chore(deps): update dependency npm to v11

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
npm (source)	10.9.2 → 11.12.1

---

Release Notes

npm/cli (npm)

v11.12.1

Compare Source

Bug Fixes

• 596706a #​9148 revert prefer-offline/prefer-online exclusivity (#​9129) (@​owlstronaut)

Documentation

• d1ee8a5 #​9140 Add note on relative path prefix for npm publish (#​9140) (@​pydsigner)

Dependencies

• workspace: @npmcli/config@10.8.1

v11.12.0

Compare Source

Features

• 8eff5fb #​9049 audit: add --include-attestations flag to output sigstore bundles (#​9049) (@​mitchdenny)

Bug Fixes

• 03af94d #​9123 skip synopsis code block when command has no usage (@​owlstronaut)
• 21ea382 #​9110 arborist: resolve sibling override sets via common ancestor (#​9110) (@​manzoorwanijk)

Dependencies

• 03f4c3a #​9131 @sigstore/tuf@4.0.2
• 4d5f7d9 #​9131 @gar/promise-retry@1.0.3
• 8dcfe69 #​9131 @sigstore/sign@4.1.1
• e5a7e22 #​9127 lru-cache@11.2.7
• 82deab6 #​9127 make-fetch-happen@15.0.5
• ce195dc #​9127 cacache@20.0.4

Chores

• 95fa7f4 #​9132 fix docs test snapshot (#​9132) (@​wraithgar)
• 7e9d538 #​9127 dev dependency updates (@​wraithgar)
• 920e5ed #​9127 test snapshots (@​wraithgar)
• 98ccf92 #​9125 fix snap tests (@​owlstronaut)
• workspace: @npmcli/arborist@9.4.2
• workspace: @npmcli/config@10.8.0
• workspace: libnpmdiff@8.1.5
• workspace: libnpmexec@10.2.5
• workspace: libnpmfund@7.0.19
• workspace: libnpmpack@9.1.5

v11.11.1

Compare Source

Bug Fixes

• a9d242b #​9099 include all subcommands on main command help (#​9099) (@​wraithgar)
• 29b8407 #​9087 unwrap comments and lines meant for output (#​9087) (@​wraithgar)
• b56986a #​9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#​9095) (@​manzoorwanijk)
• 76c76e5 #​9083 ci: don't error on optional deps in the lockfile (#​9083) (@​wraithgar)
• a29aeee #​9028 arborist: retry bin-links on Windows EPERM (#​9028) (@​manzoorwanijk)
• 6565eeb #​9045 bypass packument cache to prevent ETARGET errors after publish (#​9045) (@​Jadu07)

Documentation

• 3b96929 #​9074 scripts: remove mention of obsolete root user behavior (#​9074) (@​mohd-akram)
• 16ac4e0 #​9054 fix workspace cross-dependency documentation (@​owlstronaut)

Dependencies

• 075ae23 #​9086 tar@7.5.11
• 13fa40d #​9086 pacote@21.5.0
• bf7ea2b #​9060 brace-expansion@5.0.4
• 2000d2c #​9060 minimatch@10.2.4
• d86b260 #​9060 tar@7.5.10
• dff1853 #​9060 @npmcli/run-script@10.0.4
• 93c3365 #​9060 write-file-atomic@7.0.1

Chores

• d1996a7 #​9060 dev dependency updates (@​wraithgar)
• workspace: @npmcli/arborist@9.4.1
• workspace: libnpmdiff@8.1.4
• workspace: libnpmexec@10.2.4
• workspace: libnpmfund@7.0.18
• workspace: libnpmpack@9.1.4

v11.11.0

Compare Source

Features

• 4fcd352 #​9017 add :type(registry) to query selector syntax (#​9017) (@​wraithgar)
• e1b21f0 #​8909 adds circleci to trust command (#​8909) (@​owlstronaut)
• 9a33ad0 #​8925 adds circleci to oidc (#​8925) (@​owlstronaut)

Bug Fixes

• 4426411 #​9026 npm audit signatures for keyless attestation registries (#​9026) (@​ajayk)
• 658b323 #​9010 handle legacy licenses array in sbom output (#​9010) (@​JNC4)

Documentation

• 143f8cd #​9007 docs shouldn't wrap yaml description (#​9007) (@​owlstronaut)

Dependencies

• 7798b6e #​9027 @gar/promise-retry@1.0.2
• 4838864 #​9027 balanced-match@4.0.4
• 0c200dd #​9027 brace-expansion@5.0.3
• f0606bb #​9027 spdx-license-ids@3.0.23
• d43f350 #​9027 make-fetch-happen@15.0.4
• 4d0918a #​9027 @npmcli/git@7.0.2
• 8912ca7 #​9027 minipass-fetch@5.0.2
• 450ff35 #​9027 npm-packlist@10.0.4
• 20ef5a5 #​9027 pacote@21.4.0
• 60f332c #​9008 remove promise-retry
• cb8b9c7 #​9008 add @gar/promise-retry@1.0.0
• workspace: @npmcli/arborist@9.4.0
• workspace: libnpmdiff@8.1.3
• workspace: libnpmexec@10.2.3
• workspace: libnpmfund@7.0.17
• workspace: libnpmpack@9.1.3

v11.10.1

Compare Source

Bug Fixes

• 9fac412 #​8995 improve unknown config warning with .npmrc section hint (#​8995) (@​umeshmore45)
• bb135cc #​8981 arborist: fix peerOptional dependency resolution in buildIdealTree (#​8981) (@​Saibamen, @​cursoragent)
• 5c03826 #​8993 remove tabular output from "npm view" (@​wraithgar)
• 4648f26 #​8993 remove tabular output from "npm team" (@​wraithgar)

Documentation

• 0a5756d #​8998 clarify unsupported custom .npmrc keys and recommend alternatives (#​8998) (@​maitrawebtech)
• 22c9153 #​8985 fix typo and grammar in README (#​8985) (@​csmit195, Chris)

Dependencies

• aa8ffbf #​9002 init-package-json@8.2.5 (#​9002)
• 67a0f09 #​9001 glob@13.0.6
• 56b8fd4 #​9001 minimatch@10.2.2
• aa7fef5 #​9001 minipass@7.1.3
• d3a4161 #​9000 @npmcli/package-json@7.0.5 (#​9000)
• 7aa9338 #​8993 remove cli-columns
• f7f7c53 #​8991 hoist balanced-match
• 10cb575 #​8991 hoist latest yallist
• 1b3dc9a #​8991 cidr-regex@5.0.3
• 4307af6 #​8991 glob@13.0.5
• 13b4d6a #​8991 minimatch@10.2.1
• 45d4000 #​8991 tar@7.5.9

Chores

• 40fcab4 #​8991 @npmcli/template-oss@4.29.0 (@​wraithgar)
• 1598adb #​8991 dev dependency updates (@​wraithgar)
• workspace: @npmcli/arborist@9.3.1
• workspace: @npmcli/config@10.7.1
• workspace: libnpmdiff@8.1.2
• workspace: libnpmexec@10.2.2
• workspace: libnpmfund@7.0.16
• workspace: libnpmpack@9.1.2

v11.10.0

Compare Source

Features

• cf56a1e #​8899 npm trust, per-command config (@​reggi)
• cf56a1e #​8899 npm trust (@​reggi)
• 66d6e11 #​8965 add min-release-age (#​8965) (@​wraithgar)

Dependencies

• aae84bf #​8973 pacote@21.3.1
• 8bcb675 #​8973 cidr-regex@5.0.2
• f87aaab #​8973 lru-cache@11.2.6
• acec871 #​8973 ssri@13.0.1
• 1e42a86 #​8973 glob@13.0.2
• e1c08a4 #​8973 is-cidr@6.0.3
• dfb0e34 #​8973 semver@7.7.4
• 0ee7776 #​8973 which@6.0.1

Chores

• eb81df8 #​8973 dev dependency updates (@​wraithgar)
• 995e757 #​8966 Clean up some todos, add tests for previously skipped blocks (@​owlstronaut)
• workspace: @npmcli/arborist@9.3.0
• workspace: @npmcli/config@10.7.0
• workspace: libnpmdiff@8.1.1
• workspace: libnpmexec@10.2.1
• workspace: libnpmfund@7.0.15
• workspace: libnpmpack@9.1.1

v11.9.0

Compare Source

Features

• f5f6cf7 #​8943 config: add --allow-git (@​wraithgar)

Bug Fixes

• 2242f25 #​8952 webauth: improve error messages around webauth in non-TTY (#​8952) (@​Andarist)

Dependencies

• 332c9f3 #​8960 glob@13.0.1
• eca02c7 #​8960 minimatch@10.1.2 @isaacs/brace-expansion@5.0.1
• b3f8475 #​8951 minipass-fetch@5.0.1
• 924171b #​8951 is-cidr@6.0.2
• 4404002 #​8951 ci-info@4.4.0
• b65af73 #​8951 lru-cache@11.2.5
• 164c355 #​8951 tar@7.5.7
• a74a19c #​8951 node-gyp@12.2.0
• e0bc212 #​8943 pacote@21.1.0

Chores

• 4a82a8f #​8951 dev dependency updates (@​wraithgar)
• workspace: @npmcli/arborist@9.2.0
• workspace: @npmcli/config@10.6.0
• workspace: libnpmdiff@8.1.0
• workspace: libnpmexec@10.2.0
• workspace: libnpmfund@7.0.14
• workspace: libnpmpack@9.1.0

v11.8.0

Compare Source

Features

• 545e861 #​8828 show proxy environment variables in npm config list (Max Black)

Bug Fixes

• c2f784d #​8859 preserve serialNumber UUID in CycloneDX SBOM output #​8837 (#​8859) (@​saksham-malhotra-27)
• f2c3af7 #​8840 more intuitive byte formatting boundaries for rounding (#​8840) (@​watilde)

Documentation

• 3474ec3 #​8866 fix typo/logic error in npm-dedupe docs (#​8866) (@​Schweinepriester)
• 5552e46 #​8797 npm-install: explain package-lock.json behavior (#​8797) (@​MaxBlack-dev, Max Black)

Dependencies

• f478ca0 #​8919 postcss-selector-parser@7.1.1
• 2b6a71f #​8919 path-scurry@2.0.1
• 19096f2 #​8919 sigstore@4.1.0
• e7f5d1e #​8919 lru-cache@11.2.4
• 9e756ae #​8919 ip-address@10.1.0
• f951820 #​8919 common-ancestor-path@2.0.0
• 7a949ad #​8919 @sigstore/verify@3.1.0
• 6979ce1 #​8919 @sigstore/sign@4.1.0
• b4a6a41 #​8919 @sigstore/core@3.1.0
• dc8a8e8 #​8919 @sigstore/tuf@4.0.1
• be221ea #​8919 validate-npm-package-name@7.0.2
• 149823d #​8919 diff@8.0.3
• 32b2001 #​8919 tar@7.5.4

Chores

• 8f599df #​8919 pin jsdom to 27.0.0 (@​wraithgar)
• f4f1161 #​8919 dev dependency updates (@​wraithgar)
• workspace: @npmcli/arborist@9.1.10
• workspace: @npmcli/config@10.5.0
• workspace: libnpmdiff@8.0.13
• workspace: libnpmexec@10.1.12
• workspace: libnpmfund@7.0.13
• workspace: libnpmpack@9.0.13

v11.7.0

Compare Source

Features

• b380d15 #​8697 add deduping to notices unless in verbose+ mode (@​owlstronaut)

Bug Fixes

• 4ebb831 #​8839 updates hints to use cli paradigm (@​owlstronaut)
• 7896e51 #​8838 update the token list text (@​owlstronaut)
• 8ab8668 #​8836 query: support package-lock-only in workspaces (@​watilde)
• 35e8d38 #​8322 properly handle newlines with input when using the spinner (#​8322) (@​mbtools)
• 0c0faae #​8780 adduser: improve email prompt (#​8780) (@​mbtools)

Documentation

• 7f2ab9d #​8810 scripts: replace deprecated prepublish and install examples with prepare (Max Black)
• 91ebab7 #​8847 remove note about token create being disabled (@​owlstronaut)
• 2030250 #​8822 scripts: clarify prepare script runs with --production (Max Black)
• 33a50d7 #​8821 scripts: update npm_package_* environment variables documentation (Max Black)
• 50508f9 #​8793 package-json: add documentation for type field (#​8793) (@​MaxBlack-dev, Max Black)
• aa1dd7e #​8823 scripts: document that prepare scripts run concurrently in workspaces (Max Black)
• 3f48487 #​8820 package-spec: fix alias syntax in examples (Max Black)
• dd104da #​8812 version: add note about git version requirements (Max Black)
• 58afdcc #​8792 install: clarify prerelease version range behavior (Max Black)
• 9f818e8 #​8795 npm-view: clarify object property access syntax and provide examples (Max Black)
• 39c2f2e #​8791 add examples for command line flags including --prefix (Max Black)
• 1298530 #​8790 clarify version field can be omitted in package-lock (Max Black)
• 090b6ca #​8794 npx: clarify that arguments are passed to executed command (Max Black)
• a864f80 #​8787 document gypfile field in package.json (Max Black)
• 2fc689d #​8788 add field access patterns to npm view (Max Black)
• 4850639 #​8796 package-json: add examples for replacing dependencies with forks in overrides (Max Black)
• 4864dd4 #​8798 npm-install: document engines field priority when installing packages (Max Black)
• 95d25cd #​8799 package-json: clarify repository field normalization during publish (Max Black)
• a367f9b #​8800 package-lock-json: clarify that version field may be omitted for certain dependencies (Max Black)
• ffc9b71 #​8801 npm-install: clarify --tag does not override package.json (#​8801) (@​MaxBlack-dev, Max Black)
• 73688ca #​8735 clarify npm version behavior with prerelease versions (#​8735) (@​yashwantbezawada)
• 4a32606 #​8785 updates the token create documentation (#​8785) (@​owlstronaut, @​wraithgar)

Chores

• 54929ce #​8836 update baseline-browser-mapping (@​watilde)

Dependencies

• workspace: @npmcli/arborist@9.1.9
• workspace: @npmcli/config@10.4.5
• workspace: libnpmdiff@8.0.12
• workspace: libnpmexec@10.1.11
• workspace: libnpmfund@7.0.12
• workspace: libnpmpack@9.0.12

v11.6.4

Compare Source

Documentation

• dfb83c7 #​8749 add example for keywords field (#​8749) (@​MaxBlack-dev, Max Black)
• 1b1e227 #​8750 remove outdated roadmap link (#​8750) (@​MaxBlack-dev, Max Black)
• 1333d57 #​8752 clarify .npmrc naming convention for environment variable overrides (#​8752) (@​MaxBlack-dev)
• 22cddb8 #​8755 add workspace dependencies example to workspaces (Max Black)
• 17e154c #​8756 standardize env vars to uppercase convention (Max Black)
• 1e51a25 #​8754 fix lifecycle event order for prepare script (Max Black)
• 8d72bc9 #​8753 add os, cpu, and funding fields to package-lock.json (Max Black)

Dependencies

• f56bb13 #​8779 proc-log@6.1.0 (#​8779)
• f963223 #​8770 proggy@4.0.0
• f51e4aa #​8770 nopt@9.0.0
• 2d15040 #​8770 @npmcli/query@5.0.0
• 9d77b84 #​8770 @npmcli/installed-package-contents@4.0.0
• e2ac092 #​8770 read@5.0.1
• 6e5bfd9 #​8770 init-package-json@8.2.4
• 7f8e237 #​8770 p-map@7.0.4
• a4aa218 #​8770 npm-user-validate@4.0.0
• 6430446 #​8770 npm-audit-report@7.0.0
• 58650dc #​8770 @npmcli/fs@5.0.0
• 4a11146 #​8770 glob@13.0.0
• 00511d4 #​8770 @npmcli/cacache@20.0.3
• 224afa2 #​8770 @npmcli/map-workspaces@5.0.3
• 664ac34 #​8770 @npmcli/package-json@7.0.4
• workspace: @npmcli/arborist@9.1.8
• workspace: @npmcli/config@10.4.4
• workspace: libnpmdiff@8.0.11
• workspace: libnpmexec@10.1.10
• workspace: libnpmfund@7.0.11
• workspace: libnpmpack@9.0.11

v11.6.3

Compare Source

Bug Fixes

• c6242d9 #​8706 change npm profile to create tokens with GAT support (#​8706) (@​owlstronaut, @​wraithgar)
• cbc6fa9 #​8731 order of version information in error message (#​8731) (@​piotrd, @​pd-be)
• 11dbd7e #​8709 display full token when creating authentication tokens (#​8709) (@​MaxBlack-dev, Max Black)
• 49a4eef #​8676 use look behind regex for trailing slash stripping (#​8676) (@​wraithgar)
• b1aee62 #​8645 dep flag calculation (#​8645) (@​liamcmitchell)

Documentation

• ca53c21 #​8745 add workspace usage examples (#​8745) (@​MaxBlack-dev, Max Black)
• e71ca0e #​8746 add --save flag to documentation (#​8746) (@​MaxBlack-dev, Max Black)
• 06510a8 #​8683 add ignore-scripts option to npm version help and docs (#​8683) (@​Tejas242)

Dependencies

• 7f72238 #​8723 cacache@20.0.2
• 7ac9db8 #​8723 init-package-json@8.2.3
• 41e97c6 #​8723 validate-npm-package-name@7.0.0
• 6b1fbe1 #​8723 npm-package-arg@13.0.2
• aa1d486 #​8723 @npmcli/promise-spawn@9.0.1
• 599c819 #​8723 which@6.0.0
• e49286e #​8723 ini@5.0.0
• b7c9f96 #​8723 @npmcli/promise-spawn@9.0.0
• 8cc9f70 #​8723 ssri@13.0.0
• 0b7274f #​8723 pacote@21.0.4
• 59b3c6a #​8723 @npmcli/redact@4.0.0
• 578abad #​8723 node-gyp@12.1.0
• 89c4151 #​8723 @npmcli/git@7.0.1
• c6d109d #​8723 make-fetch-happen@15.0.3
• 34d8599 #​8723 npm-registry-fetch@19.1.1
• 4811a86 #​8723 @npmcli/run-script@10.0.3
• 6cb77df #​8723 @npmcli/installed-package-contents@4.0.0
• 05ac7a7 #​8723 proc-log@6.0.0
• 0a74f6d #​8723 bin-links@6.0.0
• c02ce5c #​8723 @npmcli/package-json@7.0.2
• 9c0cefa #​8723 json-parse-even-better-errors@5.0.0
• 041b9b2 #​8723 parse-conflict-json@5.0.1
• a1b0fea #​8723 @npmcli/name-from-folder@4.0.0
• a085745 #​8723 abbrev@4.0.0
• 00d9c7d #​8723 nopt@9.0.0
• 3404dca #​8723 npm-install-checks@8.0.0
• 542fcf3 #​8723 @npmcli/node-gyp@5.0.0
• 89e14d3 #​8723 tar@7.5.2
• 5383f3a #​8723 npm-registry-fetch@19.1.0
• 1bb9a7d #​8723 npm-profile@12.0.1
• de619a4 #​8723 npm-pick-manifest@11.0.3
• 0e042ec #​8723 npm-packlist@10.0.3
• 2a3c338 #​8723 node-gyp@11.5.0
• b96e86c #​8723 minimatch@10.1.1
• d347329 #​8723 exponential-backoff@3.1.3
• d6830f4 [#&

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.