Skip to content
Permalink
Browse files

deps: upgrade npm to 6.10.0

PR-URL: #28525
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
  • Loading branch information...
isaacs authored and Trott committed Jul 3, 2019
1 parent 6df7b6a commit 1721034a40c5e7a0a334701dc36153adee3f27e5
Showing 778 changed files with 19,809 additions and 12,245 deletions.
@@ -1,7 +1,12 @@
{
"license": "(MIT OR BSD-2-Clause OR BSD-3-Clause OR Apache-2.0 OR ISC OR Unlicense OR CC-BY-3.0 OR CC0-1.0 OR Artistic-2.0)",
"licenses": {
"spdx": [
"CC-BY-3.0"
],
"blueOak": "bronze"
},
"corrections": true,
"whitelist": {
"packages": {
"config-chain": "1.1.12",
"cyclist": "0.2.2",
"json-schema": "0.2.3",
@@ -7,26 +7,24 @@ language: node_js
matrix:
include:
# LTS is our most important target
- node_js: "10"
- node_js: "12"
# DEPLOY_VERSION is used to set the couchapp setup mode for test/tap/registry.js
# only gather coverage info for LTS
env: DEPLOY_VERSION=testing COVERALLS_REPO_TOKEN="$COVERALLS_OPTIONAL_TOKEN"
script:
- "node . run tap-cover -- \"test/tap/*.js\""
- "unset COVERALLS_REPO_TOKEN ; node . run tap -- \"test/broken-under-*/*.js\""
# previous LTS is next most important
- node_js: "6"
env: DEPLOY_VERSION=testing
- node_js: "8"
env: DEPLOY_VERSION=testing
- node_js: "9"
env: DEPLOY_VERSION=testing
- node_js: "11"
- node_js: "10"
env: DEPLOY_VERSION=testing
script:
- "npx standard"
- "node . run licenses"
- "node . run tap -- \"test/tap/*.js\" \"test/broken-under-nyc/*.js\""
- node_js: "8"
env: DEPLOY_VERSION=testing
- node_js: "6"
env: DEPLOY_VERSION=testing
notifications:
slack: npm-inc:kRqQjto7YbINqHPb1X6nS3g8
cache:
@@ -630,3 +630,14 @@ Amadou Sall <ahasall.dev@gmail.com>
Chris Manson <mansona@users.noreply.github.com>
vlasy <vlasy@users.noreply.github.com>
Emilis Dambauskas (Tokenmill) <emilis.dambauskas@tokenmill.lt>
George Czabania <george@mish.guru>
Jonathan Underwood <junderwood@bitcoinbank.co.jp>
Nick Graef <nicholas.a.graef@gmail.com>
James George <jamesgeorge998001@gmail.com>
John O'Sullivan <j.osullivan42@gmail.com>
ossdev <ossdev@puresoftware.com>
Raphael Goulais <raphael.goulais@f5c.fr>
COURIER, CALEB [AG/1000] <caleb.courier@monsanto.com>
CalebCourier <caleb.courier@monsanto.com>
Florian Keller <florian.keller@wire.com>
Sreeram Jayan <sreeram.jayan@cerner.com>
@@ -1,4 +1,189 @@
## v6.9.0 (2018-02-20):
## v6.10.0 (2019-07-03):

### FEATURES

* [`87fef4e35`](https://github.com/npm/cli/commit/87fef4e35)
[#176](https://github.com/npm/cli/pull/176) fix: Always return JSON for
outdated --json ([@sreeramjayan](https://github.com/sreeramjayan))
* [`f101d44fc`](https://github.com/npm/cli/commit/f101d44fc)
[#203](https://github.com/npm/cli/pull/203) fix(unpublish): add space
after hyphen ([@ffflorian](https://github.com/ffflorian))
* [`a4475de4c`](https://github.com/npm/cli/commit/a4475de4c)
[#202](https://github.com/npm/cli/pull/202) enable production flag for
npm audit ([@CalebCourier](https://github.com/CalebCourier))
* [`d192904d0`](https://github.com/npm/cli/commit/d192904d0)
[#178](https://github.com/npm/cli/pull/178) fix: Return a value for
`view` when in silent mode
([@stayradiated](https://github.com/stayradiated))
* [`39d473adf`](https://github.com/npm/cli/commit/39d473adf)
[#185](https://github.com/npm/cli/pull/185) Allow git to follow global
tagsign config ([@junderw](https://github.com/junderw))

### BUGFIXES

* [`d9238af0b`](https://github.com/npm/cli/commit/d9238af0b)
[#201](https://github.com/npm/cli/pull/163)
[npm/npm#17858](https://github.com/npm/npm/issues/17858)
[npm/npm#18042](https://github.com/npm/npm/issues/18042)
[npm.community#644](https://npm.community/t/644) do not crash when
removing nameless packages
([@SteveVanOpstal](https://github.com/SteveVanOpstal) and
[@isaacs](https://github.com/isaacs))
* [`4bec4f111`](https://github.com/npm/cli/commit/4bec4f111)
[#200](https://github.com/npm/cli/pull/200) Check for `node` (as well as
`node.exe`) in npm's local dir on Windows
([@rgoulais](https://github.com/rgoulais))
* [`ce93dab2d`](https://github.com/npm/cli/commit/ce93dab2db423ef23b3e08a0612dafbeb2d25789)
[#180](https://github.com/npm/cli/pull/180)
[npm.community#6187](https://npm.community/t/6187) Fix handling of
`remote` deps in `npm outdated` ([@larsgw](https://github.com/larsgw))

### TESTING

* [`a823f3084`](https://github.com/npm/cli/commit/a823f3084) travis: Update
to include new v12 LTS ([@isaacs](https://github.com/isaacs))
* [`33e2d1dac`](https://github.com/npm/cli/commit/33e2d1dac) fix flaky
debug-logs test ([@isaacs](https://github.com/isaacs))
* [`e9411c6cd`](https://github.com/npm/cli/commit/e9411c6cd) Don't time out
waiting for gpg user input ([@isaacs](https://github.com/isaacs))
* [`d2d301704`](https://github.com/npm/cli/commit/d2d301704)
[#195](https://github.com/npm/cli/pull/195) Add the arm64 check for
legacy-platform-all.js test case.
([@ossdev07](https://github.com/ossdev07))
* [`a4dc34243`](https://github.com/npm/cli/commit/a4dc34243) parallel tests
([@isaacs](https://github.com/isaacs))

### DOCUMENTATION

* [`f5857e263`](https://github.com/npm/cli/commit/f5857e263)
[#192](https://github.com/npm/cli/pull/192) Clarify usage of
bundledDependencies
([@john-osullivan](https://github.com/john-osullivan))
* [`747fdaf66`](https://github.com/npm/cli/commit/747fdaf66)
[#159](https://github.com/npm/cli/pull/159) doc: add --audit-level param
([@ngraef](https://github.com/ngraef))

### DEPENDENCIES

* [`e36b3c320`](https://github.com/npm/cli/commit/e36b3c320)
graceful-fs@4.2.0 ([@isaacs](https://github.com/isaacs))
* [`6bb935c09`](https://github.com/npm/cli/commit/6bb935c09)
read-package-tree@5.3.1 ([@isaacs](https://github.com/isaacs))
* [`e9cd536`](https://github.com/npm/read-package-tree/commit/e9cd536)
Use custom caching `realpath` implementation, dramatically reducing
`lstat` calls when reading the package tree
([@isaacs](https://github.com/isaacs))
* [`39538b460`](https://github.com/npm/cli/commit/39538b460)
write-file-atomic@2.4.3 ([@isaacs](https://github.com/isaacs))
* [`f8b1552`](https://github.com/npm/write-file-atomic/commit/f8b1552)
[#38](https://github.com/npm/write-file-atomic/pull/38) Ignore errors
raised by `fs.closeSync` ([@lukeapage](https://github.com/lukeapage))
* [`042193069`](https://github.com/npm/cli/commit/042193069) pacote@9.5.1
([@isaacs](https://github.com/isaacs))
* [`8bbd051`](https://github.com/npm/pacote/commit/8bbd051)
[#172](https://github.com/zkat/pacote/pull/172) limit git retry
times, avoid unlimited retries ([小秦](https://github.com/xqin))
* [`92f5e4c`](https://github.com/npm/pacote/commit/92f5e4c)
[#170](https://github.com/zkat/pacote/pull/170) fix(errors): Fix
"TypeError: err.code.match is not a function" error
([@jviotti](https://github.com/jviotti))
* [`8bd8e909f`](https://github.com/npm/cli/commit/8bd8e909f) cacache@11.3.3
([@isaacs](https://github.com/isaacs))
* [`47de8f5`](https://github.com/npm/cacache/commit/47de8f5)
[#146](https://github.com/zkat/cacache/pull/146)
[npm.community#2395](https://npm.community/t/2395) fix(config): Add
ssri config 'error' option ([@larsgw](https://github.com/larsgw))
* [`5156561`](https://github.com/npm/cacache/commit/5156561)
fix(write): avoid a `cb never called` situation
([@zkat](https://github.com/zkat))
* [`90f40f0`](https://github.com/npm/cacache/commit/90f40f0)
[#166](https://github.com/zkat/cacache/pull/166)
[#165](https://github.com/zkat/cacache/issues/165) docs: Fix docs for
`path` property in get.info
([@hdgarrood](https://github.com/hdgarrood))
* [`bf61c45c6`](https://github.com/npm/cli/commit/bf61c45c6) bluebird@3.5.5
([@isaacs](https://github.com/isaacs))
* [`f75d46a9d`](https://github.com/npm/cli/commit/f75d46a9d) tar@4.4.10
([@isaacs](https://github.com/isaacs))
* [`c80341a`](https://github.com/npm/node-tar/commit/c80341a)
[#215](https://github.com/npm/node-tar/pull/215) Fix
encoding/decoding of base-256 numbers
([@justfalter](https://github.com/justfalter))
* [`77522f0`](https://github.com/npm/node-tar/commit/77522f0)
[#204](https://github.com/npm/node-tar/issues/204)
[#214](https://github.com/npm/node-tar/issues/214) Use `stat` instead
of `lstat` when checking CWD ([@stkb](https://github.com/stkb))
* [`ec6236210`](https://github.com/npm/cli/commit/ec6236210)
npm-packlist@1.4.4 ([@isaacs](https://github.com/isaacs))
* [`63d1e3e`](https://github.com/npm/npm-packlist/commit/63d1e3e)
[#30](https://github.com/npm/npm-packlist/issues/30) Sort package
tarball entries by file type for compression benefits
([@isaacs](https://github.com/isaacs))
* [`7fcd045`](https://github.com/npm/npm-packlist/commit/7fcd045)
Ignore `.DS_Store` files as well as folders
([@isaacs](https://github.com/isaacs))
* [`68b7c96`](https://github.com/npm/npm-packlist/commit/68b7c96) Never
include .git folders in package root. (Note: this prevents the issue
that broke the v6.9.1 release.)
([@isaacs](https://github.com/isaacs))
* [`57bef61bc`](https://github.com/npm/cli/commit/57bef61bc) update fstream
in node-gyp ([@isaacs](https://github.com/isaacs))
* Addresses [security advisory
#886](https://www.npmjs.com/advisories/886)
* [`acbbf7eee`](https://github.com/npm/cli/commit/acbbf7eee)
[#183](https://github.com/npm/cli/pull/183) licensee@7.0.2
([@kemitchell](https://github.com/kemitchell))
* [`011ae67f0`](https://github.com/npm/cli/commit/011ae67f0)
readable-stream@3.3.0 ([@isaacs](https://github.com/isaacs))
* [`f5e884909`](https://github.com/npm/cli/commit/f5e884909)
npm-registry-mock@1.2.1 ([@isaacs](https://github.com/isaacs))
* [`b57d07e35`](https://github.com/npm/cli/commit/b57d07e35)
npm-registry-couchapp@2.7.2 ([@isaacs](https://github.com/isaacs))

## v6.9.2 (2019-06-27):

This release is identical to v6.9.1, but we had to publish a new version
due to [a .git directory in the release](https://npm.community/t/8454).

## v6.9.1 (2019-06-26):

### BUGFIXES

* [`6b1a9da0e`](https://github.com/npm/cli/commit/6b1a9da0e0f5c295cdaf4dea4b73bd221d778611)
[#165](https://github.com/npm/cli/pull/165)
Update `knownBroken` version.
([@ljharb](https://github.com/ljharb))
* [`d07547154`](https://github.com/npm/cli/commit/d07547154eb8a88aa4fde8a37e128e1e3272adc1)
[npm.community#5929](https://npm.community/t/npm-outdated-throw-an-error-cannot-read-property-length-of-undefined/5929)
Fix `outdated` rendering for global dependencies.
([@zkat](https://github.com/zkat))
* [`e4a1f1745`](https://github.com/npm/cli/commit/e4a1f174514a57580fd5e0fa33eee0f42bba77fc)
[npm.community#6259](https://npm.community/t/npm-token-create-doesnt-work-in-6-6-0-6-9-0/6259)
Fix OTP for token create and remove.
([@zkat](https://github.com/zkat))

### DEPENDENCIES

* [`a163a9c35`](https://github.com/npm/cli/commit/a163a9c35f6f341de343562368056258bba5d7dc)
`sha@3.0.0`
([@aeschright](https://github.com/aeschright))
* [`47b08b3b9`](https://github.com/npm/cli/commit/47b08b3b9860438b416efb438e975a628ec2eed5)
`query-string@6.4.0`
([@aeschright](https://github.com/aeschright))
* [`d6a956cff`](https://github.com/npm/cli/commit/d6a956cff6357e6de431848e578c391768685a64)
`readable-stream@3.2.0`
([@aeschright](https://github.com/aeschright))
* [`10b8bed2b`](https://github.com/npm/cli/commit/10b8bed2bb0afac5451164e87f25924cc1ac6f2e)
`tacks@1.3.0`
([@aeschright](https://github.com/aeschright))
* [`e7483704d`](https://github.com/npm/cli/commit/e7483704dda1acffc8c6b8c165c14c8a7512f3c8)
`tap@12.6.0`
([@aeschright](https://github.com/aeschright))
* [`3242fe698`](https://github.com/npm/cli/commit/3242fe698ead46a9cda94e1a4d489cd84a85d7e3)
`tar-stream@2.0.1`
([@aeschright](https://github.com/aeschright))

## v6.9.0 (2019-02-20):

### FEATURES

@@ -8,6 +8,9 @@ case `uname` in
esac

NODE_EXE="$basedir/node.exe"
if ! [ -x "$NODE_EXE" ]; then
NODE_EXE="$basedir/node"
fi
if ! [ -x "$NODE_EXE" ]; then
NODE_EXE=node
fi
@@ -3,8 +3,10 @@ npm-audit(1) -- Run a security audit

## SYNOPSIS

npm audit [--json|--parseable]
npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]
npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
npm audit fix [--force|--package-lock-only|--dry-run]

common options: [--production] [--only=(dev|prod)]

## EXAMPLES

@@ -60,6 +62,11 @@ To parse columns, you can use for example `awk`, and just print some of them:
$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
```

Fail an audit only if the results include a vulnerability with a level of moderate or higher:
```
$ npm audit --audit-level=moderate
```

## DESCRIPTION

The audit command submits a description of the dependencies configured in
@@ -75,6 +82,12 @@ runs a full-fledged `npm install` under the hood, all configs that apply to the
installer will also apply to `npm install` -- so things like `npm audit fix
--package-lock-only` will work as expected.

By default, the audit command will exit with a non-zero code if any vulnerability
is found. It may be useful in CI environments to include the `--audit-level` parameter
to specify the minimum vulnerability level that will cause the command to fail. This
option does not filter the report output, it simply changes the command's failure
threshold.

## CONTENT SUBMITTED

* npm_version
@@ -648,7 +648,8 @@ If we define a package.json like this:
we can obtain `awesome-web-framework-1.0.0.tgz` file by running `npm pack`.
This file contains the dependencies `renderized` and `super-streams` which
can be installed in a new project by executing `npm install
awesome-web-framework-1.0.0.tgz`.
awesome-web-framework-1.0.0.tgz`. Note that the package names do not include
any versions, as that information is specified in `dependencies`.

If this is spelled `"bundleDependencies"`, then that is also honored.

@@ -118,5 +118,5 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@6.9.0</p>
<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@6.10.0</p>

@@ -93,5 +93,5 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer">npm-access &mdash; npm@6.9.0</p>
<p id="footer">npm-access &mdash; npm@6.10.0</p>

@@ -78,5 +78,5 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer">npm-adduser &mdash; npm@6.9.0</p>
<p id="footer">npm-adduser &mdash; npm@6.10.0</p>

@@ -11,8 +11,10 @@

<h1><a href="../cli/npm-audit.html">npm-audit</a></h1> <p>Run a security audit</p>
<h2 id="synopsis">SYNOPSIS</h2>
<pre><code>npm audit [--json|--parseable]
npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]</code></pre><h2 id="examples">EXAMPLES</h2>
<pre><code>npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
npm audit fix [--force|--package-lock-only|--dry-run]

common options: [--production] [--only=(dev|prod)]</code></pre><h2 id="examples">EXAMPLES</h2>
<p>Scan your project for vulnerabilities and automatically install any compatible
updates to vulnerable dependencies:</p>
<pre><code>$ npm audit fix</code></pre><p>Run <code>audit fix</code> without modifying <code>node_modules</code>, but still updating the
@@ -29,7 +31,8 @@ <h2 id="synopsis">SYNOPSIS</h2>
future reuse in scripting or command line post processing, like for example, selecting
some of the columns printed:</p>
<pre><code>$ npm audit --parseable</code></pre><p>To parse columns, you can use for example <code>awk</code>, and just print some of them:</p>
<pre><code>$ npm audit --parseable | awk -F $&#39;\t&#39; &#39;{print $1,$4}&#39;</code></pre><h2 id="description">DESCRIPTION</h2>
<pre><code>$ npm audit --parseable | awk -F $&#39;\t&#39; &#39;{print $1,$4}&#39;</code></pre><p>Fail an audit only if the results include a vulnerability with a level of moderate or higher:</p>
<pre><code>$ npm audit --audit-level=moderate</code></pre><h2 id="description">DESCRIPTION</h2>
<p>The audit command submits a description of the dependencies configured in
your project to your default registry and asks for a report of known
vulnerabilities. The report returned includes instructions on how to act on
@@ -41,6 +44,11 @@ <h2 id="synopsis">SYNOPSIS</h2>
runs a full-fledged <code>npm install</code> under the hood, all configs that apply to the
installer will also apply to <code>npm install</code> -- so things like <code>npm audit fix
--package-lock-only</code> will work as expected.</p>
<p>By default, the audit command will exit with a non-zero code if any vulnerability
is found. It may be useful in CI environments to include the <code>--audit-level</code> parameter
to specify the minimum vulnerability level that will cause the command to fail. This
option does not filter the report output, it simply changes the command&#39;s failure
threshold.</p>
<h2 id="content-submitted">CONTENT SUBMITTED</h2>
<ul>
<li>npm_version</li>
@@ -86,4 +94,4 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer">npm-audit &mdash; npm@6.9.0</p>
<p id="footer">npm-audit &mdash; npm@6.10.0</p>
@@ -34,5 +34,5 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer">npm-bin &mdash; npm@6.9.0</p>
<p id="footer">npm-bin &mdash; npm@6.10.0</p>

@@ -54,5 +54,5 @@ <h2 id="see-also">SEE ALSO</h2>
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
<tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
</table>
<p id="footer">npm-bugs &mdash; npm@6.9.0</p>
<p id="footer">npm-bugs &mdash; npm@6.10.0</p>

0 comments on commit 1721034

Please sign in to comment.
You can’t perform that action at this time.