Bump got and npm

[dependabot]

Bumps got to 12.1.0 and updates ancestor dependency npm. These dependencies need to be updated together.

Updates got from 6.7.1 to 12.1.0

Release notes

Sourced from got's releases.

v12.1.0

Improvements

• Add response.ok (#2043) 22d58fb
  • This is only useful if you have {throwHttpErrors: false}

Fixes

• Do not redirect to UNIX sockets (#2047) 861ccd9
  • CVE-2022-33987
  • Also back ported to v11

sindresorhus/got@v12.0.4...v12.1.0

v12.0.4

• Remove stream lock - unreliable since Node 17.3.0 bb8eca924c338ca12d5b90d6a26aa28dbddb42ee

v12.0.3

• Allow more types in the json option (#2015) eb045bf

sindresorhus/got@v12.0.2...v12.0.3

v12.0.2

• Fix encoding option with {responseType: 'json'} (#1996) 0703318

sindresorhus/got@v12.0.1...v12.0.2

v12.0.1

• Fix nock compatibility (#1959) bf39d2c
• Fix missing export of Request TypeScript type (#1940) 0f9f2b8

sindresorhus/got@v12.0.0...v12.0.1

v12.0.0

Introducing Got v12.0.0 🎉

Long time no see! The latest Got version (v11.8.2) was released just in February ❄️ We have been working hard on squashing bugs and improving overall experience.

If you find Got useful, you might want to sponsor the Got maintainers.

This package is now pure ESM

Please read this. Also see sindresorhus/got#1789.

• Please don't open issues about [ERR_REQUIRE_ESM] and Must use import to load ES Module errors. This is a problem with your setup, not Got.
• Please don't open issues about using Got with Jest. Jest does not fully support ESM.
• Pretty much any problem with loading this package is a problem with your bundler, test framework, etc, not Got.
• If you use TypeScript, you will want to stay on Got v11 until TypeScript 4.6 is out. Why.
• If you use a bundler, make sure it supports ESM and that you have correctly configured it for ESM.

... (truncated)

Commits

• ad92afa 12.1.0
• 861ccd9 Disable redirects to UNIX sockets (#2047)
• 4cdcca3 Check error instance for arguments test (#2044)
• 22d58fb Add response.ok (#2043)
• c25af09 Meta tweaks
• 62455f5 Meta tweaks
• 6f5c7ce Test Node.js 18
• c693422 12.0.4
• 98ca618 Fix accidental test deletion
• bb8eca9 Remove stream lock - unreliable since Node 17.3.0
• Additional commits viewable in compare view

Updates npm from 6.14.5 to 9.6.5

Release notes

Sourced from npm's releases.

libnpmhook: v9.0.3

9.0.3 (2023-02-07)

Bug Fixes

• 12ec7ee remove unused package.json scripts (@​lukekarrys)

libnpmhook: v9.0.2

9.0.2 (2023-02-01)

Dependencies

• 721fe3f #6118 read-package-json-fast@3.0.2
• a39556f @npmcli/template-oss@4.11.3

libnpmhook: v9.0.1

9.0.1 (2022-12-07)

Dependencies

• 0a3fe00 #5933 minipass@4.0.0
• fee9b66 npm-registry-fetch@14.0.3

libnpmpublish: v7.1.3

7.1.3 (2023-03-30)

Bug Fixes

• 3cf6f0d #6287 update provenance transparency log link (#6287) (@​bdehamer)

libnpmpublish: v7.1.2

7.1.2 (2023-03-14)

Bug Fixes

• 4622b42 #6247 add provenance publish notice (#6247) (@​bdehamer)
• 17adfb7 #6228 provenance build type v2 (#6228) (@​bdehamer, @​feelepxyz)

libnpmpublish: v7.1.1

7.1.1 (2023-03-08)

Bug Fixes

• 26cbe99 #6226 improve permission error for provenance (#6226) (@​bdehamer)

libnpmpublish: v7.1.0

7.1.0 (2023-02-14)

Features

... (truncated)

Changelog

Sourced from npm's changelog.

9.6.5 (2023-04-19)

Bug Fixes

• 33dc428 #6374 account for npx package-name with no spec (@​wraithgar)
• 82879f6 #6225 lazy loading of arborist and pacote (#6225) (@​wraithgar)
• f4e73ab #6322 remove incompatible params from ci (#6322) (@​wraithgar)
• c7fe1c7 #6328 save raw data to file, not parsed data (@​wraithgar)

Documentation

• 31214a6 #6381 Update description for publish --provenance flag (#6381) (@​feelepxyz)
• 997bcdf #6329 fix npm cache folder location for windows (#6329) (@​charlie-wong)

Dependencies

• fae5e00 #6372 sigstore@1.3.0 (#6372)
• 3fa9542 #6363 semver@7.5.0
• e49844e #6363 minipass-fetch@3.0.2
• 357cc29 #6363 walk-up-path@3.0.1
• 2c80b1e #6363 ini@4.1.0
• 5933841 #6363 minipass@4.2.8
• b39d54e #6363 minimatch@7.4.6
• 201aa5a #6363 ssri@10.0.3
• acb9120 #6363 read@2.1.0
• 2472205 #6363 npm-registry-fetch@14.0.4
• 2780714 #6363 npm-install-checks@6.1.1
• b5af015 #6363 make-fetch-happen@11.1.0
• 14c498d #6363 @npmcli/metavuln-calculator@5.0.1
• Workspace: @npmcli/arborist@6.2.8
• Workspace: @npmcli/config@6.1.6
• Workspace: libnpmdiff@5.0.16
• Workspace: libnpmexec@5.0.16
• Workspace: libnpmfund@4.0.16
• Workspace: libnpmpack@5.0.16

9.6.4 (2023-04-05)

Documentation

• 54795a3 #6312 filter archives out of version manager search (#6312) (@​ljharb)
• 530c285 #6306 remove reference to npm-packlist (#6306) (@​staff0rd)

Dependencies

• 85935ac #6325 ssri@10.0.2 (#6325)
• f1388b4 #6317 npm update
• 7dd0129 #6317 glob@9.3.2
• deca335 #6317 promise-call-limit@1.0.2
• Workspace: @npmcli/arborist@6.2.7

... (truncated)

Commits

• c7f4b35 chore: release 9.6.5
• c29ac09 chore: revert update-cli-repos to manual for now (#6384)
• adddd7a chore: add script to rebuild npm-cli-repos.txt (#6383)
• f7762e5 chore: smoke test for npx caching issue
• 33dc428 fix: account for npx package-name with no spec
• 82c1582 chore: remove packages that were transferred out from our repo list (#6382)
• 31214a6 docs: Update description for publish --provenance flag (#6381)
• fae5e00 deps: sigstore@1.3.0 (#6372)
• dbe2776 chore: update release workflow to use the newly released node 20 instead of 1...
• 82879f6 fix: lazy loading of arborist and pacote (#6225)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by gar, a new releaser for npm since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.