npm · Apr 27, 2023 · Apr 27, 2023 · Apr 27, 2023 · May 31, 2023 · May 31, 2023
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -7,6 +7,7 @@ updates:
     directory: /
     schedule:
       interval: daily
+    target-branch: "main"
     allow:
       - dependency-type: direct
     versioning-strategy: increase-if-necessary

diff --git a/.github/settings.yml b/.github/settings.yml
@@ -1,2 +1,27 @@
----
-_extends: '.github:npm-cli/settings.yml'
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+repository:
+  allow_merge_commit: false
+  allow_rebase_merge: true
+  allow_squash_merge: true
+  squash_merge_commit_title: PR_TITLE
+  squash_merge_commit_message: PR_BODY
+  delete_branch_on_merge: true
+  enable_automated_security_fixes: true
+  enable_vulnerability_alerts: true
+
+branches:
+  - name: main
+    protection:
+      required_status_checks: null
+      enforce_admins: true
+      block_creations: true
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+        require_code_owner_reviews: true
+        require_last_push_approval: true
+        dismiss_stale_reviews: true
+      restrictions:
+        apps: []
+        users: []
+        teams: [ "cli-team" ]
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
@@ -61,7 +61,7 @@ jobs:
 
             return { summary }
       - name: Create Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         id: check
         if: inputs.check-sha
         with:
@@ -93,7 +93,7 @@ jobs:
       - name: Post Lint
         run: npm run postlint --ignore-scripts
       - name: Conclude Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         if: steps.check.outputs.check_id && always()
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -117,8 +117,6 @@ jobs:
             os: windows-latest
             shell: cmd
         node-version:
-          - 14.17.0
-          - 14.x
           - 16.13.0
           - 16.x
           - 18.0.0
@@ -162,7 +160,7 @@ jobs:
 
             return { summary }
       - name: Create Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         id: check
         if: inputs.check-sha
         with:
@@ -208,7 +206,7 @@ jobs:
       - name: Test
         run: npm test --ignore-scripts
       - name: Conclude Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         if: steps.check.outputs.check_id && always()
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,7 +8,6 @@ on:
   push:
     branches:
       - main
-      - latest
   schedule:
     # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1
     - cron: "0 9 * * 1"
@@ -60,8 +59,6 @@ jobs:
             os: windows-latest
             shell: cmd
         node-version:
-          - 14.17.0
-          - 14.x
           - 16.13.0
           - 16.x
           - 18.0.0

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -6,11 +6,9 @@ on:
   push:
     branches:
       - main
-      - latest
   pull_request:
     branches:
       - main
-      - latest
   schedule:
     # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
     - cron: "0 10 * * 1"

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -44,5 +44,7 @@ jobs:
           npx --offline commitlint -V --from 'origin/${{ github.base_ref }}' --to ${{ github.event.pull_request.head.sha }}
       - name: Run Commitlint on PR Title
         if: steps.commit.outcome == 'failure'
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
         run: |
-          echo '${{ github.event.pull_request.title }}' | npx --offline commitlint -V
+          echo "$PR_TITLE" | npx --offline commitlint -V
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,8 +11,6 @@ on:
   push:
     branches:
       - main
-      - latest
-      - release/v*
 
 permissions:
   contents: write
@@ -78,7 +76,7 @@ jobs:
             let commentId = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id
 
             body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n`
-            body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. `
+            body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`${REF_NAME}\`. `
             body += `To force CI to update this PR, run this command:\n\n`
             body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo} -f release-pr=${issue_number}\n\`\`\``
 
@@ -124,7 +122,7 @@ jobs:
 
             return { summary }
       - name: Create Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         id: check
         if: steps.release.outputs.pr-sha
         with:
@@ -215,7 +213,7 @@ jobs:
 
             return { summary }
       - name: Create Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         id: check
         if: steps.commit.outputs.sha
         with:
@@ -225,7 +223,7 @@ jobs:
           sha: ${{ steps.commit.outputs.sha }}
           output: ${{ steps.check-output.outputs.result }}
       - name: Conclude Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         if: needs.release.outputs.check-id && always()
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -263,7 +261,7 @@ jobs:
           fi
           echo "result=$result" >> $GITHUB_OUTPUT
       - name: Conclude Check
-        uses: LouisBrunner/checks-action@v1.3.1
+        uses: LouisBrunner/checks-action@v1.6.0
         if: needs.update.outputs.check-id && always()
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -322,6 +320,7 @@ jobs:
         shell: bash
     permissions:
       deployments: write
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -338,7 +337,7 @@ jobs:
       - name: Publish
         env:
           PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
-        run: npm publish
+        run: npm publish --provenance
 
   post-release-integration:
     needs: [ release, release-integration ]

diff --git a/.gitignore b/.gitignore
@@ -15,6 +15,7 @@
 !/bin/
 !/CHANGELOG*
 !/CODE_OF_CONDUCT.md
+!/CONTRIBUTING.md
 !/docs/
 !/lib/
 !/LICENSE*

diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "11.1.0"
+  ".": "12.0.0"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,40 @@
 # Changelog
 
+## [12.0.0](https://github.com/npm/make-fetch-happen/compare/v11.1.1...v12.0.0) (2023-07-27)
+
+### ⚠️ BREAKING CHANGES
+
+* support for node 14 has been removed
+* this changes the underlying http agents to those provided by `@npmcli/agent`.  Backwards compatibility should be fully implemented but due to the scope of this change it was made a breaking change out of an abundance of caution.
+
+### Features
+
+* [`7c25367`](https://github.com/npm/make-fetch-happen/commit/7c25367d95c5a0853b4b1e93c13456ac1cfc493d) [#255](https://github.com/npm/make-fetch-happen/pull/255) move to @npmcli/agent (@wraithgar)
+
+### Bug Fixes
+
+* [`3059b28`](https://github.com/npm/make-fetch-happen/commit/3059b286be9884f0d2f83f5b57314e924c07c57d) [#259](https://github.com/npm/make-fetch-happen/pull/259) drop node14 support (#259) (@wraithgar)
+
+### Documentation
+
+* [`efd1e2f`](https://github.com/npm/make-fetch-happen/commit/efd1e2f02a38e7f39fe291503546f1be92ad0fa7) [#255](https://github.com/npm/make-fetch-happen/pull/255) update readme (@wraithgar)
+
+### Dependencies
+
+* [`5318d23`](https://github.com/npm/make-fetch-happen/commit/5318d239280b951479877badd81868411d71f19f) [#253](https://github.com/npm/make-fetch-happen/pull/253) bump minipass from 5.0.0 to 7.0.2 (#253)
+* [`5493550`](https://github.com/npm/make-fetch-happen/commit/5493550d841cc2b182deae6717c010d9fb445002) [#255](https://github.com/npm/make-fetch-happen/pull/255) remove lru-cache
+* [`193b901`](https://github.com/npm/make-fetch-happen/commit/193b901f69adb8497f932beaeb60bff1fe0a94b5) [#255](https://github.com/npm/make-fetch-happen/pull/255) remove socks-proxy-agent
+* [`fc35622`](https://github.com/npm/make-fetch-happen/commit/fc356228b1127e65f3c5c27f4e2b1dc26167298a) [#255](https://github.com/npm/make-fetch-happen/pull/255) remove agentkeepalive
+* [`e78fcdf`](https://github.com/npm/make-fetch-happen/commit/e78fcdf507938806dffcd4ce82c0f9373e589b29) [#255](https://github.com/npm/make-fetch-happen/pull/255) remove https-proxy-agent
+* [`a4089a0`](https://github.com/npm/make-fetch-happen/commit/a4089a0946476d5ea2624130d0fcf6da5b99d730) [#255](https://github.com/npm/make-fetch-happen/pull/255) remove http-proxy-agent
+* [`92c3226`](https://github.com/npm/make-fetch-happen/commit/92c32269646e531e86a0b1b7efe96596506ef563) [#255](https://github.com/npm/make-fetch-happen/pull/255) add @npmcli/agent
+
+## [11.1.1](https://github.com/npm/make-fetch-happen/compare/v11.1.0...v11.1.1) (2023-04-27)
+
+### Dependencies
+
+* [`b04e3c2`](https://github.com/npm/make-fetch-happen/commit/b04e3c279e8dc6b090f3e2bfbd854fd0af3e9195) [#220](https://github.com/npm/make-fetch-happen/pull/220) bump minipass from 4.2.7 to 5.0.0 (#220)
+
 ## [11.1.0](https://github.com/npm/make-fetch-happen/compare/v11.0.3...v11.1.0) (2023-04-13)
 
 ### Features

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,50 @@
+<!-- This file is automatically added by @npmcli/template-oss. Do not edit. -->
+
+# Contributing
+
+## Code of Conduct
+
+All interactions in the **npm** organization on GitHub are considered to be covered by our standard [Code of Conduct](https://docs.npmjs.com/policies/conduct).
+
+## Reporting Bugs
+
+Before submitting a new bug report please search for an existing or similar report.
+
+Use one of our existing issue templates if you believe you've come across a unique problem.
+
+Duplicate issues, or issues that don't use one of our templates may get closed without a response.
+
+## Pull Request Conventions
+
+### Commits
+
+We use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/).
+
+When opening a pull request please be sure that either the pull request title, or each commit in the pull request, has one of the following prefixes:
+
+ - `feat`: For when introducing a new feature.  The result will be a new semver minor version of the package when it is next published.
+ - `fix`: For bug fixes. The result will be a new semver patch version of the package when it is next published.
+ - `docs`: For documentation updates.  The result will be a new semver patch version of the package when it is next published.
+ - `chore`: For changes that do not affect the published module.  Often these are changes to tests.  The result will be *no* change to the version of the package when it is next published (as the commit does not affect the published version).
+
+### Test Coverage
+
+Pull requests made against this repo will run `npm test` automatically.  Please make sure tests pass locally before submitting a PR.
+
+Every new feature or bug fix should come with a corresponding test or tests that validate the solutions. Testing also reports on code coverage and will fail if code coverage drops.
+
+### Linting
+
+Linting is also done automatically once tests pass.  `npm run lintfix` will fix most linting errors automatically.
+
+Please make sure linting passes before submitting a PR.
+
+## What _not_ to contribute?
+
+### Dependencies
+
+It should be noted that our team does not accept third-party dependency updates/PRs.  If you submit a PR trying to update our dependencies we will close it with or without a reference to these contribution guidelines.
+
+### Tools/Automation
+
+Our core team is responsible for the maintenance of the tooling/automation in this project and we ask contributors to not make changes to these when contributing (e.g. `.github/*`, `.eslintrc.json`, `.licensee.json`).  Most of those files also have a header at the top to remind folks they are automatically generated.  Pull requests that alter these will not be accepted.
diff --git a/README.md b/README.md
@@ -62,26 +62,12 @@ fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
 * Quite fast, really
 * Automatic HTTP-semantics-aware request retries
 * Cache-fallback automatic "offline mode"
-* Proxy support (http, https, socks, socks4, socks5)
 * Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
 * Node.js Stream support
 * Transparent gzip and deflate support
 * [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
-* Literally punches nazis
-* Built in DNS cache
-* (PENDING) Range request caching and resuming
-
-### Contributing
-
-The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](https://github.com/npm/cli/blob/latest/CONTRIBUTING.md) outlines the process for community interaction and contribution. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
-
-All participants and maintainers in this project are expected to follow the [npm Code of Conduct](https://www.npmjs.com/policies/conduct), and just generally be excellent to each other.
-
-Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
-
-Happy hacking!
-
-### API
+* Proxy support (http, https, socks, socks4, socks5. via [`@npmcli/agent`](https://npm.im/@npmcli/agent))
+* DNS cache (via ([`@npmcli/agent`](https://npm.im/@npmcli/agent))
 
 #### <a name="fetch"></a> `> fetch(uriOrRequest, [opts]) -> Promise<Response>`
 
@@ -126,11 +112,6 @@ The following options for `minipass-fetch` are used as-is:
 These other options are modified or augmented by make-fetch-happen:
 
 * headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
-* agent
-  * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
-  * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
-  * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
-  * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
 
 For more details, see [the documentation for `minipass-fetch` itself](https://github.com/npm/minipass-fetch#options).
 
@@ -150,6 +131,7 @@ make-fetch-happen augments the `minipass-fetch` API with additional features ava
 * [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
 * [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
 * [`opts.dns`](#opts-dns) - DNS cache options
+* [`opts.agent`](#opts-agent) - http/https/proxy/socks agent options.  See [`@npmcli/agent`](https://npm.im/@npmcli/agent) for more info.
 
 #### <a name="opts-cache-path"></a> `> opts.cachePath`
 
@@ -380,12 +362,3 @@ fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.
   integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
 }) // Error: EINTEGRITY
 ```
-
-#### <a name="opts-dns"></a> `> opts.dns`
-
-An object that provides options for the built-in DNS cache. The following options are available:
-
-Note: Due to limitations in the current proxy agent implementation, users of proxies will not benefit from the DNS cache.
-
-* `ttl`: Milliseconds to keep cached DNS responses for. Defaults to `5 * 60 * 1000` (5 minutes)
-* `lookup`: A custom lookup function, see [`dns.lookup()`](https://nodejs.org/api/dns.html#dnslookuphostname-options-callback) for implementation details. Defaults to `require('dns').lookup`.