Skip to content

build(deps): bump npm from 11.6.1 to 12.0.1#707

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/master/npm-12.0.1
Closed

build(deps): bump npm from 11.6.1 to 12.0.1#707
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/master/npm-12.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor

Bumps npm from 11.6.1 to 12.0.1.

Release notes

Sourced from npm's releases.

v12.0.1

12.0.1 (2026-07-10)

Bug Fixes

Dependencies

libnpmpublish: v12.0.0

12.0.0 (2026-07-08)

⚠️ BREAKING CHANGES

  • npm now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • opts.access now defaults to null instead of 'public'. With null, libnpmpublish no longer sets an explicit access level in the publish payload, so new scoped packages are created as restricted (registry default) and republishes preserve the existing access level. Callers that want to force public access must now pass access: 'public' explicitly.

Features

v12.0.0

12.0.0 (2026-07-08)

⚠️ BREAKING CHANGES

  • npm view --json now always returns an array.
  • npm sbom --sbom-format=cyclonedx now reports the name field from each package's package.json instead of the on-disk directory name. The name, bom-ref, and purl of the root component and of aliased dependencies may change.
  • npm no longer registers man pages with the system when installed globally. man npm-install will no longer work, but npm help install is unaffected.
  • The npm pkg output is no longer forced to json. This means you can get single values without having to worry about wrapping of the values. It also outputs non-json content more similarly to npm view.
  • npm shrinkwrap is removed, the shrinkwrap config alias is removed, and npm-shrinkwrap.json is no longer loaded or honored at the project root or from inside dependency tarballs. Rename project-root npm-shrinkwrap.json to package-lock.json; use bundleDependencies if you need to ship a locked dependency tree.
  • The Twitter and Freenode profile fields have been removed from the npm registry. This means that users will no longer be able to set or view these fields in their npm profiles.
  • npm will no longer attempt to resolve the path to node via whichnode. process.execPath is already set by Node to the resolved real path of the node binary, so the lookup was redundant. Scripts that expected npm to override process.execPath with a PATH-resolved (potentially symlinked) node path may be affected.
  • the --json output of npm pack and npm publish have changed. They are now always consistent, and in the same format.
  • the star, stars and unstar commands have been removed
  • The npm adduser command has been removed. Create and manage user accounts on the npm website, and use npm login to authenticate on the command line.
  • Preserve https protocol when working with git (#8703)
  • The default license for npm init has been changed from "ISC" to an empty string. If not set, the license field will be omitted from new packages.
  • npm now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • allow-git and allow-remote now default to "none"; set them to "all" (or "root") to install git or user-supplied tarball-URL dependencies.
  • root `preinstall` now runs before dependencies are installed.
  • unknown configs in .npmrc, unknown CLI flags, abbreviated flags, and single-hyphen multi-char shorthands now throw instead of warning.

Chores

Dependencies

... (truncated)

Changelog

Sourced from npm's changelog.

12.0.1 (2026-07-10)

Bug Fixes

Dependencies

12.0.0 (2026-07-08)

⚠️ BREAKING CHANGES

  • npm view --json now always returns an array.
  • npm sbom --sbom-format=cyclonedx now reports the name field from each package's package.json instead of the on-disk directory name. The name, bom-ref, and purl of the root component and of aliased dependencies may change.
  • npm no longer registers man pages with the system when installed globally. man npm-install will no longer work, but npm help install is unaffected.
  • The npm pkg output is no longer forced to json. This means you can get single values without having to worry about wrapping of the values. It also outputs non-json content more similarly to npm view.
  • npm shrinkwrap is removed, the shrinkwrap config alias is removed, and npm-shrinkwrap.json is no longer loaded or honored at the project root or from inside dependency tarballs. Rename project-root npm-shrinkwrap.json to package-lock.json; use bundleDependencies if you need to ship a locked dependency tree.
  • The Twitter and Freenode profile fields have been removed from the npm registry. This means that users will no longer be able to set or view these fields in their npm profiles.
  • npm will no longer attempt to resolve the path to node via whichnode. process.execPath is already set by Node to the resolved real path of the node binary, so the lookup was redundant. Scripts that expected npm to override process.execPath with a PATH-resolved (potentially symlinked) node path may be affected.
  • the --json output of npm pack and npm publish have changed. They are now always consistent, and in the same format.
  • the star, stars and unstar commands have been removed
  • The npm adduser command has been removed. Create and manage user accounts on the npm website, and use npm login to authenticate on the command line.
  • Preserve https protocol when working with git (#8703)
  • The default license for npm init has been changed from "ISC" to an empty string. If not set, the license field will be omitted from new packages.
  • npm now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
  • allow-git and allow-remote now default to "none"; set them to "all" (or "root") to install git or user-supplied tarball-URL dependencies.
  • root `preinstall` now runs before dependencies are installed.
  • unknown configs in .npmrc, unknown CLI flags, abbreviated flags, and single-hyphen multi-char shorthands now throw instead of warning.

Chores

Dependencies

... (truncated)

Commits
  • 72a6088 chore: release 12.0.1
  • ecb02a8 fix(view): avoid wrapping array results (#9745)
  • 47fc8b1 fix: correct bundled sigstore from dev dependency conflict (#9740)
  • 4403f05 chore: release 12.0.0
  • 5b83698 feat: trigger release process (#9737)
  • b77b532 chore: remove pre-release mode from npm 12 and workspaces (#9735)
  • 230e221 chore: release 12.0.0-pre.3
  • 6fefd0e chore: clarify unknown-config breaking change note in changelog (#9733)
  • fd75880 feat: warn instead of error on unknown .npmrc configs (#9729)
  • 42b12c2 feat(install-scripts): use install-scripts as the warning log title
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [npm](https://github.com/npm/cli) from 11.6.1 to 12.0.1.
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v11.6.1...v12.0.1)

---
updated-dependencies:
- dependency-name: npm
  dependency-version: 12.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 11, 2026
@vercel

vercel Bot commented Jul 11, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
codeceptjs4 Error Error Jul 11, 2026 3:15am

@Arhell Arhell left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Close

@Arhell Arhell closed this Jul 12, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/master/npm-12.0.1 branch July 12, 2026 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant