Update npm to v9 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
npm (source)	^8 -> ^9.0.0

---

Release Notes

npm/cli

v9.2.0

Compare Source

Features

• cf57ffa #​5888 discrete npm doctor commands (#​5888) (@​wraithgar)

Bug Fixes

• dfd5d46 #​5932 ignore implicit workspaces for completion (#​5932) (@​wraithgar)

Dependencies

• 2f2b146 #​5936 npm-packlist@7.0.4 (#​5936)
• 372d158 #​5935 minimatch@5.1.1 (#​5935)
• 0e6c28b #​5934 ci-info@3.7.0 (#​5934)
• 0a3fe00 #​5933 minipass@4.0.0
• 6b77340 tar@6.1.13
• cf0a174 ssri@10.0.1
• 3da9a1a pacote@15.0.7
• fee9b66 npm-registry-fetch@14.0.3
• e940917 cacache@17.0.3
• 875bd56 npm-package-arg@10.1.0
• 280b7a4 #​5927 npm-packlist@7.0.3
• Workspace: @npmcli/arborist@6.1.5
• Workspace: libnpmaccess@7.0.1
• Workspace: libnpmdiff@5.0.6
• Workspace: libnpmexec@5.0.6
• Workspace: libnpmfund@4.0.6
• Workspace: libnpmhook@9.0.1
• Workspace: libnpmorg@5.0.1
• Workspace: libnpmpack@5.0.6
• Workspace: libnpmpublish@7.0.6
• Workspace: libnpmsearch@6.0.1
• Workspace: libnpmteam@5.0.1

v9.1.3

Compare Source

Bug Fixes

• ffbdea2 #​5894 npm pack filename on scoped packages (#​5894) (@​HenryNguyen5)
• c26d708 #​5884 validate username at get-identity (#​5884) (@​sosoba, @​nlf)

Documentation

• ea948dc #​5881 update description of npm exec (#​5881) (@​styfle, @​wraithgar)
• 40f2c21 #​5865 ci-info url (#​5865) (@​wraithgar)
• 681a45b #​5875 run the comand for directory workspaces (#​5875) (@​1aron)
• 681a45b #​5875 add workspace directory example (#​5875) (@​1aron)

Dependencies

• Workspace: @npmcli/arborist@6.1.4
• Workspace: libnpmdiff@5.0.5
• Workspace: libnpmexec@5.0.5
• Workspace: libnpmfund@4.0.5
• Workspace: libnpmpack@5.0.5
• Workspace: libnpmpublish@7.0.5

v9.1.2

Compare Source

Bug Fixes

• d9654cf #​5861 remove unwanted package.json entries (#​5861) (@​wraithgar)

Dependencies

• a351685 #​5858 move from @​npmcli/ci-detect to ci-info (#​5858)
• Workspace: @npmcli/arborist@6.1.3
• Workspace: libnpmdiff@5.0.4
• Workspace: libnpmexec@5.0.4
• Workspace: libnpmfund@4.0.4
• Workspace: libnpmpack@5.0.4
• Workspace: libnpmpublish@7.0.4

v9.1.1

Compare Source

Documentation

• 1bff064 #​5819 config: document npm config fix (#​5819) (@​wraithgar)

Dependencies

• 335c7e4 #​5813 cacache@17.0.2
• 878ddfb @npmcli/fs@3.1.0
• Workspace: @npmcli/arborist@6.1.2
• Workspace: libnpmdiff@5.0.3
• Workspace: libnpmexec@5.0.3
• Workspace: libnpmfund@4.0.3
• Workspace: libnpmpack@5.0.3
• Workspace: libnpmpublish@7.0.3

v9.1.0

Compare Source

Features

• 706b3d3 #​5779 set --no-audit when installing outside of a project (like --global) (@​fritzy)

Bug Fixes

• 1f5382d #​5789 don't set stdioString for any spawn/run-script calls (@​lukekarrys)
• 8fd614a use promiseSpawn.open instead of opener (@​nlf)
• 41843ad use an absolute path to notepad.exe by default, correct docs (@​nlf)
• 0c5834e #​5758 use hosted-git-info to parse registry urls (#​5758) (@​lukekarrys)

Documentation

• ce6745c #​5763 fixed some typos (#​5763) (@​AndrewDawes)

Dependencies

• b89c19e #​5795 cli-table3@​0.6.3
• 6b6dfca fastest-levenshtein@1.0.16
• 9972ed1 @npmcli/ci-detect@3.0.1
• 024e612 abbrev@2.0.0
• 66f9bcd nopt@7.0.0
• 5730d17 tar@6.1.12
• 2fef570 node-gyp@9.3.0
• abfb28b @npmcli/run-script@6.0.0
• 205e2fd pacote@15.0.6
• ac25863 remove opener, @npmcli/promise-spawn@6.0.1, @npmcli/run-script@5.1.1, @npmcli/git@4.0.3, pacote@15.0.5, which@3.0.0
• Workspace: @npmcli/arborist@6.1.1
• Workspace: @npmcli/config@6.1.0
• Workspace: libnpmdiff@5.0.2
• Workspace: libnpmexec@5.0.2
• Workspace: libnpmfund@4.0.2
• Workspace: libnpmpack@5.0.2
• Workspace: libnpmpublish@7.0.2
• Workspace: libnpmversion@4.0.1

v9.0.1

Compare Source

Documentation

• b5fadd0 #​5742 Better npx link (#​5742) (@​mrienstra)

Dependencies

• de6618e #​5757 @npmcli/promise-spawn@5.0.0 (#​5757)
• 5625274 #​5755 hosted-git-info@6.1.0 (#​5755)
• 32bdd68 #​5754 npm-packlist@7.0.2 (#​5754)
• Workspace: @npmcli/arborist@6.1.0
• Workspace: libnpmdiff@5.0.1
• Workspace: libnpmexec@5.0.1
• Workspace: libnpmfund@4.0.1
• Workspace: libnpmpack@5.0.1
• Workspace: libnpmpublish@7.0.1

v9.0.0

Compare Source

Features

• e3b004c #​5727 move cli and all workspaces out of prerelease mode (@​lukekarrys)

Dependencies

• Workspace: @npmcli/arborist@6.0.0
• Workspace: libnpmaccess@7.0.0
• Workspace: libnpmdiff@5.0.0
• Workspace: libnpmexec@5.0.0
• Workspace: libnpmfund@4.0.0
• Workspace: libnpmhook@9.0.0
• Workspace: libnpmorg@5.0.0
• Workspace: libnpmpack@5.0.0
• Workspace: libnpmpublish@7.0.0
• Workspace: libnpmsearch@6.0.0
• Workspace: libnpmteam@5.0.0
• Workspace: libnpmversion@4.0.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

Read more information about the use of Renovate Bot within Laminas.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code EBADENGINE
npm ERR! engine Unsupported engine
npm ERR! engine Not compatible with your version of node/npm: undefined
npm ERR! notsup Not compatible with your version of node/npm: undefined
npm ERR! notsup Required: {"npm":"^9.0.0","node":"^19"}
npm ERR! notsup Actual:   {"npm":"8.19.3","node":"v19.3.0"}

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-12-19T13_16_36_354Z-debug-0.log

[Ocramius]

Needs an update to package.json and package-lock.json:

npm ERR! notsup Required: {"npm":"^9.0.0","node":"^19"}
npm ERR! notsup Actual:   {"npm":"8.19.3","node":"v19.1.0"}

[internalsystemerror]

Dec 7th it will be available in node 19 so we just need to sit on this until then.

https://github.blog/changelog/2022-10-24-npm-v9-0-0-released/

[internalsystemerror]

npm 9 was merged into nodejs main, we're just waiting for a new nodejs release now I believe nodejs/node#45780

[internalsystemerror]

Node 19.3.0 has been released containing npm v9 https://github.com/nodejs/node/releases/tag/v19.3.0. This should be good to merge now, though I'm not sure why the renovate/artifacts job is still failing, I would think that would also show green now.

[internalsystemerror]

It still seems to be getting an npm constraint of 8 from somewhere:

Logs

DEBUG: latest commit(branch="renovate/npm-9.x")
{
  "branchName": "1.22.x",
  "latestCommitDate": "2022-12-12T01:00:39+00:00"
}
DEBUG: manager.getUpdatedPackageFiles() reuseExistingBranch=false(branch="renovate/npm-9.x")
DEBUG: npm.updateDependency(): engines.npm = ^9.0.0(branch="renovate/npm-9.x")
DEBUG: Updating npm in package.json(branch="renovate/npm-9.x")
DEBUG: Updated 1 package files(branch="renovate/npm-9.x")
DEBUG: Getting updated lock files(branch="renovate/npm-9.x")
DEBUG: Writing package.json files(branch="renovate/npm-9.x")
{
  "packageFiles": [
    "package.json"
  ]
}
DEBUG: Writing package-lock.json(branch="renovate/npm-9.x")
DEBUG: Writing any updated package files(branch="renovate/npm-9.x")
DEBUG: Writing package.json(branch="renovate/npm-9.x")
DEBUG: npmrc file found in repository(branch="renovate/npm-9.x")
DEBUG: Generating package-lock.json for .(branch="renovate/npm-9.x")
DEBUG: Spawning npm install to create ./package-lock.json(branch="renovate/npm-9.x")
DEBUG: Updating lock file only(branch="renovate/npm-9.x")
DEBUG: Using node constraint "^19" from package.json(branch="renovate/npm-9.x")
DEBUG: Setting CONTAINERBASE_CACHE_DIR to /tmp/containerbase(branch="renovate/npm-9.x")
DEBUG: Using docker to execute(branch="renovate/npm-9.x")
{
  "image": "sidecar"
}
DEBUG: Resolved unstable matching version(branch="renovate/npm-9.x")
{
  "toolName": "node",
  "constraint": "^19",
  "resolvedVersion": "v19.3.0"
}
DEBUG: Resolved stable matching version(branch="renovate/npm-9.x")
{
  "toolName": "npm",
  "constraint": "^8 <9",
  "resolvedVersion": "8.19.3"
}
DEBUG: containerbaseDir is separate from cacheDir(branch="renovate/npm-9.x")
DEBUG: No tag or tagConstraint specified for image: docker.io/renovate/sidecar(branch="renovate/npm-9.x")
DEBUG: Docker image is already prefetched: docker.io/renovate/sidecar@sha256:b3d5cc28d7437b0b926a91085b7ec7d17e48273e8b907f08546142b73b874d7a(branch="renovate/npm-9.x")
DEBUG: Executing command(branch="renovate/npm-9.x")
{
  "command": "docker run --rm --name=renovate_sidecar --label=renovate_child -v \"/mnt/renovate/gh/laminas/laminas-ci-matrix-action\":\"/mnt/renovate/gh/laminas/laminas-ci-matrix-action\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -v \"/tmp/containerbase\":\"/tmp/containerbase\" -e NPM_CONFIG_CACHE -e npm_config_store -e BUILDPACK_CACHE_DIR -e CONTAINERBASE_CACHE_DIR -w \"/mnt/renovate/gh/laminas/laminas-ci-matrix-action\" docker.io/renovate/sidecar bash -l -c \"install-tool node v19.3.0 && install-tool npm 8.19.3 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\""
}

[Ocramius]

Main CI broke anyway, due to npm/node being upgraded by GitHub? 🤔

[internalsystemerror]

I'm not sure why the artifacts job is still failing, this should be good to merge now.

[internalsystemerror]

The logs say that the error is with the lock file and its the same one listed here, installing npm 8 when 9 is required.

WARN: artifactErrors(branch="renovate/npm-9.x")
{
  "artifactErrors": [
    {
      "lockFile": "package-lock.json",
      "stderr": "npm ERR! code EBADENGINE\nnpm ERR! engine Unsupported engine\nnpm ERR! engine Not compatible with your version of node/npm: undefined\nnpm ERR! notsup Not compatible with your version of node/npm: undefined\nnpm ERR! notsup Required: {\"npm\":\"^9.0.0\",\"node\":\"^19\"}\nnpm ERR! notsup Actual:   {\"npm\":\"8.19.3\",\"node\":\"v19.3.0\"}\n\nnpm ERR! A complete log of this run can be found in:\nnpm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-12-19T13_16_36_354Z-debug-0.log\n"
    }
  ]
}

So the issue it's reporting is that it's unable to also update the lockfile in this PR. So we could:

• merge this, rebase Lock file maintenance #162 and then merge Lock file maintenance #162
• or I can create a new PR with both of these changes

[Ocramius]

Handled in #166