chore(deps): update dependency pacote to v20 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pacote	^13.0.0 -> ^20.0.0

---

Release Notes

npm/pacote (pacote)

v20.0.0

Compare Source

⚠️ BREAKING CHANGES

• honors ignoreScripts property within options

Bug Fixes

• f27af63 #​407 honors ignoreScripts option to prevent prepare lifecycle script (@​reggi)

v19.0.1

Compare Source

Bug Fixes

• cbf94e8 #​389 prepare script respects scriptshell config (#​389) (@​milaninfy)
• 2b2948f #​403 log tarball retrieval from cache (#​403) (@​mbtools, @​wraithgar)

Dependencies

• a9fc4d1 #​405 bump sigstore from 2.2.0 to 3.0.0 (#​405) (@​bdehamer)

v19.0.0

Compare Source

⚠️ BREAKING CHANGES

• pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 03b31ca #​392 align to npm 10 node engine range (@​reggi)

Dependencies

• f055f71 #​395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#​395) (@​dependabot[bot])
• 932b9ab #​396 bump @​npmcli/package-json from 5.2.1 to 6.0.0 (#​396) (@​dependabot[bot])
• a1621f9 #​397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#​397) (@​dependabot[bot])
• c776199 #​398 bump cacache from 18.0.4 to 19.0.0 (#​398) (@​dependabot[bot])
• 6d59022 #​399 bump @​npmcli/git from 5.0.8 to 6.0.0 (#​399)
• 21ea2d4 #​400 bump @​npmcli/run-script from 8.1.0 to 9.0.0 (#​400)
• eddbc01 #​392 ssri@12.0.0
• 6c672e9 #​392 proc-log@5.0.0
• 03ba2a2 #​392 npm-packlist@9.0.0
• 2710286 #​392 npm-package-arg@12.0.0
• aa0bd4a #​392 @npmcli/promise-spawn@8.0.0
• df23343 #​392 @npmcli/installed-package-contents@3.0.0

Chores

• e4ed5cd #​392 bump hosted-git-info ^7.0.0 to ^8.0.0 (@​reggi)
• 2871f56 #​392 run template-oss-apply (@​reggi)
• 39643f1 #​382 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 7e33c82 #​383 postinstall for dependabot template-oss PR (@​hashtagchris)
• e4e07bf #​383 bump @​npmcli/template-oss from 4.23.1 to 4.23.3 (@​dependabot[bot])

v18.0.6

Compare Source

Bug Fixes

• 79441a5 #​371 clean up requires (#​371) (@​wraithgar)
• b19aacb #​369 isolate full and corgi packuments in packumentCache (#​369) (@​wraithgar)

v18.0.5

Compare Source

Bug Fixes

• 5e75582 #​368 dont set _contentLength if not in headers (#​368) (@​lukekarrys)
• 1b6950b #​365 move bin to its own directory (@​lukekarrys)
• 1b6950b #​365 refactor: symbol cleanup (#​365) (@​lukekarrys)

v18.0.4

Compare Source

Bug Fixes

• 5fd2c80 #​363 linting: no-unused-vars (@​lukekarrys)

Chores

• d867639 #​363 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• a235f37 #​363 postinstall for dependabot template-oss PR (@​lukekarrys)

v18.0.3

Compare Source

Dependencies

• 5ecce7a #​360 npm-registry-fetch@17.0.0 (#​360)

v18.0.2

Compare Source

Bug Fixes

• 116b277 #​358 don't strip underscore attributes in .manifest() (#​358) (@​wraithgar)

v18.0.1

Compare Source

Bug Fixes

• b547e0d #​356 use @​npmcli/package-json (#​356) (@​lukekarrys)

v18.0.0

Compare Source

⚠️ BREAKING CHANGES

• The silent option was used to control whether @npmcli/run-script would write a banner via console.log. Now ouput will be emitted via an process.emit('output').

Features

• 0c04569 #​352 remove silent option (@​lukekarrys)

Dependencies

• cb3abc2 #​352 bump @​npmcli/run-script from 7.0.4 to 8.0.0 (@​dependabot[bot])

Chores

• 7089bb1 #​355 postinstall for dependabot template-oss PR (@​lukekarrys)
• 4952672 #​355 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

v17.0.7

Compare Source

Dependencies

• e07c3e5 #​350 proc-log@4.0.0 (#​350)

v17.0.6

Compare Source

Dependencies

• 0a5920f #​343 bump sigstore from 2.0.0 to 2.2.0 (#​343) (@​bdehamer)

Chores

• 6fd23ad #​342 postinstall for dependabot template-oss PR (@​lukekarrys)
• c3b398a #​342 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• 4557919 #​337 postinstall for dependabot template-oss PR (@​lukekarrys)
• c7e293c #​337 bump @​npmcli/template-oss from 4.19.0 to 4.21.1 (@​dependabot[bot])

v17.0.5

Compare Source

Bug Fixes

• 0c96b9e #​338 bug to support rotated keys in signature/attestation audit (#​338) (@​feelepxyz)

v17.0.4

Compare Source

Dependencies

• ba8f790 #​309 bump @​npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae #​308 bump @​npmcli/run-script from 6.0.2 to 7.0.0

v17.0.3

Compare Source

Dependencies

• ace7c28 #​305 bump npm-packlist from 7.0.4 to 8.0.0

v17.0.2

Compare Source

Dependencies

• c3b892d #​303 bump sigstore from 1.3.0 to 2.0.0

v17.0.1

Compare Source

Dependencies

• 6ddae13 #​302 bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 #​300 bump npm-pick-manifest from 8.0.2 to 9.0.0

v17.0.0

Compare Source

⚠️ BREAKING CHANGES

• support for node <=16.13 has been removed

Bug Fixes

• 2db2fb5 #​296 drop node 16.13.x support (@​lukekarrys)

Dependencies

• e9e964b #​299 bump read-package-json from 6.0.4 to 7.0.0
• 5d26500 #​298 bump npm-package-arg from 10.1.0 to 11.0.0
• d13bb9c #​294 bump @​npmcli/git from 4.1.0 to 5.0.0
• 7a25e39 #​293 bump cacache from 17.1.4 to 18.0.0

v16.0.0

Compare Source

⚠️ BREAKING CHANGES

• the underlying fetch module now uses @npmcli/agent. Backwards compatibility should be fully implemented but due to the scope of this change it was made a breaking change out of an abundance of caution.
• support for node 14 has been removed

Bug Fixes

• 73b6297 #​290 drop node14 support (#​290) (@​wraithgar)

Dependencies

• 8dc6a32 bump minipass from 5.0.0 to 7.0.2
• 7cebf19 bump npm-registry-fetch from 14.0.5 to 15.0.0

v15.2.0

Compare Source

Features

• 3307ad9 #​278 configurable TUF cache dir (#​278) (@​bdehamer)

v15.1.3

Compare Source

Dependencies

• c99db13 #​271 bump minipass from 4.2.7 to 5.0.0 (#​271)

v15.1.2

Compare Source

Documentation

• 43363dd #​266 update dist details (#​266) (@​wraithgar)

Dependencies

• d5cb3df #​276 sigstore@1.3.0 (#​276)
• c231986 #​267 sigstore@^1.1.0

v15.1.1

Compare Source

Bug Fixes

• 8f4e39c #​261 always ignore ownership from tar headers (#​261) (@​nlf)

v15.1.0

Compare Source

Features

• 2916b72 #​259 verifyAttestations to registry.manifest (@​feelepxyz, @​bdehamer)

Dependencies

• f0bd19b add sigstore 1.0.0

v15.0.8

Compare Source

Dependencies

• 40aa6fe #​253 bump fs-minipass from 2.1.0 to 3.0.0

v15.0.7

Compare Source

Dependencies

• a734d61 #​250 bump minipass from 3.3.6 to 4.0.0

v15.0.6

Compare Source

Dependencies

• dbbda43 #​246 @npmcli/run-script@6.0.0

v15.0.5

Compare Source

Dependencies

• 63797a8 #​244 bump @​npmcli/promise-spawn from 5.0.0 to 6.0.1 (#​244)

v15.0.4

Compare Source

Dependencies

• 854fad1 #​239 bump @​npmcli/promise-spawn from 4.0.0 to 5.0.0 (#​239)

v15.0.3

Compare Source

Dependencies

• 2a95ddb #​235 bump @​npmcli/installed-package-contents (#​235)

v15.0.2

Compare Source

Bug Fixes

• 95f9cd5 handle new npm-package-arg semantics (@​wraithgar)

Dependencies

• 2ed4d22 npm-package-arg@10.0.0

v15.0.1

Compare Source

Dependencies

• 74821c2 #​229 bump @​npmcli/run-script from 4.2.1 to 5.0.0 (#​229)
• a9844d0 #​226 bump @​npmcli/promise-spawn from 3.0.0 to 4.0.0 (#​226)
• 1058177 #​227 bump read-package-json from 5.0.2 to 6.0.0
• 0f5ef8a #​228 bump @​npmcli/installed-package-contents from 1.0.7 to 2.0.0
• 7e3b4b5 #​220 bump ssri from 9.0.1 to 10.0.0
• 4e7536d #​222 bump @​npmcli/git from 3.0.2 to 4.0.0
• 3bc7550 #​223 bump npm-pick-manifest from 7.0.2 to 8.0.0
• 41fab27 #​224 bump proc-log from 2.0.1 to 3.0.0
• 4abf24a #​218 bump npm-registry-fetch from 13.3.1 to 14.0.0 (#​218)

v15.0.0

Compare Source

⚠️ BREAKING CHANGES

• this package no longer attempts to change file ownership automatically

Features

• 43ae022 #​216 do not alter file ownership (#​216) (@​nlf)

Dependencies

• 2ac3980 #​213 bump read-package-json-fast from 2.0.3 to 3.0.0

v14.0.0

Compare Source

Features

• ee16f1f #​207 set as release (@​fritzy)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for netlify-plugins ready!

Name	Link
🔨 Latest commit	a0ccac6
🔍 Latest deploy log	https://app.netlify.com/sites/netlify-plugins/deploys/67159f3717e0c10008a3bfcd
😎 Deploy Preview	https://deploy-preview-1372--netlify-plugins.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.