diff options
Diffstat (limited to 'deps/npm/CHANGELOG.md')
-rw-r--r-- | deps/npm/CHANGELOG.md | 596 |
1 files changed, 593 insertions, 3 deletions
diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md index 4f94100434..eae0e4aed2 100644 --- a/deps/npm/CHANGELOG.md +++ b/deps/npm/CHANGELOG.md @@ -1,3 +1,593 @@ +### v3.10.8 (2016-09-08) + +Monthly releases are so big! Just look at all this stuff! + +Our quarter of monthly releases is almost over. The next one, in October, might +very well be our last one as we move to trying something different and learning +lessons from our little experiment. + +You may also want to keep an eye our for `npm@4` next month, since we're +planning on finally releasing it then and including a (small) number of breaking +changes we've been meaning to do for a long time. Don't worry, though: `npm@3` +will still be around for a bit and will keep getting better and better, and is +most likely going to be the version that `node@6` uses once it goes to LTS. + +As some of us have mentioned before, npm is likely to start doing more regular +semver-major bumps, while keeping those bumps significantly smaller than the +huge effort that was `npm@3` -- we're not very likely to do a world-shaking +thing like that for a while, if ever. + +All that said, let's move on to the patches included in v3.10.8! + +#### SHRINKWRAP LEVEL UP + +The most notable part of this release is a series of commits meant to make `npm +shrinkwrap` more consistent. By itself, shrinkwrap seems like a fairly +straightforward thing to implement, but things get complicated when it starts +interacting with `devDependencies`, `optionalDependencies`, and +`bundledDependencies`. These commits address some corner cases related to these. + +* [`a7eca32`](https://github.com/npm/npm/commit/a7eca3246fbbcbb05434cb6677f65d14c945d74f) + [#10073](https://github.com/npm/npm/pull/10073) + Record if a dependency is only used as a devDependency and exclude it from the + shrinkwrap file. + ([@bengl](https://github.com/bengl)) +* [`1eabcd1`](https://github.com/npm/npm/commit/1eabcd16bf2590364ca20831096350073539bf3a) + [#10073](https://github.com/npm/npm/pull/10073) + Record if a dependency is optional to shrinkwrap. + ([@bengl](https://github.com/bengl)) +* [`03efc89`](https://github.com/npm/npm/commit/03efc89522c99ee0fa37d8f4a99bc3b44255ef98) + [#13692](https://github.com/npm/npm/pull/13692/) + We were doing a weird thing where we used a `package.json` field `installable` + to check to see if we'd checked for platform compatibility, and if not did + so. But this was the only place that was ever done so there was no reason to + implement it in such an obfuscated manner. + Instead it now just directly checks and then records that its done so on the + node object with `knownInstallable`. This is useful to know because modules + expanded via shrinkwrap don't go through this– `inflateShrinkwrap` does not + currently have any rollback semantics and so checking this sort of thing there + is unhelpful. + ([@iarna](https://github.com/iarna)) +* [`ff87938`](https://github.com/npm/npm/commit/ff879382fda21dac7216a5f666287b3a7e74a947) + [#11735](https://github.com/npm/npm/issues/11735) + Running `npm install --save-dev` will now update shrinkwrap file, but only + if there already are devDependencies in it. + ([@szimek](https://github.com/szimek)) +* [`c00ca3a`](https://github.com/npm/npm/commit/c00ca3aef836709eeaeade91c5305bc2fbda2e8a) + [#13394](https://github.com/npm/npm/issues/13394) + Check installability of modules from shrinkwrap, since modules that came into + the tree vie shrinkwrap won't already have this information recorded in + advance. + ([@iarna](https://github.com/iarna)) + +#### INSTALLER ERROR REPORTING LEVEL UP + +As part of the shrinkwrap push, there were also a lot of error-reporting +improvements. Some to add more detail to error objects, others to fix bugs and +inconsistencies. + +* [`2cdd713`](https://github.com/npm/npm/commit/2cdd7132abddcc7f826a355c14348ce9a5897ffe) + Consistently set code on `ETARGET` when fetching package metadata if no + compatible version is found. + ([@iarna](https://github.com/iarna)) +* [`cabcd17`](https://github.com/npm/npm/commit/cabcd173f2923cb5b77e7be0e42eea2339a24727) + [#13692](https://github.com/npm/npm/pull/13692/) + Include installer warning details at the `verbose` log level. + ([@iarna](https://github.com/iarna)) +* [`95a4044`](https://github.com/npm/npm/commit/95a4044cbae93d19d0da0f3cd04ea8fa620295d9) + [`dbb14c2`](https://github.com/npm/npm/commit/dbb14c241d982596f1cdaee251658f5716989fd2) + [`9994383`](https://github.com/npm/npm/commit/9994383959798f80749093301ec43a8403566bb6) + [`7417000`](https://github.com/npm/npm/commit/74170003db0c53def9b798cb6fe3fe7fc3e06482) + [`f45f85d`](https://github.com/npm/npm/commit/f45f85dac800372d63dfa8653afccbf5bcae7295) + [`e79cc1b`](https://github.com/npm/npm/commit/e79cc1b11440f0d122c4744d5eff98def9553f4a) + [`146ee39`](https://github.com/npm/npm/commit/146ee394b1f7a33cf409a30b835a85d939acb438) + [#13692](https://github.com/npm/npm/pull/13692/) + Improve various bits of error reporting, adding more error information and + some related refactoring. + ([@iarna](https://github.com/iarna)) + +#### MISCELLANEOUS BUGS LEVEL UP + +* [`116b6c6`](https://github.com/npm/npm/commit/116b6c60a174ea0cc49e4d62717e4e26175b6534) + [#13456](https://github.com/npm/npm/issues/13456) + In lifecycle scripts, any `node_modules/.bin` existing in the hierarchy + should be turned into an entry in the PATH environment variable. + However, prior to this commit, it was splitting based on the string + `node_modules`, rather than restricting it to only path portions like + `/node_modules/` or `\node_modules\`. So, a path containing an entry + like `my_node_modules` would be improperly split. + ([@isaacs](https://github.com/isaacs)) +* [`0a28dd0`](https://github.com/npm/npm/commit/0a28dd0104e5b4a8cc0cb038bd213e6a50827fe8) + [npm/fstream-npm#23](https://github.com/npm/fstream-npm/pull/23) + `fstream-npm@1.2.0`: + Always ignore `*.orig` files, which are generated by git when using `git + mergetool`, by default. + ([@zkat](https://github.com/zkat)) +* [`a3a2fb9`](https://github.com/npm/npm/commit/a3a2fb97adc87c2aa9b2b8957861b30efafc7ad0) + [#13708](https://github.com/npm/npm/pull/13708) + Always ignore `*.orig` files, which are generated by git when using `git + mergetool`, by default. + ([@boneskull](https://github.com/boneskull)) + +#### TOOLING LEVEL UP + +* [`e1d7e6c`](https://github.com/npm/npm/commit/e1d7e6ce551cbc42026cdcadcb37ea515059c972) + Add helper for generating test skeletons. + ([@iarna](https://github.com/iarna)) +* [`4400b35`](https://github.com/npm/npm/commit/4400b356bca9175935edad1469c608c909bc01bf) + Fix fixture creation and cleanup in `maketest`. + ([@iarna](https://github.com/iarna)) + +#### DOCUMENTATION LEVEL UP + +* [`8eb9460`](https://github.com/npm/npm/commit/8eb94601fe895b97cbcf8c6134e6b371c5371a1e) + [#13717](https://github.com/npm/npm/pull/13717) + Document that `npm link` will link the files specified in the `bin` field of + `package.json` to `{prefix}/bin/{name}`. + ([@legodude17](https://github.com/legodude17)) +* [`a66e5e9`](https://github.com/npm/npm/commit/a66e5e9c388878fe03fb29014c3b95d28bedd3c1) + [#13682](https://github.com/npm/npm/pull/13682) + Minor grammar fix in documentation for `npm scripts`. + ([@Ajedi32](https://github.com/Ajedi32)) +* [`74b8043`](https://github.com/npm/npm/commit/74b80437ffdfcf8172f6ed4f39bfb021608dd9dd) + [#13655](https://github.com/npm/npm/pull/13655) + Document line comment syntax for `.npmrc`. + ([@mdjasper](https://github.com/mdjasper)) +* [`b352a84`](https://github.com/npm/npm/commit/b352a84c2c7ad15e9c669af75f65cdaa964f86c0) + [#12438](https://github.com/npm/npm/issues/12438) + Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files + executable directly. + ([@mxstbr](https://github.com/mxstbr)) +* [`b82fd83`](https://github.com/npm/npm/commit/b82fd838edbfff5d2833a62f6d8ae8ea2df5a1f2) + [#13493](https://github.com/npm/npm/pull/13493) + Document that the user config file can itself be configured either through the + `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line + flag. + ([@jasonkarns](https://github.com/jasonkarns)) +* [`8a02699`](https://github.com/npm/npm/commit/8a026992a03d90e563a97c70e90926862120693b) + [#13911](https://github.com/npm/npm/pull/13911) + Minor documentation reword and cleanup. + ([@othiym23](https://github.com/othiym23)) + +#### DEPENDENCY LEVEL UP + +* [`2818fb0`](https://github.com/npm/npm/commit/2818fb0f6081d68a91f0905945ad102f26c6cf85) + `glob@7.0.6` + ([@isaacs](https://github.com/isaacs)) +* [`d88ec81`](https://github.com/npm/npm/commit/d88ec81ad33eb2268fcd517d35346a561bc59aff) + `graceful-fs@4.1.6` + ([@francescoinfante](https://github.com/francescoinfante)) +* [`4727f86`](https://github.com/npm/npm/commit/4727f8646daca7b3e3c1c95860e02acf583b9dae) + `lodash.clonedeep@4.5.0` + ([@jdalton](https://github.com/jdalton)) +* [`c347678`](https://github.com/npm/npm/commit/c3476780ef4483425e4ae1d095a5884b46b8db86) + `lodash.union@4.6.0` + ([@jdalton](https://github.com/jdalton)) +* [`530bd4d`](https://github.com/npm/npm/commit/530bd4d2ae6f704f624e4f7bf64f911f37e2b7f8) + `lodash.uniq@4.5.0` + ([@jdalton](https://github.com/jdalton)) +* [`483d56a`](https://github.com/npm/npm/commit/483d56ae8137eca0c0f7acd5d1c88ca6d5118a6a) + `lodash.without@4.4.0` + ([@jdalton](https://github.com/jdalton)) +* [`6c934df`](https://github.com/npm/npm/commit/6c934df6e74bacd0ed40767b319936837a43b586) + `inherits@2.0.3` + ([@isaacs](https://github.com/isaacs)) +* [`a65ed7c`](https://github.com/npm/npm/commit/a65ed7cbd3c950383a14461a4b2c87b67ef773b9) + `npm-registry-client@7.2.1`: + * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax)) + * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel)) + * Fixes [#13656](https://github.com/npm/npm/issues/13656). + * Dependency updates. + * Documentation improvements. + ([@othiym23](https://github.com/othiym23)) +* [`2b88d62`](https://github.com/npm/npm/commit/2b88d62e6a730716b27052c0911c094d01830a60) + [npm/npmlog#34](https://github.com/npm/npmlog/pull/34) + `npmlog@4.0.0`: + Allows creating log levels that are empty strings or 0 + ([@rwaldron](https://github.com/rwaldron)) +* [`242babb`](https://github.com/npm/npm/commit/242babbd02274ee2d212ae143992c20f47ef0066) + `once@1.4.0` + ([@zkochan](https://github.com/zkochan)) +* [`6d8ba2b`](https://github.com/npm/npm/commit/6d8ba2b4918e2295211130af68ee8a67099139e0) + `readable-stream@2.1.5` + ([@calvinmetcalf](https://github.com/calvinmetcalf)) +* [`855c099`](https://github.com/npm/npm/commit/855c099482a8d93b7f0646bd7bcf8a31f81868e0) + `retry@0.10.0` + ([@tim-kos](https://github.com/tim-kos)) +* [`80540c5`](https://github.com/npm/npm/commit/80540c52b252615ae8a6271b3df870eabfea935e) + `semver@5.3.0`: + * Add `minSatisfying` + * Add `prerelease(v)` + ([@isaacs](https://github.com/isaacs)) +* [`8aaac52`](https://github.com/npm/npm/commit/8aaac52ffae8e689fae265712913b1e2a36b1aa6) + `which@1.2.1` + ([@isaacs](https://github.com/isaacs)) +* [`85108a2`](https://github.com/npm/npm/commit/85108a29108ab0a57997572dc14f87eb706890ba) + `write-file-atomic@1.2.0`: + Preserve chmod and chown from the overwritten file + ([@iarna](https://github.com/iarna)) +* [`291a377`](https://github.com/npm/npm/commit/291a377f32f5073102a8ede61a27e6a9b37154c2) + Update npm documentation to reflect documentation for `semver@5.3.0`. + ([@zkat](https://github.com/zkat)) + +### v3.10.7 (2016-08-11) + +Hi all, today's our first release coming out of the new monthly release +cadence. See below for details. We're all recovered from conferences now +and raring to go! We've got some pretty keen bug fixes and a bunch of +documentation and dependency updates. It's hard to narrow it down to just a +few, but of note are scoped packages in bundled dependencies, the +`preinstall` lifecycle fix, the shrinkwrap and Git dependencies fix and the +fix to a crasher involving cycles in development dependencies. + +#### NEW RELEASE CADENCE + +Releasing npm has been, for the most part, a very prominent part of our +weekly process process. As part of our efforts to find the most effective +ways to allocate our team's resources, we decided last month that we would +try and slow our releases down to a monthly cadence, and see if we found +ourselves with as much extra time and attention as we expected to have. +Process experiments are useful for finding more effective ways to do our +work, and we're at least going to keep doing this for a whole quarter, and +then measure how well it worked out. It's entirely likely that we'll switch +back to a more frequent cadence, specially if we find that the value that +weekly cadence was providing the community is not worth sacrificing for a +bit of extra time. Does this affect you significantly? Let us know! + +#### SCOPED PACKAGES IN BUNDLED DEPENDENCIES + +Prior to this release and +[v2.15.10](https://github.com/npm/npm/releases/v2.15.10), npm had ignored +scoped modules found in `bundleDependencies`. + +* [`29cf56d`](https://github.com/npm/npm/commit/29cf56dbae8e3dd16c24876f998051623842116a) + [#8614](https://github.com/npm/npm/issues/8614) + Include scoped packages in bundled dependencies. + ([@forivall](https://github.com/forivall)) + +#### `preinstall` LIFECYCLE IN CURRENT PROJECT + +* [`b7f13bc`](https://github.com/npm/npm/commit/b7f13bc80b89b025be0c53d81b90ec8f2cebfab7) + [#13259](https://github.com/npm/npm/pull/13259) + Run top level preinstall before installing dependencies + ([@palmerj3](https://github.com/palmerj3)) + +#### BETTER SHRINKWRAP WITH GIT DEPENDENCIES + +* [`0f7e319`](https://github.com/npm/npm/commit/0f7e3197bcec7a328b603efdffd3681bbc40f585) + [#12718](https://github.com/npm/npm/issues/12718.) + Update outdated git dependencies found in shrinkwraps. Previously, if the + module version was the same then no update would be completed even if the + committish had changed. + ([@kossnocorp](https://github.com/kossnocorp)) + + +#### CYCLES IN DEVELOPMENT DEPENDENCIES NO LONGER CRASH + +* [`1691de6`](https://github.com/npm/npm/commit/1691de668d34cd92ab3de08bf3a06085388f2f07) + [#13327](https://github.com/npm/npm/issues/13327) + Fix bug where cycles found in development dependencies could result in + infinite recursion that resulted in crashes. + ([@iarna](https://github.com/iarna)) + +#### IMPROVE "NOT UPDATING LINKED MODULE" WARNINGS + +* [`1619871`](https://github.com/npm/npm/commit/1619871ac0cc8839dc9962c78e736095976c1eb4) + [#12893](https://github.com/npm/npm/pull/12893) + Only warn about symlink update if version number differs + The update-linked action outputs a warning that it needs to update the + linked package, but can't, There is no need for the package to be updated if + it is already at the correct version. This change does a check before + logging the warning. + ([@DaveEmmerson](https://github.com/DaveEmmerson)) + +#### MORE BUG FIXES + +* [`8f8d1b3`](https://github.com/npm/npm/commit/8f8d1b33a78c79aff9de73df362abaa7f05751d2) + [#11398](https://github.com/npm/npm/issues/11398) + Fix bug where `package.json` files that contained a `type` property could + cause crashes. `type` is not a `package.json` property that npm makes use + of and having it should be (and now is) harmless. + ([@zkat](https://github.com/zkat)) +* [`e7fa6c6`](https://github.com/npm/npm/commit/e7fa6c6a2c1de2a214479daa8c6901eebb350381) + [#13353](https://github.com/npm/npm/issues/13353) + Add GIT_EXEC_PATH to Git environment whitelist. + ([@mhart](https://github.com/mhart)) +* [`c23af21`](https://github.com/npm/npm/commit/c23af21d4cedd7fedcb4168672044db76ad054a8) + [#13626](https://github.com/npm/npm/pull/13626) + Use HTTPS issues URL in the error message for type validation errors. + ([@watilde](https://github.com/watilde)) + +#### INCLUDE `npm login` IN COMMAND SUMMARY + +* [`ab0c4b1`](https://github.com/npm/npm/commit/ab0c4b137b05762e75e0913038b606f087b58aa0) + [#13581](https://github.com/npm/npm/issues/13581) + The `login` command has long been an alias for `adduser`. + At the same time, there is an expectation not just of that + particular word being something to look for, but of there being + clear symmetry with `logout`. + So it was a bit confusing when `login` didn't show up in + `npm help` on a technicality. This seems like an acceptable + exception to the rule that says "no aliases in `npm help`". + ([@zkat](https://github.com/zkat)) + +#### DOCUMENTATION + +* [`e2d7e78`](https://github.com/npm/npm/commit/e2d7e7820a7875ed96e0382dc1e91b8df4e83746) + [#13319](https://github.com/npm/npm/pull/13319) + As Node.js 0.8 is no longer supported, remove mention of it from the README. + ([@watilde](https://github.com/watilde)) +* [`c565d89`](https://github.com/npm/npm/commit/c565d893a38efb6006e841450503329c9e58f100) + [#13349](https://github.com/npm/npm/pull/13349) + Updated the scripts documentation to explain the different between `version` and `preversion`. + ([@christophehurpeau](https://github.com/christophehurpeau)) +* [`fa8f87f`](https://github.com/npm/npm/commit/fa8f87f1ec92e543dd975156c4b184eb3e0b80cb) + [#10167](https://github.com/npm/npm/pull/10167) + Clarify in scope documentation that npm@2 is required for scoped packages. + ([@danpaz](https://github.com/danpaz)) + +#### DEPENDENCIES + +* [`124427e`](https://github.com/npm/npm/commit/124427eabbfd200aa145114e389e19692559ff1e) + [#8614](https://github.com/npm/npm/issues/8614) + `fstream-npm@1.1.1`: + Fixes bug with inclusion of scoped bundled dependencies. + ([@forivall](https://github.com/forivall)) +* [`7e0cdff`](https://github.com/npm/npm/commit/7e0cdff04714709f6dc056b19422d3f937502f1c) + [#13497](https://github.com/npm/npm/pull/13497) + `graceful-fs@4.1.5`: + `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which + fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed + by recent changes to Node.js. + ([@thefourtheye](https://github.com/thefourtheye)) +* [`9b88cb8`](https://github.com/npm/npm/commit/9b88cb89f138443f324094685f4de073f33ecef0) + [#9984](https://github.com/npm/npm/issues/9984) + `request@2.74.0`: + Update request library to at least 2.73 to fix a bug where `npm install` would crash with + _Cannot read property 'emit' of null._ + + Update `request` dependency `tough-cookie` to `2.3.0` to + to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130). + Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that, + under certain conditions involving long strings of semicolons in the + "Set-Cookie" header, causes the event loop to block for excessive amounts of + time. + ([@zarenner](https://github.com/zarenner)) + ([@stash-sfdc](https://github.com/stash-sfdc)) +* [`bf78ce5`](https://github.com/npm/npm/commit/bf78ce5ef5d2d6e95177193cca5362dd27bff968) + [#13387](https://github.com/npm/npm/issues/13387) + `minimatch@3.0.3`: + Handle extremely long and terrible patterns more gracefully. + There were some magic numbers that assumed that every extglob pattern starts + and ends with a specific number of characters in the regular expression. + Since !(||) patterns are a little bit more complicated, this led to creating + an invalid regular expression and throwing. + ([@isaacs](https://github.com/isaacs)) +* [`803e538`](https://github.com/npm/npm/commit/803e538efaae4b56a764029742adcf6761e8398b) + [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111) + `rimraf@2.5.4`: Clarify assertions: cb is required, options are not. + ([@isaacs](https://github.com/isaacs)) +* [`a9f84ef`](https://github.com/npm/npm/commit/a9f84ef61b4c719b646bf9cda00577ef16e3a113) + `lodash.without@4.2.0` + ([@jdalton](https://github.com/jdalton)) +* [`f59ff1c`](https://github.com/npm/npm/commit/f59ff1c2701f1bfd21bfdb97b4571823b614f694) + `lodash.uniq@4.4.0` + ([@jdalton](https://github.com/jdalton)) +* [`8cc027e`](https://github.com/npm/npm/commit/8cc027e5e81623260a49b31fe406ce483258b203) + `lodash.union@4.5.0` + ([@jdalton](https://github.com/jdalton)) +* [`0a6c1e4`](https://github.com/npm/npm/commit/0a6c1e4302a153fb055f495043ed33afd8324193) + `lodash.without@4.3.0` + ([@jdalton](https://github.com/jdalton)) +* [`4ab0181`](https://github.com/npm/npm/commit/4ab0181fca2eda18888b865ef691b83d30fb0c33) + `lodash.clonedeep@4.4.1` + ([@jdalton](https://github.com/jdalton)) + +### v3.10.6 (2016-07-07) + +This week we have a bunch of bug fixes for ya! A shrinkwrap regression +introduced in 3.10.0, better lifecycle `PATH` behavior, improvements when +working with registries other than `registry.npmjs.org` and a fix for +hopefully the last _don't print a progress bar over my interactive thingy_ +bug. + +#### SHRINKWRAP AND DEV DEPENDENCIES + +The rewrite in 3.10.0 triggered a bug where dependencies of devDependencies +would be included in your shrinkwrap even if you didn't request +devDependencies. + +* [`2484529`](https://github.com/npm/npm/commit/2484529ab56a42e5d6f13c48006f39a596d9e327) + [#13308](https://github.com/npm/npm/pull/13308) + Fix bug where deps of devDependencies would be incorrectly included in + shrinkwraps. + ([@iarna](https://github.com/iarna)) + +#### BETTER PATH LIFECYCLE BEHAVIOR + +We've been around the details on this one a few times in recent months and +hopefully this will bring is to where we want to be. + +* [`81051a9`](https://github.com/npm/npm/commit/81051a90eee66a843f76eb8cccedbb1d0a5c1f47) + [#12968](https://github.com/npm/npm/pull/12968) + When running lifecycle scripts, only prepend directory containing the node + binary to PATH if not already in PATH. + ([@segrey](https://github.com/segrey)) + +#### BETTER INTERACTIONS WITH THIRD PARTY REGISTRIES + +* [`071193c`](https://github.com/npm/npm/commit/071193c8e193767dd1656cb27556cb3751d77a3b) + [#10869](https://github.com/npm/npm/pull/10869) + If the registry returns a list of versions some of which are invalid, skip + those when picking a version to install. This can't happen with + registry.npmjs.org as it will normalize versions published with it, but it + can happen with other registries. + ([@gregersrygg](https://github.com/gregersrygg)) + +#### ONE LAST TOO-MUCH-PROGRESS CORNER + +* [`1244cc1`](https://github.com/npm/npm/commit/1244cc16dc5a0536acf26816a1deeb8e221d67eb) + [#13305](https://github.com/npm/npm/pull/13305) + Disable progress bar in `npm edit` and `npm config edit`. + ([@watilde](https://github.com/watilde)) + +#### HTML DOCS IMPROVEMENTS + +* [`58da923`](https://github.com/npm/npm/commit/58da9234ae72a5474b997f890a1155ee9785e6f1) + [#13225](https://github.com/npm/npm/issues/13225) + Fix HTML character set declaration in generated HTML documentation. + ([@KenanY](https://github.com/KenanY)) +* [`d1f0bf4`](https://github.com/npm/npm/commit/d1f0bf4303566f8690502034f82bbb449850958d) + [#13250](https://github.com/npm/npm/pull/13250) + Optimize png images using zopflipng. + ([@PeterDaveHello](https://github.com/PeterDaveHello)) + +#### DEPENDENCY UPDATES (THAT MATTER) + +* [`c7567e5`](https://github.com/npm/npm/commit/c7567e58618b63f97884afa104d2f560c9272dd5) + [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9) + `npm-user-validate@0.1.5`: + Lower the username length limits to 214 from 576 to match `registry.npmjs.org`'s limits. + ([@aredridel](https://github.com/aredridel)) +* [`22802c9`](https://github.com/npm/npm/commit/22802c9db3cf990c905e8f61304db9b5571d7964) + [#isaacs/rimraf](https://github.com/npm/npm/issues/isaacs/rimraf) + `rimraf@2.5.3`: + Fixes EPERM errors when running `lstat` on read-only directories. + ([@isaacs](https://github.com/isaacs)) +* [`ce6406f`](https://github.com/npm/npm/commit/ce6406f4b6c4dffbb5cd8a3c049f6663a5665522) + `glob@7.0.5`: + Forces the use of `minimatch` to 3.0.2, which improved handling of long and + complicated patterns. + ([@isaacs](https://github.com/isaacs)) + + +### v3.10.5 (2016-07-05) + +This is a fix to this week's testing release to correct the update of +`node-gyp` which somehow got mangled. + +* [`ca97ce2`](https://github.com/npm/npm/commit/ca97ce2e8d8ba44c445b39ffa40daf397d5601b3) + [#13256](https://github.com/npm/npm/issues/13256) + Fresh reinstall of `node-gyp@3.4.0`. + ([@zkat](https://github.com/zkat)) + +### v3.10.4 (2016-06-30) + +Hey y'all! This release includes a bunch of fixes we've been working on as we +continue on our `big-bug` push. There's still [a lot of it left to +do](https://github.com/npm/npm/labels/big-bug), but once this is done, things +should just generally be more stable, installs should be more reliable and +correct, and we'll be able to move on to more future work. We'll keep doing our +best! 🙌 + +#### RACES AS WACKY AS [REDLINE](https://en.wikipedia.org/wiki/Redline_\(2009_film\)) + +Races are notoriously hard to squash, and tend to be some of the more common +recurring bugs we see on the CLI. [@julianduque](https://github.com/julianduque) +did some pretty awesome [sleuthing +work](https://github.com/npm/npm/issues/12669) to track down a cache race and +helpfully submitted a patch. There were some related races in the same area that +also got fixed at around the same time, mostly affecting Windows users. + +* [`2a37c97`](https://github.com/npm/npm/commit/2a37c97121483db2b6f817fe85c2a5a77b76080e) + [#12669](https://github.com/npm/npm/issues/12669) + [#13023](https://github.com/npm/npm/pull/13023) + The CLI is pretty aggressive about correcting permissions across the cache + whenever it writes to it. This aggressiveness caused a couple of races where + temporary cache files would get picked up by `fs.readdir`, and removed before + `chownr` was called on them, causing `ENOENT` errors. While the solution might + seem a bit hamfisted, it's actually perfectly safe and appropriate in this + case to just ignore those resulting `ENOENT` errors. + ([@julianduque](https://github.com/julianduque)) +* [`ea018b9`](https://github.com/npm/npm/commit/ea018b9e3856d1798d199ae3ebce4ed07eea511b) + [#13023](https://github.com/npm/npm/pull/13023) + If a user were to have SUDO_UID and SUDO_GID, they'd be able to get into a + pretty weird state. This fixes that corner case. + ([@zkat](https://github.com/zkat)) +* [`703ca3a`](https://github.com/npm/npm/commit/703ca3abbf4f1cb4dff08be32acd2142d5493482) + [#13023](https://github.com/npm/npm/pull/13023) + A missing `return` was causing `chownr` to be called on Windows, even though + that's literally pointless, and causing crashes in the process, instead of + short-circuiting. This was entirely dependent on which callback happened to be + called first, and in some cases, the failing one would win the race. This + should prevent this from happening in the future. + ([@zkat](https://github.com/zkat)) +* [`69267f4`](https://github.com/npm/npm/commit/69267f4fbd1467ce576f173909ced361f8fe2a9d) + [#13023](https://github.com/npm/npm/pull/13023) + Added tests to verify `correct-mkdir` race patch. + ([@zkat](https://github.com/zkat)) +* [`e5f50ea`](https://github.com/npm/npm/commit/e5f50ea9f84fe8cac6978d18f7efdf43834928e7) + [#13023](https://github.com/npm/npm/pull/13023) + Added tests to verify `addLocal` race patch. + ([@zkat](https://github.com/zkat)) + +#### SHRINKWRAP IS COMPLICATED BUT IT'S BETTER NOW + +[@iarna](https://github.com/iarna) did some heroic hacking to refactor a bunch +of `shrinkwrap`-related bits and fixed some resolution and pathing issues that +were biting users. The code around that stuff got more readable/maintainable in +the process, too! + +* [`346bba1`](https://github.com/npm/npm/commit/346bba1e1fee9cc814b07c56f598a73be5c21686) + [#13214](https://github.com/npm/npm/pull/13214) + Resolve local dependencies in `npm-shrinkwrap.json` relative to the top of the + tree. + ([@iarna](https://github.com/iarna)) +* [`4a67fdb`](https://github.com/npm/npm/commit/4a67fdbd0f160deb6644a9c4c5b587357db04d2d) + [#13213](https://github.com/npm/npm/pull/13213) + If you run `npm install modulename` it should, if a `npm-shrinkwrap.json` is + present, use the version found there. If not, it'll use the version found in + your `package.json`, and failing *that*, use `latest`. + This fixes a case where the first check was being bypassed because version + resolution was being done prior to loading the shrinkwrap, and so checks to + match the shrinkwrap version couldn't succeed. + ([@iarna](https://github.com/iarna)) +* [`afa2133`](https://github.com/npm/npm/commit/afa2133a5d8ac4f6f44cdc6083d89ad7f946f5bb) + [#13214](https://github.com/npm/npm/pull/13214) + Refactor shrinkwrap specifier lookup into shared function. + ([@iarna](https://github.com/iarna)) +* [`2820b56`](https://github.com/npm/npm/commit/2820b56a43e1cc1e12079a4c886f6c14fe8c4f10) + [#13214](https://github.com/npm/npm/pull/13214) + Refactor operations in `inflate-shrinkwrap.js` into separate functions for + added clarity. + ([@iarna](https://github.com/iarna)) +* [`ee5bfb3`](https://github.com/npm/npm/commit/ee5bfb3e56ee7ae582bec9f741f32b224c279947) + Fix Windows path issue in a shrinkwrap test. + ([@zkat](https://github.com/zkat)) + +#### OTHER BUGFIXES + +* [`a11a7b2`](https://github.com/npm/npm/commit/a11a7b2e7df9478ac9101b06eead4a74c41a648d) + [#13212](https://github.com/npm/npm/pull/13212) + Resolve local paths passed in through the command line relative to current + directory, instead of relative to the `package.json`. + ([@iarna](https://github.com/iarna)) + +#### DEPENDENCY UPDATES + +* [`900a5b7`](https://github.com/npm/npm/commit/900a5b7f18b277786397faac05853c030263feb8) + [#13199](https://github.com/npm/npm/pull/13199) + [`node-gyp@3.4.0`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md): + AIX, Visual Studio 2015, and logging improvements. Oh my~! + ([@rvagg](https://github.com/rvagg)) + +#### DOCUMENTATION FIXES + +* [`c6942a7`](https://github.com/npm/npm/commit/c6942a7d6acb2b8c73206353bbec03380a056af4) + [#13134](https://github.com/npm/npm/pull/13134) + Fixed a few typos in `CHANGELOG.md`. + ([@watilde](https://github.com/watilde)) +* [`e63d913`](https://github.com/npm/npm/commit/e63d913127731ece56dcd69c7c0182af21be58f8) + [#13156](https://github.com/npm/npm/pull/13156) + Fix old reference to `doc/install` in a source comment. + ([@sheerun](https://github.com/sheerun)) +* [`099d23c`](https://github.com/npm/npm/commit/099d23cc8f38b524dc19a25857b2ebeca13c49d6) + [#13113](https://github.com/npm/npm/issues/13113) + [#13189](https://github.com/npm/npm/pull/13189) + Fixes a link to `npm-tag(3)` that was breaking to instead point to + `npm-dist-tag(1)`, as reported by [@SimenB](https://github.com/SimenB) + ([@macdonst](https://github.com/macdonst)) + ### v3.10.3 (2016-06-23) Given that we had not one, but two updates to our RC this past week, it @@ -88,12 +678,12 @@ unrecoverable errors then npm would crash instead of printing the error. * [`6a33b2c`](https://github.com/npm/npm/commit/6a33b2c13f637a41e25cd0339925bc430b50358a) [#13115](https://github.com/npm/npm/issues/13115) Ensure that errors reading the package tree for `outdated` does not result - in crashs. + in crashes. ([@iarna](https://github.com/iarna)) ### v3.10.1 (2016-06-17): -There are two very important bug fixes and one long-awaited (and signifcant!) +There are two very important bug fixes and one long-awaited (and significant!) deprecation in this hotfix release. [Hold on.](http://butt.holdings/) #### *WHOA* @@ -225,7 +815,7 @@ Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015 functionality will land anytime soon. Looking forward, the team's current plan is to drop support for Node.js 0.10 -when its LTS maintenace window expires in October, 2016, and 0.12 when its +when its LTS maintenance window expires in October, 2016, and 0.12 when its maintenance / LTS window ends at the end of 2016. We will also drop support for Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the October-December 2016 timeframe. |