Bump http-cache-semantics and npm in /client

[dependabot]

Removes http-cache-semantics. It's no longer used after updating ancestor dependency npm. These dependencies need to be updated together.

Removes http-cache-semantics

Updates npm from 6.13.4 to 9.6.5

Release notes

Sourced from npm's releases.

libnpmhook: v9.0.3

9.0.3 (2023-02-07)

Bug Fixes

• 12ec7ee remove unused package.json scripts (@​lukekarrys)

libnpmhook: v9.0.2

9.0.2 (2023-02-01)

Dependencies

• 721fe3f #6118 read-package-json-fast@3.0.2
• a39556f @npmcli/template-oss@4.11.3

libnpmhook: v9.0.1

9.0.1 (2022-12-07)

Dependencies

• 0a3fe00 #5933 minipass@4.0.0
• fee9b66 npm-registry-fetch@14.0.3

libnpmpublish: v7.1.3

7.1.3 (2023-03-30)

Bug Fixes

• 3cf6f0d #6287 update provenance transparency log link (#6287) (@​bdehamer)

libnpmpublish: v7.1.2

7.1.2 (2023-03-14)

Bug Fixes

• 4622b42 #6247 add provenance publish notice (#6247) (@​bdehamer)
• 17adfb7 #6228 provenance build type v2 (#6228) (@​bdehamer, @​feelepxyz)

libnpmpublish: v7.1.1

7.1.1 (2023-03-08)

Bug Fixes

• 26cbe99 #6226 improve permission error for provenance (#6226) (@​bdehamer)

libnpmpublish: v7.1.0

7.1.0 (2023-02-14)

Features

... (truncated)

Changelog

Sourced from npm's changelog.

9.6.5 (2023-04-19)

Bug Fixes

• 33dc428 #6374 account for npx package-name with no spec (@​wraithgar)
• 82879f6 #6225 lazy loading of arborist and pacote (#6225) (@​wraithgar)
• f4e73ab #6322 remove incompatible params from ci (#6322) (@​wraithgar)
• c7fe1c7 #6328 save raw data to file, not parsed data (@​wraithgar)

Documentation

• 31214a6 #6381 Update description for publish --provenance flag (#6381) (@​feelepxyz)
• 997bcdf #6329 fix npm cache folder location for windows (#6329) (@​charlie-wong)

Dependencies

• fae5e00 #6372 sigstore@1.3.0 (#6372)
• 3fa9542 #6363 semver@7.5.0
• e49844e #6363 minipass-fetch@3.0.2
• 357cc29 #6363 walk-up-path@3.0.1
• 2c80b1e #6363 ini@4.1.0
• 5933841 #6363 minipass@4.2.8
• b39d54e #6363 minimatch@7.4.6
• 201aa5a #6363 ssri@10.0.3
• acb9120 #6363 read@2.1.0
• 2472205 #6363 npm-registry-fetch@14.0.4
• 2780714 #6363 npm-install-checks@6.1.1
• b5af015 #6363 make-fetch-happen@11.1.0
• 14c498d #6363 @npmcli/metavuln-calculator@5.0.1
• Workspace: @npmcli/arborist@6.2.8
• Workspace: @npmcli/config@6.1.6
• Workspace: libnpmdiff@5.0.16
• Workspace: libnpmexec@5.0.16
• Workspace: libnpmfund@4.0.16
• Workspace: libnpmpack@5.0.16

9.6.4 (2023-04-05)

Documentation

• 54795a3 #6312 filter archives out of version manager search (#6312) (@​ljharb)
• 530c285 #6306 remove reference to npm-packlist (#6306) (@​staff0rd)

Dependencies

• 85935ac #6325 ssri@10.0.2 (#6325)
• f1388b4 #6317 npm update
• 7dd0129 #6317 glob@9.3.2
• deca335 #6317 promise-call-limit@1.0.2
• Workspace: @npmcli/arborist@6.2.7

... (truncated)

Commits

• c7f4b35 chore: release 9.6.5
• c29ac09 chore: revert update-cli-repos to manual for now (#6384)
• adddd7a chore: add script to rebuild npm-cli-repos.txt (#6383)
• f7762e5 chore: smoke test for npx caching issue
• 33dc428 fix: account for npx package-name with no spec
• 82c1582 chore: remove packages that were transferred out from our repo list (#6382)
• 31214a6 docs: Update description for publish --provenance flag (#6381)
• fae5e00 deps: sigstore@1.3.0 (#6372)
• dbe2776 chore: update release workflow to use the newly released node 20 instead of 1...
• 82879f6 fix: lazy loading of arborist and pacote (#6225)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by gar, a new releaser for npm since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.