^1.0.7", "read-package-json-fast": "^2.0.2", "walk-up-path": "^1.0.0" diff --git a/workspaces/libnpmhook/package.json b/workspaces/libnpmhook/package.json index 4f30555273205..86e3c9b684447 100644 --- a/workspaces/libnpmhook/package.json +++ b/workspaces/libnpmhook/package.json @@ -34,7 +34,7 @@ "license": "ISC", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "devDependencies": { "@npmcli/template-oss": "^2.4.2", diff --git a/workspaces/libnpmorg/package.json b/workspaces/libnpmorg/package.json index 5c4909b1c9505..781fa9b524695 100644 --- a/workspaces/libnpmorg/package.json +++ b/workspaces/libnpmorg/package.json @@ -45,7 +45,7 @@ "homepage": "https://npmjs.com/package/libnpmorg", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index 7317c272f7e22..94507504080d5 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -39,8 +39,8 @@ "homepage": "https://npmjs.com/package/libnpmpack", "dependencies": { "@npmcli/run-script": "^2.0.0", - "npm-package-arg": "^8.1.0", - "pacote": "^12.0.0" + "npm-package-arg": "^9.0.0", + "pacote": "^13.0.2" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index 3fd2d6d5a3961..cb73ee348e2fb 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -43,8 +43,8 @@ "homepage": "https://npmjs.com/package/libnpmpublish", "dependencies": { "normalize-package-data": "^3.0.2", - "npm-package-arg": "^8.1.2", - "npm-registry-fetch": "^12.0.1", + "npm-package-arg": "^9.0.0", + "npm-registry-fetch": "^13.0.0", "semver": "^7.1.3", "ssri": "^8.0.1" }, diff --git a/workspaces/libnpmsearch/package.json b/workspaces/libnpmsearch/package.json index f524426dc65f8..ba660269893e2 100644 --- a/workspaces/libnpmsearch/package.json +++ b/workspaces/libnpmsearch/package.json @@ -41,7 +41,7 @@ "bugs": "https://github.com/npm/libnpmsearch/issues", "homepage": "https://npmjs.com/package/libnpmsearch", "dependencies": { - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" diff --git a/workspaces/libnpmteam/package.json b/workspaces/libnpmteam/package.json index 23903551aa8c1..083fd6f088123 100644 --- a/workspaces/libnpmteam/package.json +++ b/workspaces/libnpmteam/package.json @@ -32,7 +32,7 @@ "homepage": "https://npmjs.com/package/libnpmteam", "dependencies": { "aproba": "^2.0.0", - "npm-registry-fetch": "^12.0.1" + "npm-registry-fetch": "^13.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" diff --git a/workspaces/libnpmversion/package.json b/workspaces/libnpmversion/package.json index 6d7823f5d0a5b..6c7a268524eb0 100644 --- a/workspaces/libnpmversion/package.json +++ b/workspaces/libnpmversion/package.json @@ -34,7 +34,7 @@ "tap": "^15" }, "dependencies": { - "@npmcli/git": "^2.0.7", + "@npmcli/git": "^3.0.0", "@npmcli/run-script": "^2.0.0", "json-parse-even-better-errors": "^2.3.1", "semver": "^7.3.5",