Skip to content

Bump tar and @angular/cli#919

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-4ce0e2017b
Open

Bump tar and @angular/cli#919
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-4ce0e2017b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps tar to 7.5.16 and updates ancestor dependency @angular/cli. These dependencies need to be updated together.

Updates tar from 6.2.1 to 7.5.16

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
  • cf21338 7.5.16
  • 21a8220 do not apply PAX header fields to meta entries
  • 52632cf update project deps
  • 302f51f fix inconsequential typo in PENDINGLINKS symbol name
  • 55dbb99 remove some uses of mutate-fs
  • 87cc309 7.5.15
  • 7aef486 fix: regression in pending links detection
  • 6244eb3 7.5.14
  • 9704d8c stricter protection against hardlinks preempting their targets
  • 700734f update workflows and deps
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates @angular/cli from 19.0.6 to 22.0.3

Release notes

Sourced from @​angular/cli's releases.

22.0.3

@​schematics/angular

Commit Description
fix - 0eddea898 remove default workspace vscode mcp.json configuration

22.0.2

@​angular/cli

Commit Description
fix - 136fc2714 support registry metadata fetching under bun package manager
perf - 2653dd5c7 implement semaphore backpressure throttling in PackageManager

@​angular/build

Commit Description
perf - 0b4a48add implement semaphore backpressure throttling in JavaScriptTransformer

@​angular/ssr

Commit Description
fix - d996a27e9 avoid caching non-SSG page lookups
fix - 285a34e42 correct grammar in console warning for redirected location headers
fix - c8088a536 prioritize options over environment variables in AngularNodeAppEngine

22.0.1

@​schematics/angular

Commit Description
fix - c80012294 fix browserMode option mapping in refactor-jasmine-vitest
fix - a9b6bd904 safely comment out multiline statements in refactor-jasmine-vitest
fix - 12199df00 use null objects and callbacks in karma-to-vitest migration

@​angular/cli

Commit Description
fix - b54e9a549 do not sort migrations of the same version alphabetically
fix - d33311612 fallback to local package.json for schematic detection on first run
fix - 918102a93 isolate temporary package installation from parent pnpm workspace
fix - b048b5f4a remove forceAuth and unscoped credential parsing
fix - 277934035 validate registry option is a valid URL in ng add
perf - 4510dae02 optimize update schematic registry query counts by fetching package metadata lazily

@​angular/build

Commit Description
fix - 89d1be979 allow disabling Vitest isolation from builder
fix - d45b84be9 exclude JSON imports from Vite dependency optimization
fix - e3cab4ddd prevent concurrent stylesheet bundling esbuild context leaks
fix - bd413b0eb restrict application builder output paths to output directory

22.0.0

@​schematics/angular

| Commit | Description |

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

22.0.3 (2026-06-18)

@​schematics/angular

Commit Type Description
0eddea898 fix remove default workspace vscode mcp.json configuration

21.2.16 (2026-06-17)

@​angular/cli

Commit Type Description
77c9047ac fix update pacote to 21.5.1

@​angular/ssr

Commit Type Description
d052e97da fix prioritize options over environment variables in AngularNodeAppEngine

20.3.29 (2026-06-17)

@​angular/cli

Commit Type Description
5f7c0328c fix update pacote to 21.5.1

@​angular/ssr

Commit Type Description
a75d78e68 fix prioritize options over environment variables in AngularNodeAppEngine

22.0.2 (2026-06-17)

... (truncated)

Commits
  • b30b9d3 release: cut the v22.0.3 release
  • bc97bb3 build: update dependency vite to v7.3.5
  • 0eddea8 fix(@​schematics/angular): remove default workspace vscode mcp.json configuration
  • 08f9959 refactor(@​angular/cli): promote experimental MCP tools to stable
  • aab6c10 release: cut the v22.0.2 release
  • 376e4dc build: update cross-repo angular dependencies
  • d996a27 fix(@​angular/ssr): avoid caching non-SSG page lookups
  • 5714bfc build: update pnpm to v10.34.3
  • f26011a build: lock file maintenance
  • 2879ed9 build: update bazel dependencies
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
@github-actions github-actions Bot enabled auto-merge June 15, 2026 18:40
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-4ce0e2017b branch from aea8a9e to 716f4ac Compare June 18, 2026 21:00
@dependabot
Bump tar and @angular/cli
76e36e8 
Bumps [tar](https://github.com/isaacs/node-tar) to 7.5.16 and updates ancestor dependency [@angular/cli](https://github.com/angular/angular-cli). These dependencies need to be updated together.


Updates `tar` from 6.2.1 to 7.5.16
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.16)

Updates `@angular/cli` from 19.0.6 to 22.0.3
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@19.0.6...v22.0.3)

---
updated-dependencies:
- dependency-name: "@angular/cli"
  dependency-version: 22.0.1
  dependency-type: direct:development
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-4ce0e2017b branch from 716f4ac to 76e36e8 Compare June 18, 2026 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants