diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index a3ae7257..85282bdf 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -8,6 +8,9 @@ on: # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1 - cron: "0 8 * * 1" +permissions: + contents: read + jobs: audit: name: Audit Dependencies diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 673f9ca9..e9ab5ffb 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -18,6 +18,10 @@ on: required: true type: string +permissions: + contents: read + checks: write + jobs: lint-all: name: Lint All @@ -87,20 +91,17 @@ jobs: os: windows-latest shell: cmd node-version: - - 18.17.0 - - 18.x - - 20.5.0 + - 20.17.0 - 20.x + - 22.9.0 - 22.x exclude: - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.17.0 - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.x - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 20.5.0 + node-version: 20.17.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 20.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 22.9.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 22.x runs-on: ${{ matrix.platform.os }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a44b2271..92a33b5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,9 @@ on: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 - cron: "0 9 * * 1" +permissions: + contents: read + jobs: lint: name: Lint @@ -64,20 +67,17 @@ jobs: os: windows-latest shell: cmd node-version: - - 18.17.0 - - 18.x - - 20.5.0 + - 20.17.0 - 20.x + - 22.9.0 - 22.x exclude: - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.17.0 - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.x - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 20.5.0 + node-version: 20.17.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 20.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 22.9.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 22.x runs-on: ${{ matrix.platform.os }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 15c8efee..af848e17 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,6 +13,9 @@ on: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 - cron: "0 10 * * 1" +permissions: + contents: read + jobs: analyze: name: Analyze diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 1ea8693c..3a919116 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -54,7 +54,7 @@ jobs: else # strip leading slash from directory so it works as a # a path to the workspace flag - echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT + echo "workspace=--workspace ${dependabot_dir#/}" >> $GITHUB_OUTPUT fi - name: Apply Changes diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 7dbdfd41..c69932da 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,6 +10,9 @@ on: - edited - synchronize +permissions: + contents: read + jobs: commitlint: name: Lint Commits diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 130578e6..9ca9a2b8 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -19,6 +19,10 @@ on: PUBLISH_TOKEN: required: true +permissions: + contents: read + id-token: write + jobs: publish: name: Publish diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 75acebb5..53ff3c24 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -244,6 +244,7 @@ jobs: if: needs.release.outputs.releases uses: ./.github/workflows/release-integration.yml permissions: + contents: read id-token: write secrets: PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.gitignore b/.gitignore index 2bab6d1d..dedbc770 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ !**/.gitignore !/.commitlintrc.js +!/.eslint.config.js !/.eslintrc.js !/.eslintrc.local.* !/.git-blame-ignore-revs diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 53e7ad47..ca9e9aac 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "18.0.2" + ".": "19.0.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 707bdcd7..0b69a888 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## [19.0.0](https://github.com/npm/npm-registry-fetch/compare/v18.0.2...v19.0.0) (2025-07-24) +### ⚠️ BREAKING CHANGES +* `npm-registry-fetch` now supports node `^20.17.0 || >=22.9.0` +### Bug Fixes +* [`364c6c0`](https://github.com/npm/npm-registry-fetch/commit/364c6c0278b81d106239ba1d1a0f51b96d4aa53d) [#277](https://github.com/npm/npm-registry-fetch/pull/277) align to npm 11 node engine range (@owlstronaut) +### Dependencies +* [`a94aa45`](https://github.com/npm/npm-registry-fetch/commit/a94aa458bdac7ef117c731580fe5775397c43ed0) [#277](https://github.com/npm/npm-registry-fetch/pull/277) `npm-package-arg@13.0.0` +* [`743188b`](https://github.com/npm/npm-registry-fetch/commit/743188bf301d854d1cebdc8079b22f106374b038) [#277](https://github.com/npm/npm-registry-fetch/pull/277) `make-fetch-happen@15.0.0` +### Chores +* [`563fda6`](https://github.com/npm/npm-registry-fetch/commit/563fda6a01433bbcf60fce30f30f5961fd85c39f) [#277](https://github.com/npm/npm-registry-fetch/pull/277) `cacache@20.0.0` (@owlstronaut) +* [`d5519d6`](https://github.com/npm/npm-registry-fetch/commit/d5519d64377a159a855f963922927fba8b5ad838) [#277](https://github.com/npm/npm-registry-fetch/pull/277) template-oss apply fix (@owlstronaut) +* [`894f3a7`](https://github.com/npm/npm-registry-fetch/commit/894f3a7f22f73d9246c3591d171f1c3cec40e3ee) [#277](https://github.com/npm/npm-registry-fetch/pull/277) `@npmcli/template-oss@4.25.0` (@owlstronaut) + ## [18.0.2](https://github.com/npm/npm-registry-fetch/compare/v18.0.1...v18.0.2) (2024-10-16) ### Bug Fixes * [`8044781`](https://github.com/npm/npm-registry-fetch/commit/80447811a5d532e917488917eea6e5b10267d843) [#273](https://github.com/npm/npm-registry-fetch/pull/273) log cache hits distinct from fetch (#273) (@mbtools) diff --git a/package.json b/package.json index bd7a79d3..a8e954cd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "npm-registry-fetch", - "version": "18.0.2", + "version": "19.0.0", "description": "Fetch-based http client for use with npm registry APIs", "main": "lib", "files": [ @@ -33,17 +33,17 @@ "dependencies": { "@npmcli/redact": "^3.0.0", "jsonparse": "^1.3.1", - "make-fetch-happen": "^14.0.0", + "make-fetch-happen": "^15.0.0", "minipass": "^7.0.2", "minipass-fetch": "^4.0.0", "minizlib": "^3.0.1", - "npm-package-arg": "^12.0.0", + "npm-package-arg": "^13.0.0", "proc-log": "^5.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^5.0.0", - "@npmcli/template-oss": "4.23.4", - "cacache": "^19.0.1", + "@npmcli/template-oss": "4.25.0", + "cacache": "^20.0.0", "nock": "^13.2.4", "require-inject": "^1.4.4", "ssri": "^12.0.0", @@ -58,11 +58,11 @@ ] }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.4", + "version": "4.25.0", "publish": "true" } } diff --git a/release-please-config.json b/release-please-config.json index a1676b9c..c56fd1d8 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -33,5 +33,5 @@ "package-name": "" } }, - "prerelease-type": "pre" + "prerelease-type": "pre.0" }