From 8e6bca456f91094bb25cdcfe36e10a37d682d8f1 Mon Sep 17 00:00:00 2001 From: muxator Date: Sun, 20 Oct 2019 01:47:01 +0200 Subject: [PATCH] dependencies: upgrade npm 6.10.3 -> 6.12.0 This upgrade should be backward compatible, but still suffers form major vulnerabilities in its https-proxy-agent transitive dependency (see https://www.npmjs.com/advisories/1184). Changelog: - https://github.com/npm/cli/releases 6.12.0 (2019-10-08): Now npm ci runs prepare scripts for git dependencies, and respects the --no-optional argument. Warnings for engine mismatches are printed again. Various other fixes and cleanups. BUG FIXES 890b245dc #252 ci: add dirPacker to options (@claudiahdz) f3299acd0 #257 npm.community#4792 warn message on engine mismatch (@ruyadorno) bbc92fb8f #259 npm.community#10288 Fix figgyPudding error in npm token (@benblank) 70f54dcb5 #241 doctor: Make OK more consistent (@gemal) FEATURES ed993a29c #249 Add CI environment variables to user-agent (@isaacs) f6b0459a4 #248 Add option to save package-lock without formatting Adds a new config --format-package-lock, which defaults to true. (@bl00mber) DEPENDENCIES 0ca063c5d npm-lifecycle@3.1.4: fix: filter functions and undefined out of makeEnv (@isaacs) 5df6b0ea2 libcipm@4.0.4: fix: pack git directories properly (@claudiahdz) respect no-optional argument (@cruzdanilo) 7e04f728c tar@4.4.12 5c380e5a3 stringify-package@1.0.1 (@isaacs) 62f2ca692 node-gyp@5.0.5 (@isaacs) 0ff0ea47a npm-install-checks@3.0.2 (@isaacs) f46edae94 hosted-git-info@2.8.5 (@isaacs) TESTING 44a2b036b #262 fix root-ownership race conditions in meta-test (@isaacs) 6.11.3 (2019-09-03): Fix npm ci regressions and npm outdated depth. BUG FIXES 235ed1d28 #239 Don't override user specified depth in outdated. Restores ability to update packages using --depth as suggested by npm audit. (@G-Rath) 1fafb5151 #242 npm.community#9586 Revert "install: do not descend into directory deps' child modules" (@isaacs) cebf542e6 #243 npm.community#9720 ci: pass appropriate configs for file/dir modes (@isaacs) DEPENDENCIES e5fbb7ed1 read-cmd-shim@1.0.4 (@claudiahdz) 23ce65616 npm-pick-manifest@3.0.2 (@claudiahdz) 6.11.2 (2019-08-22): Fix a recent Windows regression, and two long-standing Windows bugs. Also, get CI running on Windows, so these things are less likely in the future. DEPENDENCIES 9778a1b87 cmd-shim@3.0.3: Fix regression where shims fail to preserve exit code (@isaacs) bf93e91d8 npm-package-arg@6.1.1: Properly handle git+file: urls on Windows when a drive letter is included. (@isaacs) BUGFIXES 6cc4cc66f escape args properly on Windows Bash Despite being bash, Node.js running on windows git mingw bash still executes child processes using cmd.exe. As a result, arguments in this environment need to be escaped in the style of cmd.exe, not bash. (@isaacs) TESTS 291aba7b8 make tests pass on Windows (@isaacs) fea3a023a travis: run tests on Windows as well (@isaacs) 6.11.1 (2019-08-20): Fix a regression for windows command shim syntax. 37db29647 cmd-shim@3.0.2 (@isaacs) v6.11.0 (2019-08-20): A few meaty bugfixes, and introducing peerDependenciesMeta. FEATURES a12341088 #224 Implements peerDependenciesMeta (@arcanis) 2f3b79bba #234 add new forbidden 403 error code (@claudiahdz) BUGFIXES 24acc9fc8 and 45772af0d #217 npm.community#8863 npm.community#9327 do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages (@isaacs and @salomvary) 50cfe113d #229 fixed typo in semver doc (@gall0ws) e8fb2a1bd #231 Fix spelling mistakes in CHANGELOG-3.md (@XhmikosR) 769d2e057 npm/uid-number#7 Better error on invalid --user/--group configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. (@isaacs) 8b43c9624 nodejs/node#28987 npm.community#6032 npm.community#6658 npm.community#6069 npm.community#9323 Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. (@isaacs) 8b85eaa47 save files with inferred ownership rather than relying on SUDO_UID and SUDO_GID. (@isaacs) b7f6e5f02 Infer ownership of shrinkwrap files (@isaacs) 54b095d77 #235 Add spec to dist-tag remove function (@theberbie) DEPENDENCIES dc8f9e52f pacote@9.5.7: Infer the ownership of all unpacked files in node_modules, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. (@isaacs) bb33940c3 cmd-shim@3.0.0: 9c93ac3 #2 npm#3380 Handle environment variables properly (@basbossink) 2d277f8 #25 #36 #35 Fix 'no shebang' case by always providing $basedir in shell script (@igorklopov) adaf20b #26 Fix $* causing an error when arguments contain parentheses (@satazor) 49f0c13 #30 Fix paths for MSYS/MINGW bash (@dscho) 51a8af3 #34 Add proper support for PowerShell (@ExE-Boss) 4c37e04 #10 Work around quoted batch file names (@isaacs) a4e279544 npm-lifecycle@3.1.3 (@isaacs): fail properly if uid-number raises an error 7086a1809 libcipm@4.0.3 (@isaacs) 8845141f9 read-package-json@2.1.0 (@isaacs) 51c028215 bin-links@1.1.3 (@isaacs) 534a5548c read-cmd-shim@1.0.3 (@isaacs) 3038f2fd5 gentle-fs@2.2.1 (@isaacs) a609a1648 graceful-fs@4.2.2 (@isaacs) f0346f754 cacache@12.0.3 (@isaacs) ca9c615c8 npm-pick-manifest@3.0.0 (@isaacs) b417affbf pacote@9.5.8 (@isaacs) TESTS b6df0913c #228 Proper handing of /usr/bin/node lifecycle-path test (@olivr70) aaf98e88c npm-registry-mock@1.3.0 (@isaacs) --- src/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/package.json b/src/package.json index df6ca284f..5edb8d940 100644 --- a/src/package.json +++ b/src/package.json @@ -49,7 +49,7 @@ "log4js": "0.6.35", "measured-core": "1.11.2", "nodeify": "^1.0.1", - "npm": "6.10.3", + "npm": "6.12.0", "object.values": "^1.0.4", "request": "2.88.0", "resolve": "1.1.7",