deps: upgrade npm to 11.12.0

Author: npm-cli-bot

deps/npm/docs/content/commands/npm-audit.md

@@ -44,6 +44,16 @@ The `audit signatures` command will also verify the provenance attestations of d
 Because provenance attestations are such a new feature, security features may be added to (or changed in) the attestation format over time.
 To ensure that you're always able to verify attestation signatures check that you're running the latest version of the npm CLI. Please note this often means updating npm beyond the version that ships with Node.js.
 
+To include the full sigstore attestation bundles in JSON output, use:
+
+```bash
+$ npm audit signatures --json --include-attestations
+```
+
+This adds a `verified` array to the JSON output containing the attestation
+bundles (DSSE envelopes, verification material, and transparency log entries)
+for each verified package.
+
 The npm CLI supports registry signatures and signing keys provided by any registry if the following conventions are followed:
 
 1. Signatures are provided in the package's `packument` in each published version within the `dist` object:
@@ -357,6 +367,18 @@ run any pre- or post-scripts.
 
 
 
+#### `include-attestations`
+
+* Default: false
+* Type: Boolean
+
+When used with `npm audit signatures --json`, includes the full sigstore
+attestation bundles in the JSON output for each verified package. The
+bundles contain DSSE envelopes, verification material, and transparency log
+entries.
+
+
+
 #### `workspace`
 
 * Default:

deps/npm/docs/content/commands/npm-install-test.md

@@ -281,6 +281,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `bin-links`
 
 * Default: true

deps/npm/docs/content/commands/npm-install.md

@@ -623,6 +623,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `bin-links`
 
 * Default: true

deps/npm/docs/content/commands/npm-ls.md

@@ -23,7 +23,7 @@ Note that nested packages will *also* show the paths to the specified packages.
 For example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-npm@11.11.1 /path/to/npm
+npm@11.12.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 ```

deps/npm/docs/content/commands/npm-outdated.md

@@ -182,6 +182,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 ### See Also
 
 * [package spec](/using-npm/package-spec)

deps/npm/docs/content/commands/npm-search.md

@@ -121,7 +121,7 @@ The base URL of the npm registry.
 If true, staleness checks for cached data will be forced, making the CLI
 look for updates immediately even for fresh package data.
 
-
+This config cannot be used with: `prefer-offline`
 
 #### `prefer-offline`
 
@@ -132,7 +132,7 @@ If true, staleness checks for cached data will be bypassed, but missing data
 will be requested from the server. To force full offline mode, use
 `--offline`.
 
-
+This config cannot be used with: `prefer-online`
 
 #### `offline`
 

deps/npm/docs/content/commands/npm-trust.md

@@ -6,10 +6,6 @@ description: Manage trusted publishing relationships between packages and CI/CD
 
 ### Synopsis
 
-```bash
-
-```
-
 Note: This command is unaware of workspaces.
 
 ### Prerequisites

deps/npm/docs/content/commands/npm-update.md

@@ -347,6 +347,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `bin-links`
 
 * Default: true

deps/npm/docs/content/commands/npm.md

@@ -14,7 +14,7 @@ Note: This command is unaware of workspaces.
 
 ### Version
 
-11.11.1
+11.12.0
 
 ### Description
 

deps/npm/docs/content/using-npm/config.md

@@ -770,6 +770,18 @@ the order in which omit/include are specified on the command-line.
 
 
 
+#### `include-attestations`
+
+* Default: false
+* Type: Boolean
+
+When used with `npm audit signatures --json`, includes the full sigstore
+attestation bundles in the JSON output for each verified package. The
+bundles contain DSSE envelopes, verification material, and transparency log
+entries.
+
+
+
 #### `include-staged`
 
 * Default: false
@@ -1086,6 +1098,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `name`
 
 * Default: null
@@ -1331,7 +1345,7 @@ If true, staleness checks for cached data will be bypassed, but missing data
 will be requested from the server. To force full offline mode, use
 `--offline`.
 
-
+This config cannot be used with: `prefer-online`
 
 #### `prefer-online`
 
@@ -1341,7 +1355,7 @@ will be requested from the server. To force full offline mode, use
 If true, staleness checks for cached data will be forced, making the CLI
 look for updates immediately even for fresh package data.
 
-
+This config cannot be used with: `prefer-offline`
 
 #### `prefix`