Merge branch 'nodejs:main' into fix-duration-ms

Author: MoLow

AUTHORS

@@ -3512,5 +3512,7 @@ Wing <[email protected]>
 Hana <[email protected]>
 Jeff Dickey <[email protected]>
 Matías Zúñiga <[email protected]>
+metonym <[email protected]>
+Brian Evans <[email protected]>
 
 # Generated by tools/update-authors.mjs

deps/corepack/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## [0.14.0](https://github.com/nodejs/corepack/compare/v0.13.0...v0.14.0) (2022-09-02)
+
+
+### Features
+
+* add `COREPACK_ENABLE_STRICT` env variable ([#167](https://github.com/nodejs/corepack/issues/167)) ([92b52f6](https://github.com/nodejs/corepack/commit/92b52f6b4918aff968c0942b89fc722ebf57bce2))
+* update package manager versions ([#170](https://github.com/nodejs/corepack/issues/170)) ([6f70bfc](https://github.com/nodejs/corepack/commit/6f70bfc4b6a8a57cccb1ff9cbf2f49240648f1ed))
+
+
+### Bug Fixes
+
+* handle tags including numbers in `prepare` command ([#165](https://github.com/nodejs/corepack/issues/165)) ([5a0727b](https://github.com/nodejs/corepack/commit/5a0727b43976e0dc299151876c0dde2c4a85174d))
+
 ## [0.13.0](https://github.com/nodejs/corepack/compare/v0.12.3...v0.13.0) (2022-08-19)
 
 

deps/corepack/README.md

@@ -111,12 +111,18 @@ This command will retrieve the given package manager from the specified archive
 
 ## Environment Variables
 
-- `COREPACK_ENABLE_NETWORK` can be set to `0` to prevent Corepack from accessing the network (in which case you'll be responsible for hydrating the package manager versions that will be required for the projects you'll run, using `corepack hydrate`).
-
 - `COREPACK_DEFAULT_TO_LATEST` can be set to `0` in order to instruct Corepack
   not to lookup on the remote registry for the latest version of the selected
   package manager.
 
+- `COREPACK_ENABLE_NETWORK` can be set to `0` to prevent Corepack from accessing
+  the network (in which case you'll be responsible for hydrating the package
+  manager versions that will be required for the projects you'll run, using
+  `corepack hydrate`).
+
+- `COREPACK_ENABLE_STRICT` can be set to `0` to prevent Corepack from checking
+  if the package manager corresponds to the one defined for the current project.
+
 - `COREPACK_HOME` can be set in order to define where Corepack should install
   the package managers. By default it is set to `%LOCALAPPDATA%\node\corepack`
   on Windows, and to `$HOME/.cache/node/corepack` everywhere else.

deps/corepack/dist/corepack.js

@@ -1,6 +1,6 @@
 {
   "name": "corepack",
-  "version": "0.13.0",
+  "version": "0.14.0",
   "homepage": "https://github.com/nodejs/corepack#readme",
   "bugs": {
     "url": "https://github.com/nodejs/corepack/issues"
@@ -10,13 +10,13 @@
     "url": "https://github.com/nodejs/corepack.git"
   },
   "license": "MIT",
-  "packageManager": "[email protected].14+sha224.d3bee29dce07417588d640327d44f1e0b8182c240bc2beb0b81ccf6e",
+  "packageManager": "[email protected].15+sha224.7fa5c1d1875b041cea8fcbf9a364667e398825364bf5c5c8cd5f6601",
   "devDependencies": {
     "@babel/core": "^7.14.3",
     "@babel/plugin-transform-modules-commonjs": "^7.14.0",
     "@babel/preset-typescript": "^7.13.0",
     "@types/debug": "^4.1.5",
-    "@types/jest": "^28.0.0",
+    "@types/jest": "^29.0.0",
     "@types/node": "^18.0.0",
     "@types/semver": "^7.1.0",
     "@types/tar": "^6.0.0",
@@ -31,7 +31,7 @@
     "debug": "^4.1.1",
     "eslint": "^8.0.0",
     "eslint-plugin-arca": "^0.15.0",
-    "jest": "^28.0.0",
+    "jest": "^29.0.0",
     "nock": "^13.0.4",
     "proxy-agent": "^5.0.0",
     "semver": "^7.1.3",

deps/corepack/dist/vendors-_yarn_berry_cache_proxy-agent-npm-5_0_0-41772f4b01-9_zip_node_modules_proxy-agent_index_js.js

@@ -35,29 +35,28 @@ For all of the subcommands, `npm access` will perform actions on the packages
 in the current working directory if no package name is passed to the
 subcommand.
 
-* public / restricted:
+* public / restricted (deprecated):
   Set a package to be either publicly accessible or restricted.
 
-* grant / revoke:
+* grant / revoke (deprecated):
   Add or remove the ability of users and teams to have read-only or read-write
   access to a package.
 
-* 2fa-required / 2fa-not-required:
+* 2fa-required / 2fa-not-required (deprecated):
   Configure whether a package requires that anyone publishing it have two-factor
   authentication enabled on their account.
 
-* ls-packages:
+* ls-packages (deprecated):
   Show all of the packages a user or a team is able to access, along with the
   access level, except for read-only public packages (it won't print the whole
   registry listing)
 
-* ls-collaborators:
+* ls-collaborators (deprecated):
   Show all of the access privileges for a package. Will only show permissions
   for packages to which you have at least read access. If `<user>` is passed in,
   the list is filtered only to teams _that_ user happens to belong to.
 
-* edit:
-  Set the access privileges for a package at once using `$EDITOR`.
+* edit (not implemented)
 
 ### Details
 

deps/corepack/package.json

@@ -232,4 +232,4 @@ This value is not exported to the environment for child processes.
 <!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
 ## See Also
 
-* [dependency selector](/using-npm/dependency-selector)
+* [dependency selectors](/using-npm/dependency-selectors)

deps/npm/docs/content/commands/npm-access.md

@@ -91,6 +91,34 @@ consistent across updates.  Set fields in here using the `./configure`
 script that comes with npm.  This is primarily for distribution maintainers
 to override default configs in a standard and consistent manner.
 
+### Auth related configuration
+
+The settings `_auth`, `_authToken`, `username` and `_password` must all be
+scoped to a specific registry. This ensures that `npm` will never send
+credentials to the wrong host.
+
+In order to scope these values, they must be prefixed by a URI fragment.
+If the credential is meant for any request to a registry on a single host,
+the scope may look like `//registry.npmjs.org/:`. If it must be scoped to a
+specific path on the host that path may also be provided, such as
+`//my-custom-registry.org/unique/path:`.
+
+```
+; bad config
+_authToken=MYTOKEN
+
+; good config
+@myorg:registry=https://somewhere-else.com/myorg
+@another:registry=https://somewhere-else.com/another
+//registry.npmjs.org/:_authToken=MYTOKEN
+; would apply to both @myorg and @another
+; //somewhere-else.com/:_authToken=MYTOKEN
+; would apply only to @myorg
+//somewhere-else.com/myorg/:_authToken=MYTOKEN1
+; would apply only to @another
+//somewhere-else.com/another/:_authToken=MYTOKEN2
+```
+
 ### See also
 
 * [npm folders](/configuring-npm/folders)

deps/npm/docs/content/commands/npm-query.md

@@ -144,7 +144,7 @@ const arb = new Arborist({})
 
 ```js
 // root-level
-arb.loadActual((tree) => {
+arb.loadActual().then(async (tree) => {
   // query all production dependencies
   const results = await tree.querySelectorAll('.prod')
   console.log(results)
@@ -153,7 +153,7 @@ arb.loadActual((tree) => {
 
 ```js
 // iterative
-arb.loadActual((tree) => {
+arb.loadActual().then(async (tree) => {
   // query for the deduped version of react
   const results = await tree.querySelectorAll('#react:not(:deduped)')
   // query the deduped react for git deps

deps/npm/docs/content/configuring-npm/npmrc.md

@@ -169,34 +169,33 @@ <h3 id="description">Description</h3>
 subcommand.</p>
 <ul>
 <li>
-<p>public / restricted:
+<p>public / restricted (deprecated):
 Set a package to be either publicly accessible or restricted.</p>
 </li>
 <li>
-<p>grant / revoke:
+<p>grant / revoke (deprecated):
 Add or remove the ability of users and teams to have read-only or read-write
 access to a package.</p>
 </li>
 <li>
-<p>2fa-required / 2fa-not-required:
+<p>2fa-required / 2fa-not-required (deprecated):
 Configure whether a package requires that anyone publishing it have two-factor
 authentication enabled on their account.</p>
 </li>
 <li>
-<p>ls-packages:
+<p>ls-packages (deprecated):
 Show all of the packages a user or a team is able to access, along with the
 access level, except for read-only public packages (it won't print the whole
 registry listing)</p>
 </li>
 <li>
-<p>ls-collaborators:
+<p>ls-collaborators (deprecated):
 Show all of the access privileges for a package. Will only show permissions
 for packages to which you have at least read access. If <code>&lt;user&gt;</code> is passed in,
 the list is filtered only to teams <em>that</em> user happens to belong to.</p>
 </li>
 <li>
-<p>edit:
-Set the access privileges for a package at once using <code>$EDITOR</code>.</p>
+<p>edit (not implemented)</p>
 </li>
 </ul>
 <h3 id="details">Details</h3>

deps/npm/docs/content/using-npm/dependency-selectors.md

@@ -166,7 +166,7 @@ <h3 id="description">Description</h3>
 the results to only the paths to the packages named.  Note that nested
 packages will <em>also</em> show the paths to the specified packages.  For
 example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
-<pre lang="bash"><code>npm@8.18.0 /path/to/npm
+<pre lang="bash"><code>npm@8.19.1 /path/to/npm
 └─┬ [email protected]
   └── [email protected]
 </code></pre>

deps/npm/docs/output/commands/npm-access.html

@@ -344,7 +344,7 @@ <h4 id="include-workspace-root"><code>include-workspace-root</code></h4>
 <!-- raw HTML omitted -->
 <h2 id="see-also">See Also</h2>
 <ul>
-<li><a href="../using-npm/dependency-selector.html">dependency selector</a></li>
+<li><a href="../using-npm/dependency-selectors.html">dependency selectors</a></li>
 </ul>
 </div>
 

deps/npm/docs/output/commands/npm-ls.html

@@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
 <h3 id="version">Version</h3>
-<p>8.18.0</p>
+<p>8.19.1</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency

deps/npm/docs/output/commands/npm-query.html

@@ -142,7 +142,7 @@ <h1 id="npmrc">npmrc</h1>
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#files">Files</a></li><ul><li><a href="#comments">Comments</a></li><li><a href="#per-project-config-file">Per-project config file</a></li><li><a href="#per-user-config-file">Per-user config file</a></li><li><a href="#global-config-file">Global config file</a></li><li><a href="#built-in-config-file">Built-in config file</a></li></ul><li><a href="#see-also">See also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#description">Description</a></li><li><a href="#files">Files</a></li><ul><li><a href="#comments">Comments</a></li><li><a href="#per-project-config-file">Per-project config file</a></li><li><a href="#per-user-config-file">Per-user config file</a></li><li><a href="#global-config-file">Global config file</a></li><li><a href="#built-in-config-file">Built-in config file</a></li></ul><li><a href="#auth-related-configuration">Auth related configuration</a></li><li><a href="#see-also">See also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="description">Description</h3>
@@ -204,6 +204,29 @@ <h4 id="built-in-config-file">Built-in config file</h4>
 consistent across updates.  Set fields in here using the <code>./configure</code>
 script that comes with npm.  This is primarily for distribution maintainers
 to override default configs in a standard and consistent manner.</p>
+<h3 id="auth-related-configuration">Auth related configuration</h3>
+<p>The settings <code>_auth</code>, <code>_authToken</code>, <code>username</code> and <code>_password</code> must all be
+scoped to a specific registry. This ensures that <code>npm</code> will never send
+credentials to the wrong host.</p>
+<p>In order to scope these values, they must be prefixed by a URI fragment.
+If the credential is meant for any request to a registry on a single host,
+the scope may look like <code>//registry.npmjs.org/:</code>. If it must be scoped to a
+specific path on the host that path may also be provided, such as
+<code>//my-custom-registry.org/unique/path:</code>.</p>
+<pre><code>; bad config
+_authToken=MYTOKEN
+
+; good config
+@myorg:registry=https://somewhere-else.com/myorg
+@another:registry=https://somewhere-else.com/another
+//registry.npmjs.org/:_authToken=MYTOKEN
+; would apply to both @myorg and @another
+; //somewhere-else.com/:_authToken=MYTOKEN
+; would apply only to @myorg
+//somewhere-else.com/myorg/:_authToken=MYTOKEN1
+; would apply only to @another
+//somewhere-else.com/another/:_authToken=MYTOKEN2
+</code></pre>
 <h3 id="see-also">See also</h3>
 <ul>
 <li><a href="../configuring-npm/folders.html">npm folders</a></li>

deps/npm/docs/output/commands/npm.html

@@ -264,14 +264,14 @@ <h3 id="programmatic-usage">Programmatic Usage</h3>
 const arb = new Arborist({})
 </code></pre>
 <pre lang="js"><code>// root-level
-arb.loadActual((tree) =&gt; {
+arb.loadActual().then(async (tree) =&gt; {
   // query all production dependencies
   const results = await tree.querySelectorAll('.prod')
   console.log(results)
 })
 </code></pre>
 <pre lang="js"><code>// iterative
-arb.loadActual((tree) =&gt; {
+arb.loadActual().then(async (tree) =&gt; {
   // query for the deduped version of react
   const results = await tree.querySelectorAll('#react:not(:deduped)')
   // query the deduped react for git deps

deps/npm/docs/output/configuring-npm/npmrc.html

@@ -5,6 +5,7 @@ const readPackageJson = require('read-package-json-fast')
 
 const otplease = require('../utils/otplease.js')
 const getIdentity = require('../utils/get-identity.js')
+const log = require('../utils/log-shim.js')
 const BaseCommand = require('../base-command.js')
 
 const subcommands = [
@@ -19,6 +20,15 @@ const subcommands = [
   '2fa-not-required',
 ]
 
+const deprecated = [
+  '2fa-not-required',
+  '2fa-required',
+  'ls-collaborators',
+  'ls-packages',
+  'public',
+  'restricted',
+]
+
 class Access extends BaseCommand {
   static description = 'Set access level on published packages'
   static name = 'access'
@@ -78,6 +88,10 @@ class Access extends BaseCommand {
       throw this.usageError(`${cmd} is not a recognized subcommand.`)
     }
 
+    if (deprecated.includes(cmd)) {
+      log.warn('access', `${cmd} subcommand will be removed in the next version of npm`)
+    }
+
     return this[cmd](args, {
       ...this.npm.flatOptions,
     })
@@ -175,7 +189,7 @@ class Access extends BaseCommand {
   }
 
   async edit () {
-    throw new Error('edit subcommand is not implemented yet')
+    throw new Error('edit subcommand is not implemented')
   }
 
   modifyPackage (pkg, opts, fn, requireScope = true) {

deps/npm/docs/output/using-npm/dependency-selectors.html

@@ -178,11 +178,12 @@ class VerifySignatures {
     let name = edge.name
     try {
       name = npa(edge.spec).subSpec.name
-    } catch (_) {
+    } catch {
+      // leave it as edge.name
     }
     try {
       return npa(`${name}@${edge.spec}`)
-    } catch (_) {
+    } catch {
       // Skip packages with invalid spec
     }
   }

deps/npm/lib/commands/access.js

@@ -58,11 +58,16 @@ class Edit extends BaseCommand {
         }
         const [bin, ...args] = this.npm.config.get('editor').split(/\s+/)
         const editor = cp.spawn(bin, [...args, dir], { stdio: 'inherit' })
-        editor.on('exit', (code) => {
+        editor.on('exit', async (code) => {
           if (code) {
             return reject(new Error(`editor process exited with code: ${code}`))
           }
-          this.npm.exec('rebuild', [dir]).catch(reject).then(resolve)
+          try {
+            await this.npm.exec('rebuild', [dir])
+          } catch (err) {
+            reject(err)
+          }
+          resolve()
         })
       })
     })