Skip to content

build(deps): bump tar from 6.1.12 to 6.2.1#22

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/tar-6.2.1
Open

build(deps): bump tar from 6.1.12 to 6.2.1#22
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/tar-6.2.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps tar from 6.1.12 to 6.2.1.

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

@dependabot dependabot bot added scope:dependencies dependency updates type:build changes to the build system or external dependencies labels Apr 1, 2026
@flex-development flex-development bot enabled auto-merge (squash) April 1, 2026 23:54
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tar-6.2.1 branch from 04dc8e8 to e45b0ea Compare April 2, 2026 00:44
@dependabot
build(deps): bump tar from 6.1.12 to 6.2.1
035f936 
Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.12 to 6.2.1.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.12...v6.2.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 6.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tar-6.2.1 branch from e45b0ea to 035f936 Compare April 2, 2026 00:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

scope:dependencies dependency updates type:build changes to the build system or external dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants