murdoc/opencode-sandbox
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 11 Packages 1 Wiki Activity Actions

chore(deps): update dependency npm to v11.17.0 #135

Merged
murdoc merged 1 commit from renovate-npm-11-x into main 2026-06-14 12:32:40 +00:00
Conversation 0 Commits 1 Files changed 1 +1 -1
murdoc commented 2026-06-14 12:32:21 +00:00
Owner
Copy link

This PR contains the following updates:

Package Update Change OpenSSF
npm (source) minor 11.16.011.17.0 OpenSSF Scorecard

Release Notes

npm/cli (npm)

v11.17.0

Compare Source

Features
Bug Fixes
Documentation
Dependencies
Chores

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • "after 3am and before 6pm"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | OpenSSF | |---|---|---|---| | [npm](https://docs.npmjs.com/) ([source](https://github.com/npm/cli)) | minor | `11.16.0` → `11.17.0` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/npm/cli/badge)](https://securityscorecards.dev/viewer/?uri=github.com/npm/cli) | --- ### Release Notes <details> <summary>npm/cli (npm)</summary> ### [`v11.17.0`](https://github.com/npm/cli/releases/tag/v11.17.0) [Compare Source](https://github.com/npm/cli/compare/v11.16.0...v11.17.0) ##### Features - [`ae8ac4e`](https://github.com/npm/cli/commit/ae8ac4ea39776f74551fc850f4a5e766b81c5545) [#&#8203;9534](https://github.com/npm/cli/pull/9534) add min-release-age-exclude config ([@&#8203;JamieMagee](https://github.com/JamieMagee), [@&#8203;caseyjhol](https://github.com/caseyjhol)) - [`8ff3e48`](https://github.com/npm/cli/commit/8ff3e48113a53576a8d450d7d5a1cb190a1986e1) [#&#8203;9483](https://github.com/npm/cli/pull/9483) allowScripts tooling and inBundle hardening ([#&#8203;9483](https://github.com/npm/cli/issues/9483)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;JamieMagee](https://github.com/JamieMagee)) ##### Bug Fixes - [`847cdf8`](https://github.com/npm/cli/commit/847cdf8d2277bc56f6aaef3957f0b9c06fed20e5) [#&#8203;9541](https://github.com/npm/cli/pull/9541) match dotted and versioned args in approve-scripts/deny-scripts ([@&#8203;owlstronaut](https://github.com/owlstronaut)) - [`d99f7cb`](https://github.com/npm/cli/commit/d99f7cb1112d311b1f7fc885fb4f692ead8c8e2c) [#&#8203;9535](https://github.com/npm/cli/pull/9535) emit valid JSON from approve-scripts/deny-scripts --json ([@&#8203;owlstronaut](https://github.com/owlstronaut)) - [`351a309`](https://github.com/npm/cli/commit/351a309e7c625b79cfb0c9fbaa2dc9a544509f70) [#&#8203;9499](https://github.com/npm/cli/pull/9499) pass script-shell to publish lifecycle hooks ([#&#8203;9499](https://github.com/npm/cli/issues/9499)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot]) - [`4fa81df`](https://github.com/npm/cli/commit/4fa81dfedab4bf39e85d828f217a70210afd6dac) [#&#8203;9497](https://github.com/npm/cli/pull/9497) recognize allowScripts for local link targets ([#&#8203;9497](https://github.com/npm/cli/issues/9497)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;cyphercodes](https://github.com/cyphercodes), [@&#8203;cyphercodes](https://github.com/cyphercodes)) - [`95cf2e9`](https://github.com/npm/cli/commit/95cf2e9efea892023387f3aec6062b8a7e8f1a60) [#&#8203;9489](https://github.com/npm/cli/pull/9489) validate registry path for allow-remote tarballs ([@&#8203;Abhinav-143x](https://github.com/Abhinav-143x)) - [`9dd219b`](https://github.com/npm/cli/commit/9dd219b20ec3a1c7e46b23209b4619b872f1b604) [#&#8203;9462](https://github.com/npm/cli/pull/9462) respect allowScripts policy in prune, dedupe, uninstall, audit, and link ([#&#8203;9462](https://github.com/npm/cli/issues/9462)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;JamieMagee](https://github.com/JamieMagee)) - [`cd8d18a`](https://github.com/npm/cli/commit/cd8d18a66832856c5cc2ba90dc7c8b0f3dbe476b) [#&#8203;9482](https://github.com/npm/cli/pull/9482) list pending scripts in approve-scripts when ignore-scripts is set ([#&#8203;9482](https://github.com/npm/cli/issues/9482)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;JamieMagee](https://github.com/JamieMagee)) - [`c14e87c`](https://github.com/npm/cli/commit/c14e87c5d84a81ebe14ebe9c68e050ee6ec0fded) [#&#8203;9481](https://github.com/npm/cli/pull/9481) suggest --allow-scripts for global installs in unreviewed-scripts warnings ([#&#8203;9481](https://github.com/npm/cli/issues/9481)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;JamieMagee](https://github.com/JamieMagee)) - [`7ade52e`](https://github.com/npm/cli/commit/7ade52ea4059ca75e83f10e892b24581624acef9) [#&#8203;9465](https://github.com/npm/cli/pull/9465) invalid issue template YAML indentation ([#&#8203;9465](https://github.com/npm/cli/issues/9465)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;fallintoplace](https://github.com/fallintoplace)) - [`c069622`](https://github.com/npm/cli/commit/c0696225d8792e461989214ba7d8886dfd862b4a) [#&#8203;9464](https://github.com/npm/cli/pull/9464) show full parent command path in subcommand usage errors ([#&#8203;9464](https://github.com/npm/cli/issues/9464)) ([@&#8203;owlstronaut](https://github.com/owlstronaut)) - [`1bb62bb`](https://github.com/npm/cli/commit/1bb62bb639d1f791a0c51d236fba01c25c58992e) [#&#8203;9454](https://github.com/npm/cli/pull/9454) config: clarify --all help so it's accurate for approve-scripts and deny-scripts ([@&#8203;JamieMagee](https://github.com/JamieMagee)) - [`84eeb5f`](https://github.com/npm/cli/commit/84eeb5fe9db14e01ebc44999ebe126224a78eb83) [#&#8203;9431](https://github.com/npm/cli/pull/9431) audit: don't apply min-release-age before filter when verifying installed signatures ([@&#8203;JamieMagee](https://github.com/JamieMagee)) - [`3bd3377`](https://github.com/npm/cli/commit/3bd3377f207732b47655ea3a896d53046df199c4) [#&#8203;9426](https://github.com/npm/cli/pull/9426) block forbidden keys in Queryable setter to prevent prototype pollution ([@&#8203;12122J](https://github.com/12122J), [@&#8203;claude](https://github.com/claude)) ##### Documentation - [`a86a7a9`](https://github.com/npm/cli/commit/a86a7a9e3c9ca840d4e7f5f3bb043ec5b9c7e154) [#&#8203;9522](https://github.com/npm/cli/pull/9522) approve-scripts only throws EGLOBAL when run with -g ([@&#8203;JamieMagee](https://github.com/JamieMagee)) - [`693bb3d`](https://github.com/npm/cli/commit/693bb3de834f4611bf41785be357dc4598a2aaae) [#&#8203;9508](https://github.com/npm/cli/pull/9508) clarify package.json override value specs ([#&#8203;9508](https://github.com/npm/cli/issues/9508)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;ded-furby](https://github.com/ded-furby)) - [`ccffe4a`](https://github.com/npm/cli/commit/ccffe4a917e1b9faf6e8fa9ab3a2856819e29e3a) [#&#8203;9501](https://github.com/npm/cli/pull/9501) use the latest version for global update and outdated's `wanted` ([#&#8203;9501](https://github.com/npm/cli/issues/9501)) ([@&#8203;github-actions](https://github.com/github-actions)\[bot], [@&#8203;liangmiQwQ](https://github.com/liangmiQwQ)) - [`66e97c2`](https://github.com/npm/cli/commit/66e97c20003b43d80c464b89fb1e1c8c6b5c9433) [#&#8203;9478](https://github.com/npm/cli/pull/9478) update minimum npm required for npm trust ([@&#8203;meeech](https://github.com/meeech)) ##### Dependencies - [`bd09b87`](https://github.com/npm/cli/commit/bd09b87b50fd7a2051cdfedf3c491dbf133e05b6) [#&#8203;9542](https://github.com/npm/cli/pull/9542) `postcss-selector-parser@7.1.4` - [`95bfc4c`](https://github.com/npm/cli/commit/95bfc4c69593cc85f783c164716d7bca0b453b4b) [#&#8203;9542](https://github.com/npm/cli/pull/9542) `tinyglobby@0.2.17` - [`8c0d5fd`](https://github.com/npm/cli/commit/8c0d5fd2d72d544267b41f65ee576cc26b080d7c) [#&#8203;9542](https://github.com/npm/cli/pull/9542) `tar@7.5.16` - [`967d377`](https://github.com/npm/cli/commit/967d3775434dc4d9659aa9d9c3b81771d12be3df) [#&#8203;9542](https://github.com/npm/cli/pull/9542) `semver@7.8.4` - [`cdaac1b`](https://github.com/npm/cli/commit/cdaac1bed03a0f6aff1115ed7cb0745ca9e9f238) [#&#8203;9542](https://github.com/npm/cli/pull/9542) `pacote@21.5.1` - [`25c8a9e`](https://github.com/npm/cli/commit/25c8a9ec04fed7f5941af004f7de5ad9b5775bde) [#&#8203;9542](https://github.com/npm/cli/pull/9542) `node-gyp@12.4.0` ##### Chores - [`2922fa4`](https://github.com/npm/cli/commit/2922fa45f1145c14d7eb0e5796a6854217dd8922) [#&#8203;9542](https://github.com/npm/cli/pull/9542) dev dependency updates ([@&#8203;owlstronaut](https://github.com/owlstronaut)) - [workspace](https://github.com/npm/cli/releases/tag/arborist-v9.8.0): `@npmcli/arborist@9.8.0` - [workspace](https://github.com/npm/cli/releases/tag/config-v10.11.0): `@npmcli/config@10.11.0` - [workspace](https://github.com/npm/cli/releases/tag/libnpmdiff-v8.1.10): `libnpmdiff@8.1.10` - [workspace](https://github.com/npm/cli/releases/tag/libnpmexec-v10.3.0): `libnpmexec@10.3.0` - [workspace](https://github.com/npm/cli/releases/tag/libnpmfund-v7.0.24): `libnpmfund@7.0.24` - [workspace](https://github.com/npm/cli/releases/tag/libnpmpack-v9.1.10): `libnpmpack@9.1.10` </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/Berlin) - Branch creation - "after 3am and before 6pm" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE5NS42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJtaW5vciIsIm5wbSIsInJlbm92YXRlIl19-->
chore(deps): update dependency npm to v11.17.0
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
pre-commit-check / pre-commit (pull_request) Successful in 13s
Details
CI Pipeline for building and pushing Docker images (staging and latest) / build_and_push_temp (pull_request) Successful in 10m34s
Details
CI Pipeline for building and pushing Docker images (staging and latest) / trivy_scan (pull_request) Successful in 1m25s
Details
CI Pipeline for building and pushing Docker images (staging and latest) / push_final (pull_request) Successful in 7s
Details
8dbf7f0714
murdoc scheduled this pull request to auto merge when all checks succeed 2026-06-14 12:32:23 +00:00
murdoc merged commit 7aaddc37f1 into main 2026-06-14 12:32:40 +00:00
murdoc deleted branch renovate-npm-11-x 2026-06-14 12:32:40 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
murdoc/opencode-sandbox!135
No description provided.