Skip to content

Bump tar and @angular/cli in /starters/angular/ecommerce#650

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/starters/angular/ecommerce/multi-f7295d6b11
Open

Bump tar and @angular/cli in /starters/angular/ecommerce#650
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/starters/angular/ecommerce/multi-f7295d6b11

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps tar to 7.5.16 and updates ancestor dependency @angular/cli. These dependencies need to be updated together.

Updates tar from 6.2.1 to 7.5.16

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
  • cf21338 7.5.16
  • 21a8220 do not apply PAX header fields to meta entries
  • 52632cf update project deps
  • 302f51f fix inconsequential typo in PENDINGLINKS symbol name
  • 55dbb99 remove some uses of mutate-fs
  • 87cc309 7.5.15
  • 7aef486 fix: regression in pending links detection
  • 6244eb3 7.5.14
  • 9704d8c stricter protection against hardlinks preempting their targets
  • 700734f update workflows and deps
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates @angular/cli from 20.0.0 to 20.3.29

Release notes

Sourced from @​angular/cli's releases.

20.3.29

@​angular/cli

Commit Description
fix - 5f7c0328c update pacote to 21.5.1

@​angular/ssr

Commit Description
fix - a75d78e68 prioritize options over environment variables in AngularNodeAppEngine

20.3.28

@​angular/cli

Commit Description
fix - e3d564667 fallback to deprecated versions when resolving ranges if no non-deprecated version is found
fix - f12e17025 remove forceAuth and unscoped credential parsing

20.3.27

@​angular/ssr

Commit Description
fix - 07c6c96ba add support for configuring trusted proxy headers via environment variable

20.3.26

@​angular/ssr

Commit Description
fix - 7cc1871ee allow all hosts in common engine rendering options to prevent validation errors

20.3.25

@​angular-devkit/build-angular

Commit Description
fix - 5e01ef40e upgrade postcss to 8.5.12

@​angular/ssr

Commit Description
fix - 6686848d9 introduce trustProxyHeaders option to safely validate and sanitize proxy headers

20.3.24

@​angular/build

Commit Description
fix - 10c09c77b update esbuild to 0.28.0

20.3.23

@​angular/build

Commit Description
fix - ccab02ba0 update vite to 7.3.2

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

20.3.29 (2026-06-17)

@​angular/cli

Commit Type Description
5f7c0328c fix update pacote to 21.5.1

@​angular/ssr

Commit Type Description
a75d78e68 fix prioritize options over environment variables in AngularNodeAppEngine

22.0.2 (2026-06-17)

@​angular/cli

Commit Type Description
136fc2714 fix support registry metadata fetching under bun package manager
2653dd5c7 perf implement semaphore backpressure throttling in PackageManager

@​angular/build

Commit Type Description
0b4a48add perf implement semaphore backpressure throttling in JavaScriptTransformer

@​angular/ssr

Commit Type Description
d996a27e9 fix avoid caching non-SSG page lookups
285a34e42 fix correct grammar in console warning for redirected location headers
c8088a536 fix prioritize options over environment variables in AngularNodeAppEngine

22.1.0-next.0 (2026-06-11)

Deprecations

@​angular-devkit/core

... (truncated)

Commits
  • a19c3a7 release: cut the v20.3.29 release
  • b89b772 build: update dependency webpack-dev-server to 5.2.5
  • 5f7c032 fix(@​angular/cli): update pacote to 21.5.1
  • a75d78e fix(@​angular/ssr): prioritize options over environment variables in AngularNo...
  • 9eba41c release: cut the v20.3.28 release
  • 2fb9b3b test(@​angular/cli): ignore engines in version-specifier E2E test when using yarn
  • f12e170 fix(@​angular/cli): remove forceAuth and unscoped credential parsing
  • 241f9b9 test(@​angular/cli): remove unscoped authentication test cases from registry t...
  • e3d5646 fix(@​angular/cli): fallback to deprecated versions when resolving ranges if n...
  • da23ee7 release: cut the v20.3.27 release
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 15, 2026
@dependabot dependabot Bot requested a review from jamesdaniels as a code owner June 15, 2026 19:52
@dependabot dependabot Bot added the javascript Pull requests that update Javascript code label Jun 15, 2026
@dependabot
Bump tar and @angular/cli in /starters/angular/ecommerce
d1d7d46 
Bumps [tar](https://github.com/isaacs/node-tar) to 7.5.16 and updates ancestor dependency [@angular/cli](https://github.com/angular/angular-cli). These dependencies need to be updated together.


Updates `tar` from 6.2.1 to 7.5.16
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.16)

Updates `@angular/cli` from 20.0.0 to 20.3.29
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@20.0.0...v20.3.29)

---
updated-dependencies:
- dependency-name: "@angular/cli"
  dependency-version: 20.3.28
  dependency-type: direct:development
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/starters/angular/ecommerce/multi-f7295d6b11 branch from 1142b40 to d1d7d46 Compare June 22, 2026 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamesdaniels jamesdaniels Awaiting requested review from jamesdaniels jamesdaniels is a code owner

@Yuangwang Yuangwang Awaiting requested review from Yuangwang Yuangwang is a code owner

@annajowang annajowang Awaiting requested review from annajowang annajowang is a code owner

@abhis3 abhis3 Awaiting requested review from abhis3 abhis3 is a code owner

@falahat falahat Awaiting requested review from falahat falahat is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants