deps: upgrade to npm 2.14.2

PR-URL: #2696
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>

deps/npm/.npmrc

@@ -1,2 +0,0 @@
save-prefix = ~
proprietary-attribs = false

deps/npm/AUTHORS

@@ -301,3 +301,10 @@ Thaddee Tyl <thaddee.tyl@gmail.com>
Steve Klabnik <steve@steveklabnik.com>
Andrew Murray <radarhere@gmail.com>
Stephan Bönnemann <stephan@excellenteasy.com>
Kyle M. Tarplee <kyle.tarplee@numerica.us>
Derek Peterson <derekpetey@gmail.com>
Greg Whiteley <greg.whiteley@atomos.com>
murgatroid99 <mlumish@google.com>
Marcin Cieslak <saper@saper.info>
João Reis <reis@janeasystems.com>
Matthew Hasbach <hasbach.git@gmail.com>

deps/npm/CHANGELOG.md

@@ -1,3 +1,277 @@
### v2.14.2 (2015-08-27):

#### GETTING THAT PESKY `preferGlobal` WARNING RIGHT

So apparently the `preferGlobal` option hasn't quite been warning correctly for
some time. But now it should be all better! tl;dr: if you try and install a
dependency with `preferGlobal: true`, and it's _not already_ in your
`package.json`, you'll get a warning that the author would really rather you
install it with `--global`. :)

* [`bbb25f3`](https://github.com/npm/npm/commit/bbb25f30d582f8979168c79233a9f8f840974f90)
  [#8841](https://github.com/npm/npm/issues/8841)
  [#9409](https://github.com/npm/npm/issues/9409) The `preferGlobal`
  warning shouldn't happen if the dependency being installed is listed in
  `devDependencies`. ([@saper](https://github.com/saper))
* [`222fcec`](https://github.com/npm/npm/commit/222fcec85ccd30d35899e5037079fb14625af4e2)
  [#9409](https://github.com/npm/npm/issues/9409) `preferGlobal` now prints a
  warning when there are no dependencies for the current package.
  ([@zkat](https://github.com/zkat))
* [`5cfed6d`](https://github.com/npm/npm/commit/5cfed6d7a1a5f2731688cfc8293b5e43a6355393)
  [#9409](https://github.com/npm/npm/issues/9409) Verify that
  `preferGlobal` is warning as expected (when a `preferGlobal` dependency is
  installed, but isn't listed in either `dependencies` or `devDependencies`).
  ([@zkat](https://github.com/zkat))

#### BUMP +1

* [`eeafce2`](https://github.com/npm/npm/commit/eeafce2d06883c0f51bf403415b6bc5f2647eba3)
  `validate-npm-package-license@3.0.1`: Include additional metadata in parsed license object,
  useful for license checkers. ([@kemitchell](https://github.com/kemitchell))
* [`1502a28`](https://github.com/npm/npm/commit/1502a285f84aa548806b3eafc8889e6288e810f3)
  `normalise-package-data@2.3.2`: Updated to use `validate-npm-package-license@3.0.1`.
  ([@othiym23](https://github.com/othiym23))
* [`cbde823`](https://github.com/npm/npm/commit/cbde8233436bf0ea62a4740869b4990322c20659)
  `init-package-json@1.9.1`: Add a `silent` option to suppress output on writing the
  generated `package.json`. Also, updated to use `validate-npm-package-license@3.0.1`.
  ([@zkat](https://github.com/zkat))
* [`08fda46`](https://github.com/npm/npm/commit/08fda465452b4d77f1ced8050ee3a35a77fc30a5)
  `tar@2.2.0`: Minor improvements. ([@othiym23](https://github.com/othiym23))
* [`dc2f20b`](https://github.com/npm/npm/commit/dc2f20b53fff77203139c863b48da0e959df2ac9)
  `rimraf@2.4.3`: `EPERM` now triggers a delay / retry loop (since Windows throws
  this when things still hold a handle). ([@isaacs](https://github.com/isaacs))
* [`e8acb27`](https://github.com/npm/npm/commit/e8acb273aa67ee0394d0431650e1b2a7d09c8554)
  `read@1.0.7`: Fix licensing ambiguity. ([@isaacs](https://github.com/isaacs))

#### OTHER STUFF THAT'S RELEVANT

* [`73a1ee0`](https://github.com/npm/npm/commit/73a1ee0be90fa1928521b63f28bef83b8ffab61d)
  [#9386](https://github.com/npm/npm/issues/9386) Include additional unignorable files in
  documentation.
  ([@mjhasbach](https://github.com/mjhasbach))
* [`0313e40`](https://github.com/npm/npm/commit/0313e40ee0f757fce8861be590ad668c23d7be53)
  [#9396](https://github.com/npm/npm/issues/9396) Improve the `EISDIR` error
  message returned by npm's error-handling code to give users a better hint of
  what's most likely going on.  Usually, error reports with this error code are
  about people trying to install things without a `package.json`.
  ([@KenanY](https://github.com/KenanY))
* [`2677457`](https://github.com/npm/npm/commit/26774579c739c5951351e58263cf4d6ea3d66ec8)
  [#9360](https://github.com/npm/npm/issues/9360) Make it easier to run
  only _some_ of npm tests with lifecycle scripts via `npm tap test/tap/testname.js`.
  ([@iarna](https://github.com/iarna))

### v2.14.1 (2015-08-20):

#### SECURITY FIX

There are patches for two information leaks of moderate severity in `npm@2.14.1`:

1. In some cases, npm was leaking sensitive credential information into the
   child environment when running package and lifecycle scripts. This could
   lead to packages being published with files (most notably `config.gypi`, a
   file created by `node-gyp` that is a cache of environmental information
   regenerated on every run) containing the bearer tokens used to authenticate
   users to the registry. Users with affected packages have been notified (and
   the affected tokens invalidated), and now npm has been modified to not
   upload files that could contain this information, as well as scrubbing the
   sensitive information out of the environment passed to child scripts.
2. Per-package `.npmrc` files are used by some maintainers as a way to scope
   those packages to a specific registry and its credentials. This is a
   reasonable use case, but by default `.npmrc` was packed into packages,
   leaking those credentials.  npm will no longer include `.npmrc` when packing
   tarballs.

If you maintain packages and believe you may be affected by either
of the above scenarios (especially if you've received a security
notification from npm recently), please upgrade to `npm@2.14.1` as
soon as possible. If you believe you may have inadvertently leaked
your credentials, upgrade to `npm@2.14.1` on the affected machine,
and run `npm logout` and then `npm login`. Your access tokens will be
invalidated, which will eliminate any risk posed by tokens inadvertently
included in published packages. We apologize for the inconvenience this
causes, as well as the oversight that led to the existence of this issue
in the first place.

Huge thanks to [@ChALkeR](https://github.com/ChALkeR) for bringing these
issues to our attention, and for helping us identify affected packages
and maintainers. Thanks also to the Node.js security working group for
their coördination with the team in our response to this issue. We
appreciate everybody's patience and understanding tremendously.

* [`b9474a8`](https://github.com/npm/npm/commit/b9474a843ca55b7c5fac6da33989e8eb39aff8b1)
  `fstream-npm@1.0.5`: Stop publishing build cruft (`config.gypi`) and per-project
  `.npmrc` files to keep local configuration out of published packages.
  ([@othiym23](https://github.com/othiym23))
* [`13c286d`](https://github.com/npm/npm/commit/13c286dbdc3fa8fec4cb79fc4d1ee505c8a41b2e)
  [#9348](https://github.com/npm/npm/issues/9348) Filter "private"
  (underscore-prefixed, even when scoped to a registry) configuration values
  out of child environments. ([@othiym23](https://github.com/othiym23))

#### BETTER WINDOWS INTEGRATION, ONE STEP AT A TIME

* [`e40e71f`](https://github.com/npm/npm/commit/e40e71f2f838a8a42392f44e3eeec04e323ab743)
  [#6412](https://github.com/npm/npm/issues/6412) Improve the search strategy
  used by the npm shims for Windows to prioritize your own local npm installs.
  npm has really needed this tweak for a long time, so hammer on it and let us
  know if you run into issues, but with luck it will Just Work.
  ([@joaocgreis](https://github.com/joaocgreis))
* [`204ebbb`](https://github.com/npm/npm/commit/204ebbb3e0cab696a429a878ceeb4a7e78ec2b94)
  [#8751](https://github.com/npm/npm/issues/8751)
  [#7333](https://github.com/npm/npm/issues/7333) Keep [autorun
  scripts](https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) from
  interfering with npm package and lifecycle script execution on Windows by
  adding `/d` and `/s` when invoking `cmd.exe`.
  ([@saper](https://github.com/saper))

#### IT SEEMED LIKE AN IDEA AT THE TIME

* [`286f3d9`](https://github.com/npm/npm/commit/286f3d97103812f0fd84b70352addbe899e258f9)
  [#9201](https://github.com/npm/npm/pull/9201) For a while npm was building
  HTML partials for use on [`docs.npmjs.com`](https://docs.npmjs.com), but we
  weren't actually using them. Stop building them, which makes running the full
  test suite and installation process around a third faster.
  ([@isaacs](https://github.com/isaacs))

#### A SINGLE LONELY DEPENDENCY UPGRADE

* [`b343b95`](https://github.com/npm/npm/commit/b343b956ef777e321e4251ddc96ec6d80827d9e2)
  `request@2.61.0`: Bug fixes and keep-alive tweaks.
  ([@simov](https://github.com/simov))

### v2.14.0 (2015-08-13):

#### IT'S HERE! KINDA!

This release adds support for teens and orcs (err, teams and organizations) to
the npm CLI! Note that the web site and registry-side features of this are
still not ready for public consumption.

A beta should be starting in the next couple of weeks, and the features
themselves will become public once all that's done. Keep an eye out for more
news!

All of these changes were done under [`#9011`](https://github.com/npm/npm/pull/9011):

* [`6424170`](https://github.com/npm/npm/commit/6424170fc17c666a6efc090370ec691e0cab1792)
  Added new `npm team` command and subcommands.
  ([@zkat](https://github.com/zkat))
* [`52220d1`](https://github.com/npm/npm/commit/52220d146d474ec29b683bd99c06f75cbd46a9f4)
  Added documentation for new `npm team` command.
  ([@zkat](https://github.com/zkat))
* [`4e66830`](https://github.com/npm/npm/commit/4e668304850d02df8eb27a779fda76fe5de645e7)
  Updated `npm access` to support teams and organizations.
  ([@zkat](https://github.com/zkat))
* [`ea3eb87`](https://github.com/npm/npm/commit/ea3eb8733d9fa09ce34106b1b19fb1a8f95844a5)
  Gussied up docs for `npm access` with new commands.
  ([@zkat](https://github.com/zkat))
* [`6e0b431`](https://github.com/npm/npm/commit/6e0b431c1de5e329c86e57d097aa88ebfedea864)
  Fix up `npm whoami` to make the underlying API usable elsewhere.
  ([@zkat](https://github.com/zkat))
* [`f29c931`](https://github.com/npm/npm/commit/f29c931012ce5ccd69c29d83548f27e443bf7e62)
  `npm-registry-client@7.0.1`: Upgrade `npm-registry-client` API to support
  `team` and `access` calls against the registry.
  ([@zkat](https://github.com/zkat))

#### A FEW EXTRA VERSION BUMPS

* [`c977e12`](https://github.com/npm/npm/commit/c977e12cbfa50c2f52fc807f5cc19ba1cc1b39bf)
  `init-package-json@1.8.0`: Checks for some `npm@3` metadata.
  ([@iarna](https://github.com/iarna))
* [`5c8c9e5`](https://github.com/npm/npm/commit/5c8c9e5ae177ba7d0d298cfa42f3fc7f0271e4ec)
  `columnify@1.5.2`: Updated some dependencies.
  ([@timoxley](https://github.com/timoxley))
* [`5d56742`](https://github.com/npm/npm/commit/5d567425768b75aeab402c817a53d8b2bc60d8de)
  `chownr@1.0.1`: Tests, docs, and minor style nits.
  ([@isaacs](https://github.com/isaacs))

#### ALSO A DOC FIX

* [`846fcc7`](https://github.com/npm/npm/commit/846fcc79b86984b109a97366b0422f995a45f8bf)
  [`#9200`](https://github.com/npm/npm/pull/9200) Remove single quotes
  around semver range, thus making it valid semver.
  ([@KenanY](https://github.com/KenanY))

### v2.13.5 (2015-08-07):

This is another quiet week for the `npm@2` release.
[@zkat](https://github.com/zkat) has been working hard on polishing the CLI
bits of the registry's new feature to support direct management of teams and
organizations, and [@iarna](https://github.com/iarna) continues to work through
the list of issues blocking the general release of `npm@3`, which is looking
more and more solid all the time.

[@othiym23](https://github.com/othiym23) and [@zkat](https://github.com/zkat)
have also been at this week's Node.js / io.js [collaborator
summit](https://github.com/nodejs/summit/tree/master), both as facilitators and
participants. This is a valuable opportunity to get some face time with other
contributors and to work through a bunch of important discussions, but it does
leave us feeling kind of sleepy. Running meetings is hard!

What does that leave for this release? A few of the more tricky bug fixes that
have been sitting around for a little while now, and a couple dependency
upgrades. Nothing too fancy, but most of these were contributed by developers
like _you_, which we think is swell. Thanks!

#### BUG FIXES

* [`d7271b8`](https://github.com/npm/npm/commit/d7271b8226712479cdd339bf85faf7e394923e0d)
  [#4530](https://github.com/npm/npm/issues/4530) The bash completion script
  for npm no longer alters global completion behavior around word breaks.
  ([@whitty](https://github.com/whitty))
* [`c9ce294`](https://github.com/npm/npm/commit/c9ce29415a0a8fc610690b6e9d91b64d6e36cfcc)
  [#7198](https://github.com/npm/npm/issues/7198) When setting up dependencies
  to be shared via `npm link <package>`, only run the lifecycle scripts during
  the original link, not when running `npm link <package>` or `npm install
  --link` against them. ([@murgatroid99](https://github.com/murgatroid99))
* [`422da66`](https://github.com/npm/npm/commit/422da664bd3ce71313da447f170507faf5aac46a)
  [#9108](https://github.com/npm/npm/issues/9108) Clear up minor confusion
  around wording in `bundledDependencies` section of `package.json` docs.
  ([@derekpeterson](https://github.com/derekpeterson))
* [`6b42d99`](https://github.com/npm/npm/commit/6b42d99460885e715772d3487b1c548d2bc8a738)
  [#9146](https://github.com/npm/npm/issues/9146) Include scripts that run for
  `preversion`, `version`, and `postversion` in the section for lifecycle
  scripts rather than the generic `npm run-script` output.
  ([@othiym23](https://github.com/othiym23))

#### NOPE, NOT DONE WITH DEPENDENCY UPDATES

* [`91a48bb`](https://github.com/npm/npm/commit/91a48bb5ef5a990781c86f8b69b8a32cf4fac2d9)
  `chmodr@1.0.1`: Ignore symbolic links when recursively changing mode, just
  like the Unix command. ([@isaacs](https://github.com/isaacs))
* [`4bbc86e`](https://github.com/npm/npm/commit/4bbc86e3825e2eee9a8758ba26bdea0cb6a2581e)
  `nock@2.10.0` ([@pgte](https://github.com/pgte))

### v2.13.4 (2015-07-30):

#### JULY ENDS ON A FAIRLY QUIET NOTE

Hey everyone! I hope you've had a great week. We're having a fairly small
release this week while we wrap up Teams and Orgs (or, as we've taken to calling
it internally, _Teens and Orcs_).

In other exciting news, a bunch of us are gonna be at the [Node.js Collaborator
Summit](https://github.com/nodejs/summit/issues/1), and you can also find us at
[wafflejs](https://wafflejs.com/) on Wednesday. Hopefully we'll be seeing some
of you there. :)

#### THE PATCH!!!

So here it is. The patch. Hope it helps. (Thanks,
[@ktarplee](https://github.com/ktarplee)!)

* [`2e58c48`](https://github.com/npm/npm/commit/2e58c4819e3cafe4ae23ab7f4a520fe09258cfd7)
  [#9033](https://github.com/npm/npm/pull/9033) `npm version` now works on git
  submodules
  ([@ktarplee](https://github.com/ktarplee))

#### OH AND THERE'S A DEV DEPENDENCIES UPDATE

Hooray.

* [`d204683`](https://github.com/npm/npm/commit/d2046839d471322e61e3ceb0f00e78e5c481f967)
  nock@2.9.1
  ([@pgte](https://github.com/pgte))

### v2.13.3 (2015-07-23):

#### I'M SAVING THE GOOD JOKES FOR MORE INTERESTING RELEASES
@@ -29,12 +303,10 @@ There's a couple of doc updates! The last one might be interesting.
  settings.
  ([@SimenB](https://github.com/SimenB))
* [`cf09e75`](https://github.com/npm/npm/commit/cf09e754931739af32647d667b671e72a4c79081)

  [#9022](https://github.com/npm/npm/issues/9022) Document the `"access"` field
  in `"publishConfig"`. Did you know you don't need to use `--access=public`
  when publishing scoped packages?! Just put it in your `package.json`!
  Go refresh yourself on scopes packages by [checking our docs](https://docs.npmjs.com/getting-started/scoped-packages) on them.

  ([@boennemann](https://github.com/boennemann))
* [`bfd73da`](https://github.com/npm/npm/commit/bfd73da33349cc2afb8278953b2ae16ea95023de)
  [#9013](https://github.com/npm/npm/issues/9013) fixed typo in changelog