From 03b31cacfe3833a2e435ed50237dfee8014538ae Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:28 -0400 Subject: [PATCH 01/20] fix!: align to npm 10 node engine range BREAKING CHANGE: `pacote` now supports node `^18.17.0 || >=20.5.0` --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c73fb64..cc0c1ff 100644 --- a/package.json +++ b/package.json @@ -64,7 +64,7 @@ "tar": "^6.1.11" }, "engines": { - "node": "^16.14.0 || >=18.0.0" + "node": "^18.17.0 || >=20.5.0" }, "repository": { "type": "git", From 2871f569064ebaf4a1ae73a42d502e3876d0a18b Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:30 -0400 Subject: [PATCH 02/20] chore: run template-oss-apply --- .github/workflows/ci-release.yml | 13 +++++-------- .github/workflows/ci.yml | 13 +++++-------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index ee7b280..f522452 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -84,21 +84,18 @@ jobs: os: macos-13 shell: bash node-version: - - 16.14.0 - - 16.x - - 18.0.0 + - 18.17.0 - 18.x + - 20.5.0 - 20.x - 22.x exclude: - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 16.14.0 - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 16.x - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.0.0 + node-version: 18.17.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 18.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 20.5.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 20.x - platform: { name: macOS, os: macos-13, shell: bash } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e922815..dfc6778 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,21 +61,18 @@ jobs: os: macos-13 shell: bash node-version: - - 16.14.0 - - 16.x - - 18.0.0 + - 18.17.0 - 18.x + - 20.5.0 - 20.x - 22.x exclude: - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 16.14.0 - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 16.x - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.0.0 + node-version: 18.17.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 18.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 20.5.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 20.x - platform: { name: macOS, os: macos-13, shell: bash } From df233432a6ac4c25b8744d429f5e7e358b24abea Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:31 -0400 Subject: [PATCH 03/20] deps: @npmcli/installed-package-contents@3.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index cc0c1ff..15719ce 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ ], "dependencies": { "@npmcli/git": "^5.0.0", - "@npmcli/installed-package-contents": "^2.0.1", + "@npmcli/installed-package-contents": "^3.0.0", "@npmcli/package-json": "^5.1.0", "@npmcli/promise-spawn": "^7.0.0", "@npmcli/run-script": "^8.0.0", From aa0bd4aaf59d2d3c34da33352293ad2774e3d915 Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:32 -0400 Subject: [PATCH 04/20] deps: @npmcli/promise-spawn@8.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 15719ce..74f2b92 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "@npmcli/git": "^5.0.0", "@npmcli/installed-package-contents": "^3.0.0", "@npmcli/package-json": "^5.1.0", - "@npmcli/promise-spawn": "^7.0.0", + "@npmcli/promise-spawn": "^8.0.0", "@npmcli/run-script": "^8.0.0", "cacache": "^18.0.0", "fs-minipass": "^3.0.0", From 2710286f44625474af23a529c12ea3c8b0cbf4aa Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:33 -0400 Subject: [PATCH 05/20] deps: npm-package-arg@12.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 74f2b92..a6dc55f 100644 --- a/package.json +++ b/package.json @@ -53,7 +53,7 @@ "cacache": "^18.0.0", "fs-minipass": "^3.0.0", "minipass": "^7.0.2", - "npm-package-arg": "^11.0.0", + "npm-package-arg": "^12.0.0", "npm-packlist": "^8.0.0", "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^17.0.0", From 03ba2a21f1d2b6a67813f6dad2459d184a8d6566 Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:34 -0400 Subject: [PATCH 06/20] deps: npm-packlist@9.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a6dc55f..1696342 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "fs-minipass": "^3.0.0", "minipass": "^7.0.2", "npm-package-arg": "^12.0.0", - "npm-packlist": "^8.0.0", + "npm-packlist": "^9.0.0", "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^17.0.0", "proc-log": "^4.0.0", From 6c672e99cb33224bfa4d7388d772083364bba293 Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:36 -0400 Subject: [PATCH 07/20] deps: proc-log@5.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1696342..722d8b3 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "npm-packlist": "^9.0.0", "npm-pick-manifest": "^9.0.0", "npm-registry-fetch": "^17.0.0", - "proc-log": "^4.0.0", + "proc-log": "^5.0.0", "promise-retry": "^2.0.1", "sigstore": "^2.2.0", "ssri": "^10.0.0", From eddbc01e5cbd164437effbe7886385e875517cbf Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 15:44:37 -0400 Subject: [PATCH 08/20] deps: ssri@12.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 722d8b3..9b2c063 100644 --- a/package.json +++ b/package.json @@ -60,7 +60,7 @@ "proc-log": "^5.0.0", "promise-retry": "^2.0.1", "sigstore": "^2.2.0", - "ssri": "^10.0.0", + "ssri": "^12.0.0", "tar": "^6.1.11" }, "engines": { From e4ed5cd66c4bb4c4faef4a511b6d48c72d49470b Mon Sep 17 00:00:00 2001 From: reggi Date: Thu, 26 Sep 2024 17:12:08 -0400 Subject: [PATCH 09/20] chore: bump hosted-git-info ^7.0.0 to ^8.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9b2c063..4b7bc0c 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "@npmcli/arborist": "^7.1.0", "@npmcli/eslint-config": "^5.0.0", "@npmcli/template-oss": "4.23.3", - "hosted-git-info": "^7.0.0", + "hosted-git-info": "^8.0.0", "mutate-fs": "^2.1.1", "nock": "^13.2.4", "npm-registry-mock": "^1.3.2", From 21ea2d49ce6dd76ffc08540a1670da79126199fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:48:21 -0400 Subject: [PATCH 10/20] deps: bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 4b7bc0c..3d5fd4a 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "@npmcli/installed-package-contents": "^3.0.0", "@npmcli/package-json": "^5.1.0", "@npmcli/promise-spawn": "^8.0.0", - "@npmcli/run-script": "^8.0.0", + "@npmcli/run-script": "^9.0.0", "cacache": "^18.0.0", "fs-minipass": "^3.0.0", "minipass": "^7.0.2", From 6d590229d709005ec0ed841fa1f4cdf110cffb86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:49:17 -0400 Subject: [PATCH 11/20] deps: bump @npmcli/git from 5.0.8 to 6.0.0 (#399) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3d5fd4a..64765db 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "git" ], "dependencies": { - "@npmcli/git": "^5.0.0", + "@npmcli/git": "^6.0.0", "@npmcli/installed-package-contents": "^3.0.0", "@npmcli/package-json": "^5.1.0", "@npmcli/promise-spawn": "^8.0.0", From c7761995fb79bd6c5b987127f331c7df199833dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:54:07 -0400 Subject: [PATCH 12/20] deps: bump cacache from 18.0.4 to 19.0.0 (#398) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [cacache](https://github.com/npm/cacache) from 18.0.4 to 19.0.0.
Release notes

Sourced from cacache's releases.

v19.0.0

19.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • cacache now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Changelog

Sourced from cacache's changelog.

19.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • cacache now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Commits
  • b52d649 chore: release 19.0.0 (#301)
  • beaab7c deps: bump tar from 6.2.1 to 7.4.3 (#291)
  • 81b6e34 deps: unique-filename@4.0.0
  • dcab1af deps: ssri@12.0.0
  • ba3a3b8 deps: @​npmcli/fs@​4.0.0
  • 73ce729 chore: run template-oss-apply
  • cc9eee3 fix!: align to npm 10 node engine range
  • f663562 chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
  • 74ac800 chore: postinstall for dependabot template-oss PR
  • ae95894 chore: bump @​npmcli/template-oss from 4.23.1 to 4.23.3
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cacache&package-manager=npm_and_yarn&previous-version=18.0.4&new-version=19.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 64765db..e73aabc 100644 --- a/package.json +++ b/package.json @@ -50,7 +50,7 @@ "@npmcli/package-json": "^5.1.0", "@npmcli/promise-spawn": "^8.0.0", "@npmcli/run-script": "^9.0.0", - "cacache": "^18.0.0", + "cacache": "^19.0.0", "fs-minipass": "^3.0.0", "minipass": "^7.0.2", "npm-package-arg": "^12.0.0", From a1621f94537af0e71e66d293d35ff482e4eef0b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:57:24 -0400 Subject: [PATCH 13/20] deps: bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [npm-registry-fetch](https://github.com/npm/npm-registry-fetch) from 17.1.0 to 18.0.0.
Release notes

Sourced from npm-registry-fetch's releases.

v18.0.0

18.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • npm-registry-fetch now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Changelog

Sourced from npm-registry-fetch's changelog.

18.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • npm-registry-fetch now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=npm-registry-fetch&package-manager=npm_and_yarn&previous-version=17.1.0&new-version=18.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e73aabc..67bb87f 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "npm-package-arg": "^12.0.0", "npm-packlist": "^9.0.0", "npm-pick-manifest": "^9.0.0", - "npm-registry-fetch": "^17.0.0", + "npm-registry-fetch": "^18.0.0", "proc-log": "^5.0.0", "promise-retry": "^2.0.1", "sigstore": "^2.2.0", From 932b9ab4d133b39b96a03e73d97e08c2f43494f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:57:51 -0400 Subject: [PATCH 14/20] deps: bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@npmcli/package-json](https://github.com/npm/package-json) from 5.2.1 to 6.0.0.
Release notes

Sourced from @​npmcli/package-json's releases.

v6.0.0

6.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • @npmcli/package-json now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Changelog

Sourced from @​npmcli/package-json's changelog.

6.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • @npmcli/package-json now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Commits
  • 25761f1 chore: release 6.0.0 (#127)
  • 855676d chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (#117)
  • c421ce9 chore: bump read-package-json-fast from 3.0.2 to 4.0.0 (#125)
  • 5bdf533 deps: proc-log@5.0.0
  • 136ba6e deps: normalize-package-data@7.0.0
  • 12318c0 deps: json-parse-even-better-errors@4.0.0
  • 324d7ba deps: hosted-git-info@8.0.0
  • 1f182e6 chore: run template-oss-apply
  • 8196f27 fix!: align to npm 10 node engine range
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@npmcli/package-json&package-manager=npm_and_yarn&previous-version=5.2.1&new-version=6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 67bb87f..564b0e2 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "dependencies": { "@npmcli/git": "^6.0.0", "@npmcli/installed-package-contents": "^3.0.0", - "@npmcli/package-json": "^5.1.0", + "@npmcli/package-json": "^6.0.0", "@npmcli/promise-spawn": "^8.0.0", "@npmcli/run-script": "^9.0.0", "cacache": "^19.0.0", From f055f71f3477f5ce234a42f559e53239cd1dd949 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:58:40 -0400 Subject: [PATCH 15/20] deps: bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [npm-pick-manifest](https://github.com/npm/npm-pick-manifest) from 9.1.0 to 10.0.0.
Release notes

Sourced from npm-pick-manifest's releases.

v10.0.0

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Changelog

Sourced from npm-pick-manifest's changelog.

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

  • npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

Dependencies

Chores

Commits
  • f68698d chore: release 10.0.0 (#146)
  • 6b4df8d deps: npm-package-arg@12.0.0
  • c2ae5b7 deps: npm-normalize-package-bin@4.0.0
  • e948cef deps: npm-install-checks@7.1.0
  • 2e1fdb4 chore: run template-oss-apply
  • dd83a53 fix!: align to npm 10 node engine range
  • 7891f6b chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
  • ae2ffc5 chore: postinstall for dependabot template-oss PR
  • 7744312 chore: bump @​npmcli/template-oss from 4.22.0 to 4.23.3
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=npm-pick-manifest&package-manager=npm_and_yarn&previous-version=9.1.0&new-version=10.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 564b0e2..b27d289 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ "minipass": "^7.0.2", "npm-package-arg": "^12.0.0", "npm-packlist": "^9.0.0", - "npm-pick-manifest": "^9.0.0", + "npm-pick-manifest": "^10.0.0", "npm-registry-fetch": "^18.0.0", "proc-log": "^5.0.0", "promise-retry": "^2.0.1", From 35529738b00143a05d61ad361d30a7ea26c87bed Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:05:24 -0400 Subject: [PATCH 16/20] chore: release 19.0.0 (#394) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit :robot: I have created a release *beep* *boop* --- ## [19.0.0](https://github.com/npm/pacote/compare/v18.0.6...v19.0.0) (2024-09-27) ### ⚠️ BREAKING CHANGES * `pacote` now supports node `^18.17.0 || >=20.5.0` ### Bug Fixes * [`03b31ca`](https://github.com/npm/pacote/commit/03b31cacfe3833a2e435ed50237dfee8014538ae) [#392](https://github.com/npm/pacote/pull/392) align to npm 10 node engine range (@reggi) ### Dependencies * [`f055f71`](https://github.com/npm/pacote/commit/f055f71f3477f5ce234a42f559e53239cd1dd949) [#395](https://github.com/npm/pacote/pull/395) bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@dependabot[bot]) * [`932b9ab`](https://github.com/npm/pacote/commit/932b9ab4d133b39b96a03e73d97e08c2f43494f7) [#396](https://github.com/npm/pacote/pull/396) bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@dependabot[bot]) * [`a1621f9`](https://github.com/npm/pacote/commit/a1621f94537af0e71e66d293d35ff482e4eef0b5) [#397](https://github.com/npm/pacote/pull/397) bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@dependabot[bot]) * [`c776199`](https://github.com/npm/pacote/commit/c7761995fb79bd6c5b987127f331c7df199833dd) [#398](https://github.com/npm/pacote/pull/398) bump cacache from 18.0.4 to 19.0.0 (#398) (@dependabot[bot]) * [`6d59022`](https://github.com/npm/pacote/commit/6d590229d709005ec0ed841fa1f4cdf110cffb86) [#399](https://github.com/npm/pacote/pull/399) bump @npmcli/git from 5.0.8 to 6.0.0 (#399) * [`21ea2d4`](https://github.com/npm/pacote/commit/21ea2d49ce6dd76ffc08540a1670da79126199fb) [#400](https://github.com/npm/pacote/pull/400) bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400) * [`eddbc01`](https://github.com/npm/pacote/commit/eddbc01e5cbd164437effbe7886385e875517cbf) [#392](https://github.com/npm/pacote/pull/392) `ssri@12.0.0` * [`6c672e9`](https://github.com/npm/pacote/commit/6c672e99cb33224bfa4d7388d772083364bba293) [#392](https://github.com/npm/pacote/pull/392) `proc-log@5.0.0` * [`03ba2a2`](https://github.com/npm/pacote/commit/03ba2a21f1d2b6a67813f6dad2459d184a8d6566) [#392](https://github.com/npm/pacote/pull/392) `npm-packlist@9.0.0` * [`2710286`](https://github.com/npm/pacote/commit/2710286f44625474af23a529c12ea3c8b0cbf4aa) [#392](https://github.com/npm/pacote/pull/392) `npm-package-arg@12.0.0` * [`aa0bd4a`](https://github.com/npm/pacote/commit/aa0bd4aaf59d2d3c34da33352293ad2774e3d915) [#392](https://github.com/npm/pacote/pull/392) `@npmcli/promise-spawn@8.0.0` * [`df23343`](https://github.com/npm/pacote/commit/df233432a6ac4c25b8744d429f5e7e358b24abea) [#392](https://github.com/npm/pacote/pull/392) `@npmcli/installed-package-contents@3.0.0` ### Chores * [`e4ed5cd`](https://github.com/npm/pacote/commit/e4ed5cd66c4bb4c4faef4a511b6d48c72d49470b) [#392](https://github.com/npm/pacote/pull/392) bump hosted-git-info ^7.0.0 to ^8.0.0 (@reggi) * [`2871f56`](https://github.com/npm/pacote/commit/2871f569064ebaf4a1ae73a42d502e3876d0a18b) [#392](https://github.com/npm/pacote/pull/392) run template-oss-apply (@reggi) * [`39643f1`](https://github.com/npm/pacote/commit/39643f1e956f83dd84f7f0ab6278f7051a69b32d) [#382](https://github.com/npm/pacote/pull/382) bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot]) * [`7e33c82`](https://github.com/npm/pacote/commit/7e33c829b0143c9a22f1418d6f29f9a7aac03d00) [#383](https://github.com/npm/pacote/pull/383) postinstall for dependabot template-oss PR (@hashtagchris) * [`e4e07bf`](https://github.com/npm/pacote/commit/e4e07bfb37190ef8c129ca6a643b91a4099560d8) [#383](https://github.com/npm/pacote/pull/383) bump @npmcli/template-oss from 4.23.1 to 4.23.3 (@dependabot[bot]) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .release-please-manifest.json | 2 +- CHANGELOG.md | 25 +++++++++++++++++++++++++ package.json | 2 +- 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 4654535..ca9e9aa 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "18.0.6" + ".": "19.0.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f32e7a..98d45d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,30 @@ # Changelog +## [19.0.0](https://github.com/npm/pacote/compare/v18.0.6...v19.0.0) (2024-09-27) +### ⚠️ BREAKING CHANGES +* `pacote` now supports node `^18.17.0 || >=20.5.0` +### Bug Fixes +* [`03b31ca`](https://github.com/npm/pacote/commit/03b31cacfe3833a2e435ed50237dfee8014538ae) [#392](https://github.com/npm/pacote/pull/392) align to npm 10 node engine range (@reggi) +### Dependencies +* [`f055f71`](https://github.com/npm/pacote/commit/f055f71f3477f5ce234a42f559e53239cd1dd949) [#395](https://github.com/npm/pacote/pull/395) bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@dependabot[bot]) +* [`932b9ab`](https://github.com/npm/pacote/commit/932b9ab4d133b39b96a03e73d97e08c2f43494f7) [#396](https://github.com/npm/pacote/pull/396) bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@dependabot[bot]) +* [`a1621f9`](https://github.com/npm/pacote/commit/a1621f94537af0e71e66d293d35ff482e4eef0b5) [#397](https://github.com/npm/pacote/pull/397) bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@dependabot[bot]) +* [`c776199`](https://github.com/npm/pacote/commit/c7761995fb79bd6c5b987127f331c7df199833dd) [#398](https://github.com/npm/pacote/pull/398) bump cacache from 18.0.4 to 19.0.0 (#398) (@dependabot[bot]) +* [`6d59022`](https://github.com/npm/pacote/commit/6d590229d709005ec0ed841fa1f4cdf110cffb86) [#399](https://github.com/npm/pacote/pull/399) bump @npmcli/git from 5.0.8 to 6.0.0 (#399) +* [`21ea2d4`](https://github.com/npm/pacote/commit/21ea2d49ce6dd76ffc08540a1670da79126199fb) [#400](https://github.com/npm/pacote/pull/400) bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400) +* [`eddbc01`](https://github.com/npm/pacote/commit/eddbc01e5cbd164437effbe7886385e875517cbf) [#392](https://github.com/npm/pacote/pull/392) `ssri@12.0.0` +* [`6c672e9`](https://github.com/npm/pacote/commit/6c672e99cb33224bfa4d7388d772083364bba293) [#392](https://github.com/npm/pacote/pull/392) `proc-log@5.0.0` +* [`03ba2a2`](https://github.com/npm/pacote/commit/03ba2a21f1d2b6a67813f6dad2459d184a8d6566) [#392](https://github.com/npm/pacote/pull/392) `npm-packlist@9.0.0` +* [`2710286`](https://github.com/npm/pacote/commit/2710286f44625474af23a529c12ea3c8b0cbf4aa) [#392](https://github.com/npm/pacote/pull/392) `npm-package-arg@12.0.0` +* [`aa0bd4a`](https://github.com/npm/pacote/commit/aa0bd4aaf59d2d3c34da33352293ad2774e3d915) [#392](https://github.com/npm/pacote/pull/392) `@npmcli/promise-spawn@8.0.0` +* [`df23343`](https://github.com/npm/pacote/commit/df233432a6ac4c25b8744d429f5e7e358b24abea) [#392](https://github.com/npm/pacote/pull/392) `@npmcli/installed-package-contents@3.0.0` +### Chores +* [`e4ed5cd`](https://github.com/npm/pacote/commit/e4ed5cd66c4bb4c4faef4a511b6d48c72d49470b) [#392](https://github.com/npm/pacote/pull/392) bump hosted-git-info ^7.0.0 to ^8.0.0 (@reggi) +* [`2871f56`](https://github.com/npm/pacote/commit/2871f569064ebaf4a1ae73a42d502e3876d0a18b) [#392](https://github.com/npm/pacote/pull/392) run template-oss-apply (@reggi) +* [`39643f1`](https://github.com/npm/pacote/commit/39643f1e956f83dd84f7f0ab6278f7051a69b32d) [#382](https://github.com/npm/pacote/pull/382) bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot]) +* [`7e33c82`](https://github.com/npm/pacote/commit/7e33c829b0143c9a22f1418d6f29f9a7aac03d00) [#383](https://github.com/npm/pacote/pull/383) postinstall for dependabot template-oss PR (@hashtagchris) +* [`e4e07bf`](https://github.com/npm/pacote/commit/e4e07bfb37190ef8c129ca6a643b91a4099560d8) [#383](https://github.com/npm/pacote/pull/383) bump @npmcli/template-oss from 4.23.1 to 4.23.3 (@dependabot[bot]) + ## [18.0.6](https://github.com/npm/pacote/compare/v18.0.5...v18.0.6) (2024-05-07) ### Bug Fixes diff --git a/package.json b/package.json index b27d289..0eb8261 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "18.0.6", + "version": "19.0.0", "description": "JavaScript package downloader", "author": "GitHub Inc.", "bin": { From a9fc4d13ad4b28bb64ae92077ce6d35d2c130125 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Mon, 14 Oct 2024 10:22:33 -0700 Subject: [PATCH 17/20] deps: bump sigstore from 2.2.0 to 3.0.0 (#405) Updates `sigstore` to version 3.0.0 which removes support for node 16. Signed-off-by: Brian DeHamer --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0eb8261..de185fb 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ "npm-registry-fetch": "^18.0.0", "proc-log": "^5.0.0", "promise-retry": "^2.0.1", - "sigstore": "^2.2.0", + "sigstore": "^3.0.0", "ssri": "^12.0.0", "tar": "^6.1.11" }, From 2b2948faaebff35dd469c653e76517887f6e119d Mon Sep 17 00:00:00 2001 From: Marc Bernard <59966492+mbtools@users.noreply.github.com> Date: Tue, 15 Oct 2024 11:17:27 -0400 Subject: [PATCH 18/20] fix: log tarball retrieval from cache (#403) If tarballs are cached, the npm install log contains no information on where it got the tarball from. This helps troubleshoot issues with caching and `preferOnline/preferOffline`, for example. --------- Co-authored-by: Gar --- lib/fetcher.js | 10 +++++++++- test/fetcher.js | 10 +++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/fetcher.js b/lib/fetcher.js index cc2c2db..f2ac976 100644 --- a/lib/fetcher.js +++ b/lib/fetcher.js @@ -188,7 +188,15 @@ class FetcherBase { // private // Note: cacache will raise a EINTEGRITY error if the integrity doesn't match #tarballFromCache () { - return cacache.get.stream.byDigest(this.cache, this.integrity, this.opts) + const startTime = Date.now() + const stream = cacache.get.stream.byDigest(this.cache, this.integrity, this.opts) + const elapsedTime = Date.now() - startTime + // cache is good, so log it as a hit in particular since there was no fetch logged + log.http( + 'cache', + `${this.spec} ${elapsedTime}ms (cache hit)` + ) + return stream } get [_.cacheFetches] () { diff --git a/test/fetcher.js b/test/fetcher.js index 8b2adb3..6f857b3 100644 --- a/test/fetcher.js +++ b/test/fetcher.js @@ -207,6 +207,10 @@ t.test('extract', t => { }).extract(target + '/badcache') .then(({ resolved, integrity }) => { t.match(logs, [ + ['http', + 'cache', + /file:test\/fixtures\/abbrev-1.1.1.tgz.*(cache hit)/, + ], ['warn', 'tar', 'zlib: incorrect header check'], [ 'silly', @@ -298,7 +302,11 @@ t.test('extract', t => { algorithm: 'sha512', sri: Object, }, 'got expected error') - t.same(logs, [ + t.match(logs, [ + ['http', + 'cache', + /file:test\/fixtures\/abbrev-1.1.1.tgz.*(cache hit)/, + ], [ 'silly', 'tarball', From cbf94e8b0486e80f8f2e4c9ed7c7d18c3282096b Mon Sep 17 00:00:00 2001 From: milaninfy <111582375+milaninfy@users.noreply.github.com> Date: Tue, 15 Oct 2024 11:19:42 -0400 Subject: [PATCH 19/20] fix: prepare script respects scriptshell config (#389) Prepare script respects scriptshell config if passed matching behaviour of `npm run