Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: update npm in LTS to 2.15.11 #8928

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
47 changes: 1 addition & 46 deletions LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -897,51 +897,6 @@ The externally maintained libraries used by Node.js are:
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--------

The following additional terms shall apply to use of the npm software, the npm
website, the npm repository and any other services or products offered by npm,
Inc.:

"Node.js" trademark Joyent, Inc. npm is not officially part of the Node.js
project, and is neither owned by nor affiliated with Joyent, Inc.

"npm" and "The npm Registry" are owned by npm, Inc. All rights reserved.

Modules published on the npm registry are not officially endorsed by npm, Inc.
or the Node.js project.

Data published to the npm registry is not part of npm itself, and is the sole
property of the publisher. While every effort is made to ensure accountability,
there is absolutely no guarantee, warrantee, or assertion expressed or implied
as to the quality, fitness for a specific purpose, or lack of malice in any
given npm package. Packages downloaded through the npm registry are
independently licensed and are not covered by this license.

Additional policies relating to, and restrictions on use of, npm products and
services are available on the npm website. All such policies and restrictions,
as updated from time to time, are hereby incorporated into this license
agreement. By using npm, you acknowledge your agreement to all such policies
and restrictions.

If you have a complaint about a package in the public npm registry, and cannot
resolve it with the package owner, please email [email protected] and explain
the situation. See the [npm Dispute Resolution
policy](https://github.com/npm/policies/blob/master/disputes.md) for more
details.

Any data published to The npm Registry (including user account information) may
be removed or modified at the sole discretion of the npm server administrators.

"npm Logo" contributed by Mathias Pettersson and Brian Hammond,
use is subject to https://www.npmjs.com/policies/trademark

"Gubblebum Blocky" font
Copyright (c) by Tjarda Koster, https://jelloween.deviantart.com
included for use in the npm website and documentation,
used with permission.

This program uses several Node modules contained in the node_modules/
subdirectory, according to the terms of their respective licenses.
"""

- GYP, located at tools/gyp, is licensed as follows:
Expand Down Expand Up @@ -977,7 +932,7 @@ The externally maintained libraries used by Node.js are:

- marked, located at tools/doc/node_modules/marked, is licensed as follows:
"""
Copyright (c) 2011-2012, Christopher Jeffrey (https://github.com/chjj/)
Copyright (c) 2011-2014, Christopher Jeffrey (https://github.com/chjj/)

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
8 changes: 8 additions & 0 deletions deps/npm/AUTHORS
Original file line number Diff line number Diff line change
Expand Up @@ -370,3 +370,11 @@ Gianluca Casati <[email protected]>
Tapani Moilanen <[email protected]>
Simon MacDonald <[email protected]>
Adam Stankiewicz <[email protected]>
Julian Duque <[email protected]>
Michael Hart <[email protected]>
Daniel Paz-Soldan <[email protected]>
legodude17 <[email protected]>
Andrew Meyer <[email protected]>
Michael Jasper <[email protected]>
Max <[email protected]>
Jason Karns <[email protected]>
197 changes: 197 additions & 0 deletions deps/npm/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,200 @@
### v2.15.11 (2016-09-08):

On we go with our monthly release cadence! This week is pretty much all
dependency updates and some documentation changes, as can be expected by now.

Note that `npm@4` will almost certainly be released next month! It's not final
what we'll end up doing as far as LTS support goes, but the current thinking is
that, considering how small and resource-constrained our team is, support for
`npm@2` will be reduced to essentially maintenance, so we can better focus on
`npm@3` as the new LTS version (which will go into `node@6`), and `npm@4` as our
next main development version.

#### DOCUMENTATION UPDATES

* [`8f71038`](https://github.com/npm/npm/commit/8f71038310501ad5bc7445b2fa2ff0eaa377919a)
[#13892](https://github.com/npm/npm/pull/13892)
Update `LICENSE` file to match license on `master`.
([@rvagg](https://github.com/rvagg))
* [`e81b4f1`](https://github.com/npm/npm/commit/e81b4f1d18a4d79b7af8342747f2ed7dc3e84f0a)
[#12438](https://github.com/npm/npm/issues/12438)
Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files
executable directly.
([@mxstbr](https://github.com/mxstbr))
* [`f89789f`](https://github.com/npm/npm/commit/f89789f43d65bfc74f64f15a99356841377e1af3)
[#13655](https://github.com/npm/npm/pull/13655)
Document line comment syntax for `.npmrc`.
([@mdjasper](https://github.com/mdjasper))
* [`5cd3abc`](https://github.com/npm/npm/commit/5cd3abc3511515e09b4a1b781c0520e84c267c5b)
[#13493](https://github.com/npm/npm/pull/13493)
Document that the user config file can itself be configured either through the
`$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line
flag.
([@jasonkarns](https://github.com/jasonkarns))
* [`dd71ca0`](https://github.com/npm/npm/commit/dd71ca0efc2094b824ccc9e23af0fc915499f2e6)
[#13911](https://github.com/npm/npm/pull/13911)
Minor documentation reword and cleanup.
([@othiym23](https://github.com/othiym23))
* [`f7a320c`](https://github.com/npm/npm/commit/f7a320c816947d578a050c97e0fb9878954be0e8)
[#13682](https://github.com/npm/npm/pull/13682)
Minor grammar fix in documentation for `npm scripts`.
([@Ajedi32](https://github.com/Ajedi32))
* [`e5cb5e8`](https://github.com/npm/npm/commit/e5cb5e8fcf4642836fedf3f3421c994a8e27e19b)
[#13717](https://github.com/npm/npm/pull/13717)
Document that `npm link` will link the files specified in the `bin` field of
`package.json` to `{prefix}/bin/{name}`.
([@legodude17](https://github.com/legodude17))

#### DEPENDENCY UPDATES
* [`8bef026`](https://github.com/npm/npm/commit/8bef026603b6da888edf0d41308d9e532abfcd54)
`[email protected]`
([@francescoinfante](https://github.com/francescoinfante))
* [`9f73f4a`](https://github.com/npm/npm/commit/9f73f4aab5f56b256c5cf9e461e81abfa2844945)
`[email protected]`
([@isaacs](https://github.com/isaacs))
* [`5391b7e`](https://github.com/npm/npm/commit/5391b7e8cd4401fbadbf54e810fdc965a3662a21)
`[email protected]`
([@isaacs](https://github.com/isaacs))
* [`43bfec8`](https://github.com/npm/npm/commit/43bfec8376dd8ded7d56a8dabd6139919544760e)
`[email protected]`
([@tim-kos](https://github.com/tim-kos))
* [`39305f1`](https://github.com/npm/npm/commit/39305f1c76f74bf9789c769ef72a94ea9a81d119)
`[email protected]`
([@calvinmetcalf](https://github.com/calvinmetcalf))
* [`a5512fa`](https://github.com/npm/npm/commit/a5512fafd72e23755e77e28f1122b008bc12a733)
`[email protected]`
([@zkochan](https://github.com/zkochan))
* [`06a208b`](https://github.com/npm/npm/commit/06a208b178c1de3d0da58bc35a854d200fea8ef0)
`[email protected]`:
* [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax))
* [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel))
* Fixes [#13656](https://github.com/npm/npm/issues/13656).
* Dependency updates.
* Documentation improvements.
([@othiym23](https://github.com/othiym23))
* [`4f759be`](https://github.com/npm/npm/commit/4f759be1fb5e23180b970350e58f40a513daa680)
`[email protected]`
([@isaacs](https://github.com/isaacs))
* [`4258b76`](https://github.com/npm/npm/commit/4258b764e2565f6294ae1e34a5653895290b62e3)
`[email protected]`
([@isaacs](https://github.com/isaacs))

### v2.15.10 (2016-08-11):

Hi all, today's our first release coming out of the new monthly release
cadence. See below for details. We're all recovered from conferences now and
raring to go! For LTS we see some bug fixes, documentation improvements and
a host of dependency updates.

The most dramatic bug fix is probably the inclusion of scoped modules in
bundled dependencies. Prior to this release and
[v3.10.7](https://github.com/npm/npm/releases/v3.10.7), npm had ignored
scoped modules found in `bundleDependencies` entirely.

#### NEW RELEASE CADENCE

Releasing npm has been, for the most part, a very prominent part of our
weekly process process. As part of our efforts to find the most effective
ways to allocate our team's resources, we decided last month that we would
try and slow our releases down to a monthly cadence, and see if we found
ourselves with as much extra time and attention as we expected to have.
Process experiments are useful for finding more effective ways to do our
work, and we're at least going to keep doing this for a whole quarter, and
then measure how well it worked out. It's entirely likely that we'll switch
back to a more frequent cadence, specially if we find that the value that
weekly cadence was providing the community is not worth sacrificing for a
bit of extra time. Does this affect you significantly? Let us know!

#### WINDOWS CORNER CASES

* [`405c404`](https://github.com/npm/npm/commit/405c4048c69c14d66e6179aba0c8a35e504e8041)
[#13023](https://github.com/npm/npm/pull/13023)
Fixed a Windows issue with the cache where callbacks could be called more than once.
([@zkat](https://github.com/zkat))

* [`bf348dc`](https://github.com/npm/npm/commit/bf348dcfb944dc4b9f71b779bf172f86a2e1f474)
[#13023](https://github.com/npm/npm/pull/13023)
Fixed a Windows corner case with correct-mkdir where if SUDO_UID or
SUDO_GID were set then we would try to chown things even though that can't
work on Windows.
([@zkat](https://github.com/zkat))

#### RACES IN THE CACHE

* [`68f29f1`](https://github.com/npm/npm/commit/68f29f18f65c7a7e1c58eb6933af41d786971379)
[#12669](https://github.com/npm/npm/issues/12669)
Ignore ENOENT errors on chownr while adding packages to cache. This change
works around problems with race conditions and local packages.
([@julianduque](https://github.com/julianduque))

#### BETTER GIT ENVIRONMENT WHITELISTING

* [`5e96566`](https://github.com/npm/npm/commit/5e96566088f0d88c1ed10c5a9cbb7c0cd4aa2aee)
[#13358](https://github.com/npm/npm/pull/13358)
Add GIT_EXEC_PATH to Git environment whitelist.
([@mhart](https://github.com/mhart))

#### DOCUMENTATION

* [`363e381`](https://github.com/npm/npm/commit/363e381a4076ead89707a00cc4a447b1d59df3bc)
[#13319](https://github.com/npm/npm/pull/13319)
As Node.js 0.8 is no longer supported, remove mention of it from the README.
([@watilde](https://github.com/watilde))
* [`e8fafa8`](https://github.com/npm/npm/commit/e8fafa887c60eb8842c76c4b3dffe85eb49fa434)
[#10167](https://github.com/npm/npm/pull/10167)
Clarify in scope documentation that npm@2 is required for scoped packages.
([@danpaz](https://github.com/danpaz))

#### DEPENDENCIES

* [`66ef279`](https://github.com/npm/npm/commit/66ef279b7c3b3e4f9454474dddd057cc1f21873b)
[npm/fstream-npm#22](https://github.com/npm/fstream-npm/pull/22)
`[email protected]`:
Always include NOTICE files now. Fix inclusion of scoped modules as bundled dependencies.
([@kemitchell](https://github.com/kemitchell))
([@forivall](https://github.com/forivall))
* [`fe8385b`](https://github.com/npm/npm/commit/fe8385bd655502feb175eed175a6a06cafb2247a)
`[email protected]`:
Update minimatch dep for security fix. See the minimatch update below for details.
([@isaacs](https://github.com/isaacs))
* [`51d49d2`](https://github.com/npm/npm/commit/51d49d2f79b4c69264de73a492ed54f87188d554)
[isaacs/node-graceful-fs#71](https://github.com/isaacs/node-graceful-fs/pull/71)
`[email protected]`:
`graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which
fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed
by recent changes to Node.js.
([@thefourtheye](https://github.com/thefourtheye))
* [`5c8f39d`](https://github.com/npm/npm/commit/5c8f39d152c43e96b9006ffe865646a36a433a8a)
`[email protected]`:
Handle extremely long and terrible patterns more gracefully.
There were some magic numbers that assumed that every extglob pattern starts
and ends with a specific number of characters in the regular expression.
Since !(||) patterns are a little bit more complicated, this led to creating
an invalid regular expression and throwing.
([@isaacs](https://github.com/isaacs))
* [`d681e16`](https://github.com/npm/npm/commit/d681e16a475a49d6196af9a5cedaaf88712f3a9f)
[npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9)
`[email protected]`:
Use correct, lower username length limit.
([@aredridel](https://github.com/aredridel))
* [`f918994`](https://github.com/npm/npm/commit/f918994bd05ca965766cd573606ac35fb3032d6e)
`[email protected]`:
Update `request` dependency `tough-cookie` to `2.3.0` to
to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130).
Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that,
under certain conditions involving long strings of semicolons in the
"Set-Cookie" header, causes the event loop to block for excessive amounts of
time.
([@stash-sfdc](https://github.com/stash-sfdc))
* [`5540cc4`](https://github.com/npm/npm/commit/5540cc4d6bde65071fb6fc2cb074e8598bd1276f)
[isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111)
`[email protected]`: Clarify assertions: cb is required, options are not.
([@isaacs](https://github.com/isaacs))
* [`6357928`](https://github.com/npm/npm/commit/6357928673be85f520dae2104fea58c35742bd65)
`[email protected]`:
New licenses synced from spdx.org.
([@shinnn](https://github.com/shinnn))

### v2.15.9 (2016-06-30):

What's this? An LTS release? Yes, that is indeed so. Small, as usual, and as
Expand Down
46 changes: 0 additions & 46 deletions deps/npm/LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -233,49 +233,3 @@ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


--------


The following additional terms shall apply to use of the npm software, the npm
website, the npm repository and any other services or products offered by npm,
Inc.:

"Node.js" trademark Joyent, Inc. npm is not officially part of the Node.js
project, and is neither owned by nor affiliated with Joyent, Inc.

"npm" and "The npm Registry" are owned by npm, Inc. All rights reserved.

Modules published on the npm registry are not officially endorsed by npm, Inc.
or the Node.js project.

Data published to the npm registry is not part of npm itself, and is the sole
property of the publisher. While every effort is made to ensure accountability,
there is absolutely no guarantee, warrantee, or assertion expressed or implied
as to the quality, fitness for a specific purpose, or lack of malice in any
given npm package. Packages downloaded through the npm registry are
independently licensed and are not covered by this license.

Additional policies relating to, and restrictions on use of, npm products and
services are available on the npm website. All such policies and restrictions,
as updated from time to time, are hereby incorporated into this license
agreement. By using npm, you acknowledge your agreement to all such policies
and restrictions.

If you have a complaint about a package in the public npm registry, and cannot
resolve it with the package owner, please email [email protected] and explain
the situation. See the [npm Dispute Resolution
policy](https://github.com/npm/policies/blob/master/disputes.md) for more
details.

Any data published to The npm Registry (including user account information) may
be removed or modified at the sole discretion of the npm server administrators.

"npm Logo" contributed by Mathias Pettersson and Brian Hammond,
use is subject to https://www.npmjs.com/policies/trademark

"Gubblebum Blocky" font
Copyright (c) by Tjarda Koster, https://jelloween.deviantart.com
included for use in the npm website and documentation,
used with permission.

This program uses several Node modules contained in the node_modules/
subdirectory, according to the terms of their respective licenses.
2 changes: 1 addition & 1 deletion deps/npm/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Much more info available via `npm help` once it's installed.

## IMPORTANT

**You need node v0.8 or higher to run this program.**
**You need node v0.10 or higher to run this program.**

To install an old **and unsupported** version of npm that works on node 0.3
and prior, clone the git repo and dig through the old tags and branches.
Expand Down
1 change: 1 addition & 0 deletions deps/npm/doc/cli/npm-install.md
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,7 @@ after packing it up into a tarball (b).
to the environment when running git:

* `GIT_ASKPASS`
* `GIT_EXEC_PATH`
* `GIT_PROXY_COMMAND`
* `GIT_SSH`
* `GIT_SSH_COMMAND`
Expand Down
3 changes: 2 additions & 1 deletion deps/npm/doc/cli/npm-link.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ Package linking is a two-step process.

First, `npm link` in a package folder will create a symlink in the global folder
`{prefix}/lib/node_modules/<package>` that links to the package where the `npm
link` command was executed. (see `npm-config(7)` for the value of `prefix`).
link` command was executed. (see `npm-config(7)` for the value of `prefix`). It
will also link any bins in the package to `{prefix}/bin/{name}`.

Next, in some other location, `npm link package-name` will create a
symbolic link from globally-installed `package-name` to `node_modules/`
Expand Down
10 changes: 10 additions & 0 deletions deps/npm/doc/files/npmrc.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ sensitive credentials, they must be readable and writable _only_ by your user
account (i.e. must have a mode of `0600`), otherwise they _will be ignored by
npm!_

#### Comments

Lines in `.npmrc` files are interpreted as comments when they begin with a `;` or `#` character. `.npmrc` files are parsed by [npm/ini](https://github.com/npm/ini), which specifies this comment syntax.

For example:

# last modified: 01 Jan 2016
; Set a new registry for a scoped package
@myscope:registry=https://mycustomregistry.example.org

### Per-project config file

When working locally in a project, a `.npmrc` file in the root of the
Expand Down
4 changes: 4 additions & 0 deletions deps/npm/doc/files/package.json.md
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,10 @@ would be the same as this:
, "version": "1.2.5"
, "bin" : { "my-program" : "./path/to/program" } }

Please make sure that your file(s) referenced in `bin` starts with
`#!/usr/bin/env node`, otherwise the scripts are started without the node
executable!

## man

Specify either a single file or an array of filenames to put in place for the
Expand Down
10 changes: 6 additions & 4 deletions deps/npm/doc/misc/npm-config.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,12 @@ same.

The four relevant files are:

* per-project config file (/path/to/my/project/.npmrc)
* per-user config file (~/.npmrc)
* global config file ($PREFIX/npmrc)
* npm builtin config file (/path/to/npm/npmrc)
* per-project configuration file (`/path/to/my/project/.npmrc`)
* per-user configuration file (defaults to `$HOME/.npmrc`; configurable via CLI
option `--userconfig` or environment variable `$NPM_CONF_USERCONFIG`)
* global configuration file (defaults to `$PREFIX/etc/npmrc`; configurable via
CLI option `--globalconfig` or environment variable `$NPM_CONF_GLOBALCONFIG`)
* npm's built-in configuration file (`/path/to/npm/npmrc`)

See npmrc(5) for more details.

Expand Down
Loading