Skip to content

Latest commit

 

History

History
811 lines (496 loc) · 55.7 KB

CHANGELOG.md

File metadata and controls

811 lines (496 loc) · 55.7 KB

Changelog

9.0.0 (2024-12-16)

Features

  • a7bfc6d #7972 trigger release process (#7972) (@wraithgar)

Chores

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

  • Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
  • bun.lockb files are now included in the strict ignore list during packing

Features

  • f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@reggi, @ljharb)

Dependencies

9.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

  • --ignore-scripts now applies to all lifecycle scripts, include prepare
  • npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.
  • @npmcli/arborist now supports node ^20.17.0 || >=22.9.0

Features

Bug Fixes

  • 080a0f2 #7911 remove old audit fallback request (@wraithgar)
  • 3ffc08b #7831 for @npmcli/arborist sets node engine range to ^20.17.0 || >=22.9.0 (@reggi)

Dependencies

Chores

8.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

  • @npmcli/arborist now supports node ^18.17.0 || >=20.5.0

Features

Bug Fixes

  • 365580a #7803 align @npmcli/arborist to npm 10 node engine range (@reggi)

Dependencies

Chores

7.5.4 (2024-07-09)

Bug Fixes

  • 6f33d74 #7579 arborist: safeguard against null node.target in flag calculation (#7579) (@AmirSa12)
  • a8e666e #7602 arborist: condition to include name field in package-lock fixed (#7602) (@milaninfy)

7.5.3 (2024-05-29)

Bug Fixes

  • 2d1d8d0 #7559 adds node: specifier to all native node modules (#7559) (@reggi)

Chores

  • 4a36d78 #7568 fix linting in arborist debugger (@wraithgar)

7.5.2 (2024-05-15)

Bug Fixes

  • 12f103c #7533 add first param titles to logs where missing (#7533) (@lukekarrys)
  • e290352 #7499 revert DepsQueue to re-sort on pop() (#7499) (@lukekarrys)
  • 56a27fa #7494 avoid caching manifests as promises (@wraithgar)
  • 722c0fa #7463 limit packument cache size based on heap size (@wraithgar)
  • effe910 #7475 dont omit license from stored manifests (#7475) (@lukekarrys)

Dependencies

Chores

7.5.1 (2024-04-30)

Bug Fixes

  • a1b95eb #7453 linting: no-unused-vars (@wraithgar)
  • abcbc54 #7430 reify: cleanup of Symbols (#7430) (@wraithgar)
  • 57ebebf #7418 update repository.url in package.json (#7418) (@wraithgar)

Dependencies

7.5.0 (2024-04-25)

Features

  • 9123de4 #7373 do all ouput over proc-log events (@lukekarrys)
  • 9622597 #7339 refactor terminal display (#7339) (@lukekarrys)

Bug Fixes

  • 78447d7 #7399 prefer fs/promises over promisify (#7399) (@lukekarrys)
  • 6512112 #7378 use proc-log for all timers (@lukekarrys)

Dependencies

Chores

  • dd39de7 #7411 disable selflink test on apple silicon (#7411) (@lukekarrys)

7.4.2 (2024-04-10)

Bug Fixes

  • ef381b1 #7363 use @npmcli/redact for url cleaning (#7363) (@lukekarrys)

7.4.1 (2024-04-03)

Bug Fixes

  • 8cab136 #7324 ensure maxSockets is respected (#7324) (@lukekarrys)
  • 9bffa13 #7320 query: properly return :missing nodes (#7320) (@wraithgar)

Dependencies

Chores

  • 8cab136 #7324 add smoke-test for large prod installs (@lukekarrys)

7.4.0 (2024-02-28)

Features

  • 2366edc #7218 query: add :vuln pseudo selector (@wraithgar)

Bug Fixes

  • 6d1789c #7237 Arborist code cleanup (#7237) (@wraithgar)
  • ed17276 #7218 query-selector: don't look up private packages on :outdated (@wraithgar)

Dependencies

7.3.1 (2024-01-24)

Bug Fixes

  • d3f1845 #7124 clean up idealTree code (@wraithgar)
  • 8382fb3 #7126 fetch full packument so that libc can be assessed (@styfle, @ljharb)

Dependencies

7.3.0 (2024-01-10)

Features

  • 6673c77 #6914 add --libc option to override platform specific install (#6914) (@wraithgar, @Brooooooklyn)

7.2.2 (2023-12-06)

Bug Fixes

  • ae2d982 #7027 arborist: node.target can be null when it is a file dep or symlink (#7027) (@ljharb, @lukekarrys)
  • f875caa #6998 clean up shrinkwrap code (#6998) (@wraithgar)

Chores

7.2.1 (2023-10-31)

Dependencies

7.2.0 (2023-10-02)

Features

  • 81a460f #6732 add package-lock-only mode to npm query (@wraithgar)
  • 0d29855 #6732 add no-package-lock mode to npm audit (@wraithgar)

Bug Fixes

  • 0860159 #6829 ensure workspace links query parents correctly (#6829) (@Carl-Foster)
  • bef7481 #6782 query with workspace descendents (#6782) (@bdehamer)

Dependencies

7.1.0 (2023-09-08)

Features

  • 1c93c44 #6755 Add --cpu and --os option to override platform specific install (#6755) (@yukukotani)

7.0.0 (2023-08-31)

Features

  • fb31c7e trigger release process (@lukekarrys)

7.0.0-pre.0 (2023-08-31)

⚠️ BREAKING CHANGES

  • support for node <=16.13 has been removed
  • support for node 14 has been removed

Bug Fixes

Dependencies

6.3.0 (2023-07-05)

Features

Bug Fixes

  • c61e037 #6626 use new load/create syntax for package-json (@wraithgar)

Dependencies

6.2.10 (2023-06-21)

Bug Fixes

  • f5b9713 #6549 make omit flags work properly with workspaces (#6549) (@Rayyan98, @lukekarrys)
  • 40d7e09 #6555 remove unnecessary package.json values (#6555) (@lukekarrys)

6.2.9 (2023-05-03)

Bug Fixes

Dependencies

6.2.8 (2023-04-19)

Bug Fixes

  • 82879f6 #6225 lazy loading of arborist and pacote (#6225) (@wraithgar)

Dependencies

6.2.7 (2023-04-05)

Dependencies

6.2.6 (2023-03-30)

Dependencies

6.2.5 (2023-03-08)

Bug Fixes

  • 8a78c6f #6222 only add directories we made to _sparseTreeRoots (#6222) (@nlf)

6.2.4 (2023-03-02)

Bug Fixes

  • 962a12e #6193 arborist: dependencies from registries with a peerDependency on a workspace (#6193) (@ixalon)

Dependencies

6.2.3 (2023-02-22)

Bug Fixes

  • 6ed3535 #6175 linked-strategy lifecycle missing bins (#6175) (@fritzy)

Documentation

6.2.2 (2023-02-07)

Bug Fixes

  • 12ec7ee remove unused package.json scripts (@lukekarrys)

Dependencies

6.2.1 (2023-02-01)

Bug Fixes

  • 72a7a59 #6095 only save package-lock when truly finished (@wraithgar)

Dependencies

6.2.0 (2023-01-25)

Features

  • 8d6d851 #6078 added --install-strategy=linked (#6078) (@fritzy)

6.1.6 (2023-01-12)

Bug Fixes

  • b584af0 #6022 remove unneeded param default (@wraithgar)
  • 2ba1171 streamline workspace loading code (@wraithgar)
  • 2383deb #6037 clean urls from arborist, owner, and ping commands (#6037) (@lukekarrys)
  • c52cf6b #5960 properly handle directory, file, git and alias specs in overrides (@nlf)

6.1.5 (2022-12-07)

Bug Fixes

  • 83fb125 #5923 audit package mismatch in special case (@fritzy)

Dependencies

6.1.4 (2022-11-30)

Bug Fixes

  • 80c6c4a #5907 do not reset hidden lockfile data before saving (#5907) (@nlf)

6.1.3 (2022-11-16)

Bug Fixes

  • 3f13818 #5859 refactor / inline single use code (#5859) (@wraithgar)

6.1.2 (2022-11-09)

Dependencies

6.1.1 (2022-11-02)

Bug Fixes

  • 1f5382d #5789 don't set stdioString for any spawn/run-script calls (@lukekarrys)
  • 0c5834e #5758 use hosted-git-info to parse registry urls (#5758) (@lukekarrys)

Dependencies

6.1.0 (2022-10-26)

Features

  • 3dd8d68 #5751 sort and quote yarn lock keys according to yarn rules (#5751) (@wraithgar, @shalvah)

Dependencies

6.0.0 (2022-10-19)

Features

  • 586e78d empty commit to trigger all workspace releases (@lukekarrys)

6.0.0-pre.5 (2022-10-19)

⚠️ BREAKING CHANGES

  • deprecate boolean install flags in favor of --install-strategy
    • deprecate --global-style, --global now sets --install-strategy=shallow
    • deprecate --legacy-bundling, now sets --install-strategy=nested
  • this package no longer attempts to change file ownership automatically

Features

  • de2d33f add --install-strategy=hoisted|nested|shallow, deprecate --global-style, --legacy-bundling (#5709) (@fritzy)
  • 475e9b6 #5703 do not alter file ownership (@nlf)

Bug Fixes

  • 1afe5ba account for new npm-package-arg behavior (@wraithgar)

Dependencies

6.0.0-pre.4 (2022-10-05)

Features

  • 9609e9e #5605 use v3 lockfiles by default (#5605) (@fritzy)

Dependencies

6.0.0-pre.3 (2022-09-30)

⚠️ BREAKING CHANGES

  • npm pack now follows a strict order of operations when applying ignore rules. If a files array is present in the package.json, then rules in .gitignore and .npmignore files from the root will be ignored.

Features

  • 3ae796d implement new npm-packlist behavior (@lukekarrys)

6.0.0-pre.2 (2022-09-23)

Features

  • ebf167b add :outdated pseudo selector (@nlf)

Documentation

  • 8402fd8 #5547 add :outdated pseudo selector to docs (@nlf)

Dependencies

6.0.0-pre.1 (2022-09-14)

Bug Fixes

  • f3b0c43 keep saveTypes separate for each add (@wraithgar)

6.0.0-pre.0 (2022-09-08)

⚠ BREAKING CHANGES

  • workspaces: all workspace packages are now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

  • e95017a #5485 feat(workspaces): update supported node engines in package.json (@lukekarrys)
  • 09c46e8 #5324 feat(arborist): allow for selectors and function names with :semver pseudo selector (@nlf)

Bug Fixes

  • fe926ed #5484 fix: don't mark workspaces as invalid if installing links (@wraithgar)
  • 548e70e #5376 fix: link.target setter (@wraithgar)
  • 2db6c08 #5376 fix: loadActual cleanup (@wraithgar)

Documentation

  • 285b39f #5324 docs: add documentation for expanded :semver selector (@nlf)

5.6.1 (2022-08-31)

Bug Fixes

  • 1e84102 #5350 fix: create links relative to the target (@wraithgar)
  • ea5e3a3 #5350 fix: inline single-use functions (@wraithgar)
  • 645c680 #5329 fix: update index.js spelling error in comment (@KevinBrother)
  • bd2ae5d #5323 fix: linting (@wraithgar)

Dependencies

5.6.0 (2022-08-17)

Features

  • arborist: add :overridden pseudo selector (d221f72)
  • arborist: add overridden getter to Node class (e6d4304)
  • query: support :overridden pseudo selector (0d4ed0f)

5.5.0 (2022-08-10)

Features

  • arborist: add option to forcibly skip loading a virtual tree (96b6781)

Bug Fixes

  • query: tell arborist to load an actual tree, not a virtual one (9078e27)

Dependencies

5.4.0 (2022-08-03)

Features

  • add --replace-registry-host=<npmjs|always|never> (#4860) (703dbbf)
  • add --replace-registry-host=<npmjs|always|never>| (703dbbf)
  • add npm query cmd (#5000) (3c024ac)

Bug Fixes

  • arborist: fix bare attribute queries (#5248) (8233fca)
  • arborist: pass the edge to fromPath in order to determine correct path (#5233) (050284d)
  • arborist: use the sourceReference root rather than the node root for overrides (#5227) (47cc95d), closes #4395

Dependencies

5.3.1 (2022-07-27)

Bug Fixes

5.3.0 (2022-07-11)

Features

  • arborist: add support for dependencies script (#5094) (e9b4214)

5.2.3 (2022-06-23)

Dependencies

5.2.2 (2022-06-22)

Bug Fixes

Dependencies

5.2.1 (2022-06-01)

Bug Fixes

  • arborist: use rawSpec for bundled and shrinkwrapped deps (#4963) (646b6b5)

5.2.0 (2022-05-10)

Features

  • add flag --omit-lockfile-registry-resolved (#4874) (bfb8bcc)

Bug Fixes

5.1.1 (2022-04-26)

Dependencies

5.1.0 (2022-04-19)

Features

  • arborist: add support for installLinks (0ebadf5)

Bug Fixes

  • arborist: when replacing a Link with a Node, make sure to remove the Link target from the root (3d96494)

5.0.6 (2022-04-13)

Bug Fixes

  • arborist: dont skip adding advisories to audit based on name/range (aa4a4da), closes #4681
  • arborist: when reloading an edge, also refresh overrides (4d676e3)

5.0.5 (2022-04-06)

Bug Fixes

Dependencies

5.0.4 (2022-03-31)

Bug Fixes

  • arborist: handle link nodes in old lockfiles correctly (6f9cb49)
  • arborist: identify and repair invalid nodes in the virtual tree (bd96ae4)
  • arborist: make sure resolveParent exists before checking props (18b8b94)
  • make sure we loadOverrides on the root node in loadVirtual() (99d8845)
  • only call npmlog progress methods if explicitly requested (#4644) (668ec7f), closes #3314

5.0.3 (2022-03-17)

Bug Fixes

  • arborist: _findMissingEdges missing dependency due to inconsistent path separators (#4261) (0e7511d)
  • arborist: save workspace version (#4578) (e9a2981)

Dependencies

5.0.2 (2022-03-10)

Bug Fixes

  • rebuild: don't run lifecycle scripts twice on linked deps (#4529) (fbdb431)

Documentation

5.0.1 (2022-03-08)

Bug Fixes

  • set proper workspace repo urls in package.json (#4476) (0cfc155)

2.0.0

  • BREAKING CHANGE: root node is now included in inventory
  • All parent/target/fsParent/etc. references set in root setter, rather than the hodgepodge of setters that existed before.
  • treeCheck function added, to enforce strict correctness guarantees when ARBORIST_DEBUG=1 in the environment (on by default in Arborist tests).

1.0.0

  • Release for npm v7 beta
  • Fully functional

0.0.0