chore(deps): update dependency npm to v11

[dev-mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
npm (source)	dependencies	major	8.19.2 → 11.6.3

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
Critical	9.8	CVE-2023-42282
High	7.5	CVE-2026-26996
Medium	5.3	CVE-2022-25883

---

Release Notes

npm/cli (npm)

v11.6.3

Compare Source

Bug Fixes

• c6242d9 #​8706 change npm profile to create tokens with GAT support (#​8706) (@​owlstronaut, @​wraithgar)
• cbc6fa9 #​8731 order of version information in error message (#​8731) (@​piotrd, @​pd-be)
• 11dbd7e #​8709 display full token when creating authentication tokens (#​8709) (@​MaxBlack-dev, Max Black)
• 49a4eef #​8676 use look behind regex for trailing slash stripping (#​8676) (@​wraithgar)
• b1aee62 #​8645 dep flag calculation (#​8645) (@​liamcmitchell)

Documentation

• ca53c21 #​8745 add workspace usage examples (#​8745) (@​MaxBlack-dev, Max Black)
• e71ca0e #​8746 add --save flag to documentation (#​8746) (@​MaxBlack-dev, Max Black)
• 06510a8 #​8683 add ignore-scripts option to npm version help and docs (#​8683) (@​Tejas242)

Dependencies

• 7f72238 #​8723 cacache@20.0.2
• 7ac9db8 #​8723 init-package-json@8.2.3
• 41e97c6 #​8723 validate-npm-package-name@7.0.0
• 6b1fbe1 #​8723 npm-package-arg@13.0.2
• aa1d486 #​8723 @npmcli/promise-spawn@9.0.1
• 599c819 #​8723 which@6.0.0
• e49286e #​8723 ini@5.0.0
• b7c9f96 #​8723 @npmcli/promise-spawn@9.0.0
• 8cc9f70 #​8723 ssri@13.0.0
• 0b7274f #​8723 pacote@21.0.4
• 59b3c6a #​8723 @npmcli/redact@4.0.0
• 578abad #​8723 node-gyp@12.1.0
• 89c4151 #​8723 @npmcli/git@7.0.1
• c6d109d #​8723 make-fetch-happen@15.0.3
• 34d8599 #​8723 npm-registry-fetch@19.1.1
• 4811a86 #​8723 @npmcli/run-script@10.0.3
• 6cb77df #​8723 @npmcli/installed-package-contents@4.0.0
• 05ac7a7 #​8723 proc-log@6.0.0
• 0a74f6d #​8723 bin-links@6.0.0
• c02ce5c #​8723 @npmcli/package-json@7.0.2
• 9c0cefa #​8723 json-parse-even-better-errors@5.0.0
• 041b9b2 #​8723 parse-conflict-json@5.0.1
• a1b0fea #​8723 @npmcli/name-from-folder@4.0.0
• a085745 #​8723 abbrev@4.0.0
• 00d9c7d #​8723 nopt@9.0.0
• 3404dca #​8723 npm-install-checks@8.0.0
• 542fcf3 #​8723 @npmcli/node-gyp@5.0.0
• 89e14d3 #​8723 tar@7.5.2
• 5383f3a #​8723 npm-registry-fetch@19.1.0
• 1bb9a7d #​8723 npm-profile@12.0.1
• de619a4 #​8723 npm-pick-manifest@11.0.3
• 0e042ec #​8723 npm-packlist@10.0.3
• 2a3c338 #​8723 node-gyp@11.5.0
• b96e86c #​8723 minimatch@10.1.1
• d347329 #​8723 exponential-backoff@3.1.3
• d6830f4 #​8723 @npmcli/run-script@10.0.2
• bcc7ec8 #​8723 @npmcli/metavuln-calculator@9.0.3
• 7a419df #​8723 @npmcli/map-workspaces@5.0.1

Chores

• 32bdd83 #​8723 fix package-lock (@​wraithgar)
• 4bff14b #​8670 write tarball to testDir (#​8670) (@​wraithgar)
• 679486b #​8672 fix lockfile (#​8672) (@​wraithgar)
• workspace: @npmcli/arborist@9.1.7
• workspace: @npmcli/config@10.4.3
• workspace: libnpmdiff@8.0.10
• workspace: libnpmexec@10.1.9
• workspace: libnpmfund@7.0.10
• workspace: libnpmpack@9.0.10
• workspace: libnpmpublish@11.1.3
• workspace: libnpmversion@8.0.3

v11.6.2

Compare Source

Bug Fixes

• c54d1e9 #​8633 progress bar code cleanup (#​8633) (@​wraithgar)
• d352e27 #​8629 do not redact notice logs going to stdout (#​8629) (@​wraithgar)
• 5ac3678 #​8617 spelling in ./lib and ./test/lib (#​8617) (@​jsoref)
• 9197995 #​8619 spelling (#​8619) (@​jsoref)
• dd884e3 #​8618 spelling (#​8618) (@​jsoref)
• f6028e6 #​8614 skip redacting urls meant for opening by the user (#​8614) (@​wraithgar, @​jolyndenning)
• 54fd27f #​8602 refactor node.ideallyInert to node.inert (#​8602) (@​liamcmitchell)
• 79e3c1e #​8593 use @​npmcli/package-json to normalize package data (@​wraithgar)

Documentation

• 0469c5e #​8639 rewrap markdown (#​8639) (@​jsoref)
• 9ceb9c1 #​8636 rewrap markdown (#​8636) (@​jsoref)
• 6324370 #​8616 fix spelling (#​8616) (@​jsoref)
• 1b0429a #​8607 Fix spelling (#​8607) (@​jsoref)
• 7fbe07a #​8603 clean up deprecated npm access commands (#​8603) (@​jsoref)

Dependencies

• fa7cc6f #​8662 ci-info@4.3.1 (#​8662)
• b05461b #​8663 @sigstore/sign@4.0.1 (#​8663)
• c31de22 #​8661 downgrade ci-info to 4.3.0 (#​8661) (@​wraithgar)
• c5191b5 #​8659 ci-info@4.3.1
• f255c92 #​8659 hosted-git-info@9.0.2
• bdaf323 #​8659 is-cidr@6.0.1
• a33f106 #​8659 lru-cache@11.2.2
• 8044e07 #​8659 npm-package-arg@13.0.1
• f577504 #​8659 npm-packlist@10.0.2
• 9aa4fa6 #​8659 semver@7.7.3
• fe9484a #​8593 remove normalize-package-data

Chores

• b3409f4 #​8659 dev dependency updates (@​wraithgar)
• e8de81b #​8643 Add automatically generated annotation to dependencies.md (#​8643) (@​jsoref)
• 67cfaf3 #​8627 fix spelling: different (#​8627) (@​jsoref)
• 17ddc0d #​8622 fix spelling (#​8622) (@​jsoref)
• c3e1790 #​8605 Remove reference to nonexistent calendar (#​8605) (@​jsoref)
• ac9143e #​8604 Improve link accessibility for screen reader users (#​8604) (@​jsoref)
• 62d73e7 #​8601 remove references to benchmarks workflow (#​8601) (@​jsoref)
• bb4b739 #​8598 remove stale comment (#​8598) (@​jsoref)
• f73e65d #​8592 fix build url code for remark-github@​12 (#​8592) (@​wraithgar)
• workspace: @npmcli/arborist@9.1.6
• workspace: @npmcli/config@10.4.2
• workspace: libnpmaccess@10.0.3
• workspace: libnpmdiff@8.0.9
• workspace: libnpmexec@10.1.8
• workspace: libnpmfund@7.0.9
• workspace: libnpmpack@9.0.9
• workspace: libnpmpublish@11.1.2

v11.6.1

Compare Source

Bug Fixes

• d389614 #​8579 corrects peer dependency flag propagation (@​owlstronaut)
• 5db81c3 #​8512 allow concurrent non-local npx calls (#​8512) (@​jenseng, @​wraithgar)

Documentation

• 7a09902 #​8582 bring back certfile (#​8582) (@​jenseng)

Dependencies

• 849dcb6 #​8589 tar@7.5.1 (#​8589)
• ea15731 #​8576 binary-extensions@3.1.0
• 0f41bac #​8576 tiny-relative-date@2.0.2
• 07bf540 #​8576 is-cidr@6.0.0
• ef87ec6 #​8576 diff@8.0.2
• 48285e0 #​8576 add fdir, isexe, and picomatch to node_modules
• 099238a #​8576 fdir@6.5.0
• 6e4d673 #​8576 isexe@3.1.1
• 09a7494 #​8576 supports-color@10.2.2
• c5157c9 #​8576 chalk@5.6.2
• 46035db #​8576 debug@4.4.3
• 5f6664b #​8576 spdx-license-ids@3.0.22
• 5516583 #​8576 socks@2.8.7
• 6a392f3 #​8576 tinyglobby@0.2.15
• 9519f18 #​8576 npm-install-checks@7.1.2
• 34bafd1 #​8576 node-gyp@11.4.2
• dfd034e #​8576 @npmcli/promise-spawn@8.0.3
• d4eef14 #​8576 rimraf@6.0.1
• 566f1b7 #​8576 minimatch@10.0.3
• ac33497 #​8576 mkdirp@3.0.1
• 1676626 #​8576 glob@11.0.3
• 817f0b1 #​8576 ignore-walk@8.0.0
• 79a4e67 #​8576 minizlib@3.0.2
• 38fa2c2 #​8576 negotiator@1.0.0
• 24252a1 #​8576 @npmcli/agent@4.0.0
• ea7ca5f #​8576 lru-cache@11.2.1
• 521823b #​8576 @npmcli/git@7.0.0
• bf6b686 #​8576 npm-package-arg@13.0.0
• 9392488 #​8576 npm-package-manifest@11.0.1
• 0082083 #​8576 normalize-package-data@8.0.0
• 633c4ed #​8576 hosted-git-info@9.0.0
• 66f64eb #​8576 make-fetch-happen@15.0.2
• 1f85f94 #​8576 @sigstore/tuf@4.0.0
• a2bdecc #​8576 sigstore@4.0.0
• 1149971 #​8576 npm-registry-fetch@19.0.0
• b5bd5e3 #​8576 npm-profile@12.0.0
• 6221e27 #​8576 @npmcli/metavuln-calculator@9.0.2
• da81a37 #​8576 cacache@20.0.1
• 6b4c5f9 #​8576 @npmcli/run-script@10.0.0
• cb36a8a #​8576 init-package-json@8.2.2
• b6bb9ae #​8576 pacote@21.0.3
• 1b4433f #​8576 @npmcli/map-workspaces@5.0.0
• ceae674 #​8576 @npmcli/package-json@7.0.1
• 4f37534 #​8576 remove read-package-json-fast

Chores

• 7eb5c09 #​8576 update package-lock with peer flag fixes (@​wraithgar)
• 0d00fd8 #​8576 jsdom@27.0.0 (@​wraithgar)
• 420a569 #​8576 unified@11.0.5 (@​wraithgar)
• 064deb3 #​8576 remark-rehype@11.1.2 (@​wraithgar)
• 30fe3ba #​8576 remark-man@9.0.0 (@​wraithgar)
• 1c6bb4c #​8576 rehype-stringify@10.0.1 (@​wraithgar)
• 208cb93 #​8576 remark-gfm@4.0.1 (@​wraithgar)
• 4a46b5a #​8576 remark-github@12.0.0 (@​wraithgar)
• 93d190b #​8576 remark-parse@11.0.0 (@​wraithgar)
• 05301a4 #​8576 remark@15.0.1 (@​wraithgar)
• 6afdda9 #​8576 ajv-formats@3.0.1 (@​wraithgar)
• 402a0ab #​8576 @npmcli/template-oss@4.25.1 (@​wraithgar)
• 3b43bf7 #​8576 dev dependency updates (@​wraithgar)
• 9f9146f #​8576 @tufjs/repo-mock@4.0.0 (@​wraithgar)
• eed8a10 #​8576 use latest/local arborist in mock-registry (@​wraithgar)
• workspace: @npmcli/arborist@9.1.5
• workspace: @npmcli/config@10.4.1
• workspace: libnpmaccess@10.0.2
• workspace: libnpmdiff@8.0.8
• workspace: libnpmexec@10.1.7
• workspace: libnpmfund@7.0.8
• workspace: libnpmorg@8.0.1
• workspace: libnpmpack@9.0.8
• workspace: libnpmpublish@11.1.1
• workspace: libnpmsearch@9.0.1
• workspace: libnpmteam@8.0.2
• workspace: libnpmversion@8.0.2

v11.6.0

Compare Source

Features

• bdcc10d #​8359 add support for optional env var replacements in .npmrc (#​8359) (@​aczekajski, @​owlstronaut)

Bug Fixes

• dd4cee9 #​8539 powershell: improve argument parsing (#​8539) (@​alexsch01)
• 5f18557 #​8532 powershell: fix issue with modified InvocationName (#​8532) (@​alexsch01)
• 9e5abf1 #​8529 add redaction to log format egress (#​8529) (@​wraithgar)
• 75ce64a #​8524 revert handle signal exits gracefully (#​8524) (@​owlstronaut)
• 5d82d0b #​8469 ps1 scripts in powershell 5.1 (#​8469) (@​splatteredbits)

Dependencies

• workspace: @npmcli/arborist@9.1.4
• workspace: @npmcli/config@10.4.0
• workspace: libnpmdiff@8.0.7
• workspace: libnpmexec@10.1.6
• workspace: libnpmfund@7.0.7
• workspace: libnpmpack@9.0.7

v11.5.2

Compare Source

Bug Fixes

• 7d900c4 #​8467 oidc visibility check for provenance (#​8467) (@​reggi, @​wraithgar)

Documentation

• d4e56b2 #​8459 update snapshot generation command (#​8459) (@​MikeMcC399)

v11.5.1

Compare Source

Bug Fixes

• 476bf17 #​8457 provenance should only default for oidc (@​reggi)

v11.5.0

Compare Source

Bug Fixes

• c6242d9 #​8706 change npm profile to create tokens with GAT support (#​8706) (@​owlstronaut, @​wraithgar)
• cbc6fa9 #​8731 order of version information in error message (#​8731) (@​piotrd, @​pd-be)
• 11dbd7e #​8709 display full token when creating authentication tokens (#​8709) (@​MaxBlack-dev, Max Black)
• 49a4eef #​8676 use look behind regex for trailing slash stripping (#​8676) (@​wraithgar)
• b1aee62 #​8645 dep flag calculation (#​8645) (@​liamcmitchell)

Documentation

• ca53c21 #​8745 add workspace usage examples (#​8745) (@​MaxBlack-dev, Max Black)
• e71ca0e #​8746 add --save flag to documentation (#​8746) (@​MaxBlack-dev, Max Black)
• 06510a8 #​8683 add ignore-scripts option to npm version help and docs (#​8683) (@​Tejas242)

Dependencies

• 7f72238 #​8723 cacache@20.0.2
• 7ac9db8 #​8723 init-package-json@8.2.3
• 41e97c6 #​8723 validate-npm-package-name@7.0.0
• 6b1fbe1 #​8723 npm-package-arg@13.0.2
• aa1d486 #​8723 @npmcli/promise-spawn@9.0.1
• 599c819 #​8723 which@6.0.0
• e49286e #​8723 ini@5.0.0
• b7c9f96 #​8723 @npmcli/promise-spawn@9.0.0
• 8cc9f70 #​8723 ssri@13.0.0
• 0b7274f #​8723 pacote@21.0.4
• 59b3c6a #​8723 @npmcli/redact@4.0.0
• 578abad #​8723 node-gyp@12.1.0
• 89c4151 #​8723 @npmcli/git@7.0.1
• c6d109d #​8723 make-fetch-happen@15.0.3
• 34d8599 #​8723 npm-registry-fetch@19.1.1
• 4811a86 #​8723 @npmcli/run-script@10.0.3
• 6cb77df #​8723 @npmcli/installed-package-contents@4.0.0
• 05ac7a7 #​8723 proc-log@6.0.0
• 0a74f6d #​8723 bin-links@6.0.0
• c02ce5c #​8723 @npmcli/package-json@7.0.2
• 9c0cefa #​8723 json-parse-even-better-errors@5.0.0
• 041b9b2 #​8723 parse-conflict-json@5.0.1
• a1b0fea #​8723 @npmcli/name-from-folder@4.0.0
• a085745 #​8723 abbrev@4.0.0
• 00d9c7d #​8723 nopt@9.0.0
• 3404dca #​8723 npm-install-checks@8.0.0
• 542fcf3 #​8723 @npmcli/node-gyp@5.0.0
• 89e14d3 #​8723 tar@7.5.2
• 5383f3a #​8723 npm-registry-fetch@19.1.0
• 1bb9a7d #​8723 npm-profile@12.0.1
• de619a4 #​8723 npm-pick-manifest@11.0.3
• 0e042ec #​8723 npm-packlist@10.0.3
• 2a3c338 #​8723 node-gyp@11.5.0
• b96e86c #​8723 minimatch@10.1.1
• d347329 #​8723 exponential-backoff@3.1.3
• d6830f4 #​8723 @npmcli/run-script@10.0.2
• bcc7ec8 #​8723 @npmcli/metavuln-calculator@9.0.3
• 7a419df #​8723 @npmcli/map-workspaces@5.0.1

Chores

• 32bdd83 #​8723 fix package-lock (@​wraithgar)
• 4bff14b #​8670 write tarball to testDir (#​8670) (@​wraithgar)
• 679486b #​8672 fix lockfile (#​8672) (@​wraithgar)
• workspace: @npmcli/arborist@9.1.7
• workspace: @npmcli/config@10.4.3
• workspace: libnpmdiff@8.0.10
• workspace: libnpmexec@10.1.9
• workspace: libnpmfund@7.0.10
• workspace: libnpmpack@9.0.10
• workspace: libnpmpublish@11.1.3
• workspace: libnpmversion@8.0.3

v11.4.2

Compare Source

Bug Fixes

• d389614 #​8579 corrects peer dependency flag propagation (@​owlstronaut)
• 5db81c3 #​8512 allow concurrent non-local npx calls (#​8512) (@​jenseng, @​wraithgar)

Documentation

• 7a09902 #​8582 bring back certfile (#​8582) (@​jenseng)

Dependencies

• 849dcb6 #​8589 tar@7.5.1 (#​8589)
• ea15731 #​8576 binary-extensions@3.1.0
• 0f41bac #​8576 tiny-relative-date@2.0.2
• 07bf540 #​8576 is-cidr@6.0.0
• ef87ec6 #​8576 diff@8.0.2
• 48285e0 #​8576 add fdir, isexe, and picomatch to node_modules
• 099238a #​8576 fdir@6.5.0
• 6e4d673 #​8576 isexe@3.1.1
• 09a7494 #​8576 supports-color@10.2.2
• c5157c9 #​8576 chalk@5.6.2
• 46035db #​8576 debug@4.4.3
• 5f6664b #​8576 spdx-license-ids@3.0.22
• 5516583 #​8576 socks@2.8.7
• 6a392f3 #​8576 tinyglobby@0.2.15
• 9519f18 [#​857