Skip to content

Commit

Permalink
deps: upgrade npm to 6.4.1
Browse files Browse the repository at this point in the history
PR-URL: #22591
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
  • Loading branch information
zkat authored and MylesBorins committed Sep 3, 2018
1 parent 5294919 commit f82d58d
Show file tree
Hide file tree
Showing 743 changed files with 19,050 additions and 29,478 deletions.
17 changes: 17 additions & 0 deletions deps/npm/AUTHORS
Original file line number Diff line number Diff line change
Expand Up @@ -584,3 +584,20 @@ Geoffrey Mattie <info@geoffreymattie.com>
Luis Lobo Borobia <luislobo@gmail.com>
Aaron Tribou <tribou@users.noreply.github.com>
刘祺 <gucong@gmail.com>
Brad Johnson <bradsk88@gmail.com>
Artem Varaksa <aymfst@gmail.com>
Mary <Ipadlover8322@gmail.com>
Darryl Pogue <dvpdiner2@gmail.com>
Rick Schubert <rickschubert@gmx.de>
Daniel W <dwilches@gmail.com>
XhmikosR <xhmikosr@gmail.com>
Martin Kühl <mkhl@users.noreply.github.com>
Valentin Ouvrard <valentin210594@gmail.com>
Noah Benham <noahbenham@users.noreply.github.com>
Brian Olore <brian@olore.net>
Mat Warger <mwarger@gmail.com>
Federico Rampazzo <frampone@gmail.com>
SneakyFish5 <32284796+SneakyFish5@users.noreply.github.com>
Nikki Everett <neverett@users.noreply.github.com>
Erik Price <github@erikprice.net>
Lars Willighagen <lars.willighagen@gmail.com>
275 changes: 274 additions & 1 deletion deps/npm/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,275 @@
## v6.4.1 (2018-08-22):

### BUGFIXES

* [`4bd40f543`](https://github.com/npm/cli/commit/4bd40f543dc89f0721020e7d0bb3497300d74818)
[#42](https://github.com/npm/cli/pull/42)
Prevent blowing up on malformed responses from the `npm audit` endpoint, such
as with third-party registries.
([@framp](https://github.com/framp))
* [`0e576f0aa`](https://github.com/npm/cli/commit/0e576f0aa6ea02653d948c10f29102a2d4a31944)
[#46](https://github.com/npm/cli/pull/46)
Fix `NO_PROXY` support by renaming npm-side config to `--noproxy`. The
environment variable should still work.
([@SneakyFish5](https://github.com/SneakyFish5))
* [`d8e811d6a`](https://github.com/npm/cli/commit/d8e811d6adf3d87474982cb831c11316ac725605)
[#33](https://github.com/npm/cli/pull/33)
Disable `update-notifier` checks when a CI environment is detected.
([@Sibiraj-S](https://github.com/Sibiraj-S))
* [`1bc5b8cea`](https://github.com/npm/cli/commit/1bc5b8ceabc86bfe4777732f25ffef0f3de81bd1)
[#47](https://github.com/npm/cli/pull/47)
Fix issue where `postpack` scripts would break if `pack` was used with
`--dry-run`.
([@larsgw](https://github.com/larsgw))

### DEPENDENCY BUMPS

* [`4c57316d5`](https://github.com/npm/cli/commit/4c57316d5633e940105fa545b52d8fbfd2eb9f75)
`figgy-pudding@3.4.1`
([@zkat](https://github.com/zkat))
* [`85f4d7905`](https://github.com/npm/cli/commit/85f4d79059865d5267f3516b6cdbc746012202c6)
`cacache@11.2.0`
([@zkat](https://github.com/zkat))
* [`d20ac242a`](https://github.com/npm/cli/commit/d20ac242aeb44aa3581c65c052802a02d5eb22f3)
`npm-packlist@1.1.11`:
No real changes in npm-packlist, but npm-bundled included a
circular dependency fix, as well as adding a proper LICENSE file.
([@isaacs](https://github.com/isaacs))
* [`e8d5f4418`](https://github.com/npm/cli/commit/e8d5f441821553a31fc8cd751670663699d2c8ce)
[npm.community#632](https://npm.community/t/https://npm.community/t/using-npm-ci-does-not-run-prepare-script-for-git-modules/632)
`libcipm@2.0.2`:
Fixes issue where `npm ci` wasn't running the `prepare` lifecycle script when
installing git dependencies
([@edahlseng](https://github.com/edahlseng))
* [`a5e6f78e9`](https://github.com/npm/cli/commit/a5e6f78e916873f7d18639ebdb8abd20479615a9)
`JSONStream@1.3.4`:
Fixes memory leak problem when streaming large files (like legacy npm search).
([@daern91](https://github.com/daern91))
* [`3b940331d`](https://github.com/npm/cli/commit/3b940331dcccfa67f92366adb7ffd9ecf7673a9a)
[npm.community#1042](https://npm.community/t/3-path-variables-are-assigned-to-child-process-launched-by-npm/1042)
`npm-lifecycle@2.1.0`:
Fixes issue for Windows user where multiple `Path`/`PATH` variables were being
added to the environment and breaking things in all sorts of fun and
interesting ways.
([@JimiC](https://github.com/JimiC))
* [`d612d2ce8`](https://github.com/npm/cli/commit/d612d2ce8fab72026f344f125539ecbf3746af9a)
`npm-registry-client@8.6.0`
([@iarna](https://github.com/iarna))
* [`1f6ba1cb1`](https://github.com/npm/cli/commit/1f6ba1cb174590c1f5d2b00e2ca238dfa39d507a)
`opener@1.5.0`
([@domenic](https://github.com/domenic))
* [`37b8f405f`](https://github.com/npm/cli/commit/37b8f405f35c861b7beeed56f71ad20b0bf87889)
`request@2.88.0`
([@mikeal](https://github.com/mikeal))
* [`bb91a2a14`](https://github.com/npm/cli/commit/bb91a2a14562e77769057f1b6d06384be6d6bf7f)
`tacks@1.2.7`
([@iarna](https://github.com/iarna))
* [`30bc9900a`](https://github.com/npm/cli/commit/30bc9900ae79c80bf0bdee0ae6372da6f668124c)
`ci-info@1.4.0`:
Adds support for two more CI services
([@watson](https://github.com/watson))
* [`1d2fa4ddd`](https://github.com/npm/cli/commit/1d2fa4dddcab8facfee92096cc24b299387f3182)
`marked@0.5.0`
([@joshbruce](https://github.com/joshbruce))

### DOCUMENTATION

* [`08ecde292`](https://github.com/npm/cli/commit/08ecde2928f8c89a2fdaa800ae845103750b9327)
[#54](https://github.com/npm/cli/pull/54)
Mention registry terms of use in manpage and registry docs and update language
in README for it.
([@kemitchell](https://github.com/kemitchell))
* [`de956405d`](https://github.com/npm/cli/commit/de956405d8b72354f98579d00c6dd30ac3b9bddf)
[#41](https://github.com/npm/cli/pull/41)
Add documentation for `--dry-run` in `install` and `pack` docs.
([@reconbot](https://github.com/reconbot))
* [`95031b90c`](https://github.com/npm/cli/commit/95031b90ce0b0c4dcd5e4eafc86e3e5bfd59fb3e)
[#48](https://github.com/npm/cli/pull/48)
Update republish time and lightly reorganize republish info.
([@neverett](https://github.com/neverett))
* [`767699b68`](https://github.com/npm/cli/commit/767699b6829b8b899d5479445e99b0ffc43ff92d)
[#53](https://github.com/npm/cli/pull/53)
Correct `npm@6.4.0` release date in changelog.
([@charmander](https://github.com/charmander))
* [`3fea3166e`](https://github.com/npm/cli/commit/3fea3166eb4f43f574fcfd9ee71a171feea2bc29)
[#55](https://github.com/npm/cli/pull/55)
Align command descriptions in help text.
([@erik](https://github.com/erik))

## v6.4.0 (2018-08-09):

### NEW FEATURES

* [`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7)
[npm/cli#8](https://github.com/npm/cli/pull/8)
Search for authentication token defined by environment variables by preventing
the translation layer from env variable to npm option from breaking
`:_authToken`.
([@mkhl](https://github.com/mkhl))
* [`84bfd23e7`](https://github.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022)
[npm/cli#35](https://github.com/npm/cli/pull/35)
Stop filtering out non-IPv4 addresses from `local-addrs`, making npm actually
use IPv6 addresses when it must.
([@valentin2105](https://github.com/valentin2105))
* [`792c8c709`](https://github.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd)
[npm/cli#31](https://github.com/npm/cli/pull/31)
configurable audit level for non-zero exit
`npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level.
Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found.
Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected.
([@lennym](https://github.com/lennym))

### BUGFIXES

* [`d81146181`](https://github.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c)
[npm/cli#32](https://github.com/npm/cli/pull/32)
Don't check for updates to npm when we are updating npm itself.
([@olore](https://github.com/olore))

### DEPENDENCY UPDATES

A very special dependency update event! Since the [release of
`node-gyp@3.8.0`](https://github.com/nodejs/node-gyp/pull/1521), an awkward
version conflict that was preventing `request` from begin flattened was
resolved. This means two things:

1. We've cut down the npm tarball size by another 200kb, to 4.6MB
2. `npm audit` now shows no vulnerabilities for npm itself!

Thanks, [@rvagg](https://github.com/rvagg)!

* [`866d776c2`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6)
`request@2.87.0`
([@simov](https://github.com/simov))
* [`f861c2b57`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f)
`node-gyp@3.8.0`
([@rvagg](https://github.com/rvagg))
* [`32e6947c6`](https://github.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9)
[npm/cli#39](https://github.com/npm/cli/pull/39)
`colors@1.1.2`:
REVERT REVERT, newer versions of this library are broken and print ansi
codes even when disabled.
([@iarna](https://github.com/iarna))
* [`beb96b92c`](https://github.com/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335)
`libcipm@2.0.1`
([@zkat](https://github.com/zkat))
* [`348fc91ad`](https://github.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1)
`validate-npm-package-license@3.0.4`: Fixes errors with empty or string-only
license fields.
([@Gudahtt](https://github.com/Gudahtt))
* [`e57d34575`](https://github.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550)
`iferr@1.0.2`
([@shesek](https://github.com/shesek))
* [`46f1c6ad4`](https://github.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c)
`tar@4.4.6`
([@isaacs](https://github.com/isaacs))
* [`50df1bf69`](https://github.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561)
`hosted-git-info@2.7.1`
([@iarna](https://github.com/iarna))
([@Erveon](https://github.com/Erveon))
([@huochunpeng](https://github.com/huochunpeng))

### DOCUMENTATION

* [`af98e76ed`](https://github.com/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a)
[npm/cli#34](https://github.com/npm/cli/pull/34)
Remove `npm publish` from list of commands not affected by `--dry-run`.
([@joebowbeer](https://github.com/joebowbeer))
* [`e2b0f0921`](https://github.com/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce)
[npm/cli#36](https://github.com/npm/cli/pull/36)
Tweak formatting in repository field examples.
([@noahbenham](https://github.com/noahbenham))
* [`e2346e770`](https://github.com/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a)
[npm/cli#14](https://github.com/npm/cli/pull/14)
Used `process.env` examples to make accessing certain `npm run-scripts`
environment variables more clear.
([@mwarger](https://github.com/mwarger))

## v6.3.0 (2018-08-01):

This is basically the same as the prerelease, but two dependencies have been
bumped due to bugs that had been around for a while.

* [`0a22be42e`](https://github.com/npm/cli/commit/0a22be42eb0d40cd0bd87e68c9e28fc9d72c0e19)
`figgy-pudding@3.2.0`
([@zkat](https://github.com/zkat))
* [`0096f6997`](https://github.com/npm/cli/commit/0096f69978d2f40b170b28096f269b0b0008a692)
`cacache@11.1.0`
([@zkat](https://github.com/zkat))

## v6.3.0-next.0 (2018-07-25):

### NEW FEATURES

* [`ad0dd226f`](https://github.com/npm/cli/commit/ad0dd226fb97a33dcf41787ae7ff282803fb66f2)
[npm/cli#26](https://github.com/npm/cli/pull/26)
`npm version` now supports a `--preid` option to specify the preid for
prereleases. For example, `npm version premajor --preid rc` will tag a version
like `2.0.0-rc.0`.
([@dwilches](https://github.com/dwilches))

### MESSAGING IMPROVEMENTS

* [`c1dad1e99`](https://github.com/npm/cli/commit/c1dad1e994827f2eab7a13c0f6454f4e4c22ebc2)
[npm/cli#6](https://github.com/npm/cli/pull/6)
Make `npm audit fix` message provide better instructions for vulnerabilities
that require manual review.
([@bradsk88](https://github.com/bradsk88))
* [`15c1130fe`](https://github.com/npm/cli/commit/15c1130fe81961706667d845aad7a5a1f70369f3)
Fix missing colon next to tarball url in new `npm view` output.
([@zkat](https://github.com/zkat))
* [`21cf0ab68`](https://github.com/npm/cli/commit/21cf0ab68cf528d5244ae664133ef400bdcfbdb6)
[npm/cli#24](https://github.com/npm/cli/pull/24)
Use the defaut OTP explanation everywhere except when the context is
"OTP-aware" (like when setting double-authentication). This improves the
overall CLI messaging when prompting for an OTP code.
([@jdeniau](https://github.com/jdeniau))

### MISC

* [`a9ac8712d`](https://github.com/npm/cli/commit/a9ac8712dfafcb31a4e3deca24ddb92ff75e942d)
[npm/cli#21](https://github.com/npm/cli/pull/21)
Use the extracted `stringify-package` package.
([@dpogue](https://github.com/dpogue))
* [`9db15408c`](https://github.com/npm/cli/commit/9db15408c60be788667cafc787116555507dc433)
[npm/cli#27](https://github.com/npm/cli/pull/27)
`wrappy` was previously added to dependencies in order to flatten it, but we
no longer do legacy-style for npm itself, so it has been removed from
`package.json`.
([@rickschubert](https://github.com/rickschubert))

### DOCUMENTATION

* [`3242baf08`](https://github.com/npm/cli/commit/3242baf0880d1cdc0e20b546d3c1da952e474444)
[npm/cli#13](https://github.com/npm/cli/pull/13)
Update more dead links in README.md.
([@u32i64](https://github.com/u32i64))
* [`06580877b`](https://github.com/npm/cli/commit/06580877b6023643ec780c19d84fbe120fe5425c)
[npm/cli#19](https://github.com/npm/cli/pull/19)
Update links in docs' `index.html` to refer to new bug/PR URLs.
([@watilde](https://github.com/watilde))
* [`ca03013c2`](https://github.com/npm/cli/commit/ca03013c23ff38e12902e9569a61265c2d613738)
[npm/cli#15](https://github.com/npm/cli/pull/15)
Fix some typos in file-specifiers docs.
([@Mstrodl](https://github.com/Mstrodl))
* [`4f39f79bc`](https://github.com/npm/cli/commit/4f39f79bcacef11bf2f98d09730bc94d0379789b)
[npm/cli#16](https://github.com/npm/cli/pull/16)
Fix some typos in file-specifiers and package-lock docs.
([@watilde](https://github.com/watilde))
* [`35e51f79d`](https://github.com/npm/cli/commit/35e51f79d1a285964aad44f550811aa9f9a72cd8)
[npm/cli#18](https://github.com/npm/cli/pull/18)
Update build status badge url in README.
([@watilde](https://github.com/watilde))
* [`a67db5607`](https://github.com/npm/cli/commit/a67db5607ba2052b4ea44f66657f98b758fb4786)
[npm/cli#17](https://github.com/npm/cli/pull/17/)
Replace TROUBLESHOOTING.md with [posts in
npm.community](https://npm.community/c/support/troubleshooting).
([@watilde](https://github.com/watilde))
* [`e115f9de6`](https://github.com/npm/cli/commit/e115f9de65bf53711266152fc715a5012f7d3462)
[npm/cli#7](https://github.com/npm/cli/pull/7)
Use https URLs in documentation when appropriate. Happy [Not Secure Day](https://arstechnica.com/gadgets/2018/07/todays-the-day-that-chrome-brands-plain-old-http-as-not-secure/)!
([@XhmikosR](https://github.com/XhmikosR))

## v6.2.0 (2018-07-13):

In case you missed it, [we
Expand All @@ -13,7 +285,8 @@ quite ready on time but that we'd still like to include. Enjoy!

* [`244b18380`](https://github.com/npm/npm/commit/244b18380ee55950b13c293722771130dbad70de)
[#20554](https://github.com/npm/npm/pull/20554)
add support for --parseable output
Add support for tab-separated output for `npm audit` data with the
`--parseable` flag.
([@luislobo](https://github.com/luislobo))
* [`7984206e2`](https://github.com/npm/npm/commit/7984206e2f41b8d8361229cde88d68f0c96ed0b8)
[#12697](https://github.com/npm/npm/pull/12697)
Expand Down
2 changes: 1 addition & 1 deletion deps/npm/CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ This includes anyone who may show up to the npm/npm repo with issues, PRs, comme
* Comment on issues when they have a reference to the answer.
* If community members aren't sure they are correct and don't have a reference to the answer, please leave the issue and try another one.
* Defer to collaborators and npm employees for answers.
* Make sure to search for [the troubleshooting doc](./TROUBLESHOOTING.md) and search on the issue tracker for similar issues before opening a new one.
* Make sure to search for [the troubleshooting posts on npm.community](https://npm.community/c/support/troubleshooting) and search on the issue tracker for similar issues before opening a new one.
* Any users with urgent support needs are welcome to email support@npmjs.com, and our dedicated support team will be happy to help.

PLEASE don't @ collaborators or npm employees on issues. The CLI team is small, and has many outstanding commitments to fulfill.
Expand Down
13 changes: 5 additions & 8 deletions deps/npm/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
npm(1) -- a JavaScript package manager
==============================

[![Build Status](https://img.shields.io/travis/npm/npm/latest.svg)](https://travis-ci.org/npm/npm)
[![Build Status](https://img.shields.io/travis/npm/cli/latest.svg)](https://travis-ci.org/npm/cli)

## SYNOPSIS

Expand All @@ -16,17 +16,14 @@ Much more info will be available via `npm help` once it's installed.
To install an old **and unsupported** version of npm that works on node v5
and prior, clone the git repo and dig through the old tags and branches.

**npm is configured to use npm, Inc.'s public package registry at
<https://registry.npmjs.org> by default.**
**npm is configured to use npm, Inc.'s public registry at
<https://registry.npmjs.org> by default.** Use of the npm public registry
is subject to terms of use available at <https://www.npmjs.com/policies/terms>.

You can configure npm to use any compatible registry you
like, and even run your own registry. Check out the [doc on
registries](https://docs.npmjs.com/misc/registry).

Use of someone else's registry may be governed by terms of use. The
terms of use for the default public registry are available at
<https://www.npmjs.com>.

## Super Easy Install

npm is bundled with [node](https://nodejs.org/en/download/).
Expand Down Expand Up @@ -88,7 +85,7 @@ experience if you run a recent version of npm. To upgrade, either use [Microsoft
upgrade tool](https://github.com/felixrieseberg/npm-windows-upgrade),
[download a new version of Node](https://nodejs.org/en/download/),
or follow the Windows upgrade instructions in the
[npm Troubleshooting Guide](./TROUBLESHOOTING.md).
[Installing/upgrading npm](https://npm.community/t/installing-upgrading-npm/251/2) post.

If that's not fancy enough for you, then you can fetch the code with
git, and mess with it directly.
Expand Down
7 changes: 6 additions & 1 deletion deps/npm/bin/npm-cli.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,20 +69,25 @@
npm.command = 'help'
}

var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')

// now actually fire up npm and run the command.
// this is how to use npm programmatically:
conf._exit = true
npm.load(conf, function (er) {
if (er) return errorHandler(er)
if (
!isGlobalNpmUpdate &&
npm.config.get('update-notifier') &&
!unsupported.checkVersion(process.version).unsupported
) {
const pkg = require('../package.json')
let notifier = require('update-notifier')({pkg})
const isCI = require('ci-info').isCI
if (
notifier.update &&
notifier.update.latest !== pkg.version
notifier.update.latest !== pkg.version &&
!isCI
) {
const color = require('ansicolors')
const useColor = npm.config.get('color')
Expand Down
4 changes: 2 additions & 2 deletions deps/npm/doc/cli/npm-hook.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ $ npm hook rm id-deadbeef
## DESCRIPTION

Allows you to manage [npm
hooks](http://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm),
hooks](https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm),
including adding, removing, listing, and updating.

Hooks allow you to configure URL endpoints that will be notified whenever a
Expand All @@ -69,4 +69,4 @@ request came from your own configured hook.

## SEE ALSO

* ["Introducing Hooks" blog post](http://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm)
* ["Introducing Hooks" blog post](https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm)
Loading

0 comments on commit f82d58d

Please sign in to comment.