deps: upgrade npm in LTS to 2.15.11

PR-URL: #8928
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: Jeremiah Senkpiel <[email protected]>

deps/npm/AUTHORS

@@ -370,3 +370,11 @@ Gianluca Casati <[email protected]>
 Tapani Moilanen <[email protected]>
 Simon MacDonald <[email protected]>
 Adam Stankiewicz <[email protected]>
+Julian Duque <[email protected]>
+Michael Hart <[email protected]>
+Daniel Paz-Soldan <[email protected]>
+legodude17 <[email protected]>
+Andrew Meyer <[email protected]>
+Michael Jasper <[email protected]>
+Max <[email protected]>
+Jason Karns <[email protected]>

deps/npm/CHANGELOG.md

@@ -1,3 +1,200 @@
+### v2.15.11 (2016-09-08):
+
+On we go with our monthly release cadence! This week is pretty much all
+dependency updates and some documentation changes, as can be expected by now.
+
+Note that `npm@4` will almost certainly be released next month! It's not final
+what we'll end up doing as far as LTS support goes, but the current thinking is
+that, considering how small and resource-constrained our team is, support for
+`npm@2` will be reduced to essentially maintenance, so we can better focus on
+`npm@3` as the new LTS version (which will go into `node@6`), and `npm@4` as our
+next main development version.
+
+#### DOCUMENTATION UPDATES
+
+* [`8f71038`](https://github.com/npm/npm/commit/8f71038310501ad5bc7445b2fa2ff0eaa377919a)
+  [#13892](https://github.com/npm/npm/pull/13892)
+  Update `LICENSE` file to match license on `master`.
+  ([@rvagg](https://github.com/rvagg))
+* [`e81b4f1`](https://github.com/npm/npm/commit/e81b4f1d18a4d79b7af8342747f2ed7dc3e84f0a)
+  [#12438](https://github.com/npm/npm/issues/12438)
+  Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files
+  executable directly.
+  ([@mxstbr](https://github.com/mxstbr))
+* [`f89789f`](https://github.com/npm/npm/commit/f89789f43d65bfc74f64f15a99356841377e1af3)
+  [#13655](https://github.com/npm/npm/pull/13655)
+  Document line comment syntax for `.npmrc`.
+  ([@mdjasper](https://github.com/mdjasper))
+* [`5cd3abc`](https://github.com/npm/npm/commit/5cd3abc3511515e09b4a1b781c0520e84c267c5b)
+  [#13493](https://github.com/npm/npm/pull/13493)
+  Document that the user config file can itself be configured either through the
+  `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line
+  flag.
+  ([@jasonkarns](https://github.com/jasonkarns))
+* [`dd71ca0`](https://github.com/npm/npm/commit/dd71ca0efc2094b824ccc9e23af0fc915499f2e6)
+  [#13911](https://github.com/npm/npm/pull/13911)
+  Minor documentation reword and cleanup.
+  ([@othiym23](https://github.com/othiym23))
+* [`f7a320c`](https://github.com/npm/npm/commit/f7a320c816947d578a050c97e0fb9878954be0e8)
+  [#13682](https://github.com/npm/npm/pull/13682)
+  Minor grammar fix in documentation for `npm scripts`.
+  ([@Ajedi32](https://github.com/Ajedi32))
+* [`e5cb5e8`](https://github.com/npm/npm/commit/e5cb5e8fcf4642836fedf3f3421c994a8e27e19b)
+  [#13717](https://github.com/npm/npm/pull/13717)
+  Document that `npm link` will link the files specified in the `bin` field of
+  `package.json` to `{prefix}/bin/{name}`.
+  ([@legodude17](https://github.com/legodude17))
+
+#### DEPENDENCY UPDATES
+* [`8bef026`](https://github.com/npm/npm/commit/8bef026603b6da888edf0d41308d9e532abfcd54)
+  `[email protected]`
+  ([@francescoinfante](https://github.com/francescoinfante))
+* [`9f73f4a`](https://github.com/npm/npm/commit/9f73f4aab5f56b256c5cf9e461e81abfa2844945)
+  `[email protected]`
+  ([@isaacs](https://github.com/isaacs))
+* [`5391b7e`](https://github.com/npm/npm/commit/5391b7e8cd4401fbadbf54e810fdc965a3662a21)
+  `[email protected]`
+  ([@isaacs](https://github.com/isaacs))
+* [`43bfec8`](https://github.com/npm/npm/commit/43bfec8376dd8ded7d56a8dabd6139919544760e)
+  `[email protected]`
+  ([@tim-kos](https://github.com/tim-kos))
+* [`39305f1`](https://github.com/npm/npm/commit/39305f1c76f74bf9789c769ef72a94ea9a81d119)
+  `[email protected]`
+  ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`a5512fa`](https://github.com/npm/npm/commit/a5512fafd72e23755e77e28f1122b008bc12a733)
+  `[email protected]`
+  ([@zkochan](https://github.com/zkochan))
+* [`06a208b`](https://github.com/npm/npm/commit/06a208b178c1de3d0da58bc35a854d200fea8ef0)
+  `[email protected]`:
+  * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax))
+  * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel))
+  * Fixes [#13656](https://github.com/npm/npm/issues/13656).
+  * Dependency updates.
+  * Documentation improvements.
+  ([@othiym23](https://github.com/othiym23))
+* [`4f759be`](https://github.com/npm/npm/commit/4f759be1fb5e23180b970350e58f40a513daa680)
+  `[email protected]`
+  ([@isaacs](https://github.com/isaacs))
+* [`4258b76`](https://github.com/npm/npm/commit/4258b764e2565f6294ae1e34a5653895290b62e3)
+  `[email protected]`
+  ([@isaacs](https://github.com/isaacs))
+
+### v2.15.10 (2016-08-11):
+
+Hi all, today's our first release coming out of the new monthly release
+cadence. See below for details. We're all recovered from conferences now and
+raring to go! For LTS we see some bug fixes, documentation improvements and
+a host of dependency updates.
+
+The most dramatic bug fix is probably the inclusion of scoped modules in
+bundled dependencies. Prior to this release and
+[v3.10.7](https://github.com/npm/npm/releases/v3.10.7), npm had ignored
+scoped modules found in `bundleDependencies` entirely.
+
+#### NEW RELEASE CADENCE
+
+Releasing npm has been, for the most part, a very prominent part of our
+weekly process process. As part of our efforts to find the most effective
+ways to allocate our team's resources, we decided last month that we would
+try and slow our releases down to a monthly cadence, and see if we found
+ourselves with as much extra time and attention as we expected to have.
+Process experiments are useful for finding more effective ways to do our
+work, and we're at least going to keep doing this for a whole quarter, and
+then measure how well it worked out. It's entirely likely that we'll switch
+back to a more frequent cadence, specially if we find that the value that
+weekly cadence was providing the community is not worth sacrificing for a
+bit of extra time. Does this affect you significantly? Let us know!
+
+#### WINDOWS CORNER CASES
+
+* [`405c404`](https://github.com/npm/npm/commit/405c4048c69c14d66e6179aba0c8a35e504e8041)
+  [#13023](https://github.com/npm/npm/pull/13023)
+  Fixed a Windows issue with the cache where callbacks could be called more than once.
+  ([@zkat](https://github.com/zkat))
+
+* [`bf348dc`](https://github.com/npm/npm/commit/bf348dcfb944dc4b9f71b779bf172f86a2e1f474)
+  [#13023](https://github.com/npm/npm/pull/13023)
+  Fixed a Windows corner case with correct-mkdir where if SUDO_UID or
+  SUDO_GID were set then we would try to chown things even though that can't
+  work on Windows.
+  ([@zkat](https://github.com/zkat))
+
+#### RACES IN THE CACHE
+
+* [`68f29f1`](https://github.com/npm/npm/commit/68f29f18f65c7a7e1c58eb6933af41d786971379)
+  [#12669](https://github.com/npm/npm/issues/12669)
+  Ignore ENOENT errors on chownr while adding packages to cache. This change
+  works around problems with race conditions and local packages.
+  ([@julianduque](https://github.com/julianduque))
+
+#### BETTER GIT ENVIRONMENT WHITELISTING
+
+* [`5e96566`](https://github.com/npm/npm/commit/5e96566088f0d88c1ed10c5a9cbb7c0cd4aa2aee)
+  [#13358](https://github.com/npm/npm/pull/13358)
+  Add GIT_EXEC_PATH to Git environment whitelist.
+  ([@mhart](https://github.com/mhart))
+
+#### DOCUMENTATION
+
+* [`363e381`](https://github.com/npm/npm/commit/363e381a4076ead89707a00cc4a447b1d59df3bc)
+  [#13319](https://github.com/npm/npm/pull/13319)
+  As Node.js 0.8 is no longer supported, remove mention of it from the README.
+  ([@watilde](https://github.com/watilde))
+* [`e8fafa8`](https://github.com/npm/npm/commit/e8fafa887c60eb8842c76c4b3dffe85eb49fa434)
+  [#10167](https://github.com/npm/npm/pull/10167)
+  Clarify in scope documentation that npm@2 is required for scoped packages.
+  ([@danpaz](https://github.com/danpaz))
+
+#### DEPENDENCIES
+
+* [`66ef279`](https://github.com/npm/npm/commit/66ef279b7c3b3e4f9454474dddd057cc1f21873b)
+  [npm/fstream-npm#22](https://github.com/npm/fstream-npm/pull/22)
+  `[email protected]`:
+  Always include NOTICE files now. Fix inclusion of scoped modules as bundled dependencies.
+  ([@kemitchell](https://github.com/kemitchell))
+  ([@forivall](https://github.com/forivall))
+* [`fe8385b`](https://github.com/npm/npm/commit/fe8385bd655502feb175eed175a6a06cafb2247a)
+  `[email protected]`:
+  Update minimatch dep for security fix. See the minimatch update below for details.
+  ([@isaacs](https://github.com/isaacs))
+* [`51d49d2`](https://github.com/npm/npm/commit/51d49d2f79b4c69264de73a492ed54f87188d554)
+  [isaacs/node-graceful-fs#71](https://github.com/isaacs/node-graceful-fs/pull/71)
+  `[email protected]`:
+  `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which
+  fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed
+  by recent changes to Node.js.
+  ([@thefourtheye](https://github.com/thefourtheye))
+* [`5c8f39d`](https://github.com/npm/npm/commit/5c8f39d152c43e96b9006ffe865646a36a433a8a)
+  `[email protected]`:
+  Handle extremely long and terrible patterns more gracefully.
+  There were some magic numbers that assumed that every extglob pattern starts
+  and ends with a specific number of characters in the regular expression.
+  Since !(||) patterns are a little bit more complicated, this led to creating
+  an invalid regular expression and throwing.
+  ([@isaacs](https://github.com/isaacs))
+* [`d681e16`](https://github.com/npm/npm/commit/d681e16a475a49d6196af9a5cedaaf88712f3a9f)
+  [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9)
+  `[email protected]`:
+  Use correct, lower username length limit.
+  ([@aredridel](https://github.com/aredridel))
+* [`f918994`](https://github.com/npm/npm/commit/f918994bd05ca965766cd573606ac35fb3032d6e)
+  `[email protected]`:
+  Update `request` dependency `tough-cookie` to `2.3.0` to
+  to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130).
+  Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that,
+  under certain conditions involving long strings of semicolons in the
+  "Set-Cookie" header, causes the event loop to block for excessive amounts of
+  time.
+  ([@stash-sfdc](https://github.com/stash-sfdc))
+* [`5540cc4`](https://github.com/npm/npm/commit/5540cc4d6bde65071fb6fc2cb074e8598bd1276f)
+  [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111)
+  `[email protected]`: Clarify assertions: cb is required, options are not.
+  ([@isaacs](https://github.com/isaacs))
+* [`6357928`](https://github.com/npm/npm/commit/6357928673be85f520dae2104fea58c35742bd65)
+  `[email protected]`:
+  New licenses synced from spdx.org.
+  ([@shinnn](https://github.com/shinnn))
+
 ### v2.15.9 (2016-06-30):
 
 What's this? An LTS release? Yes, that is indeed so. Small, as usual, and as

deps/npm/LICENSE

@@ -233,49 +233,3 @@ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
 --------
-
-
-The following additional terms shall apply to use of the npm software, the npm
-website, the npm repository and any other services or products offered by npm,
-Inc.:
-
-"Node.js" trademark Joyent, Inc.  npm is not officially part of the Node.js
-project, and is neither owned by nor affiliated with Joyent, Inc.
-
-"npm" and "The npm Registry" are owned by npm, Inc. All rights reserved.
-
-Modules published on the npm registry are not officially endorsed by npm, Inc.
-or the Node.js project.
-
-Data published to the npm registry is not part of npm itself, and is the sole
-property of the publisher. While every effort is made to ensure accountability,
-there is absolutely no guarantee, warrantee, or assertion expressed or implied
-as to the quality, fitness for a specific purpose, or lack of malice in any
-given npm package.  Packages downloaded through the npm registry are
-independently licensed and are not covered by this license.
-
-Additional policies relating to, and restrictions on use of, npm products and
-services are available on the npm website.  All such policies and restrictions,
-as updated from time to time, are hereby incorporated into this license
-agreement.  By using npm, you acknowledge your agreement to all such policies
-and restrictions.
-
-If you have a complaint about a package in the public npm registry, and cannot
-resolve it with the package owner, please email [email protected] and explain
-the situation.  See the [npm Dispute Resolution
-policy](https://github.com/npm/policies/blob/master/disputes.md) for more
-details.
-
-Any data published to The npm Registry (including user account information) may
-be removed or modified at the sole discretion of the npm server administrators.
-
-"npm Logo" contributed by Mathias Pettersson and Brian Hammond,
-use is subject to https://www.npmjs.com/policies/trademark
-
-"Gubblebum Blocky" font
-Copyright (c) by Tjarda Koster, https://jelloween.deviantart.com
-included for use in the npm website and documentation,
-used with permission.
-
-This program uses several Node modules contained in the node_modules/
-subdirectory, according to the terms of their respective licenses.

deps/npm/README.md

@@ -9,7 +9,7 @@ Much more info available via `npm help` once it's installed.
 
 ## IMPORTANT
 
-**You need node v0.8 or higher to run this program.**
+**You need node v0.10 or higher to run this program.**
 
 To install an old **and unsupported** version of npm that works on node 0.3
 and prior, clone the git repo and dig through the old tags and branches.

deps/npm/doc/cli/npm-install.md

@@ -171,6 +171,7 @@ after packing it up into a tarball (b).
     to the environment when running git:
 
     * `GIT_ASKPASS`
+    * `GIT_EXEC_PATH`
     * `GIT_PROXY_COMMAND`
     * `GIT_SSH`
     * `GIT_SSH_COMMAND`

deps/npm/doc/cli/npm-link.md

@@ -13,7 +13,8 @@ Package linking is a two-step process.
 
 First, `npm link` in a package folder will create a symlink in the global folder
 `{prefix}/lib/node_modules/<package>` that links to the package where the `npm
-link` command was executed. (see `npm-config(7)` for the value of `prefix`).
+link` command was executed. (see `npm-config(7)` for the value of `prefix`). It
+will also link any bins in the package to `{prefix}/bin/{name}`.
 
 Next, in some other location, `npm link package-name` will create a
 symbolic link from globally-installed `package-name` to `node_modules/`

deps/npm/doc/files/npmrc.md

@@ -41,6 +41,16 @@ sensitive credentials, they must be readable and writable _only_ by your user
 account (i.e. must have a mode of `0600`), otherwise they _will be ignored by
 npm!_
 
+#### Comments
+
+Lines in `.npmrc` files are interpreted as comments when they begin with a `;` or `#` character. `.npmrc` files are parsed by [npm/ini](https://github.com/npm/ini), which specifies this comment syntax.
+
+For example:
+
+    # last modified: 01 Jan 2016
+    ; Set a new registry for a scoped package
+    @myscope:registry=https://mycustomregistry.example.org
+
 ### Per-project config file
 
 When working locally in a project, a `.npmrc` file in the root of the

deps/npm/doc/files/package.json.md

@@ -249,6 +249,10 @@ would be the same as this:
     , "version": "1.2.5"
     , "bin" : { "my-program" : "./path/to/program" } }
 
+Please make sure that your file(s) referenced in `bin` starts with
+`#!/usr/bin/env node`, otherwise the scripts are started without the node
+executable!
+
 ## man
 
 Specify either a single file or an array of filenames to put in place for the

deps/npm/doc/misc/npm-config.md

@@ -26,10 +26,12 @@ same.
 
 The four relevant files are:
 
-* per-project config file (/path/to/my/project/.npmrc)
-* per-user config file (~/.npmrc)
-* global config file ($PREFIX/npmrc)
-* npm builtin config file (/path/to/npm/npmrc)
+* per-project configuration file (`/path/to/my/project/.npmrc`)
+* per-user configuration file (defaults to `$HOME/.npmrc`; configurable via CLI
+  option `--userconfig` or environment variable `$NPM_CONF_USERCONFIG`)
+* global configuration file (defaults to `$PREFIX/etc/npmrc`; configurable via
+  CLI option `--globalconfig` or environment variable `$NPM_CONF_GLOBALCONFIG`)
+* npm's built-in configuration file (`/path/to/npm/npmrc`)
 
 See npmrc(5) for more details.
 

deps/npm/doc/misc/npm-scope.md

@@ -13,9 +13,10 @@ followed by a slash, e.g.
 Scopes are a way of grouping related packages together, and also affect a few
 things about the way npm treats the package.
 
-Scoped packages are supported by the public npm registry.  The npm
-client is backwards-compatible with un-scoped registries, so it can be
-used to work with scoped and un-scoped registries at the same time.
+Scoped packages can be published and installed as of `npm@2` and are supported
+by the primary npm registry. The npm client is backwards-compatible with
+un-scoped registries, so it can be used to work with scoped and un-scoped
+registries at the same time.
 
 ## Installing scoped packages
 
@@ -51,15 +52,16 @@ just specifying to require the module `mypackage` in the folder called `@myorg`.
 
 ## Publishing scoped packages
 
-Scoped packages can be published to any registry that supports them, including
-the public npm registry.
+Scoped packages can be published from the CLI as of `npm@2` and can be
+published to any registry that supports them, including the primary npm
+registry.
 
-(As of 2015-04-19, and with npm 2.0 or newer, the public npm registry **does**
+(As of 2015-04-19, and with npm 2.0 or newer, the primary npm registry **does**
 support scoped packages)
 
 If you wish, you may associate a scope with a registry; see below.
 
-### Publishing public scoped packages to the public npm registry
+### Publishing public scoped packages to the primary npm registry
 
 To publish a public scoped package, you must specify `--access public` with
 the initial publication.  This will publish the package and set access
@@ -79,7 +81,7 @@ desired, with `npm access` or on the npmjs.com website.
 ## Associating a scope with a registry
 
 Scopes can be associated with a separate registry. This allows you to
-seamlessly use a mix of packages from the public npm registry and one or more
+seamlessly use a mix of packages from the primary npm registry and one or more
 private registries, such as npm Enterprise.
 
 You can associate a scope with a registry at login, e.g.

deps/npm/doc/misc/npm-scripts.md

@@ -20,9 +20,9 @@ following scripts:
 * postuninstall:
   Run AFTER the package is uninstalled.
 * preversion, version:
-  Run BEFORE bump the package version.
+  Run BEFORE bumping the package version.
 * postversion:
-  Run AFTER bump the package version.
+  Run AFTER bumping the package version.
 * pretest, test, posttest:
   Run by the `npm test` command.
 * prestop, stop, poststop: