deps: upgrade npm to 9.3.0

PR-URL: #46193
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: Rich Trott <[email protected]>

Author: npm-cli-bot

Makefile

@@ -1550,7 +1550,7 @@ CONFLICT_RE=^>>>>>>> [[:xdigit:]]+|^<<<<<<< [[:alpha:]]+
 
 # Related CI job: node-test-linter
 lint-ci: lint-js-ci lint-cpp lint-py lint-md lint-addon-docs lint-yaml-build lint-yaml
-	@if ! ( grep -IEqrs "$(CONFLICT_RE)" --exclude="error-message.js" benchmark deps doc lib src test tools ) \
+	@if ! ( grep -IEqrs "$(CONFLICT_RE)" --exclude="error-message.js" --exclude="merge-conflict.json" benchmark deps doc lib src test tools ) \
 		&& ! ( $(FIND) . -maxdepth 1 -type f | xargs grep -IEqs "$(CONFLICT_RE)" ); then \
 		exit 0 ; \
 	else \

deps/npm/docs/content/commands/npm-access.md

@@ -16,6 +16,8 @@ npm access grant <read-only|read-write> <scope:team> [<package>]
 npm access revoke <scope:team> [<package>]
 ```
 
+Note: This command is unaware of workspaces.
+
 ### Description
 
 Used to set access controls on private packages.

deps/npm/docs/content/commands/npm-adduser.md

@@ -67,7 +67,8 @@ npm init --scope=@foo --yes
 * Default: "web"
 * Type: "legacy" or "web"
 
-What authentication strategy to use with `login`.
+What authentication strategy to use with `login`. Note that if an `otp`
+config is given, this value will always be set to `legacy`.
 
 ### See Also
 

deps/npm/docs/content/commands/npm-ci.md

@@ -138,7 +138,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `omit`
 
@@ -173,7 +173,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm-dedupe.md

@@ -109,7 +109,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `strict-peer-deps`
 
@@ -126,7 +126,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm-find-dupes.md

@@ -49,7 +49,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `strict-peer-deps`
 
@@ -66,7 +66,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm-init.md

@@ -7,7 +7,7 @@ description: Create a package.json file
 ### Synopsis
 
 ```bash
-npm init <package-spec> (same as `npx <package-spec>)
+npm init <package-spec> (same as `npx <package-spec>`)
 npm init <@scope> (same as `npx <@scope>/create`)
 
 aliases: create, innit

deps/npm/docs/content/commands/npm-install-ci-test.md

@@ -84,7 +84,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `omit`
 
@@ -119,7 +119,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm-install-test.md

@@ -85,7 +85,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `omit`
 
@@ -120,7 +120,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm-install.md

@@ -475,7 +475,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `omit`
 
@@ -510,7 +510,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm-link.md

@@ -176,7 +176,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `strict-peer-deps`
 
@@ -193,7 +193,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm-login.md

@@ -74,7 +74,8 @@ npm init --scope=@foo --yes
 * Default: "web"
 * Type: "legacy" or "web"
 
-What authentication strategy to use with `login`.
+What authentication strategy to use with `login`. Note that if an `otp`
+config is given, this value will always be set to `legacy`.
 
 ### See Also
 

deps/npm/docs/content/commands/npm-ls.md

@@ -27,7 +27,7 @@ packages will *also* show the paths to the specified packages.  For
 example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-npm@9.2.0 /path/to/npm
+npm@9.3.0 /path/to/npm
 └─┬ [email protected]
   └── [email protected]
 ```

deps/npm/docs/content/commands/npm-owner.md

@@ -14,8 +14,6 @@ npm owner ls <package-spec>
 alias: author
 ```
 
-Note: This command is unaware of workspaces.
-
 ### Description
 
 Manage ownership of published packages.

deps/npm/docs/content/commands/npm-publish.md

@@ -107,8 +107,8 @@ tarball that will be compared with the local files by default.
   current level
 * Type: null, "restricted", or "public"
 
-If do not want your scoped package to be publicly viewable (and installable)
-set `--access=restricted`.
+If you do not want your scoped package to be publicly viewable (and
+installable) set `--access=restricted`.
 
 Unscoped packages can not be set to `restricted`.
 

deps/npm/docs/content/commands/npm-root.md

@@ -10,6 +10,8 @@ description: Display npm root
 npm root
 ```
 
+Note: This command is unaware of workspaces.
+
 ### Description
 
 Print the effective `node_modules` folder to standard out.

deps/npm/docs/content/commands/npm-update.md

@@ -215,7 +215,7 @@ de-duplicating. Sets `--install-strategy=nested`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `omit`
 
@@ -250,7 +250,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 

deps/npm/docs/content/commands/npm.md

@@ -10,9 +10,11 @@ description: javascript package manager
 npm
 ```
 
+Note: This command is unaware of workspaces.
+
 ### Version
 
-9.2.0
+9.3.0
 
 ### Description
 
@@ -132,7 +134,7 @@ npm is extremely configurable.  It reads its configuration options from
   in the cli, env, or user config, then that file is parsed instead.
 * Defaults:
   npm's default configuration options are defined in
-  lib/utils/config-defs.js.  These must not be changed.
+  `lib/utils/config/definitions.js`.  These must not be changed.
 
 See [`config`](/using-npm/config) for much much more information.
 

deps/npm/docs/content/configuring-npm/install.md

@@ -17,11 +17,11 @@ run npm packages globally.
 ### Overview
 
 - [Checking your version of npm and
-  Node.js](#checking-your-version-of-npm-and-node-js)
+  Node.js](#checking-your-version-of-npm-and-nodejs)
 - [Using a Node version manager to install Node.js and
-  npm](#using-a-node-version-manager-to-install-node-js-and-npm)
+  npm](#using-a-node-version-manager-to-install-nodejs-and-npm)
 - [Using a Node installer to install Node.js and
-  npm](#using-a-node-installer-to-install-node-js-and-npm)
+  npm](#using-a-node-installer-to-install-nodejs-and-npm)
 
 ### Checking your version of npm and Node.js
 

deps/npm/docs/content/using-npm/config.md

@@ -142,8 +142,8 @@ safer to use a registry-provided authentication bearer token stored in the
   current level
 * Type: null, "restricted", or "public"
 
-If do not want your scoped package to be publicly viewable (and installable)
-set `--access=restricted`.
+If you do not want your scoped package to be publicly viewable (and
+installable) set `--access=restricted`.
 
 Unscoped packages can not be set to `restricted`.
 
@@ -192,7 +192,8 @@ exit code.
 * Default: "web"
 * Type: "legacy" or "web"
 
-What authentication strategy to use with `login`.
+What authentication strategy to use with `login`. Note that if an `otp`
+config is given, this value will always be set to `legacy`.
 
 #### `before`
 
@@ -1240,7 +1241,7 @@ be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's `peerDependencies` object.
 
-When such and override is performed, a warning is printed, explaining the
+When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If `--strict-peer-deps` is set, then
 this warning is treated as a failure.
 
@@ -1521,7 +1522,7 @@ Alias for `--include=dev`.
   `--install-strategy=shallow`
 
 Only install direct dependencies in the top level `node_modules`, but hoist
-on deeper dependendencies. Sets `--install-strategy=shallow`.
+on deeper dependencies. Sets `--install-strategy=shallow`.
 
 #### `init.author.email`
 

deps/npm/docs/content/using-npm/registry.md

@@ -35,7 +35,7 @@ Authentication configuration such as auth tokens and certificates are configured
 specifically scoped to an individual registry. See
 [Auth Related Configuration](/configuring-npm/npmrc#auth-related-configuration)
 
-When the default registry is used in a package-lock or shrinkwrap is has the
+When the default registry is used in a package-lock or shrinkwrap it has the
 special meaning of "the currently configured registry". If you create a lock
 file while using the default registry you can switch to another registry and
 npm will install packages from the new registry, but if you create a lock

deps/npm/docs/content/using-npm/removal.md

@@ -28,8 +28,8 @@ continue reading.
 
 Note that this is only necessary for globally-installed packages.  Local
 installs are completely contained within a project's `node_modules`
-folder.  Delete that folder, and everything is gone less a package's
-install script is particularly ill-behaved).
+folder.  Delete that folder, and everything is gone unless a package's
+install script is particularly ill-behaved.
 
 This assumes that you installed node and npm in the default place.  If
 you configured node with a different `--prefix`, or installed npm with a

deps/npm/docs/content/using-npm/scripts.md

@@ -63,7 +63,7 @@ situations. These scripts happen in addition to the `pre<event>`, `post<event>`,
 * Runs BEFORE the package is prepared and packed, ONLY on `npm publish`.
 
 **prepack**
-* Runs BEFORE a tarball is packed (on "`npm pack`", "`npm publish`", and when installing a git dependencies).
+* Runs BEFORE a tarball is packed (on "`npm pack`", "`npm publish`", and when installing a git dependency).
 * NOTE: "`npm run pack`" is NOT the same as "`npm pack`". "`npm run pack`" is an arbitrary user defined script name, where as, "`npm pack`" is a CLI defined command.
 
 **postpack**

deps/npm/docs/output/commands/npm-access.html

@@ -154,6 +154,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 npm access grant &lt;read-only|read-write&gt; &lt;scope:team&gt; [&lt;package&gt;]
 npm access revoke &lt;scope:team&gt; [&lt;package&gt;]
 </code></pre>
+<p>Note: This command is unaware of workspaces.</p>
 <h3 id="description">Description</h3>
 <p>Used to set access controls on private packages.</p>
 <p>For all of the subcommands, <code>npm access</code> will perform actions on the packages

deps/npm/docs/output/commands/npm-adduser.html

@@ -190,7 +190,8 @@ <h4 id="auth-type"><code>auth-type</code></h4>
 <li>Default: "web"</li>
 <li>Type: "legacy" or "web"</li>
 </ul>
-<p>What authentication strategy to use with <code>login</code>.</p>
+<p>What authentication strategy to use with <code>login</code>. Note that if an <code>otp</code>
+config is given, this value will always be set to <code>legacy</code>.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
 <li><a href="../using-npm/registry.html">npm registry</a></li>

deps/npm/docs/output/commands/npm-ci.html

@@ -256,7 +256,7 @@ <h4 id="global-style"><code>global-style</code></h4>
 <code>--install-strategy=shallow</code></li>
 </ul>
 <p>Only install direct dependencies in the top level <code>node_modules</code>, but hoist
-on deeper dependendencies. Sets <code>--install-strategy=shallow</code>.</p>
+on deeper dependencies. Sets <code>--install-strategy=shallow</code>.</p>
 <h4 id="omit"><code>omit</code></h4>
 <ul>
 <li>Default: 'dev' if the <code>NODE_ENV</code> environment variable is set to
@@ -284,7 +284,7 @@ <h4 id="strict-peer-deps"><code>strict-peer-deps</code></h4>
 be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's <code>peerDependencies</code> object.</p>
-<p>When such and override is performed, a warning is printed, explaining the
+<p>When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If <code>--strict-peer-deps</code> is set, then
 this warning is treated as a failure.</p>
 <h4 id="package-lock"><code>package-lock</code></h4>

deps/npm/docs/output/commands/npm-dedupe.html

@@ -225,7 +225,7 @@ <h4 id="global-style"><code>global-style</code></h4>
 <code>--install-strategy=shallow</code></li>
 </ul>
 <p>Only install direct dependencies in the top level <code>node_modules</code>, but hoist
-on deeper dependendencies. Sets <code>--install-strategy=shallow</code>.</p>
+on deeper dependencies. Sets <code>--install-strategy=shallow</code>.</p>
 <h4 id="strict-peer-deps"><code>strict-peer-deps</code></h4>
 <ul>
 <li>Default: false</li>
@@ -239,7 +239,7 @@ <h4 id="strict-peer-deps"><code>strict-peer-deps</code></h4>
 be resolved using the nearest non-peer dependency specification, even if
 doing so will result in some packages receiving a peer dependency outside
 the range set in their package's <code>peerDependencies</code> object.</p>
-<p>When such and override is performed, a warning is printed, explaining the
+<p>When such an override is performed, a warning is printed, explaining the
 conflict and the packages involved. If <code>--strict-peer-deps</code> is set, then
 this warning is treated as a failure.</p>
 <h4 id="package-lock"><code>package-lock</code></h4>