renovate[bot]
commented
5 years ago Renovate Ignore Notification
As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 6.x releases. However, if you upgrade to 6.x manually then Renovate will then reenable updates for minor and patch updates automatically.
If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.
This PR contains the following updates:
>=5.0.0->>=6.4.1Release Notes
npm/cli
### [`v6.4.1`](https://renovatebot.com/gh/npm/cli/blob/master/CHANGELOG.md#v641-2018-08-22) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v6.4.0...v6.4.1) ##### BUGFIXES - [`4bd40f543`](https://renovatebot.com/gh/npm/cli/commit/4bd40f543dc89f0721020e7d0bb3497300d74818) [#42](https://renovatebot.com/gh/npm/cli/pull/42) Prevent blowing up on malformed responses from the `npm audit` endpoint, such as with third-party registries. ([@framp](https://renovatebot.com/gh/framp)) - [`0e576f0aa`](https://renovatebot.com/gh/npm/cli/commit/0e576f0aa6ea02653d948c10f29102a2d4a31944) [#46](https://renovatebot.com/gh/npm/cli/pull/46) Fix `NO_PROXY` support by renaming npm-side config to `--noproxy`. The environment variable should still work. ([@SneakyFish5](https://renovatebot.com/gh/SneakyFish5)) - [`d8e811d6a`](https://renovatebot.com/gh/npm/cli/commit/d8e811d6adf3d87474982cb831c11316ac725605) [#33](https://renovatebot.com/gh/npm/cli/pull/33) Disable `update-notifier` checks when a CI environment is detected. ([@Sibiraj-S](https://renovatebot.com/gh/Sibiraj-S)) - [`1bc5b8cea`](https://renovatebot.com/gh/npm/cli/commit/1bc5b8ceabc86bfe4777732f25ffef0f3de81bd1) [#47](https://renovatebot.com/gh/npm/cli/pull/47) Fix issue where `postpack` scripts would break if `pack` was used with `--dry-run`. ([@larsgw](https://renovatebot.com/gh/larsgw)) ##### DEPENDENCY BUMPS - [`4c57316d5`](https://renovatebot.com/gh/npm/cli/commit/4c57316d5633e940105fa545b52d8fbfd2eb9f75) `figgy-pudding@3.4.1` ([@zkat](https://renovatebot.com/gh/zkat)) - [`85f4d7905`](https://renovatebot.com/gh/npm/cli/commit/85f4d79059865d5267f3516b6cdbc746012202c6) `cacache@11.2.0` ([@zkat](https://renovatebot.com/gh/zkat)) - [`d20ac242a`](https://renovatebot.com/gh/npm/cli/commit/d20ac242aeb44aa3581c65c052802a02d5eb22f3) `npm-packlist@1.1.11`: No real changes in npm-packlist, but npm-bundled included a circular dependency fix, as well as adding a proper LICENSE file. ([@isaacs](https://renovatebot.com/gh/isaacs)) - [`e8d5f4418`](https://renovatebot.com/gh/npm/cli/commit/e8d5f441821553a31fc8cd751670663699d2c8ce) [npm.community#632](https://npm.community/t/https://npm.community/t/using-npm-ci-does-not-run-prepare-script-for-git-modules/632) `libcipm@2.0.2`: Fixes issue where `npm ci` wasn't running the `prepare` lifecycle script when installing git dependencies ([@edahlseng](https://renovatebot.com/gh/edahlseng)) - [`a5e6f78e9`](https://renovatebot.com/gh/npm/cli/commit/a5e6f78e916873f7d18639ebdb8abd20479615a9) `JSONStream@1.3.4`: Fixes memory leak problem when streaming large files (like legacy npm search). ([@daern91](https://renovatebot.com/gh/daern91)) - [`3b940331d`](https://renovatebot.com/gh/npm/cli/commit/3b940331dcccfa67f92366adb7ffd9ecf7673a9a) [npm.community#1042](https://npm.community/t/3-path-variables-are-assigned-to-child-process-launched-by-npm/1042) `npm-lifecycle@2.1.0`: Fixes issue for Windows user where multiple `Path`/`PATH` variables were being added to the environment and breaking things in all sorts of fun and interesting ways. ([@JimiC](https://renovatebot.com/gh/JimiC)) - [`d612d2ce8`](https://renovatebot.com/gh/npm/cli/commit/d612d2ce8fab72026f344f125539ecbf3746af9a) `npm-registry-client@8.6.0` ([@iarna](https://renovatebot.com/gh/iarna)) - [`1f6ba1cb1`](https://renovatebot.com/gh/npm/cli/commit/1f6ba1cb174590c1f5d2b00e2ca238dfa39d507a) `opener@1.5.0` ([@domenic](https://renovatebot.com/gh/domenic)) - [`37b8f405f`](https://renovatebot.com/gh/npm/cli/commit/37b8f405f35c861b7beeed56f71ad20b0bf87889) `request@2.88.0` ([@mikeal](https://renovatebot.com/gh/mikeal)) - [`bb91a2a14`](https://renovatebot.com/gh/npm/cli/commit/bb91a2a14562e77769057f1b6d06384be6d6bf7f) `tacks@1.2.7` ([@iarna](https://renovatebot.com/gh/iarna)) - [`30bc9900a`](https://renovatebot.com/gh/npm/cli/commit/30bc9900ae79c80bf0bdee0ae6372da6f668124c) `ci-info@1.4.0`: Adds support for two more CI services ([@watson](https://renovatebot.com/gh/watson)) - [`1d2fa4ddd`](https://renovatebot.com/gh/npm/cli/commit/1d2fa4dddcab8facfee92096cc24b299387f3182) `marked@0.5.0` ([@joshbruce](https://renovatebot.com/gh/joshbruce)) ##### DOCUMENTATION - [`08ecde292`](https://renovatebot.com/gh/npm/cli/commit/08ecde2928f8c89a2fdaa800ae845103750b9327) [#54](https://renovatebot.com/gh/npm/cli/pull/54) Mention registry terms of use in manpage and registry docs and update language in README for it. ([@kemitchell](https://renovatebot.com/gh/kemitchell)) - [`de956405d`](https://renovatebot.com/gh/npm/cli/commit/de956405d8b72354f98579d00c6dd30ac3b9bddf) [#41](https://renovatebot.com/gh/npm/cli/pull/41) Add documentation for `--dry-run` in `install` and `pack` docs. ([@reconbot](https://renovatebot.com/gh/reconbot)) - [`95031b90c`](https://renovatebot.com/gh/npm/cli/commit/95031b90ce0b0c4dcd5e4eafc86e3e5bfd59fb3e) [#48](https://renovatebot.com/gh/npm/cli/pull/48) Update republish time and lightly reorganize republish info. ([@neverett](https://renovatebot.com/gh/neverett)) - [`767699b68`](https://renovatebot.com/gh/npm/cli/commit/767699b6829b8b899d5479445e99b0ffc43ff92d) [#53](https://renovatebot.com/gh/npm/cli/pull/53) Correct `npm@6.4.0` release date in changelog. ([@charmander](https://renovatebot.com/gh/charmander)) - [`3fea3166e`](https://renovatebot.com/gh/npm/cli/commit/3fea3166eb4f43f574fcfd9ee71a171feea2bc29) [#55](https://renovatebot.com/gh/npm/cli/pull/55) Align command descriptions in help text. ([@erik](https://renovatebot.com/gh/erik)) ### [`v6.4.0`](https://renovatebot.com/gh/npm/cli/blob/master/CHANGELOG.md#v640-2018-08-09) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v6.3.0...v6.4.0) ##### NEW FEATURES - [`6e9f04b0b`](https://renovatebot.com/gh/npm/cli/commit/6e9f04b0baed007169d4e0c341f097cf133debf7) [npm/cli#8](https://renovatebot.com/gh/npm/cli/pull/8) Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking `:_authToken`. ([@mkhl](https://renovatebot.com/gh/mkhl)) - [`84bfd23e7`](https://renovatebot.com/gh/npm/cli/commit/84bfd23e7d6434d30595594723a6e1976e84b022) [npm/cli#35](https://renovatebot.com/gh/npm/cli/pull/35) Stop filtering out non-IPv4 addresses from `local-addrs`, making npm actually use IPv6 addresses when it must. ([@valentin2105](https://renovatebot.com/gh/valentin2105)) - [`792c8c709`](https://renovatebot.com/gh/npm/cli/commit/792c8c709dc7a445687aa0c8cba5c50bc4ed83fd) [npm/cli#31](https://renovatebot.com/gh/npm/cli/pull/31) configurable audit level for non-zero exit `npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected. ([@lennym](https://renovatebot.com/gh/lennym)) ##### BUGFIXES - [`d81146181`](https://renovatebot.com/gh/npm/cli/commit/d8114618137bb5b9a52a86711bb8dc18bfc8e60c) [npm/cli#32](https://renovatebot.com/gh/npm/cli/pull/32) Don't check for updates to npm when we are updating npm itself. ([@olore](https://renovatebot.com/gh/olore)) ##### DEPENDENCY UPDATES A very special dependency update event! Since the [release of `node-gyp@3.8.0`](https://renovatebot.com/gh/nodejs/node-gyp/pull/1521), an awkward version conflict that was preventing `request` from begin flattened was resolved. This means two things: 1. We've cut down the npm tarball size by another 200kb, to 4.6MB 2. `npm audit` now shows no vulnerabilities for npm itself! Thanks, [@rvagg](https://renovatebot.com/gh/rvagg)! - [`866d776c2`](https://renovatebot.com/gh/npm/cli/commit/866d776c27f80a71309389aaab42825b2a0916f6) `request@2.87.0` ([@simov](https://renovatebot.com/gh/simov)) - [`f861c2b57`](https://renovatebot.com/gh/npm/cli/commit/f861c2b579a9d4feae1653222afcefdd4f0e978f) `node-gyp@3.8.0` ([@rvagg](https://renovatebot.com/gh/rvagg)) - [`32e6947c6`](https://renovatebot.com/gh/npm/cli/commit/32e6947c60db865257a0ebc2f7e754fedf7a6fc9) [npm/cli#39](https://renovatebot.com/gh/npm/cli/pull/39) `colors@1.1.2`: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. ([@iarna](https://renovatebot.com/gh/iarna)) - [`beb96b92c`](https://renovatebot.com/gh/npm/cli/commit/beb96b92caf061611e3faafc7ca10e77084ec335) `libcipm@2.0.1` ([@zkat](https://renovatebot.com/gh/zkat)) - [`348fc91ad`](https://renovatebot.com/gh/npm/cli/commit/348fc91ad223ff91cd7bcf233018ea1d979a2af1) `validate-npm-package-license@3.0.4`: Fixes errors with empty or string-only license fields. ([@Gudahtt](https://renovatebot.com/gh/Gudahtt)) - [`e57d34575`](https://renovatebot.com/gh/npm/cli/commit/e57d3457547ef464828fc6f82ae4750f3e511550) `iferr@1.0.2` ([@shesek](https://renovatebot.com/gh/shesek)) - [`46f1c6ad4`](https://renovatebot.com/gh/npm/cli/commit/46f1c6ad4b2fd5b0d7ec879b76b76a70a3a2595c) `tar@4.4.6` ([@isaacs](https://renovatebot.com/gh/isaacs)) - [`50df1bf69`](https://renovatebot.com/gh/npm/cli/commit/50df1bf691e205b9f13e0fff0d51a68772c40561) `hosted-git-info@2.7.1` ([@iarna](https://renovatebot.com/gh/iarna)) ([@Erveon](https://renovatebot.com/gh/Erveon)) ([@huochunpeng](https://renovatebot.com/gh/huochunpeng)) ##### DOCUMENTATION - [`af98e76ed`](https://renovatebot.com/gh/npm/cli/commit/af98e76ed96af780b544962aa575585b3fa17b9a) [npm/cli#34](https://renovatebot.com/gh/npm/cli/pull/34) Remove `npm publish` from list of commands not affected by `--dry-run`. ([@joebowbeer](https://renovatebot.com/gh/joebowbeer)) - [`e2b0f0921`](https://renovatebot.com/gh/npm/cli/commit/e2b0f092193c08c00f12a6168ad2bd9d6e16f8ce) [npm/cli#36](https://renovatebot.com/gh/npm/cli/pull/36) Tweak formatting in repository field examples. ([@noahbenham](https://renovatebot.com/gh/noahbenham)) - [`e2346e770`](https://renovatebot.com/gh/npm/cli/commit/e2346e7702acccefe6d711168c2b0e0e272e194a) [npm/cli#14](https://renovatebot.com/gh/npm/cli/pull/14) Used `process.env` examples to make accessing certain `npm run-scripts` environment variables more clear. ([@mwarger](https://renovatebot.com/gh/mwarger)) ### [`v6.3.0`](https://renovatebot.com/gh/npm/cli/blob/master/CHANGELOG.md#v630-2018-08-01) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v6.2.0...v6.3.0) This is basically the same as the prerelease, but two dependencies have been bumped due to bugs that had been around for a while. - [`0a22be42e`](https://renovatebot.com/gh/npm/cli/commit/0a22be42eb0d40cd0bd87e68c9e28fc9d72c0e19) `figgy-pudding@3.2.0` ([@zkat](https://renovatebot.com/gh/zkat)) - [`0096f6997`](https://renovatebot.com/gh/npm/cli/commit/0096f69978d2f40b170b28096f269b0b0008a692) `cacache@11.1.0` ([@zkat](https://renovatebot.com/gh/zkat)) ### [`v6.2.0`](https://renovatebot.com/gh/npm/cli/blob/master/CHANGELOG.md#v620-2018-07-13) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v6.1.0...v6.2.0) In case you missed it, [we moved!](https://blog.npmjs.org/post/175587538995/announcing-npmcommunity). We look forward to seeing future PRs landing in [npm/cli](https://renovatebot.com/gh/npm/cli) in the future, and we'll be chatting with you all in [npm.community](https://npm.community). Go check it out! This final release of `npm@6.2.0` includes a couple of features that weren't quite ready on time but that we'd still like to include. Enjoy! ##### FEATURES - [`244b18380`](https://renovatebot.com/gh/npm/npm/commit/244b18380ee55950b13c293722771130dbad70de) [#20554](https://renovatebot.com/gh/npm/npm/pull/20554) Add support for tab-separated output for `npm audit` data with the `--parseable` flag. ([@luislobo](https://renovatebot.com/gh/luislobo)) - [`7984206e2`](https://renovatebot.com/gh/npm/npm/commit/7984206e2f41b8d8361229cde88d68f0c96ed0b8) [#12697](https://renovatebot.com/gh/npm/npm/pull/12697) Add new `sign-git-commit` config to control whether the git commit itself gets signed, or just the tag (which is the default). ([@tribou](https://renovatebot.com/gh/tribou)) ##### FIXES - [`4c32413a5`](https://renovatebot.com/gh/npm/npm/commit/4c32413a5b42e18a34afb078cf00eed60f08e4ff) [#19418](https://renovatebot.com/gh/npm/npm/pull/19418) Do not use `SET` to fetch the env in git-bash or Cygwin. ([@gucong3000](https://renovatebot.com/gh/gucong3000)) ##### DEPENDENCY BUMPS - [`d9b2712a6`](https://renovatebot.com/gh/npm/npm/commit/d9b2712a670e5e78334e83f89a5ed49616f1f3d3) `request@2.81.0`: Downgraded to allow better deduplication. This does introduce a bunch of `hoek`-related audit reports, but they don't affect npm itself so we consider it safe. We'll upgrade `request` again once `node-gyp` unpins it. ([@simov](https://renovatebot.com/gh/simov)) - [`2ac48f863`](https://renovatebot.com/gh/npm/npm/commit/2ac48f863f90166b2bbf2021ed4cc04343d2503c) `node-gyp@3.7.0` ([@MylesBorins](https://renovatebot.com/gh/MylesBorins)) - [`8dc6d7640`](https://renovatebot.com/gh/npm/npm/commit/8dc6d76408f83ba35bda77a2ac1bdbde01937349) `cli-table3@0.5.0`: `cli-table2` is unmaintained and required `lodash`. With this dependency bump, we've removed `lodash` from our tree, which cut back tarball size by another 300kb. ([@Turbo87](https://renovatebot.com/gh/Turbo87)) - [`90c759fee`](https://renovatebot.com/gh/npm/npm/commit/90c759fee6055cf61cf6709432a5e6eae6278096) `npm-audit-report@1.3.1` ([@zkat](https://renovatebot.com/gh/zkat)) - [`4231a0a1e`](https://renovatebot.com/gh/npm/npm/commit/4231a0a1eb2be13931c3b71eba38c0709644302c) Add `cli-table3` to bundleDeps. ([@iarna](https://renovatebot.com/gh/iarna)) - [`322d9c2f1`](https://renovatebot.com/gh/npm/npm/commit/322d9c2f107fd82a4cbe2f9d7774cea5fbf41b8d) Make `standard` happy. ([@iarna](https://renovatebot.com/gh/iarna)) ##### DOCS - [`5724983ea`](https://renovatebot.com/gh/npm/npm/commit/5724983ea8f153fb122f9c0ccab6094a26dfc631) [#21165](https://renovatebot.com/gh/npm/npm/pull/21165) Fix some markdown formatting in npm-disputes.md. ([@hchiam](https://renovatebot.com/gh/hchiam)) - [`738178315`](https://renovatebot.com/gh/npm/npm/commit/738178315fe48e463028657ea7ae541c3d63d171) [#20920](https://renovatebot.com/gh/npm/npm/pull/20920) Explicitly state that republishing an unpublished package requires a 72h waiting period. ([@gmattie](https://renovatebot.com/gh/gmattie)) - [`f0a372b07`](https://renovatebot.com/gh/npm/npm/commit/f0a372b074cc43ee0e1be28dbbcef0d556b3b36c) Replace references to the old repo or issue tracker. We're at npm/cli now! ([@zkat](https://renovatebot.com/gh/zkat)) ### [`v6.1.0`](https://renovatebot.com/gh/npm/cli/blob/master/CHANGELOG.md#v610-2018-05-17) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v6.0.1...v6.1.0) ##### FIX WRITE AFTER END ERROR First introduced in 5.8.0, this finally puts to bed errors where you would occasionally see `Error: write after end at MiniPass.write`. - [`171f3182f`](https://renovatebot.com/gh/npm/npm/commit/171f3182f32686f2f94ea7d4b08035427e0b826e) [node-tar#180](https://renovatebot.com/gh/npm/node-tar/issues/180) [npm.community#35](https://npm.community/t/write-after-end-when-installing-packages-with-5-8-and-later/35) `pacote@8.1.5`: Fix write-after-end errors. ([@zkat](https://renovatebot.com/gh/zkat)) ##### DETECT CHANGES IN GIT SPECIFIERS - [`0e1726c03`](https://renovatebot.com/gh/npm/npm/commit/0e1726c0350a02d5a60f5fddb1e69c247538625e) We can now determine if the commitid of a git dependency in the lockfile is derived from the specifier in the package.json and if it isn't we now trigger an update for it. ([@iarna](https://renovatebot.com/gh/iarna)) ##### OTHER BUGS - [`442d2484f`](https://renovatebot.com/gh/npm/npm/commit/442d2484f686e3a371b07f8473a17708f84d9603) [`2f0c88351`](https://renovatebot.com/gh/npm/npm/commit/2f0c883519f17c94411dd1d9877c5666f260c12f) [`631d30a34`](https://renovatebot.com/gh/npm/npm/commit/631d30a340f5805aed6e83f47a577ca4125599b2) When requesting the update of a direct dependency that was also a transitive dependency to a version incompatible with the transitive requirement and you had a lock-file but did not have a `node_modules` folder then npm would fail to provide a new copy of the transitive dependency, resulting in an invalid lock-file that could not self heal. ([@iarna](https://renovatebot.com/gh/iarna)) - [`be5dd0f49`](https://renovatebot.com/gh/npm/npm/commit/be5dd0f496ec1485b1ea3094c479dfc17bd50d82) [#20715](https://renovatebot.com/gh/npm/npm/pull/20715) Cleanup output of `npm ci` summary report. ([@legodude17](https://renovatebot.com/gh/legodude17)) - [`98ffe4adb`](https://renovatebot.com/gh/npm/npm/commit/98ffe4adb55a6f4459271856de2e27e95ee63375) Node.js now has a test that scans for things that look like conflict markers in source code. This was triggering false positives on a fixture in a test of npm's ability to heal lockfiles with conflicts in them. ([@iarna](https://renovatebot.com/gh/iarna)) ##### DEPENDENCY UPDATES - [`3f2e306b8`](https://renovatebot.com/gh/npm/npm/commit/3f2e306b884a027df03f64524beb8658ce1772cb) Using `npm audit fix`, replace some transitive dependencies with security issues with versions that don't have any. ([@iarna](https://renovatebot.com/gh/iarna)) - [`1d07134e0`](https://renovatebot.com/gh/npm/npm/commit/1d07134e0b157f7484a20ce6987ff57951842954) `tar@4.4.1`: Dropping to 4.4.1 from 4.4.2 due to [npm/node-tar#183](https://renovatebot.com/gh/npm/node-tar/issues/183) ([@zkat](https://renovatebot.com/gh/zkat)) ### [`v6.0.1`](https://renovatebot.com/gh/npm/cli/blob/master/CHANGELOG.md#v601-2018-05-09) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v6.0.0...v6.0.1) ##### AUDIT SHOULDN'T WAIT FOREVER This will likely be reduced further with the goal that the audit process shouldn't noticibly slow down your builds regardless of your network situation. - [`3dcc240db`](https://renovatebot.com/gh/npm/npm/commit/3dcc240dba5258532990534f1bd8a25d1698b0bf) Timeout audit requests eventually. ([@iarna](https://renovatebot.com/gh/iarna)) ##### Looking forward We're still a way from having node@11, so now's a good time to ensure we don't warn about being used with it. - [`ed1aebf55`](https://renovatebot.com/gh/npm/npm/commit/ed1aebf55) Allow node@11, when it comes. ([@iarna](https://renovatebot.com/gh/iarna)) ### [`v6.0.0`](https://renovatebot.com/gh/npm/cli/blob/master/CHANGELOG.md#v600-2018-04-20) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.10.0...v6.0.0) Hey y'all! Here's another `npm@6` release -- with `node@10` around the corner, this might well be the last prerelease before we tag `6.0.0`! There's two major features included with this release, along with a few miscellaneous fixes and changes. ##### EXTENDED `npm init` SCAFFOLDING Thanks to the wonderful efforts of [@jdalton](https://renovatebot.com/gh/jdalton) of lodash fame, `npm init` can now be used to invoke custom scaffolding tools! You can now do things like `npm init react-app` or `npm init esm` to scaffold an npm package by running `create-react-app` and `create-esm`, respectively. This also adds an `npm create` alias, to correspond to Yarn's `yarn create` feature, which inspired this. - [`008a83642`](https://renovatebot.com/gh/npm/npm/commit/008a83642e04360e461f56da74b5557d5248a726) [`ed81d1426`](https://renovatebot.com/gh/npm/npm/commit/ed81d1426776bcac47492cabef43f65e1d4ab536) [`833046e45`](https://renovatebot.com/gh/npm/npm/commit/833046e45fe25f75daffd55caf25599a9f98c148) [#20303](https://renovatebot.com/gh/npm/npm/pull/20303) Add an `npm init` feature that calls out to `npx` when invoked with positional arguments. ([@jdalton](https://renovatebot.com/gh/jdalton)) ##### DEPENDENCY AUDITING This version of npm adds a new command, `npm audit`, which will run a security audit of your project's dependency tree and notify you about any actions you may need to take. The registry-side services required for this command to work will be available on the main npm registry in the coming weeks. Until then, you won't get much out of trying to use this on the CLI. As part of this change, the npm CLI now sends scrubbed and cryptographically anonymized metadata about your dependency tree to your configured registry, to allow notifying you about the existence of critical security flaws. For details about how the CLI protects your privacy when it shares this metadata, see `npm help audit`, or [read the docs for `npm audit` online](https://renovatebot.com/gh/npm/npm/blob/release-next/doc/cli/npm-audit.md). You can disable this altogether by doing `npm config set audit false`, but will no longer benefit from the service. - [`f4bc648ea`](https://renovatebot.com/gh/npm/npm/commit/f4bc648ea7b19d63cc9878c9da2cb1312f6ce152) [#20389](https://renovatebot.com/gh/npm/npm/pull/20389) `npm-registry-fetch@1.1.0` ([@iarna](https://renovatebot.com/gh/iarna)) - [`594d16987`](https://renovatebot.com/gh/npm/npm/commit/594d16987465014d573c51a49bba6886cc19f8e8) [#20389](https://renovatebot.com/gh/npm/npm/pull/20389) `npm-audit-report@1.0.5` ([@iarna](https://renovatebot.com/gh/iarna)) - [`8c77dde74`](https://renovatebot.com/gh/npm/npm/commit/8c77dde74a9d8f9007667cd1732c3329e0d52617) [`1d8ac2492`](https://renovatebot.com/gh/npm/npm/commit/1d8ac2492196c4752b2e41b23d5ddc92780aaa24) [`552ff6d64`](https://renovatebot.com/gh/npm/npm/commit/552ff6d64a5e3bcecb33b2a861c49a3396adad6d) [`09c734803`](https://renovatebot.com/gh/npm/npm/commit/09c73480329e75e44fb8e55ca522f798be68d448) [#20389](https://renovatebot.com/gh/npm/npm/pull/20389) Add new `npm audit` command. ([@iarna](https://renovatebot.com/gh/iarna)) - [`be393a290`](https://renovatebot.com/gh/npm/npm/commit/be393a290a5207dc75d3d70a32973afb3322306c) [#20389](https://renovatebot.com/gh/npm/npm/pull/20389) Temporarily suppress git metadata till there's an opt-in. ([@iarna](https://renovatebot.com/gh/iarna)) - [`8e713344f`](https://renovatebot.com/gh/npm/npm/commit/8e713344f6e0828ddfb7733df20d75e95a5382d8) [#20389](https://renovatebot.com/gh/npm/npm/pull/20389) Document the new command. ([@iarna](https://renovatebot.com/gh/iarna)) - [#20389](https://renovatebot.com/gh/npm/npm/pull/20389) Default audit to off when running the npm test suite itself. ([@iarna](https://renovatebot.com/gh/iarna)) ##### MORE `package-lock.json` FORMAT CHANGES?! - [`820f74ae2`](https://renovatebot.com/gh/npm/npm/commit/820f74ae22b7feb875232d46901cc34e9ba995d6) [#20384](https://renovatebot.com/gh/npm/npm/pull/20384) Add `from` field back into package-lock for git dependencies. This will give npm the information it needs to figure out whether git deps are valid, specially when running with legacy install metadata or in `--package-lock-only` mode when there's no `node_modules`. This should help remove a significant amount of git-related churn on the lock-file. ([@zkat](https://renovatebot.com/gh/zkat)) ##### BUGFIXES - [`9d5d0a18a`](https://renovatebot.com/gh/npm/npm/commit/9d5d0a18a5458655275056156b5aa001140ae4d7) [#20358](https://renovatebot.com/gh/npm/npm/pull/20358) `npm install-test` (aka `npm it`) will no longer generate `package-lock.json` when running with `--no-package-lock` or `package-lock=false`. ([@raymondfeng](https://renovatebot.com/gh/raymondfeng)) - [`e4ed976e2`](https://renovatebot.com/gh/npm/npm/commit/e4ed976e20b7d1114c920a9dc9faf351f89a31c9) [`2facb35fb`](https://renovatebot.com/gh/npm/npm/commit/2facb35fbfbbc415e693d350b67413a66ff96204) [`9c1eb945b`](https://renovatebot.com/gh/npm/npm/commit/9c1eb945be566e24cbbbf186b0437bdec4be53fc) [#20390](https://renovatebot.com/gh/npm/npm/pull/20390) Fix a scenario where a git dependency had a comittish associated with it that was not a complete commitid. `npm` would never consider that entry in the `package.json` as matching the entry in the `package-lock.json` and this resulted in inappropriate pruning or reinstallation of git dependencies. This has been addressed in two ways, first, the addition of the `from` field as described in [#20384](https://renovatebot.com/gh/npm/npm/pull/20384) means we can exactly match the `package.json`. Second, when that's missing (when working with older `package-lock.json` files), we assume that the match is ok. (If it's not, we'll fix it up when a real installation is done.) ([@iarna](https://renovatebot.com/gh/iarna)) ##### DEPENDENCIES - [`1c1f89b73`](https://renovatebot.com/gh/npm/npm/commit/1c1f89b7319b2eef6adee2530c4619ac1c0d83cf) `libnpx@10.2.0` ([@zkat](https://renovatebot.com/gh/zkat)) - [`242d8a647`](https://renovatebot.com/gh/npm/npm/commit/242d8a6478b725778c00be8ba3dc85f367006a61) `pacote@8.1.0` ([@zkat](https://renovatebot.com/gh/zkat)) ##### DOCS - [`a1c77d614`](https://renovatebot.com/gh/npm/npm/commit/a1c77d614adb4fe6769631b646b817fd490d239c) [#20331](https://renovatebot.com/gh/npm/npm/pull/20331) Fix broken link to 'private-modules' page. The redirect went away when the new npm website went up, but the new URL is better anyway. ([@vipranarayan14](https://renovatebot.com/gh/vipranarayan14)) - [`ad7a5962d`](https://renovatebot.com/gh/npm/npm/commit/ad7a5962d758efcbcfbd9fda9a3d8b38ddbf89a1) [#20279](https://renovatebot.com/gh/npm/npm/pull/20279) Document the `--if-present` option for `npm run-script`. ([@aleclarson](https://renovatebot.com/gh/aleclarson)) ### [`v5.10.0`](https://renovatebot.com/gh/npm/cli/compare/v5.8.0...v5.10.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.8.0...v5.10.0) ### [`v5.8.0`](https://renovatebot.com/gh/npm/cli/compare/v5.7.1...v5.8.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.7.1...v5.8.0) ### [`v5.7.1`](https://renovatebot.com/gh/npm/cli/compare/v5.7.0...v5.7.1) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.7.0...v5.7.1) ### [`v5.7.0`](https://renovatebot.com/gh/npm/cli/compare/v5.6.0...v5.7.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.6.0...v5.7.0) ### [`v5.6.0`](https://renovatebot.com/gh/npm/cli/compare/v5.5.1...v5.6.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.5.1...v5.6.0) ### [`v5.5.1`](https://renovatebot.com/gh/npm/cli/compare/v5.5.0...v5.5.1) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.5.0...v5.5.1) ### [`v5.5.0`](https://renovatebot.com/gh/npm/cli/compare/v5.4.2...v5.5.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.4.2...v5.5.0) ### [`v5.4.2`](https://renovatebot.com/gh/npm/cli/compare/v5.4.1...v5.4.2) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.4.1...v5.4.2) ### [`v5.4.1`](https://renovatebot.com/gh/npm/cli/compare/v5.4.0...v5.4.1) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.4.0...v5.4.1) ### [`v5.4.0`](https://renovatebot.com/gh/npm/cli/compare/v5.3.0...v5.4.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.3.0...v5.4.0) ### [`v5.3.0`](https://renovatebot.com/gh/npm/cli/compare/v5.2.0...v5.3.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.2.0...v5.3.0) ### [`v5.2.0`](https://renovatebot.com/gh/npm/cli/compare/v5.1.0...v5.2.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.1.0...v5.2.0) ### [`v5.1.0`](https://renovatebot.com/gh/npm/cli/compare/v5.0.4...v5.1.0) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.0.4...v5.1.0) ### [`v5.0.4`](https://renovatebot.com/gh/npm/cli/compare/v5.0.3...v5.0.4) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.0.3...v5.0.4) ### [`v5.0.3`](https://renovatebot.com/gh/npm/cli/compare/v5.0.2...v5.0.3) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.0.2...v5.0.3) ### [`v5.0.2`](https://renovatebot.com/gh/npm/cli/compare/v5.0.1...v5.0.2) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.0.1...v5.0.2) ### [`v5.0.1`](https://renovatebot.com/gh/npm/cli/compare/v5.0.0...v5.0.1) [Compare Source](https://renovatebot.com/gh/npm/cli/compare/v5.0.0...v5.0.1)Renovate configuration
:date: Schedule: At any time (no schedule defined).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "
rebase!".:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot. View repository job log here.