[pull] latest from npm:latest #4
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
lukekarrys
force-pushed
the
latest
branch
2 times, most recently
from
e930921
to
dd63e21
Compare
fritzy
force-pushed
the
latest
branch
3 times, most recently
from
3037d35
to
f3b0c43
Compare
lukekarrys
force-pushed
the
latest
branch
2 times, most recently
from
591d1d1
to
9e74d3e
Compare
Lazy loading `workspaces` and `glob` dependencies, will avoid loading the dependency when running inside a repo that is not a workspace and also will not load `glob` when is not needed. Before:  After: 
…7360) If we didn't load `glob`, we can save up to `6ms` by lazy loading this module.
This adds some lazy loading, inlines some single use functions, and also removes the "define" function in the definitions file. That was guarding against something that isn't worth the runtime to check for.
I missed these calls when first moving to `@npmcli/redact`. This isn't a performance specific PR but I assume it will help since there are now a few places where we no longer need to require `npm-registry-fetch` at all.
…7367) <!-- What / Why --> <!-- Describe the request in detail. What it does and why it's being changed. --> Add documentation explaining that the `package.json` `"overrides"` field only takes effect at the root `package.json` of a project. Most of this text is copied from [the RFC](https://github.com/npm/rfcs/blob/main/accepted/0036-overrides.md#only-root-package-may-contain-overrides) which originally described this feature. ## References Fixes #4517.
With the performance optimizations that have been landing recently, I thought it would be helpful to create a test case where we expect a lazy require to trigger an error while npm is updating itself. We can use this test to model similar tests in the future if we want to ensure a specific lazy require is not hit during this update path.
Add closing `]` for optional owner parameter.
This removes `npmlog` and similar dependencies in favor of `lib/utils/display` doing that part.
Handle arborist error when loading and checking package in global tree.
This change updates the list of lifecycle scripts in the RunScript class to include important npm scripts that were previously missing. - add `prepare`, `prepublishOnly` scripts - add `dependencies` scripts - add `prepack` and `postpack` scripts - todo comments removed due to changes reflected <!-- What / Why --> <!-- Describe the request in detail. What it does and why it's being changed. --> ## References The documents I referenced are as follows: - https://docs.npmjs.com/cli/v10/using-npm/scripts <!-- Examples: Related to #0 Depends on #0 Blocked by #0 Fixes #0 Closes #0 -->
Sometimes computers are slow
An erroneous assumption was that if this was explicitly set, then the exit was still intentional. This is not the case. Closes: #7672 --------- Co-authored-by: Chris Sidi <hashtagchris@github.com>
`npm init` calls `libnpmexec` with path and runPath, for most cases it would not matter but when we have a package installed locally on root and we want to run `npm init that-package -w workspace` it should identify that-package is installed and use that to init new workspace package. here the `path` is where node_modules are and `runPath` is cwd to run the command. Fixes: #7700
The [Auth related configuration](https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration) docs contains a mistakenly commented configuration line. This PR makes the scope examples more clear by adding newlines and uncomment the valid configuration line.
This PR fixes an issue where the `npm publish` command would fail when run from within a workspace directory with package-spec fixes: #7726
Updating Docs for `npmrc` - Updated example config, instead of `prefix` which can not be changed for project, instead added `cache` which can be used for all three config types project, user and global `package-json` - added alias example in package-json docs, which can be used to define alias for a package closes: #6839 closes: #7188
Updated `npm init <pkg-spec>` command usage documentation for npx equivalent command format `npx create-<pkg-spec>` Fixes: #7011
…orkflows (#7764) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to . <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v4.1.7</h2> <h2>What's Changed</h2> <ul> <li>Update <code>@actions/artifact</code> dependency by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/325">actions/download-artifact#325</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7">https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7</a></p> <h2>v4.1.6</h2> <h2>What's Changed</h2> <ul> <li>updating <code>@actions/artifact</code> dependency to v2.1.6 by <a href="https://github.com/eggyhead"><code>@eggyhead</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/324">actions/download-artifact#324</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6">https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6</a></p> <h2>v4.1.5</h2> <h2>What's Changed</h2> <ul> <li>Update readme with v3/v2/v1 deprecation notice by <a href="https://github.com/robherley"><code>@robherley</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/322">actions/download-artifact#322</a></li> <li>Update dependencies <code>@actions/core</code> to v1.10.1 and <code>@actions/artifact</code> to v2.1.5</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5">https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5</a></p> <h2>v4.1.4</h2> <h2>What's Changed</h2> <ul> <li>Update <code>@actions/artifact</code> by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/307">actions/download-artifact#307</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4...v4.1.4">https://github.com/actions/download-artifact/compare/v4...v4.1.4</a></p> <h2>v4.1.3</h2> <h2>What's Changed</h2> <ul> <li>Update release-new-action-version.yml by <a href="https://github.com/konradpabjan"><code>@konradpabjan</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/292">actions/download-artifact#292</a></li> <li>Update toolkit dependency with updated unzip logic by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/299">actions/download-artifact#299</a></li> <li>Update <code>@actions/artifact</code> by <a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/303">actions/download-artifact#303</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bethanyj28"><code>@bethanyj28</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/299">actions/download-artifact#299</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4...v4.1.3">https://github.com/actions/download-artifact/compare/v4...v4.1.3</a></p> <h2>v4.1.2</h2> <ul> <li>Bump <code>@actions/artifacts</code> to latest version to include <a href="https://redirect.github.com/actions/toolkit/pull/1648">updated GHES host check</a></li> </ul> <h2>v4.1.1</h2> <ul> <li>Fix transient request timeouts <a href="https://redirect.github.com/actions/download-artifact/issues/249">actions/download-artifact#249</a></li> <li>Bump <code>@actions/artifacts</code> to latest version</li> </ul> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Some cleanup by <a href="https://github.com/robherley"><code>@robherley</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/247">actions/download-artifact#247</a></li> <li>Fix default for run-id by <a href="https://github.com/stchr"><code>@stchr</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/252">actions/download-artifact#252</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/65a9edc5881444af0b9093a5e628f2fe47ea3b2e"><code>65a9edc</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/325">#325</a> from bethanyj28/main</li> <li><a href="https://github.com/actions/download-artifact/commit/fdd1595981c1a29187d3de99c28c28a166bc38f7"><code>fdd1595</code></a> licensed</li> <li><a href="https://github.com/actions/download-artifact/commit/c13dba102f4bb92b3f679fa086db9e2973960ca7"><code>c13dba1</code></a> update <code>@actions/artifact</code> dependency</li> <li><a href="https://github.com/actions/download-artifact/commit/0daa75ebeac4617faeb127496dbd716b8bcce26e"><code>0daa75e</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/324">#324</a> from actions/eggyhead/use-artifact-v2.1.6</li> <li><a href="https://github.com/actions/download-artifact/commit/9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395"><code>9c19ed7</code></a> Merge branch 'main' into eggyhead/use-artifact-v2.1.6</li> <li><a href="https://github.com/actions/download-artifact/commit/3d3ea8741ef44e86f7392b41e391bde3c36219bd"><code>3d3ea87</code></a> updating license</li> <li><a href="https://github.com/actions/download-artifact/commit/89af5db8211998d3ca691103a86b0b9362a94286"><code>89af5db</code></a> updating artifact package v2.1.6</li> <li><a href="https://github.com/actions/download-artifact/commit/b4aefff88e83a2676a730654e1ce3dce61880379"><code>b4aefff</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/323">#323</a> from actions/eggyhead/update-artifact-v215</li> <li><a href="https://github.com/actions/download-artifact/commit/8caf195ad4b1dee92908e23f56eeb0696f1dd42d"><code>8caf195</code></a> package lock update</li> <li><a href="https://github.com/actions/download-artifact/commit/d7a2ec411d177e8ca679ac5969b70be59c322700"><code>d7a2ec4</code></a> updating package version</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/v3...v4.1.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/npm/cli/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gar <gar+gh@danger.computer>
npm has not interpreted valid package names as local directories in a long time
#7783) The package.json docs make no reference to the `exports` property, which seems like a huge omission This PR copies a little text from the node.js docs and links to them - not sure if it's a good solution, but it's a start
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )