From f76e7c21ffd87b08593d8c396a78ab9c5fa790bd Mon Sep 17 00:00:00 2001
From: Ruy Adorno <ruyadorno@hotmail.com>
Date: Tue, 23 Mar 2021 11:16:11 -0400
Subject: [PATCH] pacote@11.3.1

---
 node_modules/pacote/lib/util/tar-create-options.js |  8 +++++++-
 node_modules/pacote/package.json                   |  2 +-
 package-lock.json                                  | 14 +++++++-------
 package.json                                       |  2 +-
 tap-snapshots/test-lib-utils-tar.js-TAP.test.js    |  6 +++---
 test/lib/utils/tar.js                              |  4 ++--
 6 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/node_modules/pacote/lib/util/tar-create-options.js b/node_modules/pacote/lib/util/tar-create-options.js
index e8abbe175b262..31ab34c9d949f 100644
--- a/node_modules/pacote/lib/util/tar-create-options.js
+++ b/node_modules/pacote/lib/util/tar-create-options.js
@@ -4,7 +4,13 @@ const tarCreateOptions = manifest => ({
   cwd: manifest._resolved,
   prefix: 'package/',
   portable: true,
-  gzip: true,
+  gzip: {
+    // forcing the level to 9 seems to avoid some
+    // platform specific optimizations that cause
+    // integrity mismatch errors due to differing
+    // end results after compression
+    level: 9
+  },
 
   // ensure that package bins are always executable
   // Note that npm-packlist is already filtering out
diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json
index dca67f3e8876a..dd6bf9400c6ea 100644
--- a/node_modules/pacote/package.json
+++ b/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "11.3.0",
+  "version": "11.3.1",
   "description": "JavaScript package downloader",
   "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)",
   "bin": {
diff --git a/package-lock.json b/package-lock.json
index 6f9fa62597adb..ffa9ba5811404 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -300,7 +300,7 @@
         "npm-user-validate": "^1.0.1",
         "npmlog": "~4.1.2",
         "opener": "^1.5.2",
-        "pacote": "^11.3.0",
+        "pacote": "^11.3.1",
         "parse-conflict-json": "^1.1.1",
         "qrcode-terminal": "^0.12.0",
         "read": "~1.0.7",
@@ -6039,9 +6039,9 @@
       }
     },
     "node_modules/pacote": {
-      "version": "11.3.0",
-      "resolved": "https://registry.npmjs.org/pacote/-/pacote-11.3.0.tgz",
-      "integrity": "sha512-cygprcGpEVqvDzpuPMkGVXW/ooc2ibpoosuJ4YHcUXozDs9VJP7Vha+41pYppG2MVNis4t1BB8IygIBh7vVr2Q==",
+      "version": "11.3.1",
+      "resolved": "https://registry.npmjs.org/pacote/-/pacote-11.3.1.tgz",
+      "integrity": "sha512-TymtwoAG12cczsJIrwI/euOQKtjrQHlD0k0oyt9QSmZGpqa+KdlxKdWR/YUjYizkixaVyztxt/Wsfo8bL3A6Fg==",
       "inBundle": true,
       "dependencies": {
         "@npmcli/git": "^2.0.1",
@@ -14903,9 +14903,9 @@
       }
     },
     "pacote": {
-      "version": "11.3.0",
-      "resolved": "https://registry.npmjs.org/pacote/-/pacote-11.3.0.tgz",
-      "integrity": "sha512-cygprcGpEVqvDzpuPMkGVXW/ooc2ibpoosuJ4YHcUXozDs9VJP7Vha+41pYppG2MVNis4t1BB8IygIBh7vVr2Q==",
+      "version": "11.3.1",
+      "resolved": "https://registry.npmjs.org/pacote/-/pacote-11.3.1.tgz",
+      "integrity": "sha512-TymtwoAG12cczsJIrwI/euOQKtjrQHlD0k0oyt9QSmZGpqa+KdlxKdWR/YUjYizkixaVyztxt/Wsfo8bL3A6Fg==",
       "requires": {
         "@npmcli/git": "^2.0.1",
         "@npmcli/installed-package-contents": "^1.0.6",
diff --git a/package.json b/package.json
index 26857bad94ffa..17df166d31887 100644
--- a/package.json
+++ b/package.json
@@ -91,7 +91,7 @@
     "npm-user-validate": "^1.0.1",
     "npmlog": "~4.1.2",
     "opener": "^1.5.2",
-    "pacote": "^11.3.0",
+    "pacote": "^11.3.1",
     "parse-conflict-json": "^1.1.1",
     "qrcode-terminal": "^0.12.0",
     "read": "~1.0.7",
diff --git a/tap-snapshots/test-lib-utils-tar.js-TAP.test.js b/tap-snapshots/test-lib-utils-tar.js-TAP.test.js
index 402a0e735afc4..5c3813dd8db43 100644
--- a/tap-snapshots/test-lib-utils-tar.js-TAP.test.js
+++ b/tap-snapshots/test-lib-utils-tar.js-TAP.test.js
@@ -20,10 +20,10 @@ bundle-dep
 name:          my-cool-pkg                             
 version:       1.0.0                                   
 filename:      my-cool-pkg-1.0.0.tgz                   
-package size:  222 B                                   
+package size:  216 B                                   
 unpacked size: 101 B                                   
-shasum:        fe3a2f6064ade3bc21640874530586343f2d832f
-integrity:     sha512-ehndP8xBQL4yo[...]kWinZ4k1SCqUA==
+shasum:        a604258e06adecec0b18f48e901c5802f19f7dab
+integrity:     sha512-fnN6NmI8DerTt[...]6rH17jx7OIFig==
 bundled deps:  1                                       
 bundled files: 0                                       
 own files:     2                                       
diff --git a/test/lib/utils/tar.js b/test/lib/utils/tar.js
index b780a73e5ec1c..d9b8c5584a61b 100644
--- a/test/lib/utils/tar.js
+++ b/test/lib/utils/tar.js
@@ -101,9 +101,9 @@ test('should getContents of a tarball', async (t) => {
     id: 'my-cool-pkg@1.0.0',
     name: 'my-cool-pkg',
     version: '1.0.0',
-    size: 149,
+    size: 146,
     unpackedSize: 49,
-    shasum: 'c0bfd67a5142104e429afda09119eedd6a30d2fc',
+    shasum: 'b8379c5e69693cdda73aec3d81dae1d11c1e75bd',
     integrity: ssri.parse(integrity.sha512[0]),
     filename: 'my-cool-pkg-1.0.0.tgz',
     files: [{ path: 'package.json', size: 49, mode: 420 }],