New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency pacote to v20 #103

Open

renovate wants to merge 1 commit into main from renovate/pacote-20.x

renovate bot commented Oct 17, 2024

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pacote	`^12.0.0` -> `^20.0.0`

Release Notes

npm/pacote (pacote)

`v20.0.0`

⚠️ BREAKING CHANGES

honors ignoreScripts property within options

Bug Fixes

f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@reggi)

`v19.0.1`

Bug Fixes

cbf94e8 #389 prepare script respects scriptshell config (#389) (@milaninfy)
2b2948f #403 log tarball retrieval from cache (#403) (@mbtools, @wraithgar)

Dependencies

a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@bdehamer)

`v19.0.0`

⚠️ BREAKING CHANGES

pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

03b31ca #392 align to npm 10 node engine range (@reggi)

Dependencies

f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@dependabot[bot])
932b9ab #396 bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@dependabot[bot])
a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@dependabot[bot])
c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@dependabot[bot])
6d59022 #399 bump @npmcli/git from 5.0.8 to 6.0.0 (#399)
21ea2d4 #400 bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400)
eddbc01 #392 [email protected]
6c672e9 #392 [email protected]
03ba2a2 #392 [email protected]
2710286 #392 [email protected]
aa0bd4a #392 @npmcli/[email protected]
df23343 #392 @npmcli/[email protected]

Chores

e4ed5cd #392 bump hosted-git-info ^7.0.0 to ^8.0.0 (@reggi)
2871f56 #392 run template-oss-apply (@reggi)
39643f1 #382 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])
7e33c82 #383 postinstall for dependabot template-oss PR (@hashtagchris)
e4e07bf #383 bump @npmcli/template-oss from 4.23.1 to 4.23.3 (@dependabot[bot])

`v18.0.6`

Bug Fixes

79441a5 #371 clean up requires (#371) (@wraithgar)
b19aacb #369 isolate full and corgi packuments in packumentCache (#369) (@wraithgar)

`v18.0.5`

Bug Fixes

5e75582 #368 dont set _contentLength if not in headers (#368) (@lukekarrys)
1b6950b #365 move bin to its own directory (@lukekarrys)
1b6950b #365 refactor: symbol cleanup (#365) (@lukekarrys)

`v18.0.4`

Bug Fixes

5fd2c80 #363 linting: no-unused-vars (@lukekarrys)

Chores

d867639 #363 bump @npmcli/template-oss to 4.22.0 (@lukekarrys)
a235f37 #363 postinstall for dependabot template-oss PR (@lukekarrys)

`v18.0.3`

Dependencies

5ecce7a #360 [email protected] (#360)

`v18.0.2`

Bug Fixes

116b277 #358 don't strip underscore attributes in .manifest() (#358) (@wraithgar)

`v18.0.1`

Bug Fixes

b547e0d #356 use @npmcli/package-json (#356) (@lukekarrys)

`v18.0.0`

⚠️ BREAKING CHANGES

The silent option was used to control whether @npmcli/run-script would write a banner via console.log. Now ouput will be emitted via an process.emit('output').

Features

0c04569 #352 remove silent option (@lukekarrys)

Dependencies

cb3abc2 #352 bump @npmcli/run-script from 7.0.4 to 8.0.0 (@dependabot[bot])

Chores

7089bb1 #355 postinstall for dependabot template-oss PR (@lukekarrys)
4952672 #355 bump @npmcli/template-oss from 4.21.3 to 4.21.4 (@dependabot[bot])

`v17.0.7`

Dependencies

e07c3e5 #350 [email protected] (#350)

`v17.0.6`

Dependencies

0a5920f #343 bump sigstore from 2.0.0 to 2.2.0 (#343) (@bdehamer)

Chores

6fd23ad #342 postinstall for dependabot template-oss PR (@lukekarrys)
c3b398a #342 bump @npmcli/template-oss from 4.21.1 to 4.21.3 (@dependabot[bot])
4557919 #337 postinstall for dependabot template-oss PR (@lukekarrys)
c7e293c #337 bump @npmcli/template-oss from 4.19.0 to 4.21.1 (@dependabot[bot])

`v17.0.5`

Bug Fixes

0c96b9e #338 bug to support rotated keys in signature/attestation audit (#338) (@feelepxyz)

`v17.0.4`

Dependencies

ba8f790 #309 bump @npmcli/promise-spawn from 6.0.2 to 7.0.0
2c0d3ae #308 bump @npmcli/run-script from 6.0.2 to 7.0.0

`v17.0.3`

Dependencies

ace7c28 #305 bump npm-packlist from 7.0.4 to 8.0.0

`v17.0.2`

Dependencies

c3b892d #303 bump sigstore from 1.3.0 to 2.0.0

`v17.0.1`

Dependencies

6ddae13 #302 bump npm-registry-fetch from 15.0.0 to 16.0.0
42bf787 #300 bump npm-pick-manifest from 8.0.2 to 9.0.0

`v17.0.0`

⚠️ BREAKING CHANGES

support for node <=16.13 has been removed

Bug Fixes

2db2fb5 #296 drop node 16.13.x support (@lukekarrys)

Dependencies

e9e964b #299 bump read-package-json from 6.0.4 to 7.0.0
5d26500 #298 bump npm-package-arg from 10.1.0 to 11.0.0
d13bb9c #294 bump @npmcli/git from 4.1.0 to 5.0.0
7a25e39 #293 bump cacache from 17.1.4 to 18.0.0

`v16.0.0`

⚠️ BREAKING CHANGES

the underlying fetch module now uses @npmcli/agent. Backwards compatibility should be fully implemented but due to the scope of this change it was made a breaking change out of an abundance of caution.
support for node 14 has been removed

Bug Fixes

73b6297 #290 drop node14 support (#290) (@wraithgar)

Dependencies

8dc6a32 bump minipass from 5.0.0 to 7.0.2
7cebf19 bump npm-registry-fetch from 14.0.5 to 15.0.0

`v15.2.0`

Features

3307ad9 #278 configurable TUF cache dir (#278) (@bdehamer)

`v15.1.3`

Dependencies

c99db13 #271 bump minipass from 4.2.7 to 5.0.0 (#271)

`v15.1.2`

Documentation

43363dd #266 update dist details (#266) (@wraithgar)

Dependencies

d5cb3df #276 [email protected] (#276)
c231986 #267 sigstore@^1.1.0

`v15.1.1`

Bug Fixes

8f4e39c #261 always ignore ownership from tar headers (#261) (@nlf)

`v15.1.0`

Features

2916b72 #259 verifyAttestations to registry.manifest (@feelepxyz, @bdehamer)

Dependencies

f0bd19b add sigstore 1.0.0

`v15.0.8`

Dependencies

40aa6fe #253 bump fs-minipass from 2.1.0 to 3.0.0

`v15.0.7`

Dependencies

a734d61 #250 bump minipass from 3.3.6 to 4.0.0

`v15.0.6`

Dependencies

dbbda43 #246 @npmcli/[email protected]

`v15.0.5`

Dependencies

63797a8 #244 bump @npmcli/promise-spawn from 5.0.0 to 6.0.1 (#244)

`v15.0.4`

Dependencies

854fad1 #239 bump @npmcli/promise-spawn from 4.0.0 to 5.0.0 (#239)

`v15.0.3`

Dependencies

2a95ddb #235 bump @npmcli/installed-package-contents (#235)

`v15.0.2`

Bug Fixes

95f9cd5 handle new npm-package-arg semantics (@wraithgar)

Dependencies

2ed4d22 [email protected]

`v15.0.1`

Dependencies

74821c2 #229 bump @npmcli/run-script from 4.2.1 to 5.0.0 (#229)
a9844d0 #226 bump @npmcli/promise-spawn from 3.0.0 to 4.0.0 (#226)
1058177 #227 bump read-package-json from 5.0.2 to 6.0.0
0f5ef8a #228 bump @npmcli/installed-package-contents from 1.0.7 to 2.0.0
7e3b4b5 #220 bump ssri from 9.0.1 to 10.0.0
4e7536d #222 bump @npmcli/git from 3.0.2 to 4.0.0
3bc7550 #223 bump npm-pick-manifest from 7.0.2 to 8.0.0
41fab27 #224 bump proc-log from 2.0.1 to 3.0.0
4abf24a #218 bump npm-registry-fetch from 13.3.1 to 14.0.0 (#218)

`v15.0.0`

⚠️ BREAKING CHANGES

this package no longer attempts to change file ownership automatically

Features

43ae022 #216 do not alter file ownership (#216) (@nlf)

Dependencies

2ac3980 #213 bump read-package-json-fast from 2.0.3 to 3.0.0

`v14.0.0`

Features

ee16f1f #207 set as release (@fritzy)

`v13.6.2`

Bug Fixes

linting (#187) (cf1c5ed)

`v13.6.1`

Dependencies

bump @npmcli/run-script from 3.0.3 to 4.1.0 (#185) (d0459ec)

`v13.6.0`

Features

allow reuse of external integrity stream (fdb9e5a)
replaceRegistryHost can now be a hostname (#177) (a9a4cdd)

Bug Fixes

error when passing signature without keys (#176) (d69e524)

Documentation

add some fields to the README (#180) (f356cb2)

`v13.5.0`

Features

bump npm-packlist for workspace awareness (#178) (316059b)

13.4.1 (2022-05-19)

Bug Fixes

pass prefix and workspaces to npm-packlist (#173) (6de3a2b)

`v13.4.1`

`v13.4.0`

Features

add verifySignatures to registry.manifest (#170) (4401c58)

`v13.3.0`

Features

add _signatures to manifest (3ae73f2)

`v13.2.0`

Features

add always option to replaceRegistryHost (#164) (edd1ee5)

13.1.1 (2022-04-06)

Dependencies

bump npm-packlist from 4.0.0 to 5.0.0 (#159) (d7f07d6)

`v13.1.1`

`v13.1.0`

Features

add option to not replace magic registry host (#143) (f519cf4)

13.0.6 (2022-04-05)

Bug Fixes

replace deprecated String.prototype.substr() (e307e17)

Dependencies

bump @npmcli/promise-spawn from 1.3.2 to 3.0.0 (#154) (9a0ec63)
bump ssri from 8.0.1 to 9.0.0 (#157) (0993b18)

13.0.5 (2022-03-15)

Dependencies

bump read-package-json from 4.1.2 to 5.0.0 (#138) (f28c891)

13.0.4 (2022-03-14)

Dependencies

bump cacache from 15.3.0 to 16.0.0 (#136) (ed3a069)
bump npm-packlist from 3.0.0 to 4.0.0 (#132) (1634e9d)
update @npmcli/run-script requirement from ^3.0.0 to ^3.0.1 (#130) (7c84792)
update npm-registry-fetch requirement from ^13.0.0 to ^13.0.1 (#129) (d639ed6)
update read-package-json requirement from ^4.1.1 to ^4.1.2 (#134) (31093a1)

13.0.3 (2022-02-23)

Bug Fixes

ignore integrity values for git dependencies (#123) (3417714)

Dependencies

bump @npmcli/run-script from 2.0.0 to 3.0.0 (#124) (6026b73)

13.0.2 (2022-02-16)

Bug Fixes

run prepack lifecycle scripts on git fetcher (#121) (82d8afc)

Dependencies

bump @npmcli/git from 2.1.0 to 3.0.0 (#120) (56d0c62)

13.0.1 (2022-02-16)

Bug Fixes

reify git dependencies that have workspaces (#103) (08348fa)

Dependencies

bump npm-registry-fetch from 12.0.2 to 13.0.0 (#118) (25eeb97)

`v13.0.6`

`v13.0.5`

`v13.0.4`

`v13.0.3`

`v13.0.2`

`v13.0.1`

`v13.0.0`

⚠ BREAKING CHANGES

It replaces the only use of npmlog.level with a boolean silent which is now used to to suppress @npmcli/run-script banners instead.

Features

add fullReadJson option (#101) (2ddf67f)
use proc-log and drop support for log property (#104) (26e01b0)

Dependencies

bump npm-package-arg from 8.1.5 to 9.0.0 (#113) (5b3b82d)
bump npm-pick-manifest from 6.1.1 to 7.0.0 (3940b46)
update @npmcli/installed-package-contents requirement (0413eff)
update cacache requirement from ^15.0.5 to ^15.3.0 (#112) (0321cf0)
update minipass requirement from ^3.1.3 to ^3.1.6 (#115) (9548c8c)
update mkdirp requirement from ^1.0.3 to ^1.0.4 (c204aa2)
update npm-registry-fetch requirement from ^12.0.0 to ^12.0.2 (97e7ab5)
update read-package-json-fast requirement from ^2.0.1 to ^2.0.3 (be32161)
update tar requirement from ^6.1.0 to ^6.1.11 (#107) (650e188)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          fix(deps): update dependency pacote to v20

042d99a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet