chore(deps): update dependency @npmcli/arborist to v6.5.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@npmcli/arborist	6.2.10 -> 6.5.0

---

Release Notes

npm/cli (@​npmcli/arborist)

v6.5.0

Compare Source

NEW FEATURES

• fc1a8d185 Backronym npm ci to npm clean-install. (@​zkat)
• 4be51a9cc #​81 Adds 'Homepage' to outdated --long output. (@​jbottigliero)

BUGFIXES

• 89652cb9b npm.community#1661 Fix sign-git-commit options. They were previously totally wrong. (@​zkat)
• 414f2d1a1 npm.community#1742 Set lowercase headers for npm audit requests. (@​maartenba)
• a34246baf #​75 Fix npm edit handling of scoped packages.
  (@​larsgw)* d3e8a7c72 npm.community#2303 Make summary output for npm ci go to stdout, not stderr. (@​alopezsanchez)
• 71d8fb4a9 npm.community#1377 Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make sure
  cleanup happens correctly. (@​macdja38)

DOCS UPDATES

• b1a8729c8 #​60 Mention --otp flag when prompting for OTP. (@​bakkot)
• bcae4ea81 #​64 Clarify that git dependencies use the default branch, not just master. (@​zckrs)
• 15da82690 #​72 bash_completion.d dir is sometimes found in /etc not /usr/local. (@​RobertKielty)
• 8a6ecc793 #​74 Update OTP documentation for dist-tag add to clarify --otp is needed right now. (@​scotttrinh)
• dcc03ec85 #​82 Note that prepare runs when installing git dependencies. (@​seishun)
• a91a470b7 #​83 Specify that --dry-run isn't available in older versions of npm publish. (@​kjin)
• 1b2fabcce #​96 Fix inline code tag issue in docs. (@​midare)
• 6cc70cc19 #​68 Add semver link and a note on empty string format to deprecate doc. (@​neverett)
• 61dbbb7c3 Fix semver docs after version update. (@​zkat)
• 4acd45a3d #​78 Correct spelling across various docs. (@​hugovk)

DEPENDENCIES

• 4f761283e figgy-pudding@3.5.1 (@​zkat)
• 3706db0bc npm.community#1764 ssri@6.0.1 (@​zkat)
• 83c2b117d bluebird@3.5.2 (@​petkaantonov)
• 2702f46bd ci-info@1.5.1 (@​watson)
• 4db6c3898 config-chain@1.1.1:2 (@​dawsbot)
• 70bee4f69 glob@7.1.3 (@​isaacs)
• e469fd6be
opener@1.5.1: Fix browser opening under Windows Subsystem for Linux (WSL). (@​thijsputman)
• 03840dced
semver@5.5.1 (@​iarna)
• 161dc0b41 bluebird@3.5.3 (@​petkaantonov)
• bb6f94395 graceful-fs@4.1.1:5 (@​isaacs)
• 43b1f4c91 tar@4.4.8 (@​isaacs)
• ab62afcc4 npm-packlist@1.1.1:2 (@​isaacs)
• 027f06be3 ci-info@1.6.0 (@​watson)

MISCELLANEOUS

• 27217dae8 #​70 Automatically audit dependency licenses for npm itself. (@​kemitchell)

v6.4.0

Compare Source

NEW FEATURES

• 6e9f04b0b npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken. (@​mkhl)
• 84bfd23e7 npm/cli#35 Stop filtering out non-IPv4 addresses from local-addrs, making npm actually use IPv6 addresses when it must. (@​valentin2105)
• 792c8c709 npm/cli#31 configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of --audit-level to npm audit to allow it to pass if only vulnerabilities below a certain level are found. Example: npm audit --audit-level=high will exit with 0 if only low or moderate level vulns are detected. (@​lennym)

BUGFIXES

• d81146181 npm/cli#32 Don't check for updates to npm when we are updating npm itself. (@​olore)

DEPENDENCY UPDATES

A very special dependency update event! Since the release of node-gyp@3.8.0, an awkward version conflict that was preventing request from begin flattened was resolved. This means two things:

1. We've cut down the npm tarball size by another 200kb, to 4.6MB
2. npm audit now shows no vulnerabilities for npm itself!

Thanks, @​rvagg!

• 866d776c2 request@2.87.0 (@​simov)
• f861c2b57 node-gyp@3.8.0 (@​rvagg)
• 32e6947c6 npm/cli#39 colors@1.1.2: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. (@​iarna)
• beb96b92c libcipm@2.0.1 (@​zkat)
• 348fc91ad validate-npm-package-license@3.0.4: Fixes errors with empty or string-only license fields. (@​Gudahtt)
• e57d34575 iferr@1.0.2 (@​shesek)
• 46f1c6ad4 tar@4.4.6 (@​isaacs)
• 50df1bf69 hosted-git-info@2.7.1 (@​iarna)
  (@​Erveon) (@​huochunpeng)

DOCUMENTATION

• af98e76ed npm/cli#34 Remove npm publish from list of commands not affected by --dry-run. (@​joebowbeer)
• e2b0f0921 npm/cli#36 Tweak formatting in repository field examples. (@​noahbenham)
• e2346e770 npm/cli#14 Used process.env examples to make accessing certain npm run-scripts environment variables more clear. (@​mwarger)

v6.3.0

Features

• 67459e7 #​6626 add pkg fix subcommand (@​wraithgar)

Bug Fixes

• c61e037 #​6626 use new load/create syntax for package-json (@​wraithgar)

Dependencies

• b252164 #​6626 @npmcli/package-json@4.0.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.