fix(deps): update dependency @npmcli/arborist to v7 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@npmcli/arborist (source)	^4.0.0 -> ^7.0.0

---

Release Notes

npm/cli (@​npmcli/arborist)

v7.5.4

Compare Source

Bug Fixes

• 6f33d74 #​7579 arborist: safeguard against null node.target in flag calculation (#​7579) (@​AmirSa12)
• a8e666e #​7602 arborist: condition to include name field in package-lock fixed (#​7602) (@​milaninfy)

v7.5.3

Compare Source

Bug Fixes

• 2d1d8d0 #​7559 adds node: specifier to all native node modules (#​7559) (@​reggi)

Chores

• 4a36d78 #​7568 fix linting in arborist debugger (@​wraithgar)

v7.5.2

Compare Source

Bug Fixes

• 12f103c #​7533 add first param titles to logs where missing (#​7533) (@​lukekarrys)
• e290352 #​7499 revert DepsQueue to re-sort on pop() (#​7499) (@​lukekarrys)
• 56a27fa #​7494 avoid caching manifests as promises (@​wraithgar)
• 722c0fa #​7463 limit packument cache size based on heap size (@​wraithgar)
• effe910 #​7475 dont omit license from stored manifests (#​7475) (@​lukekarrys)

Dependencies

• fd42986 #​7498 @npmcli/fs@3.1.1
• ea0b07d #​7482 pacote@18.0.6
• 5b2317b #​7463 add lru-cache
• 7e15b6d #​7480 @npmcli/metavuln-calculator@7.1.1
• 8b20f8c #​7480 ssri@10.0.6
• a9a6dcd #​7480 pacote@18.0.5
• e2fdb65 #​7480 npm-pick-manifest@9.0.1
• e71f541 #​7480 nopt@7.2.1
• 18c3b40 #​7480 json-parse-even-better-errors@3.0.2
• 714e3e1 #​7480 hosted-git-info@7.0.2
• f94d672 #​7480 cacache@18.0.3
• 43331e4 #​7480 bin-links@4.0.4
• 63ef498 #​7457 npm-registry-fetch@17.0.1

Chores

• 9c4d3c4 #​7467 template-oss-apply (@​lukekarrys)
• 2b7ec54 #​7467 template-oss@4.22.0 (@​lukekarrys)

v7.5.1

Compare Source

Bug Fixes

• a1b95eb #​7453 linting: no-unused-vars (@​wraithgar)
• abcbc54 #​7430 reify: cleanup of Symbols (#​7430) (@​wraithgar)
• 57ebebf #​7418 update repository.url in package.json (#​7418) (@​wraithgar)

Dependencies

• 80eec03 #​7453 @npmcli/redact@2.0.0
• a7145d4 #​7453 npm-registry-fetch@17.0.0
• 9da5738 #​7437 @npmcli/run-script@8.1.0 (#​7437)

v7.5.0

Compare Source

Features

• 9123de4 #​7373 do all ouput over proc-log events (@​lukekarrys)
• 9622597 #​7339 refactor terminal display (#​7339) (@​lukekarrys)

Bug Fixes

• 78447d7 #​7399 prefer fs/promises over promisify (#​7399) (@​lukekarrys)
• 6512112 #​7378 use proc-log for all timers (@​lukekarrys)

Dependencies

• 36adff3 #​7408 pacote@18.0.2
• 486d46c #​7408 @npmcli/installed-package-contents@2.1.0
• 157d0ae #​7408 @npmcli/package-json@5.1.0
• fc6e291 #​7392 proc-log@4.2.0 (#​7392)
• 38ed048 #​7378 @npmcli/metavuln-calculator@7.1.0
• 7678a3d #​7378 proc-log@4.1.0
• 87f6c09 #​7373 @npmcli/metavuln-calculator@7.0.1
• b8f8b41 #​7373 @npmcli/run-script@8.0.0
• 79f79c7 #​7373 proc-log@4.0.0
• 9027266 #​7373 pacote@18.0.0
• ee4b3e0 #​7373 npm-registry-fetch@16.2.1
• ac98fd3 #​7373 npm-package-arg@11.0.2
• 9351570 #​7373 @npmcli/package-json@5.0.3

Chores

• dd39de7 #​7411 disable selflink test on apple silicon (#​7411) (@​lukekarrys)

v7.4.2

Compare Source

Bug Fixes

• ef381b1 #​7363 use @​npmcli/redact for url cleaning (#​7363) (@​lukekarrys)

v7.4.1

Compare Source

Bug Fixes

• 8cab136 #​7324 ensure maxSockets is respected (#​7324) (@​lukekarrys)
• 9bffa13 #​7320 query: properly return :missing nodes (#​7320) (@​wraithgar)

Dependencies

• 87a61fc #​7334 npm-registry-fetch@16.2.0
• 6fd94f2 #​7329 minimatch@9.0.4
• 8cab136 #​7324 agent-base@7.1.1 (@​lukekarrys)

Chores

• 8cab136 #​7324 add smoke-test for large prod installs (@​lukekarrys)

v7.4.0

Features

• 2366edc #​7218 query: add :vuln pseudo selector (@​wraithgar)

Bug Fixes

• 6d1789c #​7237 Arborist code cleanup (#​7237) (@​wraithgar)
• ed17276 #​7218 query-selector: don't look up private packages on :outdated (@​wraithgar)

Dependencies

• 16d4c9f #​7218 @npmcli/query@3.1.0

v7.3.1

Bug Fixes

• d3f1845 #​7124 clean up idealTree code (@​wraithgar)
• 8382fb3 #​7126 fetch full packument so that libc can be assessed (@​styfle, @​ljharb)

Dependencies

• ec77e81 #​7124 promise-call-limit@3.0.1

v7.3.0

Features

• 6673c77 #​6914 add --libc option to override platform specific install (#​6914) (@​wraithgar, @​Brooooooklyn)

v7.2.2

Bug Fixes

• ae2d982 #​7027 arborist: node.target can be null when it is a file dep or symlink (#​7027) (@​ljharb, @​lukekarrys)
• f875caa #​6998 clean up shrinkwrap code (#​6998) (@​wraithgar)

Chores

• f656b66 #​7062 @npmcli/template-oss@4.21.3 (#​7062) (@​lukekarrys)
• 9754b17 #​7051 use global npm for workspace tests (@​lukekarrys)
• 3891757 #​7051 @npmcli/template-oss@4.21.2 (@​lukekarrys)

v7.2.1

Compare Source

Dependencies

• dfb6298 #​6937 node-gyp@10.0.0 (#​6937)

v7.2.0

Compare Source

Features

• 81a460f #​6732 add package-lock-only mode to npm query (@​wraithgar)
• 0d29855 #​6732 add no-package-lock mode to npm audit (@​wraithgar)

Bug Fixes

• 0860159 #​6829 ensure workspace links query parents correctly (#​6829) (@​Carl-Foster)
• bef7481 #​6782 query with workspace descendents (#​6782) (@​bdehamer)

Dependencies

• aa6728b #​6859 tar@6.2.0
• ce9089f #​6859 npm-package-arg@11.0.1
• 0a47af5 #​6859 hosted-git-info@7.0.1
• 3ebc474 #​6859 @npmcli/query@3.0.1

v7.1.0

Compare Source

Features

• 1c93c44 #​6755 Add --cpu and --os option to override platform specific install (#​6755) (@​yukukotani)

v7.0.0

Features

• fb31c7e trigger release process (@​lukekarrys)

v6.5.0

Compare Source

NEW FEATURES

• fc1a8d185 Backronym npm ci to npm clean-install. (@​zkat)
• 4be51a9cc #​81 Adds 'Homepage' to outdated --long output. (@​jbottigliero)

BUGFIXES

• 89652cb9b npm.community#1661 Fix sign-git-commit options. They were previously totally wrong. (@​zkat)
• 414f2d1a1 npm.community#1742 Set lowercase headers for npm audit requests. (@​maartenba)
• a34246baf #​75 Fix npm edit handling of scoped packages.
  (@​larsgw)* d3e8a7c72 npm.community#2303 Make summary output for npm ci go to stdout, not stderr. (@​alopezsanchez)
• 71d8fb4a9 npm.community#1377 Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make sure
  cleanup happens correctly. (@​macdja38)

DOCS UPDATES

• b1a8729c8 #​60 Mention --otp flag when prompting for OTP. (@​bakkot)
• bcae4ea81 #​64 Clarify that git dependencies use the default branch, not just master. (@​zckrs)
• 15da82690 #​72 bash_completion.d dir is sometimes found in /etc not /usr/local. (@​RobertKielty)
• 8a6ecc793 #​74 Update OTP documentation for dist-tag add to clarify --otp is needed right now. (@​scotttrinh)
• dcc03ec85 #​82 Note that prepare runs when installing git dependencies. (@​seishun)
• a91a470b7 #​83 Specify that --dry-run isn't available in older versions of npm publish. (@​kjin)
• 1b2fabcce #​96 Fix inline code tag issue in docs. (@​midare)
• 6cc70cc19 #​68 Add semver link and a note on empty string format to deprecate doc. (@​neverett)
• 61dbbb7c3 Fix semver docs after version update. (@​zkat)
• 4acd45a3d #​78 Correct spelling across various docs. (@​hugovk)

DEPENDENCIES

• 4f761283e figgy-pudding@3.5.1 (@​zkat)
• 3706db0bc npm.community#1764 ssri@6.0.1 (@​zkat)
• 83c2b117d bluebird@3.5.2 (@​petkaantonov)
• 2702f46bd ci-info@1.5.1 (@​watson)
• 4db6c3898 config-chain@1.1.1:2 (@​dawsbot)
• 70bee4f69 glob@7.1.3 (@​isaacs)
• e469fd6be
opener@1.5.1: Fix browser opening under Windows Subsystem for Linux (WSL). (@​thijsputman)
• 03840dced
semver@5.5.1 (@​iarna)
• 161dc0b41 bluebird@3.5.3 (@​petkaantonov)
• bb6f94395 graceful-fs@4.1.1:5 (@​isaacs)
• 43b1f4c91 tar@4.4.8 (@​isaacs)
• ab62afcc4 npm-packlist@1.1.1:2 (@​isaacs)
• 027f06be3 ci-info@1.6.0 (@​watson)

MISCELLANEOUS

• 27217dae8 #​70 Automatically audit dependency licenses for npm itself. (@​kemitchell)

v6.4.0

Compare Source

NEW FEATURES

• 6e9f04b0b npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken. (@​mkhl)
• 84bfd23e7 npm/cli#35 Stop filtering out non-IPv4 addresses from local-addrs, making npm actually use IPv6 addresses when it must. (@​valentin2105)
• 792c8c709 npm/cli#31 configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of --audit-level to npm audit to allow it to pass if only vulnerabilities below a certain level are found. Example: npm audit --audit-level=high will exit with 0 if only low or moderate level vulns are detected. (@​lennym)

BUGFIXES

• d81146181 npm/cli#32 Don't check for updates to npm when we are updating npm itself. (@​olore)

DEPENDENCY UPDATES

A very special dependency update event! Since the release of node-gyp@3.8.0, an awkward version conflict that was preventing request from begin flattened was resolved. This means two things:

1. We've cut down the npm tarball size by another 200kb, to 4.6MB
2. npm audit now shows no vulnerabilities for npm itself!

Thanks, @​rvagg!

• 866d776c2 request@2.87.0 (@​simov)
• f861c2b57 node-gyp@3.8.0 (@​rvagg)
• 32e6947c6 npm/cli#39 colors@1.1.2: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. (@​iarna)
• beb96b92c libcipm@2.0.1 (@​zkat)
• 348fc91ad validate-npm-package-license@3.0.4: Fixes errors with empty or string-only license fields. (@​Gudahtt)
• e57d34575 iferr@1.0.2 (@​shesek)
• 46f1c6ad4 tar@4.4.6 (@​isaacs)
• 50df1bf69 hosted-git-info@2.7.1 (@​iarna)
  (@​Erveon) (@​huochunpeng)

DOCUMENTATION

• af98e76ed npm/cli#34 Remove npm publish from list of commands not affected by --dry-run. (@​joebowbeer)
• e2b0f0921 npm/cli#36 Tweak formatting in repository field examples. (@​noahbenham)
• e2346e770 npm/cli#14 Used process.env examples to make accessing certain npm run-scripts environment variables more clear. (@​mwarger)

v6.3.0

Features

• 67459e7 #​6626 add pkg fix subcommand (@​wraithgar)

Bug Fixes

• c61e037 #​6626 use new load/create syntax for package-json (@​wraithgar)

Dependencies

• b252164 #​6626 @npmcli/package-json@4.0.0

v6.2.10

Bug Fixes

• f5b9713 #​6549 make omit flags work properly with workspaces (#​6549) (@​Rayyan98, @​lukekarrys)
• 40d7e09 #​6555 remove unnecessary package.json values (#​6555) (@​lukekarrys)

v6.2.9

Bug Fixes

• a558bbd #​6393 code cleanup (#​6393) (@​wraithgar)

Dependencies

• e498f82 #​6416 minimatch@9.0.0

v6.2.8

Bug Fixes

• 82879f6 #​6225 lazy loading of arborist and pacote (#​6225) (@​wraithgar)

Dependencies

• 3fa9542 #​6363 semver@7.5.0
• 357cc29 #​6363 walk-up-path@3.0.1

v6.2.7

Dependencies

• f1388b4 #​6317 npm update
• deca335 #​6317 promise-call-limit@1.0.2

v6.2.6

Dependencies

• ea12627 #​6275 minimatch@7.4.2

v6.2.5

Compare Source

Bug Fixes

• 8a78c6f #​6222 only add directories we made to _sparseTreeRoots (#​6222) (@​nlf)

v6.2.4

Bug Fixes

• 962a12e #​6193 arborist: dependencies from registries with a peerDependency on a workspace (#​6193) (@​ixalon)

Dependencies

• 71ae406 #​6218 @npmcli/installed-package-contents@2.0.2

v6.2.3

Bug Fixes

• 6ed3535 #​6175 linked-strategy lifecycle missing bins (#​6175) (@​fritzy)

Documentation

• 9bc455b #​6188 fixing typos (#​6188) (@​deining)

v6.2.2

Compare Source

Bug Fixes

• 12ec7ee remove unused package.json scripts (@​lukekarrys)

Dependencies

• d43f881 map-workspaces@3.0.2
• 99457f1 minimatch@6.1.6

v6.2.1

Compare Source

Bug Fixes

• f5b9713 #​6549 make omit flags work properly with workspaces (#​6549) (@​Rayyan98, @​lukekarrys)
• 40d7e09 #​6555 remove unnecessary package.json values (#​6555) (@​lukekarrys)

v6.2.0

Compare Source

Features

• 8d6d851 #​6078 added --install-strategy=linked (#​6078) (@​fritzy)

v6.1.6

Compare Source

Bug Fixes

• b584af0 #​6022 remove unneeded param default (@​wraithgar)
• 2ba1171 streamline workspace loading code (@​wraithgar)
• 2383deb #​6037 clean urls from arborist, owner, and ping commands (#​6037) (@​lukekarrys)
• c52cf6b #​5960 properly handle directory, file, git and alias specs in overrides (@​nlf)

v6.1.5

Compare Source

Bug Fixes

• 83fb125 #​5923 audit package mismatch in special case (@​fritzy)

Dependencies

• 372d158 #​5935 minimatch@5.1.1 (#​5935)
• 0a3fe00 #​5933 minipass@4.0.0
• cf0a174 ssri@10.0.1
• 3da9a1a pacote@15.0.7
• fee9b66 npm-registry-fetch@14.0.3
• e940917 cacache@17.0.3
• 875bd56 npm-package-arg@10.1.0

v6.1.4

Bug Fixes

• 80c6c4a #​5907 do not reset hidden lockfile data before saving (#​5907) (@​nlf)

v6.1.3

Bug Fixes

• 3f13818 #​5859 refactor / inline single use code (#​5859) (@​wraithgar)

v6.1.2

Dependencies

• 335c7e4 #​5813 cacache@17.0.2
• 878ddfb @npmcli/fs@3.1.0

v6.1.1

Bug Fixes

• 1f5382d #​5789 don't set stdioString for any spawn/run-script calls (@​lukekarrys)
• 0c5834e #​5758 use hosted-git-info to parse registry urls (#​5758) (@​lukekarrys)

Dependencies

• b89c19e #​5795 cli-table3@​0.6.3
• 66f9bcd nopt@7.0.0
• abfb28b @npmcli/run-script@6.0.0

v6.1.0

Compare Source

Features

• 3dd8d68 #​5751 sort and quote yarn lock keys according to yarn rules (#​5751) (@​wraithgar, @​shalvah)

Dependencies

• de6618e #​5757 @npmcli/promise-spawn@5.0.0 (#​5757)

v6.0.0

Features

• 586e78d empty commit to trigger all workspace releases (@​lukekarrys)

v5.6.2

Compare Source

v5.6.1

Compare Source

Bug Fixes

• 1e84102 #​5350 fix: create links relative to the target (@​wraithgar)
• ea5e3a3 #​5350 fix: inline single-use functions (@​wraithgar)
• 645c680 #​5329 fix: update index.js spelling error in comment (@​KevinBrother)
• bd2ae5d #​5323 fix: linting (@​wraithgar)

Dependencies

• 1286f03 #​5381 deps: unique-filename@2.0.1
• 2c4e387 #​5381 deps: hosted-git-info@5.1.0
• b12ac01 #​5381 deps: npm-pick-manifest@7.0.2
• 7fbf6f7 #​5381 deps: bin-links@3.0.3
• 26d2e55 #​5381 deps: @npmcli/query@1.2.0
• a79ee00 #​5381 deps: cacache@16.1.3
• 8ab12dc #​5323 deps: @npmcli/eslint-config@3.1.0

v5.6.0

Compare Source

Features

• arborist: add :overridden pseudo selector (d221f72)
• arborist: add overridden getter to Node class (e6d4304)
• query: support :overridden pseudo selector (0d4ed0f)

v5.5.0

Compare Source

Features

• arborist: add option to forcibly skip loading a virtual tree (96b6781)

Bug Fixes

• query: tell arborist to load an actual tree, not a virtual one (9078e27)

Dependencies

• nopt@6.0.0 (7f31b85)

v5.4.0

Compare Source

Features

• add --replace-registry-host=<npmjs|always|never> (#​4860) (703dbbf)
• add --replace-registry-host=<npmjs|always|never>| (703dbbf)
• add npm query cmd (#​5000) (3c024ac)

Bug Fixes

• arborist: fix bare attribute queries (#​5248) (8233fca)
• arborist: pass the edge to fromPath in order to determine correct path (#​5233) (050284d)
• arborist: use the sourceReference root rather than the node root for overrides (#​5227) (47cc95d), closes #​4395

Dependencies

• @​npmcli/query@​1.1.1 (#​5247) (d55007d)

v5.3.1

Compare Source

Bug Fixes

• allow hash character in paths (#​5122) (62b95a0)

v5.3.0

Compare Source

Features

• arborist: add support for dependencies script (#​5094) (e9b4214)

v5.2.3

Compare Source

Dependencies

• @​npmcli/run-script@​4.1.3 ([#​5064](https://redirect.github.co

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.