From 4ea066f0ef6e7f8384b82a1e88a8ee8cebd35b14 Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Tue, 22 Jul 2025 11:35:12 -0700 Subject: [PATCH 1/6] chore: @npmcli/template-oss@4.25.0 --- .github/workflows/audit.yml | 3 +++ .github/workflows/ci-release.yml | 4 ++++ .github/workflows/ci.yml | 3 +++ .github/workflows/codeql-analysis.yml | 3 +++ .github/workflows/post-dependabot.yml | 2 +- .github/workflows/pull-request.yml | 3 +++ .github/workflows/release-integration.yml | 4 ++++ .github/workflows/release.yml | 1 + .gitignore | 1 + package.json | 4 ++-- release-please-config.json | 2 +- 11 files changed, 26 insertions(+), 4 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index a3ae7257..85282bdf 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -8,6 +8,9 @@ on: # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1 - cron: "0 8 * * 1" +permissions: + contents: read + jobs: audit: name: Audit Dependencies diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 673f9ca9..d9fcb927 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -18,6 +18,10 @@ on: required: true type: string +permissions: + contents: read + checks: write + jobs: lint-all: name: Lint All diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a44b2271..b991984d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,9 @@ on: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 - cron: "0 9 * * 1" +permissions: + contents: read + jobs: lint: name: Lint diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 15c8efee..af848e17 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,6 +13,9 @@ on: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 - cron: "0 10 * * 1" +permissions: + contents: read + jobs: analyze: name: Analyze diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 1ea8693c..3a919116 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -54,7 +54,7 @@ jobs: else # strip leading slash from directory so it works as a # a path to the workspace flag - echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT + echo "workspace=--workspace ${dependabot_dir#/}" >> $GITHUB_OUTPUT fi - name: Apply Changes diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 7dbdfd41..c69932da 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,6 +10,9 @@ on: - edited - synchronize +permissions: + contents: read + jobs: commitlint: name: Lint Commits diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 130578e6..9ca9a2b8 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -19,6 +19,10 @@ on: PUBLISH_TOKEN: required: true +permissions: + contents: read + id-token: write + jobs: publish: name: Publish diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 75acebb5..53ff3c24 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -244,6 +244,7 @@ jobs: if: needs.release.outputs.releases uses: ./.github/workflows/release-integration.yml permissions: + contents: read id-token: write secrets: PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} diff --git a/.gitignore b/.gitignore index 2bab6d1d..dedbc770 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ !**/.gitignore !/.commitlintrc.js +!/.eslint.config.js !/.eslintrc.js !/.eslintrc.local.* !/.git-blame-ignore-revs diff --git a/package.json b/package.json index bd7a79d3..9027cf14 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^5.0.0", - "@npmcli/template-oss": "4.23.4", + "@npmcli/template-oss": "4.25.0", "cacache": "^19.0.1", "nock": "^13.2.4", "require-inject": "^1.4.4", @@ -62,7 +62,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.4", + "version": "4.25.0", "publish": "true" } } diff --git a/release-please-config.json b/release-please-config.json index a1676b9c..c56fd1d8 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -33,5 +33,5 @@ "package-name": "" } }, - "prerelease-type": "pre" + "prerelease-type": "pre.0" } From 2679cb8a73a03a3e942257d28ac18986c3c1ebde Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Tue, 22 Jul 2025 11:35:38 -0700 Subject: [PATCH 2/6] fix!: align to npm 11 node engine range BREAKING CHANGE: `npm-registry-fetch` now supports node `^20.17.0 || >=22.9.0` --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9027cf14..4b03316d 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ ] }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", From 781d3ff2e4b180456defb928152293f321a0ffb8 Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Tue, 22 Jul 2025 11:35:52 -0700 Subject: [PATCH 3/6] chore: template-oss apply fix --- .github/workflows/ci-release.yml | 13 +++++-------- .github/workflows/ci.yml | 13 +++++-------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index d9fcb927..e9ab5ffb 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -91,20 +91,17 @@ jobs: os: windows-latest shell: cmd node-version: - - 18.17.0 - - 18.x - - 20.5.0 + - 20.17.0 - 20.x + - 22.9.0 - 22.x exclude: - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.17.0 - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.x - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 20.5.0 + node-version: 20.17.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 20.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 22.9.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 22.x runs-on: ${{ matrix.platform.os }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b991984d..92a33b5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -67,20 +67,17 @@ jobs: os: windows-latest shell: cmd node-version: - - 18.17.0 - - 18.x - - 20.5.0 + - 20.17.0 - 20.x + - 22.9.0 - 22.x exclude: - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.17.0 - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 18.x - - platform: { name: macOS, os: macos-13, shell: bash } - node-version: 20.5.0 + node-version: 20.17.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 20.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 22.9.0 - platform: { name: macOS, os: macos-13, shell: bash } node-version: 22.x runs-on: ${{ matrix.platform.os }} From 3e0dfd06f56d65365273ca8c6aa329382e891430 Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Thu, 24 Jul 2025 11:50:22 -0700 Subject: [PATCH 4/6] chore: cacache@20.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 4b03316d..c18b71fc 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "devDependencies": { "@npmcli/eslint-config": "^5.0.0", "@npmcli/template-oss": "4.25.0", - "cacache": "^19.0.1", + "cacache": "^20.0.0", "nock": "^13.2.4", "require-inject": "^1.4.4", "ssri": "^12.0.0", From 7a51caa5ba45062e5ed1fec7b0c459e329c11ec6 Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Thu, 24 Jul 2025 11:50:31 -0700 Subject: [PATCH 5/6] deps: make-fetch-happen@15.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c18b71fc..8256e524 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "dependencies": { "@npmcli/redact": "^3.0.0", "jsonparse": "^1.3.1", - "make-fetch-happen": "^14.0.0", + "make-fetch-happen": "^15.0.0", "minipass": "^7.0.2", "minipass-fetch": "^4.0.0", "minizlib": "^3.0.1", From e07db80c4a97d5fcefca47ea42262c4961fbecab Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Thu, 24 Jul 2025 11:51:01 -0700 Subject: [PATCH 6/6] deps: npm-package-arg@13.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 8256e524..f38f90f7 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "minipass": "^7.0.2", "minipass-fetch": "^4.0.0", "minizlib": "^3.0.1", - "npm-package-arg": "^12.0.0", + "npm-package-arg": "^13.0.0", "proc-log": "^5.0.0" }, "devDependencies": {