2.6.3 - released 2023-09-15

View the release on GitHub

Changelog

• Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
• Added a warning when duplicates files autoload rules are detected (#11109)
• Fixed unhandled promise rejection regression (#11620)
• Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
• Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
• Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)