1 files changed, 593 insertions, 3 deletions

diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md
index 4f94100434..eae0e4aed2 100644
--- a/deps/npm/CHANGELOG.md
+++ b/deps/npm/CHANGELOG.md
@@ -1,3 +1,593 @@
+### v3.10.8 (2016-09-08)
+
+Monthly releases are so big! Just look at all this stuff!
+
+Our quarter of monthly releases is almost over. The next one, in October, might
+very well be our last one as we move to trying something different and learning
+lessons from our little experiment.
+
+You may also want to keep an eye our for `npm@4` next month, since we're
+planning on finally releasing it then and including a (small) number of breaking
+changes we've been meaning to do for a long time. Don't worry, though: `npm@3`
+will still be around for a bit and will keep getting better and better, and is
+most likely going to be the version that `node@6` uses once it goes to LTS.
+
+As some of us have mentioned before, npm is likely to start doing more regular
+semver-major bumps, while keeping those bumps significantly smaller than the
+huge effort that was `npm@3` -- we're not very likely to do a world-shaking
+thing like that for a while, if ever.
+
+All that said, let's move on to the patches included in v3.10.8!
+
+#### SHRINKWRAP LEVEL UP
+
+The most notable part of this release is a series of commits meant to make `npm
+shrinkwrap` more consistent. By itself, shrinkwrap seems like a fairly
+straightforward thing to implement, but things get complicated when it starts
+interacting with `devDependencies`, `optionalDependencies`, and
+`bundledDependencies`. These commits address some corner cases related to these.
+
+* [`a7eca32`](https://github.com/npm/npm/commit/a7eca3246fbbcbb05434cb6677f65d14c945d74f)
+  [#10073](https://github.com/npm/npm/pull/10073)
+  Record if a dependency is only used as a devDependency and exclude it from the
+  shrinkwrap file.
+  ([@bengl](https://github.com/bengl))
+* [`1eabcd1`](https://github.com/npm/npm/commit/1eabcd16bf2590364ca20831096350073539bf3a)
+  [#10073](https://github.com/npm/npm/pull/10073)
+  Record if a dependency is optional to shrinkwrap.
+  ([@bengl](https://github.com/bengl))
+* [`03efc89`](https://github.com/npm/npm/commit/03efc89522c99ee0fa37d8f4a99bc3b44255ef98)
+  [#13692](https://github.com/npm/npm/pull/13692/)
+  We were doing a weird thing where we used a `package.json` field `installable`
+  to check to see if we'd checked for platform compatibility, and if not did
+  so. But this was the only place that was ever done so there was no reason to
+  implement it in such an obfuscated manner.
+  Instead it now just directly checks and then records that its done so on the
+  node object with `knownInstallable`. This is useful to know because modules
+  expanded via shrinkwrap don't go through this– `inflateShrinkwrap` does not
+  currently have any rollback semantics and so checking this sort of thing there
+  is unhelpful.
+  ([@iarna](https://github.com/iarna))
+* [`ff87938`](https://github.com/npm/npm/commit/ff879382fda21dac7216a5f666287b3a7e74a947)
+  [#11735](https://github.com/npm/npm/issues/11735)
+  Running `npm install --save-dev` will now update shrinkwrap file, but only
+  if there already are devDependencies in it.
+  ([@szimek](https://github.com/szimek))
+* [`c00ca3a`](https://github.com/npm/npm/commit/c00ca3aef836709eeaeade91c5305bc2fbda2e8a)
+  [#13394](https://github.com/npm/npm/issues/13394)
+  Check installability of modules from shrinkwrap, since modules that came into
+  the tree vie shrinkwrap won't already have this information recorded in
+  advance.
+  ([@iarna](https://github.com/iarna))
+
+#### INSTALLER ERROR REPORTING LEVEL UP
+
+As part of the shrinkwrap push, there were also a lot of error-reporting
+improvements. Some to add more detail to error objects, others to fix bugs and
+inconsistencies.
+
+* [`2cdd713`](https://github.com/npm/npm/commit/2cdd7132abddcc7f826a355c14348ce9a5897ffe)
+  Consistently set code on `ETARGET` when fetching package metadata if no
+  compatible version is found.
+  ([@iarna](https://github.com/iarna))
+* [`cabcd17`](https://github.com/npm/npm/commit/cabcd173f2923cb5b77e7be0e42eea2339a24727)
+  [#13692](https://github.com/npm/npm/pull/13692/)
+  Include installer warning details at the `verbose` log level.
+  ([@iarna](https://github.com/iarna))
+* [`95a4044`](https://github.com/npm/npm/commit/95a4044cbae93d19d0da0f3cd04ea8fa620295d9)
+  [`dbb14c2`](https://github.com/npm/npm/commit/dbb14c241d982596f1cdaee251658f5716989fd2)
+  [`9994383`](https://github.com/npm/npm/commit/9994383959798f80749093301ec43a8403566bb6)
+  [`7417000`](https://github.com/npm/npm/commit/74170003db0c53def9b798cb6fe3fe7fc3e06482)
+  [`f45f85d`](https://github.com/npm/npm/commit/f45f85dac800372d63dfa8653afccbf5bcae7295)
+  [`e79cc1b`](https://github.com/npm/npm/commit/e79cc1b11440f0d122c4744d5eff98def9553f4a)
+  [`146ee39`](https://github.com/npm/npm/commit/146ee394b1f7a33cf409a30b835a85d939acb438)
+  [#13692](https://github.com/npm/npm/pull/13692/)
+  Improve various bits of error reporting, adding more error information and
+  some related refactoring.
+  ([@iarna](https://github.com/iarna))
+
+#### MISCELLANEOUS BUGS LEVEL UP
+
+* [`116b6c6`](https://github.com/npm/npm/commit/116b6c60a174ea0cc49e4d62717e4e26175b6534)
+  [#13456](https://github.com/npm/npm/issues/13456)
+  In lifecycle scripts, any `node_modules/.bin` existing in the hierarchy
+  should be turned into an entry in the PATH environment variable.
+  However, prior to this commit, it was splitting based on the string
+  `node_modules`, rather than restricting it to only path portions like
+  `/node_modules/` or `\node_modules\`. So, a path containing an entry
+  like `my_node_modules` would be improperly split.
+  ([@isaacs](https://github.com/isaacs))
+* [`0a28dd0`](https://github.com/npm/npm/commit/0a28dd0104e5b4a8cc0cb038bd213e6a50827fe8)
+  [npm/fstream-npm#23](https://github.com/npm/fstream-npm/pull/23)
+  `fstream-npm@1.2.0`:
+  Always ignore `*.orig` files, which are generated by git when using `git
+  mergetool`, by default.
+  ([@zkat](https://github.com/zkat))
+* [`a3a2fb9`](https://github.com/npm/npm/commit/a3a2fb97adc87c2aa9b2b8957861b30efafc7ad0)
+  [#13708](https://github.com/npm/npm/pull/13708)
+  Always ignore `*.orig` files, which are generated by git when using `git
+  mergetool`, by default.
+  ([@boneskull](https://github.com/boneskull))
+
+#### TOOLING LEVEL UP
+
+* [`e1d7e6c`](https://github.com/npm/npm/commit/e1d7e6ce551cbc42026cdcadcb37ea515059c972)
+  Add helper for generating test skeletons.
+  ([@iarna](https://github.com/iarna))
+* [`4400b35`](https://github.com/npm/npm/commit/4400b356bca9175935edad1469c608c909bc01bf)
+  Fix fixture creation and cleanup in `maketest`.
+  ([@iarna](https://github.com/iarna))
+
+#### DOCUMENTATION LEVEL UP
+
+* [`8eb9460`](https://github.com/npm/npm/commit/8eb94601fe895b97cbcf8c6134e6b371c5371a1e)
+  [#13717](https://github.com/npm/npm/pull/13717)
+  Document that `npm link` will link the files specified in the `bin` field of
+  `package.json` to `{prefix}/bin/{name}`.
+  ([@legodude17](https://github.com/legodude17))
+* [`a66e5e9`](https://github.com/npm/npm/commit/a66e5e9c388878fe03fb29014c3b95d28bedd3c1)
+  [#13682](https://github.com/npm/npm/pull/13682)
+  Minor grammar fix in documentation for `npm scripts`.
+  ([@Ajedi32](https://github.com/Ajedi32))
+* [`74b8043`](https://github.com/npm/npm/commit/74b80437ffdfcf8172f6ed4f39bfb021608dd9dd)
+  [#13655](https://github.com/npm/npm/pull/13655)
+  Document line comment syntax for `.npmrc`.
+  ([@mdjasper](https://github.com/mdjasper))
+* [`b352a84`](https://github.com/npm/npm/commit/b352a84c2c7ad15e9c669af75f65cdaa964f86c0)
+  [#12438](https://github.com/npm/npm/issues/12438)
+  Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files
+  executable directly.
+  ([@mxstbr](https://github.com/mxstbr))
+* [`b82fd83`](https://github.com/npm/npm/commit/b82fd838edbfff5d2833a62f6d8ae8ea2df5a1f2)
+  [#13493](https://github.com/npm/npm/pull/13493)
+  Document that the user config file can itself be configured either through the
+  `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line
+  flag.
+  ([@jasonkarns](https://github.com/jasonkarns))
+* [`8a02699`](https://github.com/npm/npm/commit/8a026992a03d90e563a97c70e90926862120693b)
+  [#13911](https://github.com/npm/npm/pull/13911)
+  Minor documentation reword and cleanup.
+  ([@othiym23](https://github.com/othiym23))
+
+#### DEPENDENCY LEVEL UP
+
+* [`2818fb0`](https://github.com/npm/npm/commit/2818fb0f6081d68a91f0905945ad102f26c6cf85)
+  `glob@7.0.6`
+  ([@isaacs](https://github.com/isaacs))
+* [`d88ec81`](https://github.com/npm/npm/commit/d88ec81ad33eb2268fcd517d35346a561bc59aff)
+  `graceful-fs@4.1.6`
+  ([@francescoinfante](https://github.com/francescoinfante))
+* [`4727f86`](https://github.com/npm/npm/commit/4727f8646daca7b3e3c1c95860e02acf583b9dae)
+  `lodash.clonedeep@4.5.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`c347678`](https://github.com/npm/npm/commit/c3476780ef4483425e4ae1d095a5884b46b8db86)
+  `lodash.union@4.6.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`530bd4d`](https://github.com/npm/npm/commit/530bd4d2ae6f704f624e4f7bf64f911f37e2b7f8)
+  `lodash.uniq@4.5.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`483d56a`](https://github.com/npm/npm/commit/483d56ae8137eca0c0f7acd5d1c88ca6d5118a6a)
+  `lodash.without@4.4.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`6c934df`](https://github.com/npm/npm/commit/6c934df6e74bacd0ed40767b319936837a43b586)
+  `inherits@2.0.3`
+  ([@isaacs](https://github.com/isaacs))
+* [`a65ed7c`](https://github.com/npm/npm/commit/a65ed7cbd3c950383a14461a4b2c87b67ef773b9)
+  `npm-registry-client@7.2.1`:
+  * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax))
+  * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel))
+  * Fixes [#13656](https://github.com/npm/npm/issues/13656).
+  * Dependency updates.
+  * Documentation improvements.
+  ([@othiym23](https://github.com/othiym23))
+* [`2b88d62`](https://github.com/npm/npm/commit/2b88d62e6a730716b27052c0911c094d01830a60)
+  [npm/npmlog#34](https://github.com/npm/npmlog/pull/34)
+  `npmlog@4.0.0`:
+  Allows creating log levels that are empty strings or 0
+  ([@rwaldron](https://github.com/rwaldron))
+* [`242babb`](https://github.com/npm/npm/commit/242babbd02274ee2d212ae143992c20f47ef0066)
+  `once@1.4.0`
+  ([@zkochan](https://github.com/zkochan))
+* [`6d8ba2b`](https://github.com/npm/npm/commit/6d8ba2b4918e2295211130af68ee8a67099139e0)
+  `readable-stream@2.1.5`
+  ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`855c099`](https://github.com/npm/npm/commit/855c099482a8d93b7f0646bd7bcf8a31f81868e0)
+  `retry@0.10.0`
+  ([@tim-kos](https://github.com/tim-kos))
+* [`80540c5`](https://github.com/npm/npm/commit/80540c52b252615ae8a6271b3df870eabfea935e)
+  `semver@5.3.0`:
+  * Add `minSatisfying`
+  * Add `prerelease(v)`
+  ([@isaacs](https://github.com/isaacs))
+* [`8aaac52`](https://github.com/npm/npm/commit/8aaac52ffae8e689fae265712913b1e2a36b1aa6)
+  `which@1.2.1`
+  ([@isaacs](https://github.com/isaacs))
+* [`85108a2`](https://github.com/npm/npm/commit/85108a29108ab0a57997572dc14f87eb706890ba)
+  `write-file-atomic@1.2.0`:
+  Preserve chmod and chown from the overwritten file
+  ([@iarna](https://github.com/iarna))
+* [`291a377`](https://github.com/npm/npm/commit/291a377f32f5073102a8ede61a27e6a9b37154c2)
+  Update npm documentation to reflect documentation for `semver@5.3.0`.
+  ([@zkat](https://github.com/zkat))
+
+### v3.10.7 (2016-08-11)
+
+Hi all, today's our first release coming out of the new monthly release
+cadence. See below for details. We're all recovered from conferences now
+and raring to go! We've got some pretty keen bug fixes and a bunch of
+documentation and dependency updates. It's hard to narrow it down to just a
+few, but of note are scoped packages in bundled dependencies, the
+`preinstall` lifecycle fix, the shrinkwrap and Git dependencies fix and the
+fix to a crasher involving cycles in development dependencies.
+
+#### NEW RELEASE CADENCE
+
+Releasing npm has been, for the most part, a very prominent part of our
+weekly process process. As part of our efforts to find the most effective
+ways to allocate our team's resources, we decided last month that we would
+try and slow our releases down to a monthly cadence, and see if we found
+ourselves with as much extra time and attention as we expected to have.
+Process experiments are useful for finding more effective ways to do our
+work, and we're at least going to keep doing this for a whole quarter, and
+then measure how well it worked out. It's entirely likely that we'll switch
+back to a more frequent cadence, specially if we find that the value that
+weekly cadence was providing the community is not worth sacrificing for a
+bit of extra time. Does this affect you significantly? Let us know!
+
+#### SCOPED PACKAGES IN BUNDLED DEPENDENCIES
+
+Prior to this release and
+[v2.15.10](https://github.com/npm/npm/releases/v2.15.10), npm had ignored
+scoped modules found in `bundleDependencies`.
+
+* [`29cf56d`](https://github.com/npm/npm/commit/29cf56dbae8e3dd16c24876f998051623842116a)
+  [#8614](https://github.com/npm/npm/issues/8614)
+  Include scoped packages in bundled dependencies.
+  ([@forivall](https://github.com/forivall))
+
+#### `preinstall` LIFECYCLE IN CURRENT PROJECT
+
+* [`b7f13bc`](https://github.com/npm/npm/commit/b7f13bc80b89b025be0c53d81b90ec8f2cebfab7)
+  [#13259](https://github.com/npm/npm/pull/13259)
+  Run top level preinstall before installing dependencies
+  ([@palmerj3](https://github.com/palmerj3))
+
+#### BETTER SHRINKWRAP WITH GIT DEPENDENCIES
+
+* [`0f7e319`](https://github.com/npm/npm/commit/0f7e3197bcec7a328b603efdffd3681bbc40f585)
+  [#12718](https://github.com/npm/npm/issues/12718.)
+  Update outdated git dependencies found in shrinkwraps. Previously, if the
+  module version was the same then no update would be completed even if the
+  committish had changed.
+  ([@kossnocorp](https://github.com/kossnocorp))
+
+
+#### CYCLES IN DEVELOPMENT DEPENDENCIES NO LONGER CRASH
+
+* [`1691de6`](https://github.com/npm/npm/commit/1691de668d34cd92ab3de08bf3a06085388f2f07)
+  [#13327](https://github.com/npm/npm/issues/13327)
+  Fix bug where cycles found in development dependencies could result in
+  infinite recursion that resulted in crashes.
+  ([@iarna](https://github.com/iarna))
+
+#### IMPROVE "NOT UPDATING LINKED MODULE" WARNINGS
+
+* [`1619871`](https://github.com/npm/npm/commit/1619871ac0cc8839dc9962c78e736095976c1eb4)
+  [#12893](https://github.com/npm/npm/pull/12893)
+  Only warn about symlink update if version number differs
+  The update-linked action outputs a warning that it needs to update the
+  linked package, but can't, There is no need for the package to be updated if
+  it is already at the correct version.  This change does a check before
+  logging the warning.
+  ([@DaveEmmerson](https://github.com/DaveEmmerson))
+
+#### MORE BUG FIXES
+
+* [`8f8d1b3`](https://github.com/npm/npm/commit/8f8d1b33a78c79aff9de73df362abaa7f05751d2)
+  [#11398](https://github.com/npm/npm/issues/11398)
+  Fix bug where `package.json` files that contained a `type` property could
+  cause crashes. `type` is not a `package.json` property that npm makes use
+  of and having it should be (and now is) harmless.
+  ([@zkat](https://github.com/zkat))
+* [`e7fa6c6`](https://github.com/npm/npm/commit/e7fa6c6a2c1de2a214479daa8c6901eebb350381)
+  [#13353](https://github.com/npm/npm/issues/13353)
+  Add GIT_EXEC_PATH to Git environment whitelist.
+  ([@mhart](https://github.com/mhart))
+* [`c23af21`](https://github.com/npm/npm/commit/c23af21d4cedd7fedcb4168672044db76ad054a8)
+  [#13626](https://github.com/npm/npm/pull/13626)
+  Use HTTPS issues URL in the error message for type validation errors.
+  ([@watilde](https://github.com/watilde))
+
+#### INCLUDE `npm login` IN COMMAND SUMMARY
+
+* [`ab0c4b1`](https://github.com/npm/npm/commit/ab0c4b137b05762e75e0913038b606f087b58aa0)
+  [#13581](https://github.com/npm/npm/issues/13581)
+  The `login` command has long been an alias for `adduser`.
+  At the same time, there is an expectation not just of that
+  particular word being something to look for, but of there being
+  clear symmetry with `logout`.
+  So it was a bit confusing when `login` didn't show up in
+  `npm help` on a technicality. This seems like an acceptable
+  exception to the rule that says "no aliases in `npm help`".
+  ([@zkat](https://github.com/zkat))
+
+#### DOCUMENTATION
+
+* [`e2d7e78`](https://github.com/npm/npm/commit/e2d7e7820a7875ed96e0382dc1e91b8df4e83746)
+  [#13319](https://github.com/npm/npm/pull/13319)
+  As Node.js 0.8 is no longer supported, remove mention of it from the README.
+  ([@watilde](https://github.com/watilde))
+* [`c565d89`](https://github.com/npm/npm/commit/c565d893a38efb6006e841450503329c9e58f100)
+  [#13349](https://github.com/npm/npm/pull/13349)
+  Updated the scripts documentation to explain the different between `version` and `preversion`.
+  ([@christophehurpeau](https://github.com/christophehurpeau))
+* [`fa8f87f`](https://github.com/npm/npm/commit/fa8f87f1ec92e543dd975156c4b184eb3e0b80cb)
+  [#10167](https://github.com/npm/npm/pull/10167)
+  Clarify in scope documentation that npm@2 is required for scoped packages.
+  ([@danpaz](https://github.com/danpaz))
+
+#### DEPENDENCIES
+
+* [`124427e`](https://github.com/npm/npm/commit/124427eabbfd200aa145114e389e19692559ff1e)
+  [#8614](https://github.com/npm/npm/issues/8614)
+  `fstream-npm@1.1.1`:
+  Fixes bug with inclusion of scoped bundled dependencies.
+  ([@forivall](https://github.com/forivall))
+* [`7e0cdff`](https://github.com/npm/npm/commit/7e0cdff04714709f6dc056b19422d3f937502f1c)
+  [#13497](https://github.com/npm/npm/pull/13497)
+  `graceful-fs@4.1.5`:
+  `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which
+  fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed
+  by recent changes to Node.js.
+  ([@thefourtheye](https://github.com/thefourtheye))
+* [`9b88cb8`](https://github.com/npm/npm/commit/9b88cb89f138443f324094685f4de073f33ecef0)
+  [#9984](https://github.com/npm/npm/issues/9984)
+  `request@2.74.0`:
+  Update request library to at least 2.73 to fix a bug where `npm install` would crash with
+  _Cannot read property 'emit' of null._
+
+  Update `request` dependency `tough-cookie` to `2.3.0` to
+  to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130).
+  Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that,
+  under certain conditions involving long strings of semicolons in the
+  "Set-Cookie" header, causes the event loop to block for excessive amounts of
+  time.
+  ([@zarenner](https://github.com/zarenner))
+  ([@stash-sfdc](https://github.com/stash-sfdc))
+* [`bf78ce5`](https://github.com/npm/npm/commit/bf78ce5ef5d2d6e95177193cca5362dd27bff968)
+  [#13387](https://github.com/npm/npm/issues/13387)
+  `minimatch@3.0.3`:
+  Handle extremely long and terrible patterns more gracefully.
+  There were some magic numbers that assumed that every extglob pattern starts
+  and ends with a specific number of characters in the regular expression.
+  Since !(||) patterns are a little bit more complicated, this led to creating
+  an invalid regular expression and throwing.
+  ([@isaacs](https://github.com/isaacs))
+* [`803e538`](https://github.com/npm/npm/commit/803e538efaae4b56a764029742adcf6761e8398b)
+  [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111)
+  `rimraf@2.5.4`: Clarify assertions: cb is required, options are not.
+  ([@isaacs](https://github.com/isaacs))
+* [`a9f84ef`](https://github.com/npm/npm/commit/a9f84ef61b4c719b646bf9cda00577ef16e3a113)
+  `lodash.without@4.2.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`f59ff1c`](https://github.com/npm/npm/commit/f59ff1c2701f1bfd21bfdb97b4571823b614f694)
+  `lodash.uniq@4.4.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`8cc027e`](https://github.com/npm/npm/commit/8cc027e5e81623260a49b31fe406ce483258b203)
+  `lodash.union@4.5.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`0a6c1e4`](https://github.com/npm/npm/commit/0a6c1e4302a153fb055f495043ed33afd8324193)
+  `lodash.without@4.3.0`
+  ([@jdalton](https://github.com/jdalton))
+* [`4ab0181`](https://github.com/npm/npm/commit/4ab0181fca2eda18888b865ef691b83d30fb0c33)
+  `lodash.clonedeep@4.4.1`
+  ([@jdalton](https://github.com/jdalton))
+
+### v3.10.6 (2016-07-07)
+
+This week we have a bunch of bug fixes for ya!  A shrinkwrap regression
+introduced in 3.10.0, better lifecycle `PATH` behavior, improvements when
+working with registries other than `registry.npmjs.org` and a fix for
+hopefully the last _don't print a progress bar over my interactive thingy_
+bug.
+
+#### SHRINKWRAP AND DEV DEPENDENCIES
+
+The rewrite in 3.10.0 triggered a bug where dependencies of devDependencies
+would be included in your shrinkwrap even if you didn't request
+devDependencies.
+
+* [`2484529`](https://github.com/npm/npm/commit/2484529ab56a42e5d6f13c48006f39a596d9e327)
+  [#13308](https://github.com/npm/npm/pull/13308)
+  Fix bug where deps of devDependencies would be incorrectly included in
+  shrinkwraps.
+  ([@iarna](https://github.com/iarna))
+
+#### BETTER PATH LIFECYCLE BEHAVIOR
+
+We've been around the details on this one a few times in recent months and
+hopefully this will bring is to where we want to be.
+
+* [`81051a9`](https://github.com/npm/npm/commit/81051a90eee66a843f76eb8cccedbb1d0a5c1f47)
+  [#12968](https://github.com/npm/npm/pull/12968)
+  When running lifecycle scripts, only prepend directory containing the node
+  binary to PATH if not already in PATH.
+  ([@segrey](https://github.com/segrey))
+
+#### BETTER INTERACTIONS WITH THIRD PARTY REGISTRIES
+
+* [`071193c`](https://github.com/npm/npm/commit/071193c8e193767dd1656cb27556cb3751d77a3b)
+  [#10869](https://github.com/npm/npm/pull/10869)
+  If the registry returns a list of versions some of which are invalid, skip
+  those when picking a version to install.  This can't happen with
+  registry.npmjs.org as it will normalize versions published with it, but it
+  can happen with other registries.
+  ([@gregersrygg](https://github.com/gregersrygg))
+
+#### ONE LAST TOO-MUCH-PROGRESS CORNER
+
+* [`1244cc1`](https://github.com/npm/npm/commit/1244cc16dc5a0536acf26816a1deeb8e221d67eb)
+  [#13305](https://github.com/npm/npm/pull/13305)
+  Disable progress bar in `npm edit` and `npm config edit`.
+  ([@watilde](https://github.com/watilde))
+
+#### HTML DOCS IMPROVEMENTS
+
+* [`58da923`](https://github.com/npm/npm/commit/58da9234ae72a5474b997f890a1155ee9785e6f1)
+  [#13225](https://github.com/npm/npm/issues/13225)
+  Fix HTML character set declaration in generated HTML documentation.
+  ([@KenanY](https://github.com/KenanY))
+* [`d1f0bf4`](https://github.com/npm/npm/commit/d1f0bf4303566f8690502034f82bbb449850958d)
+  [#13250](https://github.com/npm/npm/pull/13250)
+  Optimize png images using zopflipng.
+  ([@PeterDaveHello](https://github.com/PeterDaveHello))
+
+#### DEPENDENCY UPDATES (THAT MATTER)
+
+* [`c7567e5`](https://github.com/npm/npm/commit/c7567e58618b63f97884afa104d2f560c9272dd5)
+  [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9)
+  `npm-user-validate@0.1.5`:
+  Lower the username length limits to 214 from 576 to match `registry.npmjs.org`'s limits.
+  ([@aredridel](https://github.com/aredridel))
+* [`22802c9`](https://github.com/npm/npm/commit/22802c9db3cf990c905e8f61304db9b5571d7964)
+  [#isaacs/rimraf](https://github.com/npm/npm/issues/isaacs/rimraf)
+  `rimraf@2.5.3`:
+  Fixes EPERM errors when running `lstat` on read-only directories.
+  ([@isaacs](https://github.com/isaacs))
+* [`ce6406f`](https://github.com/npm/npm/commit/ce6406f4b6c4dffbb5cd8a3c049f6663a5665522)
+  `glob@7.0.5`:
+  Forces the use of `minimatch` to 3.0.2, which improved handling of long and
+  complicated patterns.
+  ([@isaacs](https://github.com/isaacs))
+
+
+### v3.10.5 (2016-07-05)
+
+This is a fix to this week's testing release to correct the update of
+`node-gyp` which somehow got mangled.
+
+* [`ca97ce2`](https://github.com/npm/npm/commit/ca97ce2e8d8ba44c445b39ffa40daf397d5601b3)
+  [#13256](https://github.com/npm/npm/issues/13256)
+  Fresh reinstall of `node-gyp@3.4.0`.
+  ([@zkat](https://github.com/zkat))
+
+### v3.10.4 (2016-06-30)
+
+Hey y'all! This release includes a bunch of fixes we've been working on as we
+continue on our `big-bug` push. There's still [a lot of it left to
+do](https://github.com/npm/npm/labels/big-bug), but once this is done, things
+should just generally be more stable, installs should be more reliable and
+correct, and we'll be able to move on to more future work. We'll keep doing our
+best! 🙌
+
+#### RACES AS WACKY AS [REDLINE](https://en.wikipedia.org/wiki/Redline_\(2009_film\))
+
+Races are notoriously hard to squash, and tend to be some of the more common
+recurring bugs we see on the CLI. [@julianduque](https://github.com/julianduque)
+did some pretty awesome [sleuthing
+work](https://github.com/npm/npm/issues/12669) to track down a cache race and
+helpfully submitted a patch. There were some related races in the same area that
+also got fixed at around the same time, mostly affecting Windows users.
+
+* [`2a37c97`](https://github.com/npm/npm/commit/2a37c97121483db2b6f817fe85c2a5a77b76080e)
+  [#12669](https://github.com/npm/npm/issues/12669)
+  [#13023](https://github.com/npm/npm/pull/13023)
+  The CLI is pretty aggressive about correcting permissions across the cache
+  whenever it writes to it. This aggressiveness caused a couple of races where
+  temporary cache files would get picked up by `fs.readdir`, and removed before
+  `chownr` was called on them, causing `ENOENT` errors. While the solution might
+  seem a bit hamfisted, it's actually perfectly safe and appropriate in this
+  case to just ignore those resulting `ENOENT` errors.
+  ([@julianduque](https://github.com/julianduque))
+* [`ea018b9`](https://github.com/npm/npm/commit/ea018b9e3856d1798d199ae3ebce4ed07eea511b)
+  [#13023](https://github.com/npm/npm/pull/13023)
+  If a user were to have SUDO_UID and SUDO_GID, they'd be able to get into a
+  pretty weird state. This fixes that corner case.
+  ([@zkat](https://github.com/zkat))
+* [`703ca3a`](https://github.com/npm/npm/commit/703ca3abbf4f1cb4dff08be32acd2142d5493482)
+  [#13023](https://github.com/npm/npm/pull/13023)
+  A missing `return` was causing `chownr` to be called on Windows, even though
+  that's literally pointless, and causing crashes in the process, instead of
+  short-circuiting. This was entirely dependent on which callback happened to be
+  called first, and in some cases, the failing one would win the race. This
+  should prevent this from happening in the future.
+  ([@zkat](https://github.com/zkat))
+* [`69267f4`](https://github.com/npm/npm/commit/69267f4fbd1467ce576f173909ced361f8fe2a9d)
+  [#13023](https://github.com/npm/npm/pull/13023)
+  Added tests to verify `correct-mkdir` race patch.
+  ([@zkat](https://github.com/zkat))
+* [`e5f50ea`](https://github.com/npm/npm/commit/e5f50ea9f84fe8cac6978d18f7efdf43834928e7)
+  [#13023](https://github.com/npm/npm/pull/13023)
+  Added tests to verify `addLocal` race patch.
+  ([@zkat](https://github.com/zkat))
+
+#### SHRINKWRAP IS COMPLICATED BUT IT'S BETTER NOW
+
+[@iarna](https://github.com/iarna) did some heroic hacking to refactor a bunch
+of `shrinkwrap`-related bits and fixed some resolution and pathing issues that
+were biting users. The code around that stuff got more readable/maintainable in
+the process, too!
+
+* [`346bba1`](https://github.com/npm/npm/commit/346bba1e1fee9cc814b07c56f598a73be5c21686)
+  [#13214](https://github.com/npm/npm/pull/13214)
+  Resolve local dependencies in `npm-shrinkwrap.json` relative to the top of the
+  tree.
+  ([@iarna](https://github.com/iarna))
+* [`4a67fdb`](https://github.com/npm/npm/commit/4a67fdbd0f160deb6644a9c4c5b587357db04d2d)
+  [#13213](https://github.com/npm/npm/pull/13213)
+  If you run `npm install modulename` it should, if a `npm-shrinkwrap.json` is
+  present, use the version found there.  If not, it'll use the version found in
+  your `package.json`, and failing *that*, use `latest`.
+  This fixes a case where the first check was being bypassed because version
+  resolution was being done prior to loading the shrinkwrap, and so checks to
+  match the shrinkwrap version couldn't succeed.
+  ([@iarna](https://github.com/iarna))
+* [`afa2133`](https://github.com/npm/npm/commit/afa2133a5d8ac4f6f44cdc6083d89ad7f946f5bb)
+  [#13214](https://github.com/npm/npm/pull/13214)
+  Refactor shrinkwrap specifier lookup into shared function.
+  ([@iarna](https://github.com/iarna))
+* [`2820b56`](https://github.com/npm/npm/commit/2820b56a43e1cc1e12079a4c886f6c14fe8c4f10)
+  [#13214](https://github.com/npm/npm/pull/13214)
+  Refactor operations in `inflate-shrinkwrap.js` into separate functions for
+  added clarity.
+  ([@iarna](https://github.com/iarna))
+* [`ee5bfb3`](https://github.com/npm/npm/commit/ee5bfb3e56ee7ae582bec9f741f32b224c279947)
+  Fix Windows path issue in a shrinkwrap test.
+  ([@zkat](https://github.com/zkat))
+
+#### OTHER BUGFIXES
+
+* [`a11a7b2`](https://github.com/npm/npm/commit/a11a7b2e7df9478ac9101b06eead4a74c41a648d)
+  [#13212](https://github.com/npm/npm/pull/13212)
+  Resolve local paths passed in through the command line relative to current
+  directory, instead of relative to the `package.json`.
+  ([@iarna](https://github.com/iarna))
+
+#### DEPENDENCY UPDATES
+
+* [`900a5b7`](https://github.com/npm/npm/commit/900a5b7f18b277786397faac05853c030263feb8)
+  [#13199](https://github.com/npm/npm/pull/13199)
+  [`node-gyp@3.4.0`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md):
+  AIX, Visual Studio 2015, and logging improvements. Oh my~!
+  ([@rvagg](https://github.com/rvagg))
+
+#### DOCUMENTATION FIXES
+
+* [`c6942a7`](https://github.com/npm/npm/commit/c6942a7d6acb2b8c73206353bbec03380a056af4)
+  [#13134](https://github.com/npm/npm/pull/13134)
+  Fixed a few typos in `CHANGELOG.md`.
+  ([@watilde](https://github.com/watilde))
+* [`e63d913`](https://github.com/npm/npm/commit/e63d913127731ece56dcd69c7c0182af21be58f8)
+  [#13156](https://github.com/npm/npm/pull/13156)
+  Fix old reference to `doc/install` in a source comment.
+  ([@sheerun](https://github.com/sheerun))
+* [`099d23c`](https://github.com/npm/npm/commit/099d23cc8f38b524dc19a25857b2ebeca13c49d6)
+  [#13113](https://github.com/npm/npm/issues/13113)
+  [#13189](https://github.com/npm/npm/pull/13189)
+  Fixes a link to `npm-tag(3)` that was breaking to instead point to
+  `npm-dist-tag(1)`, as reported by [@SimenB](https://github.com/SimenB)
+  ([@macdonst](https://github.com/macdonst))
+
 ### v3.10.3 (2016-06-23)
 
 Given that we had not one, but two updates to our RC this past week, it
@@ -88,12 +678,12 @@ unrecoverable errors then npm would crash instead of printing the error.
 * [`6a33b2c`](https://github.com/npm/npm/commit/6a33b2c13f637a41e25cd0339925bc430b50358a)
   [#13115](https://github.com/npm/npm/issues/13115)
   Ensure that errors reading the package tree for `outdated` does not result
-  in crashs.
+  in crashes.
   ([@iarna](https://github.com/iarna))
 
 ### v3.10.1 (2016-06-17):
 
-There are two very important bug fixes and one long-awaited (and signifcant!)
+There are two very important bug fixes and one long-awaited (and significant!)
 deprecation in this hotfix release. [Hold on.](http://butt.holdings/)
 
 #### *WHOA*
@@ -225,7 +815,7 @@ Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015
 functionality will land anytime soon.
 
 Looking forward, the team's current plan is to drop support for Node.js 0.10
-when its LTS maintenace window expires in October, 2016, and 0.12 when its
+when its LTS maintenance window expires in October, 2016, and 0.12 when its
 maintenance / LTS window ends at the end of 2016. We will also drop support for
 Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the
 October-December 2016 timeframe.