From 09f9060f7d5872c10bd988c4cbc1ca29f6bbde69 Mon Sep 17 00:00:00 2001 From: npm CLI robot Date: Sun, 3 Jul 2022 10:33:41 -0700 Subject: [PATCH] deps: upgrade npm to 8.13.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/43622 Reviewed-By: Darshan Sen Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Luigi Pinca Reviewed-By: Tobias Nießen Reviewed-By: Beth Griggs Reviewed-By: Ruy Adorno --- deps/npm/docs/content/commands/npm-run-script.md | 15 +++++++++++++++ deps/npm/docs/output/commands/npm-ls.html | 2 +- deps/npm/docs/output/commands/npm-run-script.html | 14 +++++++++++++- deps/npm/docs/output/commands/npm.html | 2 +- deps/npm/lib/commands/run-script.js | 1 + deps/npm/man/man1/npm-ls.1 | 2 +- deps/npm/man/man1/npm-run-script.1 | 15 +++++++++++++++ deps/npm/man/man1/npm.1 | 2 +- .../@npmcli/metavuln-calculator/lib/advisory.js | 4 ++-- .../@npmcli/metavuln-calculator/package.json | 6 +++--- .../node_modules/@npmcli/run-script/lib/escape.js | 6 ++++++ .../@npmcli/run-script/lib/make-spawn-args.js | 5 +++-- .../node_modules/@npmcli/run-script/package.json | 9 +++------ deps/npm/node_modules/npm-packlist/lib/index.js | 5 ++++- deps/npm/node_modules/npm-packlist/package.json | 2 +- deps/npm/package.json | 4 ++-- .../test/lib/load-all-commands.js.test.cjs | 2 +- deps/npm/tap-snapshots/test/lib/npm.js.test.cjs | 2 +- 18 files changed, 74 insertions(+), 24 deletions(-) diff --git a/deps/npm/docs/content/commands/npm-run-script.md b/deps/npm/docs/content/commands/npm-run-script.md index d94040f1a215d1..f606ec6bf59e5e 100644 --- a/deps/npm/docs/content/commands/npm-run-script.md +++ b/deps/npm/docs/content/commands/npm-run-script.md @@ -240,6 +240,21 @@ will *not* run any pre- or post-scripts. +#### `foreground-scripts` + +* Default: false +* Type: Boolean + +Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) +scripts for installed packages in the foreground process, sharing standard +input, output, and error with the main npm process. + +Note that this will generally make installs run slower, and be much noisier, +but can be useful for debugging. + + + + #### `script-shell` * Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 4363442ef3dab0..07deb2d490fc1f 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -166,7 +166,7 @@

Description

the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@8.13.1 /path/to/npm
+
npm@8.13.2 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 

diff --git a/deps/npm/docs/output/commands/npm-run-script.html b/deps/npm/docs/output/commands/npm-run-script.html
index d74acb05644c68..5b1150cf4b9b3f 100644
--- a/deps/npm/docs/output/commands/npm-run-script.html
+++ b/deps/npm/docs/output/commands/npm-run-script.html
@@ -142,7 +142,7 @@ 
npm-run-script

 
 

 
Table of contents

-

+

 

 
 
Synopsis

@@ -319,6 +319,18 @@ 
ignore-scripts

 will not run any pre- or post-scripts.

 
 
+
foreground-scripts

+
    
+
  • Default: false
    • 
+
  • Type: Boolean
    • 
+

+
Run all build scripts (ie, preinstall, install, and postinstall)
+scripts for installed packages in the foreground process, sharing standard
+input, output, and error with the main npm process.

+
Note that this will generally make installs run slower, and be much noisier,
+but can be useful for debugging.

+
+
 
script-shell

 
    
 
  • Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows
    • 
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index c7b7dd5dc7a046..9a0446af631e4f 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -149,7 +149,7 @@ 
    Table of contents
    
 
 
 
    Version
    
-
    8.13.1
    
+
    8.13.2
    
 
    Description
    
 
    npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
diff --git a/deps/npm/lib/commands/run-script.js b/deps/npm/lib/commands/run-script.js
index a1591c7900b446..8507dbe79a90e8 100644
--- a/deps/npm/lib/commands/run-script.js
+++ b/deps/npm/lib/commands/run-script.js
@@ -35,6 +35,7 @@ class RunScript extends BaseCommand {
     'include-workspace-root',
     'if-present',
     'ignore-scripts',
+    'foreground-scripts',
     'script-shell',
   ]
 
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index a24c524909f9ff..5a78c46a6e6da4 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@8\.13\.1 /path/to/npm
+npm@8\.13\.2 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi
diff --git a/deps/npm/man/man1/npm-run-script.1 b/deps/npm/man/man1/npm-run-script.1
index c9dc22f4eb6bd4..c9c2925ff121ed 100644
--- a/deps/npm/man/man1/npm-run-script.1
+++ b/deps/npm/man/man1/npm-run-script.1
@@ -246,6 +246,21 @@ Note that commands explicitly intended to run a particular script, such as
 \fBnpm start\fP, \fBnpm stop\fP, \fBnpm restart\fP, \fBnpm test\fP, and \fBnpm run\-script\fP
 will still run their intended script if \fBignore\-scripts\fP is set, but they
 will \fInot\fR run any pre\- or post\-scripts\.
+.SS \fBforeground\-scripts\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Run all build scripts (ie, \fBpreinstall\fP, \fBinstall\fP, and \fBpostinstall\fP)
+scripts for installed packages in the foreground process, sharing standard
+input, output, and error with the main npm process\.
+.P
+Note that this will generally make installs run slower, and be much noisier,
+but can be useful for debugging\.
 .SS \fBscript\-shell\fP
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index a26c713a11000f..1e2c15ebae15a8 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -4,7 +4,7 @@
 .SS Synopsis
 .SS Version
 .P
-8\.13\.1
+8\.13\.2
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js b/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js
index d30838e7384f62..1f479a90dd999f 100644
--- a/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js
+++ b/deps/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js
@@ -166,8 +166,8 @@ class Advisory {
     // we can try to be a *little* smarter up front by doing x-y for all
     // contiguous version sets in the list
     const ranges = []
-    this.versions = semver.sort(this.versions)
-    this.vulnerableVersions = semver.sort(this.vulnerableVersions)
+    this.versions = semver.sort(this.versions, semverOpt)
+    this.vulnerableVersions = semver.sort(this.vulnerableVersions, semverOpt)
     for (let v = 0, vulnVer = 0; v < this.versions.length; v++) {
       // figure out the vulnerable subrange
       const vr = [this.versions[v]]
diff --git a/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json b/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json
index 2c04e0fd420bfd..2e7209ffc7da0e 100644
--- a/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json
+++ b/deps/npm/node_modules/@npmcli/metavuln-calculator/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/metavuln-calculator",
-  "version": "3.1.0",
+  "version": "3.1.1",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -33,7 +33,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.2.0",
+    "@npmcli/template-oss": "3.5.0",
     "require-inject": "^1.4.4",
     "tap": "^16.0.1"
   },
@@ -48,6 +48,6 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "3.2.0"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/escape.js b/deps/npm/node_modules/@npmcli/run-script/lib/escape.js
index 5254be24bf7ab8..3c574371bcf94e 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/escape.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/escape.js
@@ -65,7 +65,13 @@ const sh = (input) => {
   return result
 }
 
+// disabling the no-control-regex rule for this line as we very specifically _do_ want to
+// replace those characters if they somehow exist at this point, which is highly unlikely
+// eslint-disable-next-line no-control-regex
+const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x31]/g, '')
+
 module.exports = {
   cmd,
   sh,
+  filename,
 }
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
index 660588e3ee9aa6..47f73463011be0 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
@@ -30,6 +30,7 @@ const makeSpawnArgs = options => {
     npm_config_node_gyp,
   })
 
+  const fileName = escape.filename(`${event}-${Date.now()}`)
   let scriptFile
   let script = ''
 
@@ -61,7 +62,7 @@ const makeSpawnArgs = options => {
 
     const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat')
 
-    scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.cmd`)
+    scriptFile = resolve(tmpdir(), `${fileName}.cmd`)
     script += '@echo off\n'
     script += cmd
     if (args.length) {
@@ -71,7 +72,7 @@ const makeSpawnArgs = options => {
     const shebang = isAbsolute(scriptShell)
       ? `#!${scriptShell}`
       : `#!/usr/bin/env ${scriptShell}`
-    scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.sh`)
+    scriptFile = resolve(tmpdir(), `${fileName}.sh`)
     script += `${shebang}\n`
     script += cmd
     if (args.length) {
diff --git a/deps/npm/node_modules/@npmcli/run-script/package.json b/deps/npm/node_modules/@npmcli/run-script/package.json
index ef8b43f772de1b..1ce162dd8d19a5 100644
--- a/deps/npm/node_modules/@npmcli/run-script/package.json
+++ b/deps/npm/node_modules/@npmcli/run-script/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/run-script",
-  "version": "4.1.3",
+  "version": "4.1.5",
   "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)",
   "author": "GitHub Inc.",
   "license": "ISC",
@@ -17,10 +17,6 @@
     "posttest": "npm run lint",
     "template-oss-apply": "template-oss-apply --force"
   },
-  "tap": {
-    "check-coverage": true,
-    "coverage-map": "map.js"
-  },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
     "@npmcli/template-oss": "3.5.0",
@@ -32,7 +28,8 @@
     "@npmcli/node-gyp": "^2.0.0",
     "@npmcli/promise-spawn": "^3.0.0",
     "node-gyp": "^9.0.0",
-    "read-package-json-fast": "^2.0.3"
+    "read-package-json-fast": "^2.0.3",
+    "which": "^2.0.2"
   },
   "files": [
     "bin/",
diff --git a/deps/npm/node_modules/npm-packlist/lib/index.js b/deps/npm/node_modules/npm-packlist/lib/index.js
index e4a2e76c545f60..bd72329f027e61 100644
--- a/deps/npm/node_modules/npm-packlist/lib/index.js
+++ b/deps/npm/node_modules/npm-packlist/lib/index.js
@@ -34,10 +34,13 @@ const glob = require('glob')
 const globify = pattern => pattern.split('\\').join('/')
 
 const readOutOfTreeIgnoreFiles = (root, rel, result = '') => {
-  for (const file of ['.gitignore', '.npmignore']) {
+  for (const file of ['.npmignore', '.gitignore']) {
     try {
       const ignoreContent = fs.readFileSync(path.join(root, file), { encoding: 'utf8' })
       result += ignoreContent + '\n'
+      // break the loop immediately after concatting, this allows us to prioritize the
+      // .npmignore and discard the .gitignore if one exists
+      break
     } catch (err) {
       // we ignore ENOENT errors completely because we don't care if the file doesn't exist
       // but we throw everything else because failing to read a file that does exist is
diff --git a/deps/npm/node_modules/npm-packlist/package.json b/deps/npm/node_modules/npm-packlist/package.json
index dfa0188b4c437b..4c63caf21e8107 100644
--- a/deps/npm/node_modules/npm-packlist/package.json
+++ b/deps/npm/node_modules/npm-packlist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "npm-packlist",
-  "version": "5.1.0",
+  "version": "5.1.1",
   "description": "Get a list of the files to add from a folder into an npm package",
   "directories": {
     "test": "test"
diff --git a/deps/npm/package.json b/deps/npm/package.json
index a9d84ab62ce15a..95afa528fa144f 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "8.13.1",
+  "version": "8.13.2",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "workspaces": [
@@ -62,7 +62,7 @@
     "@npmcli/fs": "^2.1.0",
     "@npmcli/map-workspaces": "^2.0.3",
     "@npmcli/package-json": "^2.0.0",
-    "@npmcli/run-script": "^4.1.3",
+    "@npmcli/run-script": "^4.1.5",
     "abbrev": "~1.1.1",
     "archy": "~1.0.0",
     "cacache": "^16.1.1",
diff --git a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
index 13a3b06fe33d65..57dd6126660cdc 100644
--- a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
@@ -746,7 +746,7 @@ npm run-script  [-- ]
 Options:
 [-w|--workspace  [-w|--workspace  ...]]
 [-ws|--workspaces] [--include-workspace-root] [--if-present] [--ignore-scripts]
-[--script-shell ]
+[--foreground-scripts] [--script-shell ]
 
 aliases: run, rum, urn
 
diff --git a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
index c59252f9e81a9e..5ae34e868771d6 100644
--- a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
@@ -790,7 +790,7 @@ All commands:
                     Options:
                     [-w|--workspace  [-w|--workspace  ...]]
                     [-ws|--workspaces] [--include-workspace-root] [--if-present] [--ignore-scripts]
-                    [--script-shell ]
+                    [--foreground-scripts] [--script-shell ]
 
                     aliases: run, rum, urn