chore(deps): update npm to v11#57
Conversation
|
Warning Review limit reached
More reviews will be available in 4 minutes and 54 seconds. Learn how PR review limits work. To continue reviewing without waiting, enable usage-based billing in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
This PR contains the following updates:
10.9.8+sha512.7d8c1be8e0d298792aac9410682c58dccda53dffe6a600bb8a4d074b3cc8c06e421ad69b469e1b36a8a46adbc2a13e366f920d412aae7551f447bc95982f6156→11.17.0Release Notes
npm/cli (npm)
v11.17.0Compare Source
v11.16.0Compare Source
Features
4b67f6e#9416 publish --access=private alias for restricted (#9416) (@github-actions[bot], @reggi, @Copilot)a10c7ca#9415 Phase 1 ofallowScriptsopt-in install-script policy (#9360) (#9415) (@owlstronaut, @JamieMagee)Bug Fixes
1f7869b#9411 fix typo of fullMetadata (@owlstronaut)cde03ba#9390 config: pause progress spinner during interactive editor spawn (#9388) (@github-actions[bot], @Zelys-DFKH, @claude)Documentation
c5e9d73#9390 Documentnpm_old_versionandnpm_new_versionenvironment variables (#9389) (@github-actions[bot], @36degrees)Dependencies
cdd7bbc#9421undici@6.26.0fde87c9#9421sigstore@4.1.12779793#9421lru-cache@11.5.1dea702d#9421@sigstore/verify@3.1.14eab03f#9421@sigstore/core@3.2.174c7323#9421@npmcli/agent@4.0.2edc4ab3#9421semver@7.8.15f6ce33#9421make-fetch-happen@15.0.6Chores
bd04976#9421 dev dependency updates (@owlstronaut)aeceb23#9407 sanitize newlines in flags table default and type values (#9407) (@reggi, @Copilot)@npmcli/arborist@9.7.0@npmcli/config@10.10.0libnpmdiff@8.1.9libnpmexec@10.2.9libnpmfund@7.0.23libnpmpack@9.1.9libnpmversion@8.0.4v11.15.0Compare Source
Features
0d5d899#9379 npm stage (@reggi, @Copilot)1433740#9376 add permissions support to trust commands (#9376) (@github-actions[bot], @reggi, @Copilot)8df10f5#9339 add allow-git/allow-file/allow-directory/allow-remote configs (@owlstronaut)Bug Fixes
39b625e#9381 key stage download --json output by package name (#9381) (@reggi, @Copilot)6aa332d#9339 allow min-release-age in npmrc to coexist with --before (@raazkhnl)468550f#9339 refactor #failureNode, adjust tests and safety (@owlstronaut)cabe249#9339 allow-remote=none does not block registry tarballs (@owlstronaut)Dependencies
8416a60#9383socks@2.8.95e5a25b#9383lru-cache@11.5.0a6f9ad2#9383ip-address@10.2.063f8114#9383brace-expansion@5.0.66918b4c#9383bin-links@6.0.2bf84079#9383tar@7.5.15bdef82c#9383semver@7.8.03f38a67#9383hosted-git-info@9.0.3Chores
816f3bf#9383 dev dependency updates (@owlstronaut)@npmcli/arborist@9.6.0@npmcli/config@10.9.1libnpmdiff@8.1.8libnpmexec@10.2.8libnpmfund@7.0.22libnpmpack@9.1.8libnpmpublish@11.2.0v11.14.1Compare Source
Bug Fixes
dca12cb#9328 remove settings (#9328) (@github-actions[bot], @owlstronaut)v11.14.0Compare Source
Features
45fc5e0#9288 add allow-directory, allow-file, and allow-remote (#9288) (@github-actions[bot], @wraithgar)Bug Fixes
6c17544#9318 sbom: dedupe per-node dependsOn / relationships (#9318) (@github-actions[bot], @mikaelkristiansson)Dependencies
840fe18#9322socks@10.1.1b771289#9322ip-address@10.1.1addffcb#9322cidr-regex@5.0.5Chores
041fd58#9322 dev dependency updates (@owlstronaut)89c505a#9320 add cli-triage team as codeowner (#9320) (@github-actions[bot], @owlstronaut)@npmcli/arborist@9.5.0@npmcli/config@10.9.0libnpmdiff@8.1.7libnpmexec@10.2.7libnpmfund@7.0.21libnpmpack@9.1.7v11.13.0Compare Source
v11.12.1Compare Source
Bug Fixes
596706a#9148 revert prefer-offline/prefer-online exclusivity (#9129) (@owlstronaut)Documentation
d1ee8a5#9140 Add note on relative path prefix for npm publish (#9140) (@pydsigner)Dependencies
@npmcli/config@10.8.1v11.12.0Compare Source
Features
8eff5fb#9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@mitchdenny)Bug Fixes
03af94d#9123 skip synopsis code block when command has no usage (@owlstronaut)21ea382#9110 arborist: resolve sibling override sets via common ancestor (#9110) (@manzoorwanijk)Dependencies
03f4c3a#9131@sigstore/tuf@4.0.24d5f7d9#9131@gar/promise-retry@1.0.38dcfe69#9131@sigstore/sign@4.1.1e5a7e22#9127lru-cache@11.2.782deab6#9127make-fetch-happen@15.0.5ce195dc#9127cacache@20.0.4Chores
95fa7f4#9132 fix docs test snapshot (#9132) (@wraithgar)7e9d538#9127 dev dependency updates (@wraithgar)920e5ed#9127 test snapshots (@wraithgar)98ccf92#9125 fix snap tests (@owlstronaut)@npmcli/arborist@9.4.2@npmcli/config@10.8.0libnpmdiff@8.1.5libnpmexec@10.2.5libnpmfund@7.0.19libnpmpack@9.1.5v11.11.1Compare Source
Bug Fixes
a9d242b#9099 include all subcommands on main command help (#9099) (@wraithgar)29b8407#9087 unwrap comments and lines meant for output (#9087) (@wraithgar)b56986a#9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#9095) (@manzoorwanijk)76c76e5#9083 ci: don't error on optional deps in the lockfile (#9083) (@wraithgar)a29aeee#9028 arborist: retry bin-links on Windows EPERM (#9028) (@manzoorwanijk)6565eeb#9045 bypass packument cache to prevent ETARGET errors after publish (#9045) (@Jadu07)Documentation
3b96929#9074 scripts: remove mention of obsolete root user behavior (#9074) (@mohd-akram)16ac4e0#9054 fix workspace cross-dependency documentation (@owlstronaut)Dependencies
075ae23#9086tar@7.5.1113fa40d#9086pacote@21.5.0bf7ea2b#9060brace-expansion@5.0.42000d2c#9060minimatch@10.2.4d86b260#9060tar@7.5.10dff1853#9060@npmcli/run-script@10.0.493c3365#9060write-file-atomic@7.0.1Chores
d1996a7#9060 dev dependency updates (@wraithgar)@npmcli/arborist@9.4.1libnpmdiff@8.1.4libnpmexec@10.2.4libnpmfund@7.0.18libnpmpack@9.1.4v11.11.0Compare Source
Features
4fcd352#9017 add :type(registry) to query selector syntax (#9017) (@wraithgar)e1b21f0#8909 adds circleci to trust command (#8909) (@owlstronaut)9a33ad0#8925 adds circleci to oidc (#8925) (@owlstronaut)Bug Fixes
4426411#9026 npm audit signatures for keyless attestation registries (#9026) (@ajayk)658b323#9010 handle legacy licenses array in sbom output (#9010) (@JNC4)Documentation
143f8cd#9007 docs shouldn't wrap yaml description (#9007) (@owlstronaut)Dependencies
7798b6e#9027@gar/promise-retry@1.0.24838864#9027balanced-match@4.0.40c200dd#9027brace-expansion@5.0.3f0606bb#9027spdx-license-ids@3.0.23d43f350#9027make-fetch-happen@15.0.44d0918a#9027@npmcli/git@7.0.28912ca7#9027minipass-fetch@5.0.2450ff35#9027npm-packlist@10.0.420ef5a5#9027pacote@21.4.060f332c#9008 remove promise-retrycb8b9c7#9008 add@gar/promise-retry@1.0.0@npmcli/arborist@9.4.0libnpmdiff@8.1.3libnpmexec@10.2.3libnpmfund@7.0.17libnpmpack@9.1.3v11.10.1Compare Source
Bug Fixes
9fac412#8995 improve unknown config warning with .npmrc section hint (#8995) (@umeshmore45)bb135cc#8981 arborist: fixpeerOptionaldependency resolution inbuildIdealTree(#8981) (@Saibamen, @cursoragent)5c03826#8993 remove tabular output from "npm view" (@wraithgar)4648f26#8993 remove tabular output from "npm team" (@wraithgar)Documentation
0a5756d#8998 clarify unsupported custom .npmrc keys and recommend alternatives (#8998) (@maitrawebtech)22c9153#8985 fix typo and grammar in README (#8985) (@csmit195, Chris)Dependencies
aa8ffbf#9002init-package-json@8.2.5(#9002)67a0f09#9001glob@13.0.656b8fd4#9001minimatch@10.2.2aa7fef5#9001minipass@7.1.3d3a4161#9000@npmcli/package-json@7.0.5(#9000)7aa9338#8993 remove cli-columnsf7f7c53#8991 hoist balanced-match10cb575#8991 hoist latest yallist1b3dc9a#8991cidr-regex@5.0.34307af6#8991glob@13.0.513b4d6a#8991minimatch@10.2.145d4000#8991tar@7.5.9Chores
40fcab4#8991@npmcli/template-oss@4.29.0(@wraithgar)1598adb#8991 dev dependency updates (@wraithgar)@npmcli/arborist@9.3.1@npmcli/config@10.7.1libnpmdiff@8.1.2libnpmexec@10.2.2libnpmfund@7.0.16libnpmpack@9.1.2v11.10.0Compare Source
Features
cf56a1e#8899 npm trust, per-command config (@reggi)cf56a1e#8899 npm trust (@reggi)66d6e11#8965 add min-release-age (#8965) (@wraithgar)Dependencies
aae84bf#8973pacote@21.3.18bcb675#8973cidr-regex@5.0.2f87aaab#8973lru-cache@11.2.6acec871#8973ssri@13.0.11e42a86#8973glob@13.0.2e1c08a4#8973is-cidr@6.0.3dfb0e34#8973semver@7.7.40ee7776#8973which@6.0.1Chores
eb81df8#8973 dev dependency updates (@wraithgar)995e757#8966 Clean up some todos, add tests for previously skipped blocks (@owlstronaut)@npmcli/arborist@9.3.0@npmcli/config@10.7.0libnpmdiff@8.1.1libnpmexec@10.2.1libnpmfund@7.0.15libnpmpack@9.1.1v11.9.0Compare Source
Features
f5f6cf7#8943 config: add --allow-git (@wraithgar)Bug Fixes
2242f25#8952 webauth: improve error messages around webauth in non-TTY (#8952) (@Andarist)Dependencies
332c9f3#8960glob@13.0.1eca02c7#8960minimatch@10.1.2@isaacs/brace-expansion@5.0.1b3f8475#8951minipass-fetch@5.0.1924171b#8951is-cidr@6.0.24404002#8951ci-info@4.4.0b65af73#8951lru-cache@11.2.5164c355#8951tar@7.5.7a74a19c#8951node-gyp@12.2.0e0bc212#8943pacote@21.1.0Chores
4a82a8f#8951 dev dependency updates (@wraithgar)@npmcli/arborist@9.2.0@npmcli/config@10.6.0libnpmdiff@8.1.0libnpmexec@10.2.0libnpmfund@7.0.14libnpmpack@9.1.0v11.8.0Compare Source
Features
545e861#8828 show proxy environment variables in npm config list (Max Black)Bug Fixes
c2f784d#8859 preserve serialNumber UUID in CycloneDX SBOM output #8837 (#8859) (@saksham-malhotra-27)f2c3af7#8840 more intuitive byte formatting boundaries for rounding (#8840) (@watilde)Documentation
3474ec3#8866 fix typo/logic error in npm-dedupe docs (#8866) (@Schweinepriester)5552e46#8797 npm-install: explain package-lock.json behavior (#8797) (@MaxBlack-dev, Max Black)Dependencies
f478ca0#8919postcss-selector-parser@7.1.12b6a71f#8919path-scurry@2.0.119096f2#8919sigstore@4.1.0e7f5d1e#8919lru-cache@11.2.49e756ae#8919ip-address@10.1.0f951820#8919common-ancestor-path@2.0.07a949ad#8919@sigstore/verify@3.1.06979ce1#8919@sigstore/sign@4.1.0b4a6a41#8919@sigstore/core@3.1.0dc8a8e8#8919@sigstore/tuf@4.0.1be221ea#8919validate-npm-package-name@7.0.2149823d#8919diff@8.0.332b2001#8919tar@7.5.4Chores
8f599df#8919 pin jsdom to 27.0.0 (@wraithgar)f4f1161#8919 dev dependency updates (@wraithgar)@npmcli/arborist@9.1.10@npmcli/config@10.5.0libnpmdiff@8.0.13libnpmexec@10.1.12libnpmfund@7.0.13libnpmpack@9.0.13v11.7.0Compare Source
Features
b380d15#8697 add deduping to notices unless in verbose+ mode (@owlstronaut)Bug Fixes
4ebb831#8839 updates hints to use cli paradigm (@owlstronaut)7896e51#8838 update the token list text (@owlstronaut)8ab8668#8836 query: support package-lock-only in workspaces (@watilde)35e8d38#8322 properly handle newlines with input when using the spinner (#8322) (@mbtools)0c0faae#8780 adduser: improve email prompt (#8780) (@mbtools)Documentation
7f2ab9d#8810 scripts: replace deprecated prepublish and install examples with prepare (Max Black)91ebab7#8847 remove note about token create being disabled (@owlstronaut)2030250#8822 scripts: clarify prepare script runs with --production (Max Black)33a50d7#8821 scripts: update npm_package_* environment variables documentation (Max Black)50508f9#8793 package-json: add documentation for type field (#8793) (@MaxBlack-dev, Max Black)aa1dd7e#8823 scripts: document that prepare scripts run concurrently in workspaces (Max Black)3f48487#8820 package-spec: fix alias syntax in examples (Max Black)dd104da#8812 version: add note about git version requirements (Max Black)58afdcc#8792 install: clarify prerelease version range behavior (Max Black)9f818e8#8795 npm-view: clarify object property access syntax and provide examples (Max Black)39c2f2e#8791 add examples for command line flags including --prefix (Max Black)1298530#8790 clarify version field can be omitted in package-lock (Max Black)090b6ca#8794 npx: clarify that arguments are passed to executed command (Max Black)a864f80#8787 document gypfile field in package.json (Max Black)2fc689d#8788 add field access patterns to npm view (Max Black)4850639#8796 package-json: add examples for replacing dependencies with forks in overrides (Max Black)4864dd4#8798 npm-install: document engines field priority when installing packages (Max Black)95d25cd#8799 package-json: clarify repository field normalization during publish (Max Black)a367f9b#8800 package-lock-json: clarify that version field may be omitted for certain dependencies (Max Black)ffc9b71#8801 npm-install: clarify --tag does not override package.json (#8801) (@MaxBlack-dev, Max Black)73688ca#8735 clarify npm version behavior with prerelease versions (#8735) (@yashwantbezawada)4a32606#8785 updates the token create documentation (#8785) (@owlstronaut, @wraithgar)Chores
54929ce#8836 update baseline-browser-mapping (@watilde)Dependencies
@npmcli/arborist@9.1.9@npmcli/config@10.4.5libnpmdiff@8.0.12libnpmexec@10.1.11libnpmfund@7.0.12libnpmpack@9.0.12v11.6.4Compare Source
Documentation
dfb83c7#8749 add example for keywords field (#8749) (@MaxBlack-dev, Max Black)1b1e227#8750 remove outdated roadmap link (#8750) (@MaxBlack-dev, Max Black)1333d57#8752 clarify .npmrc naming conventionConfiguration
📅 Schedule: (in timezone Asia/Shanghai)
* 0-3 1,15 * *)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.