build(deps): bump npm from 11.6.1 to 11.17.0 by dependabot[bot] · Pull Request #697 · codeceptjs/website

dependabot · 2026-06-20T03:12:52Z

Bumps npm from 11.6.1 to 11.17.0.

Release notes

v11.17.0

11.17.0 (2026-06-11)

Features

ae8ac4e #9534 add min-release-age-exclude config (@JamieMagee, @caseyjhol)

8ff3e48 #9483 allowScripts tooling and inBundle hardening (#9483) (@github-actions[bot], @JamieMagee)

Bug Fixes

847cdf8 #9541 match dotted and versioned args in approve-scripts/deny-scripts (@owlstronaut)

d99f7cb #9535 emit valid JSON from approve-scripts/deny-scripts --json (@owlstronaut)

351a309 #9499 pass script-shell to publish lifecycle hooks (#9499) (@github-actions[bot])

4fa81df #9497 recognize allowScripts for local link targets (#9497) (@github-actions[bot], @cyphercodes, @cyphercodes)

95cf2e9 #9489 validate registry path for allow-remote tarballs (@Abhinav-143x)

9dd219b #9462 respect allowScripts policy in prune, dedupe, uninstall, audit, and link (#9462) (@github-actions[bot], @JamieMagee)

cd8d18a #9482 list pending scripts in approve-scripts when ignore-scripts is set (#9482) (@github-actions[bot], @JamieMagee)

c14e87c #9481 suggest --allow-scripts for global installs in unreviewed-scripts warnings (#9481) (@github-actions[bot], @JamieMagee)

7ade52e #9465 invalid issue template YAML indentation (#9465) (@github-actions[bot], @fallintoplace)

c069622 #9464 show full parent command path in subcommand usage errors (#9464) (@owlstronaut)

1bb62bb #9454 config: clarify --all help so it's accurate for approve-scripts and deny-scripts (@JamieMagee)

84eeb5f #9431 audit: don't apply min-release-age before filter when verifying installed signatures (@JamieMagee)

3bd3377 #9426 block forbidden keys in Queryable setter to prevent prototype pollution (@12122J, @claude)

Documentation

a86a7a9 #9522 approve-scripts only throws EGLOBAL when run with -g (@JamieMagee)

693bb3d #9508 clarify package.json override value specs (#9508) (@github-actions[bot], @ded-furby)

ccffe4a #9501 use the latest version for global update and outdated's wanted (#9501) (@github-actions[bot], @liangmiQwQ)

66e97c2 #9478 update minimum npm required for npm trust (@meeech)

Dependencies

bd09b87 #9542 postcss-selector-parser@7.1.4

95bfc4c #9542 tinyglobby@0.2.17

8c0d5fd #9542 tar@7.5.16

967d377 #9542 semver@7.8.4

cdaac1b #9542 pacote@21.5.1

25c8a9e #9542 node-gyp@12.4.0

Chores

2922fa4 #9542 dev dependency updates (@owlstronaut)

workspace: @npmcli/arborist@9.8.0

workspace: @npmcli/config@10.11.0

workspace: libnpmdiff@8.1.10

workspace: libnpmexec@10.3.0

workspace: libnpmfund@7.0.24

workspace: libnpmpack@9.1.10

v11.16.0

11.16.0 (2026-05-27)

Features

4b67f6e #9416 publish --access=private alias for restricted (#9416) (@github-actions[bot], @reggi, @Copilot)

a10c7ca #9415 Phase 1 of allowScripts opt-in install-script policy (#9360) (#9415) (@owlstronaut, @JamieMagee)

Bug Fixes

1f7869b #9411 fix typo of fullMetadata (@owlstronaut)

cde03ba #9390 config: pause progress spinner during interactive editor spawn (#9388) (@github-actions[bot], @Zelys-DFKH, @claude)

Documentation

c5e9d73 #9390 Document npm_old_version and npm_new_version environment variables (#9389) (@github-actions[bot], @36degrees)

... (truncated)

Changelog

Sourced from npm's changelog.

11.17.0 (2026-06-11)

Features

ae8ac4e #9534 add min-release-age-exclude config (@JamieMagee, @caseyjhol)

8ff3e48 #9483 allowScripts tooling and inBundle hardening (#9483) (@github-actions[bot], @JamieMagee)

Bug Fixes

847cdf8 #9541 match dotted and versioned args in approve-scripts/deny-scripts (@owlstronaut)

d99f7cb #9535 emit valid JSON from approve-scripts/deny-scripts --json (@owlstronaut)

351a309 #9499 pass script-shell to publish lifecycle hooks (#9499) (@github-actions[bot])

4fa81df #9497 recognize allowScripts for local link targets (#9497) (@github-actions[bot], @cyphercodes, @cyphercodes)

95cf2e9 #9489 validate registry path for allow-remote tarballs (@Abhinav-143x)

9dd219b #9462 respect allowScripts policy in prune, dedupe, uninstall, audit, and link (#9462) (@github-actions[bot], @JamieMagee)

cd8d18a #9482 list pending scripts in approve-scripts when ignore-scripts is set (#9482) (@github-actions[bot], @JamieMagee)

c14e87c #9481 suggest --allow-scripts for global installs in unreviewed-scripts warnings (#9481) (@github-actions[bot], @JamieMagee)

7ade52e #9465 invalid issue template YAML indentation (#9465) (@github-actions[bot], @fallintoplace)

c069622 #9464 show full parent command path in subcommand usage errors (#9464) (@owlstronaut)

1bb62bb #9454 config: clarify --all help so it's accurate for approve-scripts and deny-scripts (@JamieMagee)

84eeb5f #9431 audit: don't apply min-release-age before filter when verifying installed signatures (@JamieMagee)

3bd3377 #9426 block forbidden keys in Queryable setter to prevent prototype pollution (@12122J, @claude)

Documentation

a86a7a9 #9522 approve-scripts only throws EGLOBAL when run with -g (@JamieMagee)

693bb3d #9508 clarify package.json override value specs (#9508) (@github-actions[bot], @ded-furby)

ccffe4a #9501 use the latest version for global update and outdated's wanted (#9501) (@github-actions[bot], @liangmiQwQ)

66e97c2 #9478 update minimum npm required for npm trust (@meeech)

Dependencies

bd09b87 #9542 postcss-selector-parser@7.1.4

95bfc4c #9542 tinyglobby@0.2.17

8c0d5fd #9542 tar@7.5.16

967d377 #9542 semver@7.8.4

cdaac1b #9542 pacote@21.5.1

25c8a9e #9542 node-gyp@12.4.0

Chores

2922fa4 #9542 dev dependency updates (@owlstronaut)

workspace: @npmcli/arborist@9.8.0

workspace: @npmcli/config@10.11.0

workspace: libnpmdiff@8.1.10

workspace: libnpmexec@10.3.0

workspace: libnpmfund@7.0.24

workspace: libnpmpack@9.1.10

11.16.0 (2026-05-27)

Features

4b67f6e #9416 publish --access=private alias for restricted (#9416) (@github-actions[bot], @reggi, @Copilot)

a10c7ca #9415 Phase 1 of allowScripts opt-in install-script policy (#9360) (#9415) (@owlstronaut, @JamieMagee)

Bug Fixes

1f7869b #9411 fix typo of fullMetadata (@owlstronaut)

cde03ba #9390 config: pause progress spinner during interactive editor spawn (#9388) (@github-actions[bot], @Zelys-DFKH, @claude)

Documentation

c5e9d73 #9390 Document npm_old_version and npm_new_version environment variables (#9389) (@github-actions[bot], @36degrees)

Dependencies

cdd7bbc #9421 undici@6.26.0

... (truncated)

Commits

5866280 chore: release 11.17.0
2922fa4 chore: dev dependency updates
bd09b87 deps: postcss-selector-parser@7.1.4
95bfc4c deps: tinyglobby@0.2.17
8c0d5fd deps: tar@7.5.16
967d377 deps: semver@7.8.4
cdaac1b deps: pacote@21.5.1
25c8a9e deps: node-gyp@12.4.0
847cdf8 fix: match dotted and versioned args in approve-scripts/deny-scripts
5f73e31 feat: differentiate GitHub Actions environments in user-agent (#9517)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [npm](https://github.com/npm/cli) from 11.6.1 to 11.17.0. - [Release notes](https://github.com/npm/cli/releases) - [Changelog](https://github.com/npm/cli/blob/v11.17.0/CHANGELOG.md) - [Commits](npm/cli@v11.6.1...v11.17.0) --- updated-dependencies: - dependency-name: npm dependency-version: 11.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-06-20T03:12:55Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
codeceptjs4	Error		Jun 20, 2026 3:16am

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 20, 2026

dependabot Bot mentioned this pull request Jun 20, 2026

build(deps): bump npm from 11.6.1 to 11.11.0 #670

Closed

vercel Bot had a problem deploying to Preview June 20, 2026 03:16 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump npm from 11.6.1 to 11.17.0#697

build(deps): bump npm from 11.6.1 to 11.17.0#697
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/master/npm-11.17.0

dependabot Bot commented on behalf of github Jun 20, 2026

Uh oh!

vercel Bot commented Jun 20, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 20, 2026

v11.17.0

11.17.0 (2026-06-11)

Features

Bug Fixes

Documentation

Dependencies

Chores

v11.16.0

11.16.0 (2026-05-27)

Features

Bug Fixes

Documentation

11.17.0 (2026-06-11)

Features

Bug Fixes

Documentation

Dependencies

Chores

11.16.0 (2026-05-27)

Features

Bug Fixes

Documentation

Dependencies

Uh oh!

vercel Bot commented Jun 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

vercel Bot commented Jun 20, 2026 •

edited

Loading