diff options
author | Rebecca Turner <me@re-becca.org> | 2017-03-27 23:14:02 +0300 |
---|---|---|
committer | Rebecca Turner <me@re-becca.org> | 2017-03-28 00:23:51 +0300 |
commit | 8abb3c4e8f93892a3c60e51feb6c268eeb5605b4 (patch) | |
tree | 7788b0d8262b5e5f057fdbc59d9a08e1487bdbb3 /changelogs | |
parent | 5d17fc945bcf48b69bc0dc4741028762f6bca02c (diff) |
doc: Update 2.x changelogs
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/CHANGELOG-2.md | 679 |
1 files changed, 679 insertions, 0 deletions
diff --git a/changelogs/CHANGELOG-2.md b/changelogs/CHANGELOG-2.md index 48fe50338..d79982385 100644 --- a/changelogs/CHANGELOG-2.md +++ b/changelogs/CHANGELOG-2.md @@ -1,3 +1,682 @@ +### v2.15.12 (2017-03-24): + +This version brings the latest `node-gyp` to a soon to be released Node.js +4.x. The `node-gyp` update is paticularly important to Windows folks due to +its addition of Visual Studio 2017 support. + +* [`cdd60e733`](https://github.com/npm/npm/commit/cdd60e733905a9994e1d6d832996bfdd12abeaee) + `node-gyp@3.6.0`: + Improvements to how Python is located. New `--devdir` flag. + Support for VS2017. + Chakracore support on ARM. + Remove path-array dependency, reducing size significantly. + ([@bnoordhuis](https://github.com/bnoordhuis)) + ([@mhart](https://github.com/mhart)) + ([@refack](https://github.com/refack)) + ([@kunalspathak](https://github.com/kunalspathak)) + +### v2.15.11 (2016-09-08): + +On we go with our monthly release cadence! This week is pretty much all +dependency updates and some documentation changes, as can be expected by now. + +Note that `npm@4` will almost certainly be released next month! It's not final +what we'll end up doing as far as LTS support goes, but the current thinking is +that, considering how small and resource-constrained our team is, support for +`npm@2` will be reduced to essentially maintenance, so we can better focus on +`npm@3` as the new LTS version (which will go into `node@6`), and `npm@4` as our +next main development version. + +#### DOCUMENTATION UPDATES + +* [`8f71038`](https://github.com/npm/npm/commit/8f71038310501ad5bc7445b2fa2ff0eaa377919a) + [#13892](https://github.com/npm/npm/pull/13892) + Update `LICENSE` file to match license on `master`. + ([@rvagg](https://github.com/rvagg)) +* [`e81b4f1`](https://github.com/npm/npm/commit/e81b4f1d18a4d79b7af8342747f2ed7dc3e84f0a) + [#12438](https://github.com/npm/npm/issues/12438) + Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files + executable directly. + ([@mxstbr](https://github.com/mxstbr)) +* [`f89789f`](https://github.com/npm/npm/commit/f89789f43d65bfc74f64f15a99356841377e1af3) + [#13655](https://github.com/npm/npm/pull/13655) + Document line comment syntax for `.npmrc`. + ([@mdjasper](https://github.com/mdjasper)) +* [`5cd3abc`](https://github.com/npm/npm/commit/5cd3abc3511515e09b4a1b781c0520e84c267c5b) + [#13493](https://github.com/npm/npm/pull/13493) + Document that the user config file can itself be configured either through the + `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line + flag. + ([@jasonkarns](https://github.com/jasonkarns)) +* [`dd71ca0`](https://github.com/npm/npm/commit/dd71ca0efc2094b824ccc9e23af0fc915499f2e6) + [#13911](https://github.com/npm/npm/pull/13911) + Minor documentation reword and cleanup. + ([@othiym23](https://github.com/othiym23)) +* [`f7a320c`](https://github.com/npm/npm/commit/f7a320c816947d578a050c97e0fb9878954be0e8) + [#13682](https://github.com/npm/npm/pull/13682) + Minor grammar fix in documentation for `npm scripts`. + ([@Ajedi32](https://github.com/Ajedi32)) +* [`e5cb5e8`](https://github.com/npm/npm/commit/e5cb5e8fcf4642836fedf3f3421c994a8e27e19b) + [#13717](https://github.com/npm/npm/pull/13717) + Document that `npm link` will link the files specified in the `bin` field of + `package.json` to `{prefix}/bin/{name}`. + ([@legodude17](https://github.com/legodude17)) + +#### DEPENDENCY UPDATES +* [`8bef026`](https://github.com/npm/npm/commit/8bef026603b6da888edf0d41308d9e532abfcd54) + `graceful-fs@4.1.6` + ([@francescoinfante](https://github.com/francescoinfante)) +* [`9f73f4a`](https://github.com/npm/npm/commit/9f73f4aab5f56b256c5cf9e461e81abfa2844945) + `glob@7.0.6` + ([@isaacs](https://github.com/isaacs)) +* [`5391b7e`](https://github.com/npm/npm/commit/5391b7e8cd4401fbadbf54e810fdc965a3662a21) + `which@1.2.1` + ([@isaacs](https://github.com/isaacs)) +* [`43bfec8`](https://github.com/npm/npm/commit/43bfec8376dd8ded7d56a8dabd6139919544760e) + `retry@0.10.0` + ([@tim-kos](https://github.com/tim-kos)) +* [`39305f1`](https://github.com/npm/npm/commit/39305f1c76f74bf9789c769ef72a94ea9a81d119) + `readable-stream@2.1.5` + ([@calvinmetcalf](https://github.com/calvinmetcalf)) +* [`a5512fa`](https://github.com/npm/npm/commit/a5512fafd72e23755e77e28f1122b008bc12a733) + `once@1.4.0` + ([@zkochan](https://github.com/zkochan)) +* [`06a208b`](https://github.com/npm/npm/commit/06a208b178c1de3d0da58bc35a854d200fea8ef0) + `npm-registry-client@7.2.1`: + * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax)) + * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel)) + * Fixes [#13656](https://github.com/npm/npm/issues/13656). + * Dependency updates. + * Documentation improvements. + ([@othiym23](https://github.com/othiym23)) +* [`4f759be`](https://github.com/npm/npm/commit/4f759be1fb5e23180b970350e58f40a513daa680) + `inherits@2.0.3` + ([@isaacs](https://github.com/isaacs)) +* [`4258b76`](https://github.com/npm/npm/commit/4258b764e2565f6294ae1e34a5653895290b62e3) + `tap@7.1.1` + ([@isaacs](https://github.com/isaacs)) + +### v2.15.10 (2016-08-11): + +Hi all, today's our first release coming out of the new monthly release +cadence. See below for details. We're all recovered from conferences now and +raring to go! For LTS we see some bug fixes, documentation improvements and +a host of dependency updates. + +The most dramatic bug fix is probably the inclusion of scoped modules in +bundled dependencies. Prior to this release and +[v3.10.7](https://github.com/npm/npm/releases/v3.10.7), npm had ignored +scoped modules found in `bundleDependencies` entirely. + +#### NEW RELEASE CADENCE + +Releasing npm has been, for the most part, a very prominent part of our +weekly process process. As part of our efforts to find the most effective +ways to allocate our team's resources, we decided last month that we would +try and slow our releases down to a monthly cadence, and see if we found +ourselves with as much extra time and attention as we expected to have. +Process experiments are useful for finding more effective ways to do our +work, and we're at least going to keep doing this for a whole quarter, and +then measure how well it worked out. It's entirely likely that we'll switch +back to a more frequent cadence, specially if we find that the value that +weekly cadence was providing the community is not worth sacrificing for a +bit of extra time. Does this affect you significantly? Let us know! + +#### WINDOWS CORNER CASES + +* [`405c404`](https://github.com/npm/npm/commit/405c4048c69c14d66e6179aba0c8a35e504e8041) + [#13023](https://github.com/npm/npm/pull/13023) + Fixed a Windows issue with the cache where callbacks could be called more than once. + ([@zkat](https://github.com/zkat)) + +* [`bf348dc`](https://github.com/npm/npm/commit/bf348dcfb944dc4b9f71b779bf172f86a2e1f474) + [#13023](https://github.com/npm/npm/pull/13023) + Fixed a Windows corner case with correct-mkdir where if SUDO_UID or + SUDO_GID were set then we would try to chown things even though that can't + work on Windows. + ([@zkat](https://github.com/zkat)) + +#### RACES IN THE CACHE + +* [`68f29f1`](https://github.com/npm/npm/commit/68f29f18f65c7a7e1c58eb6933af41d786971379) + [#12669](https://github.com/npm/npm/issues/12669) + Ignore ENOENT errors on chownr while adding packages to cache. This change + works around problems with race conditions and local packages. + ([@julianduque](https://github.com/julianduque)) + +#### BETTER GIT ENVIRONMENT WHITELISTING + +* [`5e96566`](https://github.com/npm/npm/commit/5e96566088f0d88c1ed10c5a9cbb7c0cd4aa2aee) + [#13358](https://github.com/npm/npm/pull/13358) + Add GIT_EXEC_PATH to Git environment whitelist. + ([@mhart](https://github.com/mhart)) + +#### DOCUMENTATION + +* [`363e381`](https://github.com/npm/npm/commit/363e381a4076ead89707a00cc4a447b1d59df3bc) + [#13319](https://github.com/npm/npm/pull/13319) + As Node.js 0.8 is no longer supported, remove mention of it from the README. + ([@watilde](https://github.com/watilde)) +* [`e8fafa8`](https://github.com/npm/npm/commit/e8fafa887c60eb8842c76c4b3dffe85eb49fa434) + [#10167](https://github.com/npm/npm/pull/10167) + Clarify in scope documentation that npm@2 is required for scoped packages. + ([@danpaz](https://github.com/danpaz)) + +#### DEPENDENCIES + +* [`66ef279`](https://github.com/npm/npm/commit/66ef279b7c3b3e4f9454474dddd057cc1f21873b) + [npm/fstream-npm#22](https://github.com/npm/fstream-npm/pull/22) + `fstream@1.1.1`: + Always include NOTICE files now. Fix inclusion of scoped modules as bundled dependencies. + ([@kemitchell](https://github.com/kemitchell)) + ([@forivall](https://github.com/forivall)) +* [`fe8385b`](https://github.com/npm/npm/commit/fe8385bd655502feb175eed175a6a06cafb2247a) + `glob@7.0.5`: + Update minimatch dep for security fix. See the minimatch update below for details. + ([@isaacs](https://github.com/isaacs)) +* [`51d49d2`](https://github.com/npm/npm/commit/51d49d2f79b4c69264de73a492ed54f87188d554) + [isaacs/node-graceful-fs#71](https://github.com/isaacs/node-graceful-fs/pull/71) + `graceful-fs@4.1.5`: + `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which + fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed + by recent changes to Node.js. + ([@thefourtheye](https://github.com/thefourtheye)) +* [`5c8f39d`](https://github.com/npm/npm/commit/5c8f39d152c43e96b9006ffe865646a36a433a8a) + `minimatch@3.0.3`: + Handle extremely long and terrible patterns more gracefully. + There were some magic numbers that assumed that every extglob pattern starts + and ends with a specific number of characters in the regular expression. + Since !(||) patterns are a little bit more complicated, this led to creating + an invalid regular expression and throwing. + ([@isaacs](https://github.com/isaacs)) +* [`d681e16`](https://github.com/npm/npm/commit/d681e16a475a49d6196af9a5cedaaf88712f3a9f) + [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9) + `npm-user-validate@0.1.5`: + Use correct, lower username length limit. + ([@aredridel](https://github.com/aredridel)) +* [`f918994`](https://github.com/npm/npm/commit/f918994bd05ca965766cd573606ac35fb3032d6e) + `request@2.74.0`: + Update `request` dependency `tough-cookie` to `2.3.0` to + to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130). + Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that, + under certain conditions involving long strings of semicolons in the + "Set-Cookie" header, causes the event loop to block for excessive amounts of + time. + ([@stash-sfdc](https://github.com/stash-sfdc)) +* [`5540cc4`](https://github.com/npm/npm/commit/5540cc4d6bde65071fb6fc2cb074e8598bd1276f) + [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111) + `rimraf@2.5.4`: Clarify assertions: cb is required, options are not. + ([@isaacs](https://github.com/isaacs)) +* [`6357928`](https://github.com/npm/npm/commit/6357928673be85f520dae2104fea58c35742bd65) + `spdx-license-ids@1.2.2`: + New licenses synced from spdx.org. + ([@shinnn](https://github.com/shinnn)) + +### v2.15.9 (2016-06-30): + +What's this? An LTS release? Yes, that is indeed so. Small, as usual, and as +LTSs should be, really, but a release nonetheless! + +The star of the show is an updated `node-gyp` with some goodies. The rest is +just docs and some CI stuff. + +Happy hacking! + +#### DEPENDENCY UPDATE! + +* [`f9a07cc`](https://github.com/npm/npm/commit/f9a07cc873f1915827d8df97d0c43204d1eb128c) + [#13200](https://github.com/npm/npm/pull/13200) + [`node-gyp@3.4.0`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md): + AIX, Visual Studio 2015, and logging improvements. Oh my~! + ([@rvagg](https://github.com/rvagg)) + +#### CI TWEAKS + +* [`bee83b8`](https://github.com/npm/npm/commit/bee83b8500c31aba65451dfcb082f9b5d1d5ce34) + Globally install `rimraf` on CI to make the LTS self-install work better. + ([@othiym23](https://github.com/othiym23)) +* [`6b8c0ab`](https://github.com/npm/npm/commit/6b8c0ab6fcbf8a37e8693acb8bbac22293b10893) + This new Travis configuration only runs coverage checks against Node.js LTS, + which speeds up all the other test runs. By, like, a lot. Also, the entire + file has been extensively commented, so the next time we need to mess with it, + we'll be able to better remember why all the weird bits are there. + ([@othiym23](https://github.com/othiym23)) + +#### DOCUMENTATION FIXES + +* [`2c7a5be`](https://github.com/npm/npm/commit/2c7a5be080276e3fdca3375ab0f8f5edffff753e) + [#13156](https://github.com/npm/npm/pull/13156) + Fix old reference to `doc/install` in a source comment. + ([@sheerun](https://github.com/sheerun)) +* [`e1cf78c`](https://github.com/npm/npm/commit/e1cf78c5b77f95383bd4a7fc6eeb8adbbe68e12e) + [#13189](https://github.com/npm/npm/pull/13189) + [#13113](https://github.com/npm/npm/issues/13113) + [#13189](https://github.com/npm/npm/pull/13189) + Fixes a link to `npm-tag(3)` that was breaking to instead point to + `npm-dist-tag(1)`, as reported by [@SimenB](https://github.com/SimenB) + ([@macdonst](https://github.com/macdonst)) + +### v2.15.8 (2016-06-17): + +There's a very important bug fix and a long-awaited (and significant!) +deprecation in this hotfix release. [Hold on.](http://butt.holdings/) + +#### *WHOA* + +When Node.js 6.0.0 was released, the CLI team noticed an alarming upsurge in +bugs related to important files (like `README.md`) not being included in +published packages. The new bugs looked much like +[#5082](https://github.com/npm/npm/issues/5082), which had been around in one +form or another since April, 2014. #5082 used to be a very rare (and obnoxious) +bug that the CLI team hadn't had much luck reproducing, and we'd basically +marked it down as a race condition that arose on machines using slow and / or +rotating-media-based hard drives. + +Under 6.0.0, the behavior was reliable enough to be nearly deterministic, and +made it very difficult for publishers using `.npmignore` files in combination +with `"files"` stanzas in `package.json` to get their packages onto the +registry without one or more files missing from the packed tarball. The entire +saga is contained within [the issue](https://github.com/npm/npm/issues/5082), +but the summary is that an improvement to the performance of +[`fs.realpath()`](https://nodejs.org/api/fs.html#fs_fs_realpath_path_options_callback) +made it much more likely that the packing code would lose the race. + +Fixing this has proven to be very difficult, in part because the code used by +npm to produce package tarballs is more complicated than, strictly speaking, it +needs to be. [**@evanlucas**](https://github.com/evanlucas) contributed [a +patch](https://github.com/npm/fstream/pull/50) that passed the tests in a +[special test suite](https://github.com/othiym23/eliminate-5082) that I +([**@othiym23**](https://github.com/othiym23)) created (with help from +[**@addaleax**](https://github.com/addaleax)), but only _after_ we'd released +the fixed version of that package did we learn that it actually made the +problem _worse_ in other situations in npm proper. Eventually, +[**@rvagg**](https://github.com/rvagg) put together a more durable fix that +appears to completely address the errant behavior under Node.js 6.0.0. That's +the patch included in this release. Everybody should chip in for redback +insurance for Rod and his family; he's done the community a huge favor. + +Does this mean the long (2+ year) saga of #5082 is now over? At this point, I'm +going to quote from my latest summary on the issue: + +> The CLI team (mostly me, with input from the rest of the team) has decided that +> the overall complexity of the interaction between `fstream`, `fstream-ignore`, +> `fstream-npm`, and `node-tar` has grown more convoluted than the team is +> comfortable (maybe even capable of) supporting. +> +> - While I believe that @rvagg's (very targeted) fix addresses _this_ issue, I +> would be shocked if there aren't other race conditions in npm's packing +> logic. I've already identified a couple other places in the code that are +> most likely race conditions, even if they're harder to trigger than the +> current one. +> - The way that dependency bundling is integrated leads to a situation in +> which a bunch of logic is duplicated between `fstream-npm` and +> `lib/utils/tar.js` in npm itself, and the way `fstream`'s extension +> mechanism works makes this difficult to clean up. This caused a nasty +> regression ([#13088](https://github.com/npm/fstream/pull/50), see below) as +> of ~`npm@3.8.7` where the dependencies of `bundledDependencies` were no +> longer being included in the built package tarballs. +> - The interaction between `.npmignore`, `.gitignore`, and `files` is hopelessly +> complicated, scattered in many places throughout the code. We've been +> discussing [making the ignores and includes logic clearer and more +> predictable](https://github.com/npm/npm/wiki/Files-and-Ignores), and the +> current code fights our efforts to clean that up. +> +> So, our intention is still to replace `fstream`, `fstream-ignore`, and +> `fstream-npm` with something much simpler and purpose-built. There's no real +> reason to have a stream abstraction here when a simple recursive-descent +> filesystem visitor and a synchronous function that can answer whether a given +> path should be included in the packed tarball would do the job adequately. +> +> What's not yet clear is whether we'll need to replace `node-tar` in the +> process. `node-tar` is a very robust implementation of tar (it handles, like, +> everything), and it also includes some very important tweaks to prevent several +> classes of security exploits involving maliciously crafted packages. However, +> its packing API involves passing in an `fstream` instance, so we'd either need +> to produce something that follows enough of `fstream`'s contract for `node-tar` +> to keep working, or swap `node-tar` out for something like `tar-stream` (and +> then ensuring that our use of `tar-stream` is secure, which could involve +> security patches for either npm or `tar-stream`). + +The testing and review of `fstream@1.0.10` that the team has done leads us to +believe that this bug is fixed, but I'm feeling more than a little paranoid +about fstream now, so it's important that people keep a close eye on their +publishes for a while and let us know immediately if they notice any +irregularities. + +* [`2c49265`](https://github.com/npm/npm/commit/2c49265c6746d29ae0cd5f3532d28c5950f9847e) + [#5082](https://github.com/npm/npm/issues/5082) `fstream@1.0.10`: Ensure that + entries are collected after a paused stream resumes. + ([@rvagg](https://github.com/rvagg)) +* [`92e4344`](https://github.com/npm/npm/commit/92e43444d9204f749f83512aeab5d5e0a2d085a7) + [#5082](https://github.com/npm/npm/issues/5082) Remove the warning introduced + in `npm@3.10.0`, because it should no longer be necessary. + ([@othiym23](https://github.com/othiym23)) + +#### GOODBYE, FAITHFUL FRIEND + +At NodeConf Adventure 2016 (RIP in peace, Mikeal Rogers's NodeConf!), the CLI +team had an opportunity to talk to representatives from some of the larger +companies that we knew were still using Node.js 0.8 in production. After asking +them whether they were still using 0.8, we got back blank stares and questions +like, "0.8? You mean, from four years ago?" After establishing that being able +to run npm in their legacy environments was no longer necessary, the CLI team +made the decision to drop support for 0.8. (Faithful observers of our [team +meetings](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+npm+cli+team+meeting+) +will have known this was the plan for NodeConf since the beginning of 2016.) + +In practice, this means only what's in the commit below: we've removed 0.8 from +our continuous integration test matrix below, and will no longer be habitually +testing changes under Node 0.8. We may also give ourselves permission to use +`setImmediate()` in test code. However, since the project still supports +Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015 +functionality will land anytime soon. + +Looking forward, the team's current plan is to drop support for Node.js 0.10 +when its LTS maintenace window expires in October, 2016, and 0.12 when its +maintenance / LTS window ends at the end of 2016. We will also drop support for +Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the +October-December 2016 timeframe. + +(Confused about Node.js's LTS policy? [Don't +be!](https://github.com/nodejs/LTS) If you look at [this +diagram](https://github.com/nodejs/LTS/blob/ce364a94b0e0619eba570cd57be396573e1ef889/schedule.png), +it should make all of the preceding clear.) + +If, in practice, this doesn't work with distribution packagers or other +community stakeholders responsible for packaging and distributing Node.js and +npm, please reach out to us. Aligning the npm CLI's LTS policy with Node's +helps everybody minimize the amount of work they need to do, and since all of +our teams are small and very busy, this is somewhere between a necessity and +non-negotiable. + +* [`4a1ecc0`](https://github.com/npm/npm/commit/4a1ecc068fb2660bd9bc3e2e2372aa0176d2193b) + Remove 0.8 from the Node.js testing matrix, and reorder to match real-world + priority, with comments. ([@othiym23](https://github.com/othiym23)) + +### v2.15.7 (2016-06-16): + +It pains me greatly that we haven't been able to fix +[#5082](https://github.com/npm/npm/issues/5082) yet, but warning you away from +potentially publishing incomplete packages takes priority over feeling cheesy +about landing a warning to help keep y'all out of trouble, so here you go +(_please read this next bit_ (_please clap_)): + +#### DANGER: PUBLISHING ON NODE 6.0.0 + +Publishing and packing are buggy under Node versions greater than 6.0.0. +Please use Node.js LTS (4.4.x) to publish packages. See +[#5082](https://github.com/npm/npm/issues/5082) for details and current +status. + +* [`dff00ce`](https://github.com/npm/npm/commit/dff00cedd56b9c04370f840299a7e657a7a835c6) + [#13077](https://github.com/npm/npm/pull/13077) + Warn when using Node 6+. + ([@othiym23](https://github.com/othiym23)) + +#### PACKAGING CHANGES + +* [`1877171`](https://github.com/npm/npm/commit/1877171648e20595a82de34073b643f7e01a339f) + [#12873](https://github.com/npm/npm/issues/12873) + Ignore `.nyc_output`. This will help avoid an accidental publish or commit filled with + code coverage data. + ([@TheAlphaNerd](https://github.com/TheAlphaNerd)) + +#### DOCUMENTATION CHANGES + +* [`470ae86`](https://github.com/npm/npm/commit/470ae86e052ae2f29ebec15b7547230b6240042e) + [#12983](https://github.com/npm/npm/pull/12983) + Describe how to run the lifecycle scripts of dependencies. How you do + this changed with `npm` v2. + ([@Tapppi](https://github.com/Tapppi)) +* [`9cedf37`](https://github.com/npm/npm/commit/9cedf37e5a3e26d0ffd6351af8cac974e3e011c2) + [#12776](https://github.com/npm/npm/pull/12776) + Remove mention of `<pkg>` arg for `run-script`. + ([@fibo](https://github.com/fibo)) +* [`55b8424`](https://github.com/npm/npm/commit/55b8424d7229f2021cac55f0b03de72403e7c0ff) + [#12840](https://github.com/npm/npm/pull/12840) + Remove sexualized language from comment. + ([@geek](https://github.com/geek)) +* [`d6bf0c3`](https://github.com/npm/npm/commit/d6bf0c393788a6398bf80b41c57956f2dbcf3b39) + [#12802](https://github.com/npm/npm/pull/12802) + Small grammar fix in `doc/cli/npm.md`. + ([@andresilveira](https://github.com/andresilveira)) + +#### DEPENDENCY UPDATES + +* [`2c2c568`](https://github.com/npm/npm/commit/2c2c56857ff801d5fe1b6d3157870cd16e65891b) + `readable-stream@2.1.4`: Brought up to date with Node 6.1.0's streams implementation. + ([@calvinmetcalf](https://github.com/calvinmetcalf)) +* [`d682e64`](https://github.com/npm/npm/commit/d682e6445845b0a2584935d5e2942409c43f6916) + [npm/npm-user-validate#8](https://github.com/npm/npm-user-validate/pull/8) + `npm-user-validate@0.1.4`: Add a maximum length limit for usernames based on + the (arbitrary) limit imposed by the primary npm registry. + ([@aredridel](https://github.com/aredridel)) +* [`448b65b`](https://github.com/npm/npm/commit/448b65b48cda3b782b714057fb4b8311cc1fa36a) + `which@1.2.10`: Remove unused dependency `is-absolute`, bug fixes. + ([@isaacs](https://github.com/isaacs)) +* [`7d15434`](https://github.com/npm/npm/commit/7d15434f0b0af8e70b119835b21968217224664f) + `require-inject@1.4.0`: Add `requireInject.withEmptyCache` and + `requireInject.installGlobally.andClearCache` to support loading modules to be + injected with an empty cache. + ([@iarna](https://github.com/iarna)) +* [`31845c0`](https://github.com/npm/npm/commit/31845c081bc6f3f8a2f3d83a3c792dccffbaa2a8) + `init-package-json@1.9.4`: + Replace use of reserved identifier `package` in, uh, the package. + ([@adius](https://github.com/adius)) +* [`d73ef3e`](https://github.com/npm/npm/commit/d73ef3e6b18d4905de668c5115bc6042905a02d9) + `glob@7.0.4`: Use userland `fs.realpath` implementation to get glob working under Node 6. + ([@isaacs](https://github.com/isaacs)) +* [`b47da85`](https://github.com/npm/npm/commit/b47da85cf83b946f2c8d29ab612c92028f31f6b0) + `inflight@1.0.5`: Correct link to package repository, add `"files"` stanza. + ([@iarna](https://github.com/iarna), [@jamestalmage](https://github.com/jamestalmage)) +* [`04815e4`](https://github.com/npm/npm/commit/04815e436035de785279fd000cdbc821cc1f3447) + [npm/npmlog#32](https://github.com/npm/npmlog/pull/32) + `npmlog@2.0.4`: Add `"files"` stanza to `package.json`. + ([@jamestalmage](https://github.com/jamestalmage)) +* [`9e29ad2`](https://github.com/npm/npm/commit/9e29ad227300bb970e7bcd21029944d4733e40db) + `wrappy@1.0.2`: Add `"files"` stanza to `package.json`. + ([@jamestalmage](https://github.com/jamestalmage)) +* [`44af4d4`](https://github.com/npm/npm/commit/44af4d475ac65bdce6d088173273ce4a4f74a49e) + `abbrev@1.0.9` ([@jorrit](https://github.com/jorrit)) +* [`6c977c0`](https://github.com/npm/npm/commit/6c977c0031d074479a26c7bec6ec83fd6c6526b2) + `npm-registry-client@7.1.2`: Add support for newer versions of `npmlog`. + ([@iarna](https://github.com/iarna)) + +### v2.15.6 (2016-05-12): + +I have a couple of doc fixes and a shrinkwrap fix for you all this week. + +#### PEER DEPENDENCIES AND SHRINKWRAPS + +* [`55c998a`](https://github.com/npm/npm/commit/55c998a098a306b90a84beef163a8890f9a616b1) + [#5135](https://github.com/npm/npm/issues/5135) + Fix a bug where peerDependencies & shrinkwraps didn't play nice together. (Where + the peerDependency resolver would end up installing its dep when it wasn't needed.) + ([@majgis](https://github.com/majgis)) + +#### NPM AND `node-gyp` DOCS IMPROVEMENTS + +* [`1826908`](https://github.com/npm/npm/commit/1826908b991510d8fbc71a0d0f2c01ff24fd83c2) + [#12636](https://github.com/npm/npm/pull/12636) + Improve `npm-scripts` documentation regarding when `node-gyp` is used. + ([@reconbot](https://github.com/reconbot)) +* [`f9ff7f3`](https://github.com/npm/npm/commit/f9ff7f36cc2c2c3fbb4f6eef91491b589d049d5f) + [#12586](https://github.com/npm/npm/pull/12586) + Correct `package.json` documentation as to when `node-gyp rebuild` called. + This now matches https://docs.npmjs.com/misc/scripts#default-values + ([@reconbot](https://github.com/reconbot)) + +### v2.15.5 (2016-05-05): + +This is a minor LTS release, bringing dependencies up to date and updating +our CI matrix to match what we support. + +Some of the dependency updates come out of our getting the development +branch's tests passing on Windows and so bring in fixes for a few Windows +related corner cases. + +#### CI UPDATES + +* [`bb6f0e5`](https://github.com/npm/npm/commit/bb6f0e5c95d4ad186768b1c962dd4c399f90ddb1) + [#12487](https://github.com/npm/npm/pull/12487) + Remove iojs from CI, add Node.js 6, prioritize 4 over 5. + ([@othiym23](https://github.com/othiym23)) + +#### DEPENDENCY UPDATES + +* [`f2f8753`](https://github.com/npm/npm/commit/f2f8753c4aef2a604a4bdca2677711c940234b8f) + `which@1.2.8`: + Properly handle relative path executables. + ([@isaacs](https://github.com/isaacs)) +* [`e287ca9`](https://github.com/npm/npm/commit/e287ca99c37680d8e4cfacf4cfebe2da98884865) + `read-package-json@2.0.4`: + Fix Windows issue with ENOTDIR detection. + ([@zkat](https://github.com/zkat)) +* [`1a0ce6c`](https://github.com/npm/npm/commit/1a0ce6cff4c347bad035dc89bba2ceed9dacbf73) + `realize-package-specifier@3.0.3`: + Use npa with windows fix. + Fix relative path resolution when the local file might also be a tag. + ([@zkat](https://github.com/zkat)) + ([@iarna](https://github.com/iarna)) +* [`a475c9a`](https://github.com/npm/npm/commit/a475c9a4e4b36d00080b11f379657ce68185adc6) + `lru-cache@4.0.1`: + Use Symbol if available. + ([@isaacs](https://github.com/isaacs)) +* [`7141e08`](https://github.com/npm/npm/commit/7141e08816c620b1889d7537c30dc5b254de4d1f) + `sorted-object@2.0.0` + ([@iamstarkov](https://github.com/iamstarkov)) +* [`27c6190`](https://github.com/npm/npm/commit/27c6190216cc8a5a280f0efbabb3444581968d40) + `request@2.72.0` + ([@simov](https://github.com/simov)) +* [`ab90daf`](https://github.com/npm/npm/commit/ab90daf70ba51b51f722fb4cd74ac5267621c4b4) + `readable-stream@2.1.2` + ([@calvinmetcalf](https://github.com/calvinmetcalf)) +* [`b1715f8`](https://github.com/npm/npm/commit/b1715f805426403273225bcfa91d1a52d7b56eb8) + `graceful-fs@4.1.4` + ([@isaacs](https://github.com/isaacs)) +* [`ca97de6`](https://github.com/npm/npm/commit/ca97de6c18059ef420235f4706898ad8758904e6) + `block-stream@0.0.9` + ([@isaacs](https://github.com/isaacs)) + +### v2.15.4 (2016-04-21): + +Gosh, it's been a peaceful couple of weeks! + +Overall, the CLI team has been focused on the project to [get the test suite +passing on Windows](https://github.com/npm/npm/pull/11444). Our efforts should +be paying off soon -- there's only a couple of tests left! + +It's very unlikely those particular changes will make their way into our current +`npm@2` LTS release, I think, but it will help `npm@3` a lot, as well as +whatever version makes it into [`node@6`, which will eventually be the next +Node.js LTS](https://github.com/nodejs/node/pull/6155). + +As far as this week goes, we've got a couple of dep updates and doc fixes. +Always happy to see community contributions flying in. 💚 + +#### DEP UPDATE MAGIC + +* [`b178c4a`](https://github.com/npm/npm/commit/b178c4ac9ce91c0a0794526a38b553c759132d18) + `spdx-license-ids@1.2.1`: + Minor project-related tweaks -- no license changes. + ([@shinnn](https://github.com/shinnn)) +* [`1adf179`](https://github.com/npm/npm/commit/1adf179948ab8cb97dfb2f46a61e9f37d944c42a) + `normalize-git-url@3.0.2`: + Fixes `file://` URLs on Windows. Turns out stuff like `file://C:\hello` is + actually fairly weird for a URL (it's not actually a valid URL, but we're just + gonna pretend.😉) + ([@zkat](https://github.com/zkat)) +* [`9cfd56c`](https://github.com/npm/npm/commit/9cfd56cdadc040c0b2fa7654cdb5e7d22dbef7cb) + `fs-vacuum@1.2.9`: + This one goes out to our fans at Big Blue: There was an AIX-specific issue + where `fs.rmDir` was failing with `EEXIST` instead of `ENOTEMPTY` with + non-empty directories. + ([@richardlau](https://github.com/richardlau)) + +#### HOORAY DOC CONTRIBUTIONS + +No seriously, we love these. Keep 'em comin'! + +* [`2afe8bf`](https://github.com/npm/npm/commit/2afe8bf415a159baa181a8102f72c96e1d189bc9) + [#12415](https://github.com/npm/npm/pull/12415) + Clarify that the `--cert` and `--key` options are actual certs and keys, not + paths to files containing them. + ([@rvedotrc](https://github.com/rvedotrc)) +* [`3522560`](https://github.com/npm/npm/commit/3522560b0a4bb6c9717a34f9728f156fd9760cad) + [#12107](https://github.com/npm/npm/pull/12107) + Document `npm login` as an alias to `npm adduser`. People are still surprised + by this so often. + ([@gnerkus](https://github.com/gnerkus)) + +### v2.15.3 (2016-03-31): + +Hiiiiiii!~👋 + +We're really happy to be getting more and more community contributions! Keep it +up! We really appreciate folks trying to help us, and we'll do our best to help +point you in the right direction. Even things like documentation are a huge +help. And remember -- you get socks for it, too!🎁 + +This week is as quiet as usual, aside from fixing a regression to `npm +deprecate` you might want to pay attention to! Other than that, just docs and +deps, as any good LTS release train should be. 🙆 + +#### FIXME + +* [`6e0b66e`](https://github.com/npm/npm/commit/6e0b66e282aa27d1b5371e2babaa859924121730) + [#11884](https://github.com/npm/npm/pull/11884) + Include `node_modules` in the list of files and directories that npm won't + include in packages ordinarily. (Modules listed in `bundledDependencies` and + things that those modules rely on, ARE included of course.) + ([@Jameskmonger](https://github.com/Jameskmonger)) +* [`9896290`](https://github.com/npm/npm/commit/98962909b160364030705575202ad133971033c1) + [#12079](https://github.com/npm/npm/pull/12079) + Back in `npm@2.13.1` we included [a patch that made it so `npm install pkg` + was basically `npm install pkg@latest` instead of + `pkg@*`](https://github.com/npm/npm/pull/9170) This is probably what most + users expected, but it also ended up [breaking `npm + deprecate`](https://github.com/npm/npm/pull/9170) when no version was provided + for a package. In that case, we were using `*` to mean "deprecate all + versions" and relying on the `pkg` -> `pkg@*` conversion. This patch fixes + `npm deprecate pkg` to work as it used to by special casing that particular + command's behavior. + ([@polm](https://github.com/polm)) +* [`6c1628f`](https://github.com/npm/npm/commit/6c1628f62b657db6c116be13849d00933a3388cd) + [#12146](https://github.com/npm/npm/pull/12146) + Adds `make doc-clean` to `prepublish` script, to clear out previously built + docs before publishing a new npm version. + ([@watilde](https://github.com/watilde)) +* [`6d3017e`](https://github.com/npm/npm/commit/6d3017e6eed8a771b395d10130ac1f498e2d3211) + [#12146](https://github.com/npm/npm/pull/12146) + Adds `doc-clean` phony target to `make publish`. + ([@watilde](https://github.com/watilde)) + +#### DOCS + +* [`d43921c`](https://github.com/npm/npm/commit/d43921c546617cdb94bbee444d7d67ef55f38dc5) + [#12147](https://github.com/npm/npm/pull/12147) + Document that the current behavior of `engines` is just to warn if the node + platform is incompatible. + ([@reconbot](https://github.com/reconbot)) +* [`3cfe99e`](https://github.com/npm/npm/commit/3cfe99e3a757c5d8cbb1c2789410e9802563abac) + [#12093](https://github.com/npm/npm/pull/12093) + Update `bugs` url in `package.json` to use the `https` URL for Github. + ([@watilde](https://github.com/watilde)) +* [`ecf865f`](https://github.com/npm/npm/commit/ecf865f4eed1419c75442e0d52bc34ba1647de15) + [#12075](https://github.com/npm/npm/pull/12075) + Add the `--ignore-scripts` flag to the `npm install` docs. + ([@paulirish](https://github.com/paulirish)) +* [`f0e6db3`](https://github.com/npm/npm/commit/f0e6db32827d88680ef2320e60c0863754a4fbc5) + [#12063](https://github.com/npm/npm/pull/12063) + Various minor fixes to the html docs homepage. + ([@watilde](https://github.com/watilde)) + +#### DEPS + +* [`e2660de`](https://github.com/npm/npm/commit/e2660de1c08ed68a1c6fc4ee75d10376595979be) + `npmlog@2.0.3` + ([@iarna](https://github.com/iarna)) + ### v2.15.2 (2016-03-24): It's always nice to see new contributors. 💚 |