[v18.x] deps: upgrade npm to 10.1.0

[npm-cli-bot]

This PR contains changes from: npm@10.0.0 npm@10.1.0

---

10.0.0

10.0.0 (2023-08-31)

⚠️ BREAKING CHANGES

• support for node 14 and 16 has been dropped. npm now supports node ^18.17.0 || >=20.5.0
• npm no longer treats missing scripts as a special case in workspace mode. Use if-present to ignore missing scripts.
• @npmcli/agent is now used as the agent for network requests
• the ci-name config has been removed
• the hard-coded hashAlgorithm value is no longer being passed through flatOptions
• the unused tmp config has been removed
• the hard-coded metrics-registry config has been removed.
• libnpmpublish will no longer attempt a single automatic retry on 409 responses during publish.
• support for the strict RFC 8909 mode has been removed. this mode was only enabled when the environ NPM_PACKAGE_ARG_8909_STRICT=1 was set.

Bug Fixes

• e0d3edd #6641 remove "ci-name" config (@wraithgar)
• 0a71ebb #6641 stop retrying on 409 conflict (@wraithgar)
• 9344167 #135 remove strict 8909 mode (@wraithgar)
• b34ee65 #6706 set objectMode for search filter stream (@lukekarrys)
• f916d33 #6715 allow searching packages with no description (@lukekarrys)
• 0318f44 #6641 remove implicit if-present logic from run-script workspaces (@wraithgar)
• db91a77 #6641 remove "hashAlgorithm" from flatOptions (@wraithgar)
• ece52a3 #6641 remove "tmp" config (@wraithgar)
• 1f767aa #6641 remove metric-registry config (@wraithgar)

Documentation

• c736b62 #6686 add missing bugs key in package-json.md (#6686) (@airscripts)
• c1e01d9 #6680 Update package-json.md (#6680) (@p-chan, @ljharb)
• e5338af #6672 remove link to deprecated npm set-script command (#6672) (@emmanuel-ferdman)

Dependencies

• 5ab3f7e #6706 @npmcli/git@5.0.3
• eb41977 #6706 @npmcli/run-script@7.0.1
• f30c9e3 #6706 @npmcli/git@5.0.2
• f334466 #6706 pacote@17.0.4
• bb63bf9 #6706 @npmcli/run-script@7.0.0
• 75642c6 #6706 @npmcli/promise-spawn@7.0.0
• dbb18f4 #6706 @npmcli/agent@2.1.0
• 812aa6d #6706 sigstore@2.1.0
• 7fab9d3 #6706 @sigstore/tuf@2.1.0
• 12337cc #6706 which@4.0.0
• b1ad3ad #6706 npm-packlist@8.0.0
• 43831d0 #6706 pacote@17.0.3
• 44e8fec #6706 pacote@17.0.2
• 0d2e2c9 #6706 bump sigstore from 1.7.0 to 2.0.0
• dbd5885 #6706 npm-profile@9.0.0
• 2ee0fb3 #6706 npm-registry-fetch@16.0.0
• 81ff4df #6706 pacote@17.0.1
• 2b23d44 #6706 hoist read-package-json@7.0.0
• 325ed05 #6706 hoist normalize-package-data@6.0.0
• c3a1a02 #6706 @npmcli/metavuln-calculator@7.0.0
• f1dd130 #6706 @npmcli/git@5.0.1
• 10792ea #6706 init-package-json@6.0.0
• cac0725 #6706 pacote@17.0.0
• fd8beaf #6706 npm-pick-manifest@9.0.0
• 65f435e #6706 hoist lru-cache@10.0.1
• c784b57 #6706 npm-package-arg@11.0.0
• d6b1790 #6706 normalize-package-data@6.0.0
• 2f03fb9 #6706 make-fetch-happen@13.0.0
• 729e893 #6706 hosted-git-info@7.0.0
• 7af81c7 #6706 cacache@18.0.0
• b0849ab #6706 @npmcli/package-json@5.0.0
• c9587d7 #6706 @npmcli/git@5.0.0
• e28d426 #6706 minipass-fetch@3.0.4
• 61e9b00 #6706 @npmcli/metavuln-calculator@6.0.1
• 2c5542d #6706 minipass@7.0.3
• ede7f5e #6706 glob@10.3.3
• 4c9eb17 #6706 npm-install-checks@6.2.0
• 88ece81 #6706 npm-pick-manifest@8.0.2
• 9117a4f #6706 ssri@10.0.5
• 45f8d6f #6706 make-fetch-happen@12.0.0
• f6f6a18 #6706 fs-minipass@3.0.3
• 5eea975 #6706 cacache@17.1.4
• ca33c98 #6706 @npmcli/metavuln-calculator@6.0.0
• 7be541a #6706 npm-profile@8.0.0
• edbc25a #6706 pacote@16.0.0
• 5d0d859 #6706 npm-registry-fetch@15.0.0
• Workspace: @npmcli/arborist@7.0.0
• Workspace: @npmcli/config@7.1.0
• Workspace: libnpmaccess@8.0.0
• Workspace: libnpmdiff@6.0.0
• Workspace: libnpmexec@7.0.0
• Workspace: libnpmfund@4.1.0
• Workspace: libnpmhook@10.0.0
• Workspace: libnpmorg@6.0.0
• Workspace: libnpmpack@6.0.0
• Workspace: libnpmpublish@9.0.0
• Workspace: libnpmsearch@7.0.0
• Workspace: libnpmteam@6.0.0
• Workspace: libnpmversion@5.0.0

10.1.0

10.1.0 (2023-09-08)

Features

• 1c93c44 #6755 Add --cpu and --os option to override platform specific install (#6755) (@yukukotani)

Bug Fixes

• 7bf2374 #6762 make $npm_execpath always point to npm (@rotu)

Documentation

• 09d8e0a #6759 fix versions of node.js in readme (#6759) (@JoaoOtavioS)

Dependencies

• f76066a #6771 @npmcli/agent@2.1.1
• Workspace: @npmcli/arborist@7.1.0
• Workspace: @npmcli/config@7.2.0
• Workspace: libnpmdiff@6.0.1
• Workspace: libnpmexec@7.0.1
• Workspace: libnpmfund@4.1.1
• Workspace: libnpmpack@6.0.1

[github-actions]

Fast-track has been requested by @nodejs-github-bot. Please 👍 to approve.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/53895/

[lukekarrys]

Converting to draft to make it clear that this is not intended to merge. Opened to get CI running as early as possible.

Criteria for possibly merge in the future are:

• npm@10 released in Node 20
• Consensus in the release issue: Plans for npm 10 Release#884

[ruyadorno]

heads up @lukekarrys you'll need to also include the commit with npm@10.0.0 in this PR

[lukekarrys]

@ruyadorno the commit was created automatically by our CI to include both 10.0.0 and 10.1.0, so its not a cherry pick from #49569.

apologies if this makes it more confusing. i can close this and open a new PR with the cherry picked commits that already landed on main from #49569 and #49423.

[ruyadorno]

oh I see! personally I find that cherry-picking the commits is going to be less confusing 😊

[mcollina]

I would prefer if this is delayed while we sort out a licensing question.

cc @nodejs/tsc

[ruyadorno]

Any news on the license front @mcollina ?

[lukekarrys]

@ruyadorno I think I messed up trying to make this PR use the cherry picked commit to backport. We also just released npm@10.2.0 so a new PR to main (#50027) has been opened as well as a new PR to v18.x (#50030), so I have closed this PR.