Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: don't check for updates to npm when we are updating npm itself #32

Merged
merged 2 commits into from
Aug 3, 2018
Merged

cli: don't check for updates to npm when we are updating npm itself #32

merged 2 commits into from
Aug 3, 2018

Conversation

olore
Copy link
Contributor

@olore olore commented Jul 27, 2018

@olore olore requested a review from a team as a code owner July 27, 2018 12:34
@olore olore mentioned this pull request Jul 28, 2018
Closed
zkat
zkat suggested changes Jul 30, 2018
View reviewed changes
Copy link
Contributor

@zkat zkat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to do a bit more with this before it's mergeable. Thanks for taking the time to do this, though! It's super helpful to make sure this improves.

bin/npm-cli.js Outdated
@@ -75,6 +75,7 @@
npm.load(conf, function (er) {
if (er) return errorHandler(er)
if (
!npm.argv.includes('npm') &&
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll note that pnpm also makes sure it's a relevant command, as well as whether we're in global mode. I think both of those check are worth doing.

I also agree with what pnpm is doing as far as disabling this on CI. The ci-info package by @watson seems to do a pretty good job at detecting this, so maybe that's worth pulling in (/cc @iarna).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @zkat! I made updates to check install/update and if global mode.

Disregarding the CI stuff here based on comments on #33

@zkat zkat added semver:patch semver patch level for changes in-progress labels Jul 30, 2018
@olore olore force-pushed the invalid-notification-about-available-update branch from 7c90e10 to 692ce93 Compare July 31, 2018 20:29
@olore olore force-pushed the invalid-notification-about-available-update branch from 692ce93 to d905508 Compare July 31, 2018 20:49
@olore
Copy link
Contributor Author

olore commented Aug 1, 2018

@zkat I think we're all set. Let me know if anything else.

@zkat zkat changed the base branch from latest to release-next August 3, 2018 16:19
@zkat
Copy link
Contributor

zkat commented Aug 3, 2018

Looks great! Thanks. 🎉

@zkat zkat merged commit d811461 into npm:release-next Aug 3, 2018
@zkat zkat removed the in-progress label Aug 3, 2018
@zkat zkat mentioned this pull request Aug 15, 2018
Closed
4 tasks
@zkat zkat mentioned this pull request Aug 29, 2018
Closed
4 tasks
@NOUIY NOUIY mentioned this pull request Apr 22, 2022
Open
@kevinjm39 kevinjm39 mentioned this pull request May 1, 2022
Open
This was referenced May 12, 2022
Open
Open
Open
Open
@hojatA1 hojatA1 mentioned this pull request Jun 23, 2023
Open
This was referenced Jun 23, 2023
Open
Open
This was referenced Jun 23, 2023
Open
Open
Open
@EMWickd EMWickd mentioned this pull request Jun 24, 2023
Open
@hojatA1 hojatA1 mentioned this pull request Jun 24, 2023
Open
This was referenced Jun 24, 2023
Open
Open
renovate bot added a commit to redwoodjs/redwood that referenced this pull request Nov 16, 2023
@renovate
chore(deps): update dependency @npmcli/arborist to v6.5.0 (#9517)
3e87c10 
[![Mend Renovate logo
banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@npmcli/arborist](https://github.com/npm/cli) | [`6.2.10` ->
`6.5.0`](https://renovatebot.com/diffs/npm/@npmcli%2farborist/6.2.10/6.5.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@npmcli%2farborist/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@npmcli%2farborist/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@npmcli%2farborist/6.2.10/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@npmcli%2farborist/6.2.10/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>npm/cli (@&#8203;npmcli/arborist)</summary>

### [`v6.5.0`](https://github.com/npm/cli/releases/tag/v6.5.0)

[Compare Source](https://github.com/npm/cli/compare/v6.4.0...v6.5.0)

##### NEW FEATURES

-
[`fc1a8d185`](https://github.com/npm/cli/commit/fc1a8d185fc678cdf3784d9df9eef9094e0b2dec)
Backronym `npm ci` to `npm clean-install`.
([@&#8203;zkat](https://github.com/zkat))
-
[`4be51a9cc`](https://github.com/npm/cli/commit/4be51a9cc65635bb26fa4ce62233f26e0104bc20)
[#&#8203;81](https://github.com/npm/cli/pull/81) Adds 'Homepage' to
outdated --long output.
([@&#8203;jbottigliero](https://github.com/jbottigliero))

##### BUGFIXES

-
[`89652cb9b`](https://github.com/npm/cli/commit/89652cb9b810f929f5586fc90cc6794d076603fb)
[npm.community#1661](https://npm.community/t/https://npm.community/t/1661)
Fix sign-git-commit options. They were previously totally wrong.
([@&#8203;zkat](https://github.com/zkat))
-
[`414f2d1a1`](https://github.com/npm/cli/commit/414f2d1a1bdffc02ed31ebb48a43216f284c21d4)
[npm.community#1742](https://npm.community/t/npm-audit-making-non-rfc-compliant-requests-to-server-resulting-in-400-bad-request-pr-with-fix/1742)
Set lowercase headers for npm audit requests.
([@&#8203;maartenba](https://github.com/maartenba))
-
[`a34246baf`](https://github.com/npm/cli/commit/a34246bafe73218dc9e3090df9ee800451db2c7d)
[#&#8203;75](https://github.com/npm/cli/pull/75) Fix `npm edit`
handling of scoped packages.
([@&#8203;larsgw](https://github.com/larsgw))\*
[`d3e8a7c72`](https://github.com/npm/cli/commit/d3e8a7c7240dd25379a5bcad324a367c58733c73)
[npm.community#2303](https://npm.community/t/npm-ci-logs-success-to-stderr/2303)
Make summary output for `npm ci` go to `stdout`, not `stderr`.
([@&#8203;alopezsanchez](https://github.com/alopezsanchez))
-
[`71d8fb4a9`](https://github.com/npm/cli/commit/71d8fb4a94d65e1855f6d0c5f2ad2b7c3202e3c4)
[npm.community#1377](https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3)
Close the file descriptor during publish if exiting upload via an error.
This will prevent strange error messages when the upload fails and make
sure
cleanup happens correctly.
([@&#8203;macdja38](https://github.com/macdja38))

##### DOCS UPDATES

-
[`b1a8729c8`](https://github.com/npm/cli/commit/b1a8729c80175243fbbeecd164e9ddd378a09a50)
[#&#8203;60](https://github.com/npm/cli/pull/60) Mention --otp flag
when prompting for OTP. ([@&#8203;bakkot](https://github.com/bakkot))
-
[`bcae4ea81`](https://github.com/npm/cli/commit/bcae4ea8173e489a76cc226bbd30dd9eabe21ec6)
[#&#8203;64](https://github.com/npm/cli/pull/64) Clarify that git
dependencies use the default branch, not just `master`.
([@&#8203;zckrs](https://github.com/zckrs))
-
[`15da82690`](https://github.com/npm/cli/commit/15da8269032bf509ade3252978e934f2a61d4499)
[#&#8203;72](https://github.com/npm/cli/pull/72) `bash_completion.d`
dir is sometimes found in `/etc` not `/usr/local`.
([@&#8203;RobertKielty](https://github.com/RobertKielty))
-
[`8a6ecc793`](https://github.com/npm/cli/commit/8a6ecc7936dae2f51638397ff5a1d35cccda5495)
[#&#8203;74](https://github.com/npm/cli/pull/74) Update OTP
documentation for `dist-tag add` to clarify `--otp` is needed right now.
([@&#8203;scotttrinh](https://github.com/scotttrinh))
-
[`dcc03ec85`](https://github.com/npm/cli/commit/dcc03ec858bddd7aa2173b5a86b55c1c2385a2a3)
[#&#8203;82](https://github.com/npm/cli/pull/82) Note that `prepare`
runs when installing git dependencies.
([@&#8203;seishun](https://github.com/seishun))
-
[`a91a470b7`](https://github.com/npm/cli/commit/a91a470b71e08ccf6a75d4fb8c9937789fa8d067)
[#&#8203;83](https://github.com/npm/cli/pull/83) Specify that
--dry-run isn't available in older versions of npm publish.
([@&#8203;kjin](https://github.com/kjin))
-
[`1b2fabcce`](https://github.com/npm/cli/commit/1b2fabccede37242233755961434c52536224de5)
[#&#8203;96](https://github.com/npm/cli/pull/96) Fix inline code tag
issue in docs. ([@&#8203;midare](https://github.com/midare))
-
[`6cc70cc19`](https://github.com/npm/cli/commit/6cc70cc1977e58a3e1ea48e660ffc6b46b390e59)
[#&#8203;68](https://github.com/npm/cli/pull/68) Add semver link and a
note on empty string format to `deprecate` doc.
([@&#8203;neverett](https://github.com/neverett))
-
[`61dbbb7c3`](https://github.com/npm/cli/commit/61dbbb7c3474834031bce88c423850047e8131dc)
Fix semver docs after version update.
([@&#8203;zkat](https://github.com/zkat))
-
[`4acd45a3d`](https://github.com/npm/cli/commit/4acd45a3d0ce92f9999446226fe7dfb89a90ba2e)
[#&#8203;78](https://github.com/npm/cli/pull/78) Correct spelling
across various docs. ([@&#8203;hugovk](https://github.com/hugovk))

##### DEPENDENCIES

-
[`4f761283e`](https://github.com/npm/cli/commit/4f761283e8896d0ceb5934779005646463a030e8)
`figgy-pudding@3.5.1` ([@&#8203;zkat](https://github.com/zkat))
-
[`3706db0bc`](https://github.com/npm/cli/commit/3706db0bcbc306d167bb902362e7f6962f2fe1a1)
[npm.community#1764](https://npm.community/t/crash-invalid-config-key-requested-error/1764)
`ssri@6.0.1` ([@&#8203;zkat](https://github.com/zkat))
-
[`83c2b117d`](https://github.com/npm/cli/commit/83c2b117d0b760d0ea8d667e5e4bdfa6a7a7a8f6)
`bluebird@3.5.2`
([@&#8203;petkaantonov](https://github.com/petkaantonov))
-
[`2702f46bd`](https://github.com/npm/cli/commit/2702f46bd7284fb303ca2119d23c52536811d705)
`ci-info@1.5.1` ([@&#8203;watson](https://github.com/watson))
-
[`4db6c3898`](https://github.com/npm/cli/commit/4db6c3898b07100e3a324e4aae50c2fab4b93a04)
`config-chain@1.1.1`:2 ([@&#8203;dawsbot](https://github.com/dawbot))
-
[`70bee4f69`](https://github.com/npm/cli/commit/70bee4f69bb4ce4e18c48582fe2b48d8b4aba566)
`glob@7.1.3` ([@&#8203;isaacs](https://github.com/isaacs))
-
[`e469fd6be`](https://github.com/npm/cli/commit/e469fd6be95333dcaa7cf377ca3620994ca8d0de)
`opener@1.5.1`: Fix browser opening under Windows Subsystem for Linux
(WSL). ([@&#8203;thijsputman](https://github.com/thijsputman))
-
[`03840dced`](https://github.com/npm/cli/commit/03840dced865abdca6e6449ea030962e5b19db0c)
    `semver@5.5.1`  ([@&#8203;iarna](https://github.com/iarna))
-
[`161dc0b41`](https://github.com/npm/cli/commit/161dc0b4177e76306a0e3b8660b3b496cc3db83b)
`bluebird@3.5.3`
([@&#8203;petkaantonov](https://github.com/petkaantonov))
-
[`bb6f94395`](https://github.com/npm/cli/commit/bb6f94395491576ec42996ff6665df225f6b4377)
`graceful-fs@4.1.1`:5 ([@&#8203;isaacs](https://github.com/isaacs))
-
[`43b1f4c91`](https://github.com/npm/cli/commit/43b1f4c91fa1d7b3ebb6aa2d960085e5f3ac7607)
`tar@4.4.8` ([@&#8203;isaacs](https://github.com/isaacs))
-
[`ab62afcc4`](https://github.com/npm/cli/commit/ab62afcc472de82c479bf91f560a0bbd6a233c80)
`npm-packlist@1.1.1`:2 ([@&#8203;isaacs](https://github.com/isaacs))
-
[`027f06be3`](https://github.com/npm/cli/commit/027f06be35bb09f390e46fcd2b8182539939d1f7)
`ci-info@1.6.0` ([@&#8203;watson](https://github.com/watson))

##### MISCELLANEOUS

-
[`27217dae8`](https://github.com/npm/cli/commit/27217dae8adbc577ee9cb323b7cfe9c6b2493aca)
[#&#8203;70](https://github.com/npm/cli/pull/70) Automatically audit
dependency licenses for npm itself.
([@&#8203;kemitchell](https://github.com/kemitchell))

### [`v6.4.0`](https://github.com/npm/cli/releases/tag/v6.4.0)

[Compare Source](https://github.com/npm/cli/compare/v6.3.0...v6.4.0)

##### NEW FEATURES

-
[`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7)
[npm/cli#8](https://github.com/npm/cli/pull/8) Search for
authentication token defined by environment variables by preventing the
translation layer from env variable to npm option from breaking
`:_authToken`. ([@&#8203;mkhl](https://github.com/mkhl))
-
[`84bfd23e7`](https://github.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022)
[npm/cli#35](https://github.com/npm/cli/pull/35) Stop filtering out
non-IPv4 addresses from `local-addrs`, making npm actually use IPv6
addresses when it must.
([@&#8203;valentin2105](https://github.com/valentin2105))
-
[`792c8c709`](https://github.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd)
[npm/cli#31](https://github.com/npm/cli/pull/31) configurable audit
level for non-zero exit `npm audit` currently exits with exit code 1 if
any vulnerabilities are found of any level. Add a flag of
`--audit-level` to `npm audit` to allow it to pass if only
vulnerabilities below a certain level are found. Example: `npm audit
--audit-level=high` will exit with 0 if only low or moderate level vulns
are detected. ([@&#8203;lennym](https://github.com/lennym))

##### BUGFIXES

-
[`d81146181`](https://github.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c)
[npm/cli#32](https://github.com/npm/cli/pull/32) Don't check for
updates to npm when we are updating npm itself.
([@&#8203;olore](https://github.com/olore))

##### DEPENDENCY UPDATES

A very special dependency update event! Since the [release of
`node-gyp@3.8.0`](https://github.com/nodejs/node-gyp/pull/1521), an
awkward version conflict that was preventing `request` from begin
flattened was resolved. This means two things:

1.  We've cut down the npm tarball size by another 200kb, to 4.6MB
2.  `npm audit` now shows no vulnerabilities for npm itself!

Thanks, [@&#8203;rvagg](https://github.com/rvagg)!

-
[`866d776c2`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6)
`request@2.87.0` ([@&#8203;simov](https://github.com/simov))
-
[`f861c2b57`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f)
`node-gyp@3.8.0` ([@&#8203;rvagg](https://github.com/rvagg))
-
[`32e6947c6`](https://github.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9)
[npm/cli#39](https://github.com/npm/cli/pull/39) `colors@1.1.2`:
REVERT REVERT, newer versions of this library are broken and print ansi
codes even when disabled. ([@&#8203;iarna](https://github.com/iarna))
-
[`beb96b92c`](https://github.com/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335)
`libcipm@2.0.1` ([@&#8203;zkat](https://github.com/zkat))
-
[`348fc91ad`](https://github.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1)
`validate-npm-package-license@3.0.4`: Fixes errors with empty or
string-only license fields.
([@&#8203;Gudahtt](https://github.com/Gudahtt))
-
[`e57d34575`](https://github.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550)
`iferr@1.0.2` ([@&#8203;shesek](https://github.com/shesek))
-
[`46f1c6ad4`](https://github.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c)
`tar@4.4.6` ([@&#8203;isaacs](https://github.com/isaacs))
-
[`50df1bf69`](https://github.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561)
`hosted-git-info@2.7.1` ([@&#8203;iarna](https://github.com/iarna))
([@&#8203;Erveon](https://github.com/Erveon))
([@&#8203;huochunpeng](https://github.com/huochunpeng))

##### DOCUMENTATION

-
[`af98e76ed`](https://github.com/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a)
[npm/cli#34](https://github.com/npm/cli/pull/34) Remove `npm publish`
from list of commands not affected by `--dry-run`.
([@&#8203;joebowbeer](https://github.com/joebowbeer))
-
[`e2b0f0921`](https://github.com/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce)
[npm/cli#36](https://github.com/npm/cli/pull/36) Tweak formatting in
repository field examples.
([@&#8203;noahbenham](https://github.com/noahbenham))
-
[`e2346e770`](https://github.com/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a)
[npm/cli#14](https://github.com/npm/cli/pull/14) Used `process.env`
examples to make accessing certain `npm run-scripts` environment
variables more clear. ([@&#8203;mwarger](https://github.com/mwarger))

###
[`v6.3.0`](https://github.com/npm/cli/blob/HEAD/workspaces/arborist/CHANGELOG.md#630-2023-07-05)

##### Features

-
[`67459e7`](https://github.com/npm/cli/commit/67459e7b56a5e8d2b4f8eb3a0487183013c63b99)
[#&#8203;6626](https://github.com/npm/cli/pull/6626) add `pkg fix`
subcommand ([@&#8203;wraithgar](https://github.com/wraithgar))

##### Bug Fixes

-
[`c61e037`](https://github.com/npm/cli/commit/c61e0376408240590bfc712fe9fdadd7dc9a48bc)
[#&#8203;6626](https://github.com/npm/cli/pull/6626) use new
load/create syntax for package-json
([@&#8203;wraithgar](https://github.com/wraithgar))

##### Dependencies

-
[`b252164`](https://github.com/npm/cli/commit/b252164dd5c866bf2d25c96836ad829d4d6909ee)
[#&#8203;6626](https://github.com/npm/cli/pull/6626)
`@npmcli/package-json@4.0.0`

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/redwoodjs/redwood).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
jtoar pushed a commit to redwoodjs/redwood that referenced this pull request Nov 17, 2023
@renovate @jtoar
chore(deps): update dependency @npmcli/arborist to v6.5.0 (#9517)
4dd7bf2 
[![Mend Renovate logo
banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@npmcli/arborist](https://github.com/npm/cli) | [`6.2.10` ->
`6.5.0`](https://renovatebot.com/diffs/npm/@npmcli%2farborist/6.2.10/6.5.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@npmcli%2farborist/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@npmcli%2farborist/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@npmcli%2farborist/6.2.10/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@npmcli%2farborist/6.2.10/6.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>npm/cli (@&#8203;npmcli/arborist)</summary>

### [`v6.5.0`](https://github.com/npm/cli/releases/tag/v6.5.0)

[Compare Source](https://github.com/npm/cli/compare/v6.4.0...v6.5.0)

##### NEW FEATURES

-
[`fc1a8d185`](https://github.com/npm/cli/commit/fc1a8d185fc678cdf3784d9df9eef9094e0b2dec)
Backronym `npm ci` to `npm clean-install`.
([@&#8203;zkat](https://github.com/zkat))
-
[`4be51a9cc`](https://github.com/npm/cli/commit/4be51a9cc65635bb26fa4ce62233f26e0104bc20)
[#&#8203;81](https://github.com/npm/cli/pull/81) Adds 'Homepage' to
outdated --long output.
([@&#8203;jbottigliero](https://github.com/jbottigliero))

##### BUGFIXES

-
[`89652cb9b`](https://github.com/npm/cli/commit/89652cb9b810f929f5586fc90cc6794d076603fb)
[npm.community#1661](https://npm.community/t/https://npm.community/t/1661)
Fix sign-git-commit options. They were previously totally wrong.
([@&#8203;zkat](https://github.com/zkat))
-
[`414f2d1a1`](https://github.com/npm/cli/commit/414f2d1a1bdffc02ed31ebb48a43216f284c21d4)
[npm.community#1742](https://npm.community/t/npm-audit-making-non-rfc-compliant-requests-to-server-resulting-in-400-bad-request-pr-with-fix/1742)
Set lowercase headers for npm audit requests.
([@&#8203;maartenba](https://github.com/maartenba))
-
[`a34246baf`](https://github.com/npm/cli/commit/a34246bafe73218dc9e3090df9ee800451db2c7d)
[#&#8203;75](https://github.com/npm/cli/pull/75) Fix `npm edit`
handling of scoped packages.
([@&#8203;larsgw](https://github.com/larsgw))\*
[`d3e8a7c72`](https://github.com/npm/cli/commit/d3e8a7c7240dd25379a5bcad324a367c58733c73)
[npm.community#2303](https://npm.community/t/npm-ci-logs-success-to-stderr/2303)
Make summary output for `npm ci` go to `stdout`, not `stderr`.
([@&#8203;alopezsanchez](https://github.com/alopezsanchez))
-
[`71d8fb4a9`](https://github.com/npm/cli/commit/71d8fb4a94d65e1855f6d0c5f2ad2b7c3202e3c4)
[npm.community#1377](https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3)
Close the file descriptor during publish if exiting upload via an error.
This will prevent strange error messages when the upload fails and make
sure
cleanup happens correctly.
([@&#8203;macdja38](https://github.com/macdja38))

##### DOCS UPDATES

-
[`b1a8729c8`](https://github.com/npm/cli/commit/b1a8729c80175243fbbeecd164e9ddd378a09a50)
[#&#8203;60](https://github.com/npm/cli/pull/60) Mention --otp flag
when prompting for OTP. ([@&#8203;bakkot](https://github.com/bakkot))
-
[`bcae4ea81`](https://github.com/npm/cli/commit/bcae4ea8173e489a76cc226bbd30dd9eabe21ec6)
[#&#8203;64](https://github.com/npm/cli/pull/64) Clarify that git
dependencies use the default branch, not just `master`.
([@&#8203;zckrs](https://github.com/zckrs))
-
[`15da82690`](https://github.com/npm/cli/commit/15da8269032bf509ade3252978e934f2a61d4499)
[#&#8203;72](https://github.com/npm/cli/pull/72) `bash_completion.d`
dir is sometimes found in `/etc` not `/usr/local`.
([@&#8203;RobertKielty](https://github.com/RobertKielty))
-
[`8a6ecc793`](https://github.com/npm/cli/commit/8a6ecc7936dae2f51638397ff5a1d35cccda5495)
[#&#8203;74](https://github.com/npm/cli/pull/74) Update OTP
documentation for `dist-tag add` to clarify `--otp` is needed right now.
([@&#8203;scotttrinh](https://github.com/scotttrinh))
-
[`dcc03ec85`](https://github.com/npm/cli/commit/dcc03ec858bddd7aa2173b5a86b55c1c2385a2a3)
[#&#8203;82](https://github.com/npm/cli/pull/82) Note that `prepare`
runs when installing git dependencies.
([@&#8203;seishun](https://github.com/seishun))
-
[`a91a470b7`](https://github.com/npm/cli/commit/a91a470b71e08ccf6a75d4fb8c9937789fa8d067)
[#&#8203;83](https://github.com/npm/cli/pull/83) Specify that
--dry-run isn't available in older versions of npm publish.
([@&#8203;kjin](https://github.com/kjin))
-
[`1b2fabcce`](https://github.com/npm/cli/commit/1b2fabccede37242233755961434c52536224de5)
[#&#8203;96](https://github.com/npm/cli/pull/96) Fix inline code tag
issue in docs. ([@&#8203;midare](https://github.com/midare))
-
[`6cc70cc19`](https://github.com/npm/cli/commit/6cc70cc1977e58a3e1ea48e660ffc6b46b390e59)
[#&#8203;68](https://github.com/npm/cli/pull/68) Add semver link and a
note on empty string format to `deprecate` doc.
([@&#8203;neverett](https://github.com/neverett))
-
[`61dbbb7c3`](https://github.com/npm/cli/commit/61dbbb7c3474834031bce88c423850047e8131dc)
Fix semver docs after version update.
([@&#8203;zkat](https://github.com/zkat))
-
[`4acd45a3d`](https://github.com/npm/cli/commit/4acd45a3d0ce92f9999446226fe7dfb89a90ba2e)
[#&#8203;78](https://github.com/npm/cli/pull/78) Correct spelling
across various docs. ([@&#8203;hugovk](https://github.com/hugovk))

##### DEPENDENCIES

-
[`4f761283e`](https://github.com/npm/cli/commit/4f761283e8896d0ceb5934779005646463a030e8)
`figgy-pudding@3.5.1` ([@&#8203;zkat](https://github.com/zkat))
-
[`3706db0bc`](https://github.com/npm/cli/commit/3706db0bcbc306d167bb902362e7f6962f2fe1a1)
[npm.community#1764](https://npm.community/t/crash-invalid-config-key-requested-error/1764)
`ssri@6.0.1` ([@&#8203;zkat](https://github.com/zkat))
-
[`83c2b117d`](https://github.com/npm/cli/commit/83c2b117d0b760d0ea8d667e5e4bdfa6a7a7a8f6)
`bluebird@3.5.2`
([@&#8203;petkaantonov](https://github.com/petkaantonov))
-
[`2702f46bd`](https://github.com/npm/cli/commit/2702f46bd7284fb303ca2119d23c52536811d705)
`ci-info@1.5.1` ([@&#8203;watson](https://github.com/watson))
-
[`4db6c3898`](https://github.com/npm/cli/commit/4db6c3898b07100e3a324e4aae50c2fab4b93a04)
`config-chain@1.1.1`:2 ([@&#8203;dawsbot](https://github.com/dawbot))
-
[`70bee4f69`](https://github.com/npm/cli/commit/70bee4f69bb4ce4e18c48582fe2b48d8b4aba566)
`glob@7.1.3` ([@&#8203;isaacs](https://github.com/isaacs))
-
[`e469fd6be`](https://github.com/npm/cli/commit/e469fd6be95333dcaa7cf377ca3620994ca8d0de)
`opener@1.5.1`: Fix browser opening under Windows Subsystem for Linux
(WSL). ([@&#8203;thijsputman](https://github.com/thijsputman))
-
[`03840dced`](https://github.com/npm/cli/commit/03840dced865abdca6e6449ea030962e5b19db0c)
    `semver@5.5.1`  ([@&#8203;iarna](https://github.com/iarna))
-
[`161dc0b41`](https://github.com/npm/cli/commit/161dc0b4177e76306a0e3b8660b3b496cc3db83b)
`bluebird@3.5.3`
([@&#8203;petkaantonov](https://github.com/petkaantonov))
-
[`bb6f94395`](https://github.com/npm/cli/commit/bb6f94395491576ec42996ff6665df225f6b4377)
`graceful-fs@4.1.1`:5 ([@&#8203;isaacs](https://github.com/isaacs))
-
[`43b1f4c91`](https://github.com/npm/cli/commit/43b1f4c91fa1d7b3ebb6aa2d960085e5f3ac7607)
`tar@4.4.8` ([@&#8203;isaacs](https://github.com/isaacs))
-
[`ab62afcc4`](https://github.com/npm/cli/commit/ab62afcc472de82c479bf91f560a0bbd6a233c80)
`npm-packlist@1.1.1`:2 ([@&#8203;isaacs](https://github.com/isaacs))
-
[`027f06be3`](https://github.com/npm/cli/commit/027f06be35bb09f390e46fcd2b8182539939d1f7)
`ci-info@1.6.0` ([@&#8203;watson](https://github.com/watson))

##### MISCELLANEOUS

-
[`27217dae8`](https://github.com/npm/cli/commit/27217dae8adbc577ee9cb323b7cfe9c6b2493aca)
[#&#8203;70](https://github.com/npm/cli/pull/70) Automatically audit
dependency licenses for npm itself.
([@&#8203;kemitchell](https://github.com/kemitchell))

### [`v6.4.0`](https://github.com/npm/cli/releases/tag/v6.4.0)

[Compare Source](https://github.com/npm/cli/compare/v6.3.0...v6.4.0)

##### NEW FEATURES

-
[`6e9f04b0b`](https://github.com/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7)
[npm/cli#8](https://github.com/npm/cli/pull/8) Search for
authentication token defined by environment variables by preventing the
translation layer from env variable to npm option from breaking
`:_authToken`. ([@&#8203;mkhl](https://github.com/mkhl))
-
[`84bfd23e7`](https://github.com/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022)
[npm/cli#35](https://github.com/npm/cli/pull/35) Stop filtering out
non-IPv4 addresses from `local-addrs`, making npm actually use IPv6
addresses when it must.
([@&#8203;valentin2105](https://github.com/valentin2105))
-
[`792c8c709`](https://github.com/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd)
[npm/cli#31](https://github.com/npm/cli/pull/31) configurable audit
level for non-zero exit `npm audit` currently exits with exit code 1 if
any vulnerabilities are found of any level. Add a flag of
`--audit-level` to `npm audit` to allow it to pass if only
vulnerabilities below a certain level are found. Example: `npm audit
--audit-level=high` will exit with 0 if only low or moderate level vulns
are detected. ([@&#8203;lennym](https://github.com/lennym))

##### BUGFIXES

-
[`d81146181`](https://github.com/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c)
[npm/cli#32](https://github.com/npm/cli/pull/32) Don't check for
updates to npm when we are updating npm itself.
([@&#8203;olore](https://github.com/olore))

##### DEPENDENCY UPDATES

A very special dependency update event! Since the [release of
`node-gyp@3.8.0`](https://github.com/nodejs/node-gyp/pull/1521), an
awkward version conflict that was preventing `request` from begin
flattened was resolved. This means two things:

1.  We've cut down the npm tarball size by another 200kb, to 4.6MB
2.  `npm audit` now shows no vulnerabilities for npm itself!

Thanks, [@&#8203;rvagg](https://github.com/rvagg)!

-
[`866d776c2`](https://github.com/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6)
`request@2.87.0` ([@&#8203;simov](https://github.com/simov))
-
[`f861c2b57`](https://github.com/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f)
`node-gyp@3.8.0` ([@&#8203;rvagg](https://github.com/rvagg))
-
[`32e6947c6`](https://github.com/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9)
[npm/cli#39](https://github.com/npm/cli/pull/39) `colors@1.1.2`:
REVERT REVERT, newer versions of this library are broken and print ansi
codes even when disabled. ([@&#8203;iarna](https://github.com/iarna))
-
[`beb96b92c`](https://github.com/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335)
`libcipm@2.0.1` ([@&#8203;zkat](https://github.com/zkat))
-
[`348fc91ad`](https://github.com/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1)
`validate-npm-package-license@3.0.4`: Fixes errors with empty or
string-only license fields.
([@&#8203;Gudahtt](https://github.com/Gudahtt))
-
[`e57d34575`](https://github.com/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550)
`iferr@1.0.2` ([@&#8203;shesek](https://github.com/shesek))
-
[`46f1c6ad4`](https://github.com/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c)
`tar@4.4.6` ([@&#8203;isaacs](https://github.com/isaacs))
-
[`50df1bf69`](https://github.com/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561)
`hosted-git-info@2.7.1` ([@&#8203;iarna](https://github.com/iarna))
([@&#8203;Erveon](https://github.com/Erveon))
([@&#8203;huochunpeng](https://github.com/huochunpeng))

##### DOCUMENTATION

-
[`af98e76ed`](https://github.com/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a)
[npm/cli#34](https://github.com/npm/cli/pull/34) Remove `npm publish`
from list of commands not affected by `--dry-run`.
([@&#8203;joebowbeer](https://github.com/joebowbeer))
-
[`e2b0f0921`](https://github.com/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce)
[npm/cli#36](https://github.com/npm/cli/pull/36) Tweak formatting in
repository field examples.
([@&#8203;noahbenham](https://github.com/noahbenham))
-
[`e2346e770`](https://github.com/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a)
[npm/cli#14](https://github.com/npm/cli/pull/14) Used `process.env`
examples to make accessing certain `npm run-scripts` environment
variables more clear. ([@&#8203;mwarger](https://github.com/mwarger))

###
[`v6.3.0`](https://github.com/npm/cli/blob/HEAD/workspaces/arborist/CHANGELOG.md#630-2023-07-05)

##### Features

-
[`67459e7`](https://github.com/npm/cli/commit/67459e7b56a5e8d2b4f8eb3a0487183013c63b99)
[#&#8203;6626](https://github.com/npm/cli/pull/6626) add `pkg fix`
subcommand ([@&#8203;wraithgar](https://github.com/wraithgar))

##### Bug Fixes

-
[`c61e037`](https://github.com/npm/cli/commit/c61e0376408240590bfc712fe9fdadd7dc9a48bc)
[#&#8203;6626](https://github.com/npm/cli/pull/6626) use new
load/create syntax for package-json
([@&#8203;wraithgar](https://github.com/wraithgar))

##### Dependencies

-
[`b252164`](https://github.com/npm/cli/commit/b252164dd5c866bf2d25c96836ad829d4d6909ee)
[#&#8203;6626](https://github.com/npm/cli/pull/6626)
`@npmcli/package-json@4.0.0`

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/redwoodjs/redwood).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
antongolub pushed a commit to antongolub-forks/npm-cli that referenced this pull request May 18, 2024
@wraithgar
deps: write-file-atomic@4.0.0 (npm#32)
788d0ee
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zkat zkat zkat approved these changes

Assignees
No one assigned
Labels
semver:patch semver patch level for changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@olore @zkat @iarna