Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: upgrade npm to 9.0.1 #45273

Closed
wants to merge 1 commit into from
Closed

deps: upgrade npm to 9.0.1 #45273

wants to merge 1 commit into from

Conversation

lukekarrys
Copy link
Member

This PR replaces #44916 to do integration testing between npm v9.0.1 and the Node.js main branch. Below are the full release notes for v9.0.0 and v9.0.1 including all prereleases.

9.0.1 (2022-10-26)

Documentation

Dependencies

9.0.0 (2022-10-19)

⚠️ BREAKING CHANGES

  • npm is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0
  • npm will no longer attempt to modify ownership of files it creates
  • the presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors
  • login, adduser, and auth-type changes
    • legacy auth types sso, saml & legacy have been consolidated into "legacy"
    • auth-type defaults to "web"
    • login and adduser are now separate commands that send different data to
      the registry.
    • auth-type config values web and legacy only try
      their respective methods, npm no longer tries them all and waits to see
      which one doesn't fail.
  • npm pack now follows a strict order of operations when applying ignore rules. If a files array is present in the package.json, then rules in .gitignore and .npmignore files from the root will be ignored.
  • links generated from git urls will now use HEAD instead of master as the default ref
  • timing and loglevel changes
    • timing has been removed as a value for --loglevel
    • --timing will show timing information regardless of
      --loglevel, except when --silent
  • --timing file changes:
    • When run with the --timing flag, npm now writes timing data to a
      file alongside the debug log data, respecting the logs-dir option and
      falling back to <CACHE>/_logs/ dir, instead of directly inside the
      cache directory.
    • The timing file data is no longer newline delimited JSON, and instead
      each run will create a uniquely named <ID>-timing.json file, with the
      <ID> portion being the same as the debug log.
    • Finally, the data inside the file now has three top level keys,
      metadata, timers, and unfinishedTimers instead of everything being
      a top level key.
  • npm now outputs some json errors on stdout. Previously npm would output all json formatted errors on stderr, making it difficult to parse as the stderr stream usually has logs already written to it. In the future, npm will differentiate between errors and crashes. Errors, such as E404 and ERESOLVE, will be handled and will continue to be output on stdout. In the case of a crash, npm will log the error as usual but will not attempt to display it as json, even in --json mode. Moving a case from the category of an error to a crash will not be considered a breaking change. For more information see npm/rfcs#482.
  • deprecate boolean install flags in favor of --install-strategy
    • deprecate --global-style, --global now sets --install-strategy=shallow
    • deprecate --legacy-bundling, now sets --install-strategy=nested
  • npm config set will no longer accept deprecated or invalid config options
  • install-links config defaults to "true"
  • node-version config has been removed
  • npm-version config has been removed
  • npm access subcommands have been renamed
  • npm birthday has been removed
  • npm set-script has been removed
  • npm bin has been removed (use npx or npm exec to execute binaries)

Features

Bug Fixes

Documentation

Dependencies

df77a1f #5707 Update Major Versions of Dependencies

Updated:

  • @npmcli/config@6.0.1
  • @npmcli/disparity-colors@3.0.0
  • @npmcli/git@4.0.1
  • @npmcli/installed-package-contents@2.0.0
  • @npmcli/map-workspaces@3.0.0
  • @npmcli/metavuln-calculator@5.0.0
  • @npmcli/move-file@3.0.0
  • @npmcli/node-gyp@3.0.0
  • @npmcli/package-json@3.0.0
  • @npmcli/promise-spawn@4.0.0
  • @npmcli/query@3.0.0
  • @npmcli/run-script@5.0.0
  • bin-links@4.0.1
  • cacache@17.0.1
  • ignore-walk@6.0.0
  • init-package-json@4.0.1
  • json-parse-even-better-errors@3.0.0
  • make-fetch-happen@11.0.1
  • normalize-package-data@5.0.0
  • npm-audit-report@4.0.0
  • npm-install-checks@6.0.0
  • npm-packlist@7.0.1
  • npm-pick-manifest@8.0.1
  • npm-profile@7.0.1
  • npm-registry-fetch@14.0.2
  • npmlog@7.0.0
  • pacote@15.0.1
  • parse-conflict-json@3.0.0
  • proc-log@3.0.0
  • read-package-json-fast@3.0.1
  • read-package-json@6.0.0
  • ssri@10.0.0
  • treeverse@3.0.0
  • validate-npm-package-name@5.0.0
  • write-file-atomic@5.0.0

Removed:

  • @npmcli/fs

@lukekarrys lukekarrys added npm Issues and PRs related to the npm client dependency or the npm registry. dont-land-on-v14.x dont-land-on-v18.x PRs that should not land on the v18.x-staging branch and should not be released in v18.x. labels Nov 1, 2022
@nodejs-github-bot nodejs-github-bot added fast-track PRs that do not need to wait for 48 hours to land. needs-ci PRs that need a full CI run. labels Nov 1, 2022
@github-actions

This comment was marked as outdated.

Sign in to view
@lukekarrys lukekarrys mentioned this pull request Nov 1, 2022
Closed
@lukekarrys lukekarrys added request-ci Add this label to start a Jenkins CI on a PR. and removed fast-track PRs that do not need to wait for 48 hours to land. labels Nov 1, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Nov 2, 2022
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/47627/

Trott
Trott approved these changes Nov 2, 2022
View reviewed changes
Copy link
Member

@Trott Trott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber stamp

@targos targos added the needs-citgm PRs that need a CITGM CI run. label Nov 2, 2022
@targos
Copy link
Member

targos commented Nov 2, 2022

CITGM: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/3040/

@lukekarrys lukekarrys force-pushed the npm-v9.0.1 branch 6 times, most recently from c779aac to 08caf1a Compare November 4, 2022 20:11
@github-actions github-actions bot mentioned this pull request Nov 5, 2022
Open
15 tasks
@npm-cli-bot npm-cli-bot mentioned this pull request Nov 5, 2022
Closed
@npm-cli-bot
Copy link
Contributor

Closing in favor of #45323

@lukekarrys lukekarrys closed this Nov 5, 2022
@lukekarrys lukekarrys deleted the npm-v9.0.1 branch November 5, 2022 00:40
@github-actions github-actions bot mentioned this pull request Nov 6, 2022
Open
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Trott Trott Trott approved these changes

Assignees
No one assigned
Labels
dont-land-on-v18.x PRs that should not land on the v18.x-staging branch and should not be released in v18.x. needs-ci PRs that need a full CI run. needs-citgm PRs that need a CITGM CI run. npm Issues and PRs related to the npm client dependency or the npm registry.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@lukekarrys @nodejs-github-bot @targos @npm-cli-bot @Trott