deps: bump pacote from 17.0.7 to 18.0.3 (#830)

Bumps [pacote](https://github.com/npm/pacote) from 17.0.7 to 18.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/pacote/releases">pacote's
releases</a>.</em></p>
<blockquote>
<h2>v18.0.3</h2>
<h2><a
href="https://github.com/npm/pacote/compare/v18.0.2...v18.0.3">18.0.3</a>
(2024-04-30)</h2>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/5ecce7ac82ba9e710d3bb21ec9096a992516a2a1"><code>5ecce7a</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/360">#360</a>
<code>npm-registry-fetch@17.0.0</code> (<a
href="https://redirect.github.com/npm/pacote/issues/360">#360</a>)</li>
</ul>
<h2>v18.0.2</h2>
<h2><a
href="https://github.com/npm/pacote/compare/v18.0.1...v18.0.2">18.0.2</a>
(2024-04-24)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/116b2776822b494b5928297f4dedc01af671523a"><code>116b277</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/358">#358</a> don't
strip underscore attributes in .manifest() (<a
href="https://redirect.github.com/npm/pacote/issues/358">#358</a>) (<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h2>v18.0.1</h2>
<h2><a
href="https://github.com/npm/pacote/compare/v18.0.0...v18.0.1">18.0.1</a>
(2024-04-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/b547e0dfbc51c20ca13cfaba9a27f221dc38fc10"><code>b547e0d</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/356">#356</a> use
<code>@​npmcli/package-json</code> (<a
href="https://redirect.github.com/npm/pacote/issues/356">#356</a>) (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2>v18.0.0</h2>
<h2><a
href="https://github.com/npm/pacote/compare/v17.0.7...v18.0.0">18.0.0</a>
(2024-04-15)</h2>
<h3>⚠️ BREAKING CHANGES</h3>
<ul>
<li>The <code>silent</code> option was used to control whether
<code>@npmcli/run-script</code> would write a banner via
<code>console.log</code>. Now ouput will be emitted via an
<code>process.emit('output')</code>.</li>
</ul>
<h3>Features</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/0c045693dfdc8654a044b3297b49192d29a8c813"><code>0c04569</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/352">#352</a>
remove silent option (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/cb3abc2e77326abe158e90247a12882e6a767e13"><code>cb3abc2</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/352">#352</a> bump
<code>@​npmcli/run-script</code> from 7.0.4 to 8.0.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/7089bb108f20b2c728836651c83678d68fc181c0"><code>7089bb1</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/355">#355</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/4952672ebca467fc1f9c49b19fb3fef9eecbaf19"><code>4952672</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/355">#355</a> bump
<code>@​npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/pacote/blob/main/CHANGELOG.md">pacote's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/pacote/compare/v18.0.2...v18.0.3">18.0.3</a>
(2024-04-30)</h2>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/5ecce7ac82ba9e710d3bb21ec9096a992516a2a1"><code>5ecce7a</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/360">#360</a>
<code>npm-registry-fetch@17.0.0</code> (<a
href="https://redirect.github.com/npm/pacote/issues/360">#360</a>)</li>
</ul>
<h2><a
href="https://github.com/npm/pacote/compare/v18.0.1...v18.0.2">18.0.2</a>
(2024-04-24)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/116b2776822b494b5928297f4dedc01af671523a"><code>116b277</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/358">#358</a> don't
strip underscore attributes in .manifest() (<a
href="https://redirect.github.com/npm/pacote/issues/358">#358</a>) (<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h2><a
href="https://github.com/npm/pacote/compare/v18.0.0...v18.0.1">18.0.1</a>
(2024-04-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/b547e0dfbc51c20ca13cfaba9a27f221dc38fc10"><code>b547e0d</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/356">#356</a> use
<code>@​npmcli/package-json</code> (<a
href="https://redirect.github.com/npm/pacote/issues/356">#356</a>) (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2><a
href="https://github.com/npm/pacote/compare/v17.0.7...v18.0.0">18.0.0</a>
(2024-04-15)</h2>
<h3>⚠️ BREAKING CHANGES</h3>
<ul>
<li>The <code>silent</code> option was used to control whether
<code>@npmcli/run-script</code> would write a banner via
<code>console.log</code>. Now ouput will be emitted via an
<code>process.emit('output')</code>.</li>
</ul>
<h3>Features</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/0c045693dfdc8654a044b3297b49192d29a8c813"><code>0c04569</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/352">#352</a>
remove silent option (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/cb3abc2e77326abe158e90247a12882e6a767e13"><code>cb3abc2</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/352">#352</a> bump
<code>@​npmcli/run-script</code> from 7.0.4 to 8.0.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/7089bb108f20b2c728836651c83678d68fc181c0"><code>7089bb1</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/355">#355</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/4952672ebca467fc1f9c49b19fb3fef9eecbaf19"><code>4952672</code></a>
<a href="https://redirect.github.com/npm/pacote/pull/355">#355</a> bump
<code>@​npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/npm/pacote/commit/8ae0b791c64529aadce5f20043e7da705761ce7f"><code>8ae0b79</code></a>
chore: release 18.0.3 (<a
href="https://redirect.github.com/npm/pacote/issues/361">#361</a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/5ecce7ac82ba9e710d3bb21ec9096a992516a2a1"><code>5ecce7a</code></a>
deps: npm-registry-fetch@17.0.0 (<a
href="https://redirect.github.com/npm/pacote/issues/360">#360</a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/c4f682184450f6d60f763603275ec7165ac468d5"><code>c4f6821</code></a>
chore: release 18.0.2 (<a
href="https://redirect.github.com/npm/pacote/issues/359">#359</a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/116b2776822b494b5928297f4dedc01af671523a"><code>116b277</code></a>
fix: don't strip underscore attributes in .manifest() (<a
href="https://redirect.github.com/npm/pacote/issues/358">#358</a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/0cd82be15ad0a7015a25c20e236565ee5993b93d"><code>0cd82be</code></a>
chore: release 18.0.1 (<a
href="https://redirect.github.com/npm/pacote/issues/357">#357</a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/b547e0dfbc51c20ca13cfaba9a27f221dc38fc10"><code>b547e0d</code></a>
fix: use <code>@​npmcli/package-json</code> (<a
href="https://redirect.github.com/npm/pacote/issues/356">#356</a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/066ead20986074a6e6120aeb146bbddc7aec8b2c"><code>066ead2</code></a>
chore: release 18.0.0 (<a
href="https://redirect.github.com/npm/pacote/issues/354">#354</a>)</li>
<li><a
href="https://github.com/npm/pacote/commit/7089bb108f20b2c728836651c83678d68fc181c0"><code>7089bb1</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="https://github.com/npm/pacote/commit/4952672ebca467fc1f9c49b19fb3fef9eecbaf19"><code>4952672</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.21.3 to
4.21.4</li>
<li><a
href="https://github.com/npm/pacote/commit/0c045693dfdc8654a044b3297b49192d29a8c813"><code>0c04569</code></a>
feat!: remove silent option</li>
<li>Additional commits viewable in <a
href="https://github.com/npm/pacote/compare/v17.0.7...v18.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pacote&package-manager=npm_and_yarn&previous-version=17.0.7&new-version=18.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

workspaces/data/package.json

@@ -34,7 +34,7 @@
     "dotenv": "^16.0.3",
     "glob": "^10.3.4",
     "lodash": "^4.17.21",
-    "pacote": "^17.0.4",
+    "pacote": "^18.0.3",
     "proc-log": "^3.0.0",
     "semver": "^7.3.8",
     "www": "^1.0.0"