Skip to content

fix(deps): bump tar and npm#824

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-cc382f683c
Open

fix(deps): bump tar and npm#824
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-cc382f683c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 11, 2026

Copy link
Copy Markdown
Contributor

Removes tar. It's no longer used after updating ancestor dependency npm. These dependencies need to be updated together.

Removes tar

Updates npm from 11.9.0 to 11.11.1

Release notes

Sourced from npm's releases.

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

Chores

v11.11.0

11.11.0 (2026-02-25)

Features

Bug Fixes

Documentation

Dependencies

... (truncated)

Changelog

Sourced from npm's changelog.

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

Chores

11.11.0 (2026-02-25)

Features

Bug Fixes

Documentation

Dependencies

... (truncated)

Commits
  • 8afa3bd chore: release 11.11.1
  • a9d242b fix: include all subcommands on main command help (#9099)
  • 5b7c0cc fix(arborist): exclude store nodes from :root > * in linked strategy (#9096)
  • 3b70a9d fix(arborist): simplify rootDeclaredDeps initialization (#9097)
  • 29b8407 fix: unwrap comments and lines meant for output (#9087)
  • b56986a fix(ls): suppress false UNMET DEPENDENCYs in linked strategy (#9095)
  • c7702d0 fix(arborist): fix non-idempotent linked install with workspace projects (#9094)
  • 075ae23 deps: tar@7.5.11
  • 13fa40d deps: pacote@21.5.0
  • 76c76e5 fix(ci): don't error on optional deps in the lockfile (#9083)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026
@netlify

netlify Bot commented Mar 11, 2026

Copy link
Copy Markdown

Deploy Preview for phillips-seldon ready!

Name Link
🔨 Latest commit a7afe66
🔍 Latest deploy log https://app.netlify.com/projects/phillips-seldon/deploys/69ce6f3047888900081f8398
😎 Deploy Preview https://deploy-preview-824--phillips-seldon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions

github-actions Bot commented Mar 11, 2026

Copy link
Copy Markdown

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-cc382f683c branch 2 times, most recently from 783c9ed to 2ac6b20 Compare March 19, 2026 20:16
Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependency [npm](https://github.com/npm/cli). These dependencies need to be updated together.


Removes `tar`

Updates `npm` from 11.9.0 to 11.11.1
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v11.9.0...v11.11.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 
  dependency-type: indirect
- dependency-name: npm
  dependency-version: 11.11.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-cc382f683c branch from 2ac6b20 to a7afe66 Compare April 2, 2026 13:29
@scottdickerson

Copy link
Copy Markdown
Contributor

Dependency Upgrade Risk Assessment

Risk Level: low

What This Library Does & How We Use It

tar is a Node.js tar archive library; npm is the package manager CLI. Both are dev/build tooling dependencies, not part of the published seldon bundle.

What Changed

tar removed (no longer needed after ancestor updates); npm updated

Risk Rationale

  • Breaking changes: no — tar is being removed as it's no longer needed
  • Usage breadth: not in published bundle
  • Criticality: dev tooling only

Regression Tests Checklist

Before merging, confirm:

  • bun run build completes without errors and produces expected dist output
  • bun test passes
  • Verify bun install and bun run build complete without errors after this change

Assessment performed automatically. Review and adjust if you have additional context.

@scottdickerson

Copy link
Copy Markdown
Contributor

Dependency Upgrade Risk Assessment

Risk Level: low

What This Library Does & How We Use It

tar is a Node.js tar archive library; npm is the package manager CLI. Both are dev/build tooling — not part of the published seldon bundle.

What Changed

tar removed (no longer needed after ancestor updates); npm updated to 11.17.0

Risk Rationale

  • Breaking changes: no — tar is being removed as it's no longer needed
  • Usage breadth: not in the published bundle
  • Criticality: dev tooling only

Regression Tests Checklist

Before merging, confirm:

  • bun run build completes without errors and produces expected dist output
  • bun test passes
  • Verify bun install and bun run build complete without errors after this change

Assessment performed automatically. Review and adjust if you have additional context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file dependency-upgrade-risk:low javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant