chore(deps): bump @npmcli/config from 10.4.0 to 10.7.0

[dependabot]

Bumps @npmcli/config from 10.4.0 to 10.7.0.

Release notes

Sourced from @​npmcli/config's releases.

config: v10.7.0

10.7.0 (2026-02-11)

Features

• cf56a1e #8899 npm trust, per-command config (@​reggi)
• cf56a1e #8899 npm trust (@​reggi)
• 66d6e11 #8965 add min-release-age (#8965) (@​wraithgar)

config: v10.6.0

10.6.0 (2026-02-04)

Features

• f5f6cf7 #8943 config: add --allow-git (@​wraithgar)

config: v10.5.0

10.5.0 (2026-01-21)

Features

• 5a444d5 #8828 export environment config variable names (Max Black)

config: v10.4.5

10.4.5 (2025-12-09)

Bug Fixes

• 4ebb831 #8839 updates hints to use cli paradigm (@​owlstronaut)

config: v10.4.4

10.4.4 (2025-11-25)

Bug Fixes

• 958b10e #8761 move config.list to a getter (#8761) (@​wraithgar)

Dependencies

• f51e4aa #8770 nopt@9.0.0

config: v10.4.3

10.4.3 (2025-11-19)

Bug Fixes

• c6242d9 #8706 change npm profile to create tokens with GAT support (#8706) (@​owlstronaut, @​wraithgar)

Dependencies

• e49286e #8723 ini@5.0.0
• 05ac7a7 #8723 proc-log@6.0.0

config: v10.4.2

10.4.2 (2025-10-08)

Bug Fixes

• 5b4a7fc #8650 handle missing node-gyp gracefully in @​npmcli/config definitions (@​owlstronaut)
• 9197995 #8619 spelling (#8619) (@​jsoref)

Documentation

• 1fde042 #8640 rewrap markdown (#8640) (@​jsoref)

Chores

• 8e5d204 #8626 fix spelling: different (#8626) (@​jsoref)
• 7455fc0 #8608 Fix spelling in workspaces/config (#8608) (@​jsoref)

config: v10.4.1

10.4.1 (2025-09-23)

... (truncated)

Changelog

Sourced from @​npmcli/config's changelog.

10.7.0 (2026-02-11)

Features

• cf56a1e #8899 npm trust, per-command config (@​reggi)
• cf56a1e #8899 npm trust (@​reggi)
• 66d6e11 #8965 add min-release-age (#8965) (@​wraithgar)

10.6.0 (2026-02-04)

Features

• f5f6cf7 #8943 config: add --allow-git (@​wraithgar)

10.5.0 (2026-01-21)

Features

• 5a444d5 #8828 export environment config variable names (Max Black)

10.4.5 (2025-12-09)

Bug Fixes

• 4ebb831 #8839 updates hints to use cli paradigm (@​owlstronaut)

10.4.4 (2025-11-25)

Bug Fixes

• 958b10e #8761 move config.list to a getter (#8761) (@​wraithgar)

Dependencies

• f51e4aa #8770 nopt@9.0.0

10.4.3 (2025-11-19)

Bug Fixes

• c6242d9 #8706 change npm profile to create tokens with GAT support (#8706) (@​owlstronaut, @​wraithgar)

Dependencies

• e49286e #8723 ini@5.0.0
• 05ac7a7 #8723 proc-log@6.0.0

10.4.2 (2025-10-08)

Bug Fixes

• 5b4a7fc #8650 handle missing node-gyp gracefully in @​npmcli/config definitions (@​owlstronaut)
• 9197995 #8619 spelling (#8619) (@​jsoref)

Documentation

• 1fde042 #8640 rewrap markdown (#8640) (@​jsoref)

Chores

• 8e5d204 #8626 fix spelling: different (#8626) (@​jsoref)
• 7455fc0 #8608 Fix spelling in workspaces/config (#8608) (@​jsoref)

10.4.1 (2025-09-23)

Documentation

• 7a09902 #8582 bring back certfile (#8582) (@​jenseng)

Dependencies

• 1b4433f #8576 @npmcli/map-workspaces@5.0.0
• ceae674 #8576 @npmcli/package-json@7.0.1

Chores

• 402a0ab #8576 @npmcli/template-oss@4.25.1 (@​wraithgar)

Commits

• 796971e chore: release 10.7.0
• 3ec86a0 fix(linting): no-unused-vars (#7456)
• 57ebebf fix: update repository.url in package.json (#7418)
• 9fea383 chore: release 10.6.0
• 03634be fix: remove granular config timers
• 78447d7 fix: prefer fs/promises over promisify (#7399)
• fc6e291 deps: proc-log@4.2.0 (#7392)
• 6512112 fix: use proc-log for all timers
• 7678a3d deps: proc-log@4.1.0
• 9123de4 feat: do all ouput over proc-log events
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security-staging]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​npmcli/​config@​10.4.0 ⏵ 10.7.0			+1	+1

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​npmcli/​config@​10.4.0 ⏵ 10.7.0	+1		+1	+5

View full report

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.