7e862c8a0d
6.4.1 BUGFIXES - Prevent blowing up on malformed responses from the npm audit endpoint, such as with third-party registries. - Fix NO_PROXY support by renaming npm-side config to --noproxy. The environment variable should still work. - Disable update-notifier checks when a CI environment is detected. - Fix issue where postpack scripts would break if pack was used with --dry-run. DEPENDENCY BUMPS - figgy-pudding@3.4.1 - cacache@11.2.0 - npm-packlist@1.1.11 - libcipm@2.0.2 - JSONStream@1.3.4 - npm-lifecycle@2.1.0 - npm-registry-client@8.6.0 - opener@1.5.0 - request@2.88.0 - tacks@1.2.7 - ci-info@1.4.0 - marked@0.5.0 DOCUMENTATION - Mention registry terms of use in manpage and registry docs and update language in README for it. - Add documentation for --dry-run in install and pack docs. - Update republish time and lightly reorganize republish info. - Correct npm@6.4.0 release date in changelog. - Align command descriptions in help text. 6.4.0 NEW FEATURES - Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken. - Stop filtering out non-IPv4 addresses from local-addrs, making npm actually use IPv6 addresses when it must. - Configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of --audit-level to npm audit to allow it to pass if only vulnerabilities below a certain level are found. Example: npm audit --audit-level=high will exit with 0 if only low or moderate level vulns are detected. BUGFIXES - Don't check for updates to npm when we are updating npm itself. |
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||