Path to this page:
Subject: CVS commit: pkgsrc/lang/npm
From: Filip Hajny
Date: 2018-08-02 14:28:35
Message id: 20180802122835.50329FBEC@cvs.NetBSD.org
Log Message:
lang/npm: Update tp 6.3.0.
## v6.3.0 (2018-08-01):
- `figgy-pudding@3.2.0`
- `cacache@11.1.0`
## v6.3.0-next.0 (2018-07-25):
### NEW FEATURES
- `npm version` now supports a `--preid` option to specify the preid
for prereleases. For example, `npm version premajor --preid rc` will tag
a version like `2.0.0-rc.0`.
### MESSAGING IMPROVEMENTS
- Make `npm audit fix` message provide better instructions for
vulnerabilities that require manual review.
- Fix missing colon next to tarball url in new `npm view` output.
- Use the defaut OTP explanation everywhere except when the context is
"OTP-aware" (like when setting double-authentication). This improves
the overall CLI messaging when prompting for an OTP code.
### MISC
- Use the extracted `stringify-package` package.
- `wrappy` was previously added to dependencies in order to flatten
it, but we no longer do legacy-style for npm itself, so it has been
removed from `package.json`.
## v6.2.0 (2018-07-13):
### FEATURES
- Add support for tab-separated output for `npm audit` data with the
`--parseable` flag.
- Add new `sign-git-commit` config to control whether the git commit
itself gets signed, or just the tag (which is the default).
### FIXES
- Do not use `SET` to fetch the env in git-bash or Cygwin.
### DEPENDENCY BUMPS
- `request@2.81.0`: Downgraded to allow better deduplication. This
does introduce a bunch of `hoek`-related audit reports, but they don't
affect npm itself so we consider it safe. We'll upgrade `request` again
once `node-gyp` unpins it.
- `node-gyp@3.7.0`
_ `cli-table3@0.5.0`: `cli-table2` is unmaintained and required
`lodash`. With this dependency bump, we've removed `lodash` from our tree,
which cut back tarball size by another 300kb.
- `npm-audit-report@1.3.1`
- Add `cli-table3` to bundleDeps.
- Make `standard` happy.
## v6.2.0-next.1 (2018-07-05):
- Remove postinstall script that depended on source files, thus
preventing `npm@next` from being installable from the registry.
## v6.2.0-next.0 (2018-06-28):
### NEW FEATURES
- You can now disable the update notifier entirely by using
`--no-update-notifier` or setting it in your config with `npm config
set update-notifier false`.
- When `npm run-script <script>` fails due to a typo or missing
script, npm will now do a "did you mean?..." for scripts that do exist.
### BUGFIXES
- Fix the regular expression matching in `xcode_emulation` in
`node-gyp` to also handle version numbers with multiple-digit major
versions which would otherwise break under use of XCode 10.
- Stop trying to hoist/dedupe bundles dependencies.
- Add synopsis to brief help for `npm audit` and suppress trailing
newline.
- Exclude /.github directory from npm tarball.
- Add suggestion to use a temporary cache instead of `npm cache clear
--force`.
### DEPENDENCY SHUFFLE!
We did some reshuffling and moving around of npm's own dependencies.
This significantly reduces the total bundle size of the npm pack,
from 8MB to 4.8MB for the distributed tarball! We also moved around
what we actually commit to the repo as far as devDeps go.
- Flatten and dedupe our dependencies!
- Remove unused direct dependency `ansi-regex`.
- Reshuffle ansi-regex for better deduping.
- Reshuffle strip-ansi for better deduping.
- Reshuffle is-fullwidth-code-point for better deduping.
- Add fake-registry, npm-registry-mock replacement.
### DEPENDENCIES
- `tar@4.4.3`
- `pacote@8.1.6`
- `libcipm@2.0.0`
- `request@2.87.0`
- `which@1.3.1`
- `tar@4.4.4`
- `JSONStream@1.3.3`
- `is-cidr@2.0.6`
- `marked@0.4.0`
- `tap@12.0.1`
- `npm-profile@3.0.2`
- `uuid@3.3.2`
Files: