deps: upgrade npm to 7.15.0

[npm-robot]

v7.15.0 (2021-05-27)

FEATURES

• 399ff8cbc #3312 feat(link): add workspace support (@isaacs)

BUG FIXES

• 46a9bcbcb #3282 fix(docs): proper postinstall script file name (@KevinFCormier)
• 83590d40f #3272 fix(ls): show relative paths from root (@isaacs)
• a574b518a #3304 fix(completion): restore IFS even if npm completion returns error (@NariyasuHeseri)
• 554e8a5cd #3311 set audit exit code properly (@isaacs)
• 4a4fbe33c #3268 #3285 fix(publish): skip private workspaces (@ruyadorno)

DOCUMENTATION

• 3c53d631f #3307 fix(docs): typo in package-lock.json docs (@rethab)
• 96367f93f rebuild npm-pack doc (@isaacs)
• 64b13dd10 #3313 Drop stale Python 3<->node-gyp remark (@spencerwilson)

DEPENDENCIES

• 7b56bfdf3 cacache@15.2.0:
  • feat: allow fully deleting indices
  • feat: add a validateEntry option to compact
  • chore: lint
  • chore: use standard npm style release scripts
• dbbc151a3 npm-audit-report@2.1.5:
  • fix(exit-code): account for null auditLevel default (Tracking / Assuring Compatibility #46)
• 5b2604507 chore(package-lock): update devDependencies (@Gar)

AUTOMATION

• 3d5df0082 #3294 chore(ci): move node release PR workflow to cli repo (@gimli01)

[VoltrexKeyva]

#38828...?

[darcyclarke]

@VoltrexMaster #38828 (comment)

[darcyclarke]

Of note, @gimli01 is looking into why this automation has a larger diff then @lpinca's PR; As noted in #38828 (comment), this PR was generated via a GitHub Action that will be kicked off immediately after our releases going forward (ref. https://github.com/npm/cli/blob/latest/.github/workflows/create-cli-deps-pr.yml)

[Ayase-252]

Maybe it need sync with latest master? I saw This branch is 1 commit ahead, 1359 commits behind nodejs:master. in https://github.com/npm/node/tree/npm-7.15.0

[aduh95]

There is a no-bot but our bots policy in Node.js's repos:

Accounts that are reasonably believed to be bots (other than bots authorized by both TSC and CommComm) are subject to immediate Blocking.

Does @npm-robot fits in the authorized category? Would it be possible to link to an issue where its introduction has been discussed?

[ruyadorno]

There is a no-bot but our bots policy in Node.js's repos:

Accounts that are reasonably believed to be bots (other than bots authorized by both TSC and CommComm) are subject to immediate Blocking.

Hi @aduh95 thank you so much for bringing that up, personally I wasn't aware of the existence of that policy when I first discussed the npm-robot PR strategy but I can totally see the reason for having it 😊

That said, my personal interpretation of the policy is that it's in place to avoid spamming and other unwanted behavior. That wouldn't be the case here. This robot is clearly performing a legitimate task, helping us better integrate npm cli releases timely into node releases.

Does @npm-robot fits in the authorized category? Would it be possible to link to an issue where its introduction has been discussed?

Could you please help us bring the subject to a future TSC meeting agenda? Given that we have that policy in place I believe the best way to move forward is to make sure get an explicit approval. 🙏

[ruyadorno]

actually, let me create an issue instead and close this PR as I want to make sure we clean things up in the update npm side of things 😊

Opened: #38879 so that we can continue the conversation there.