build(deps): bump tar and node-red

[dependabot]

Bumps tar to 7.5.7 and updates ancestor dependency node-red. These dependencies need to be updated together.

Updates tar from 7.4.3 to 7.5.7

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• 4a37eb9 7.5.7
• f4a7aa9 fix: properly sanitize hard links containing ..
• 394ece6 7.5.6
• 7d4cc17 fix race puting a Link ahead of its target File
• 26ab904 7.5.5
• e9a1ddb fix: do not prevent valid linkpaths within archive
• 911c886 7.5.4
• 3b1abfa normalize out unicode ligatures
• a43478c remove some unused files
• 970c58f update deps
• Additional commits viewable in compare view

Updates node-red from 4.1.2 to 4.1.5

Release notes

Sourced from node-red's releases.

4.1.5: Maintenance Release

What's Changed

• chore: bump tar to 7.5.7 by @​bryopsida in node-red/node-red#5472
• Update for 4.1.5 release by @​knolleary in node-red/node-red#5479
• Fix package versions by @​knolleary in node-red/node-red#5480

Full Changelog: node-red/node-red@4.1.4...4.1.5

4.1.4

What's Changed

• fix: prevent uncaught exceptions in core node event handlers by @​Dennis-SEG in node-red/node-red#5438
• fix: prevent incorrect array modification in delay node by @​Dennis-SEG in node-red/node-red#5457
• fix: prevent double resolve in node close callback by @​Dennis-SEG in node-red/node-red#5461
• fix: prevent race condition in localfilesystem context store during shutdown by @​Dennis-SEG in node-red/node-red#5462
• registry: fix importModule base dir for exports subpaths by @​yuan-cloud in node-red/node-red#5465
• Revert overflow fix in editableList by @​knolleary in node-red/node-red#5467
• Bump for 4.1.4 release by @​knolleary in node-red/node-red#5468

New Contributors

• @​yuan-cloud made their first contribution in node-red/node-red#5465

Full Changelog: node-red/node-red@4.1.3...4.1.4

4.1.3: Maintenance Release

What's Changed

• Reveal node in search results via mouseover by @​gorenje in node-red/node-red#5368
• Fix size and scrolling in Git config UI by @​kazuhitoyokoi in node-red/node-red#5396
• Stricter validator for flow file name in project feature by @​kazuhitoyokoi in node-red/node-red#5398
• Expand folder to avoid error in library by @​kazuhitoyokoi in node-red/node-red#5399
• Fix debug tab to copy displayed value by @​kazuhitoyokoi in node-red/node-red#5400
• Fix invalid node size in quick add dialog by @​kazuhitoyokoi in node-red/node-red#5403
• Decrement count of http requests after error by @​kazuhitoyokoi in node-red/node-red#5409
• Add tooltip to delete button in node property UI by @​kazuhitoyokoi in node-red/node-red#5410
• 5404/Editor/Bug: Junction error in Quick Add dialog by @​piotrbogun in node-red/node-red#5407
• Fix status node to retrieve status from all nodes by @​kazuhitoyokoi in node-red/node-red#5412
• Support source information in complete node by @​kazuhitoyokoi in node-red/node-red#5414
• Use TextDecoder() to decode UTF-8 characters by @​kazuhitoyokoi in node-red/node-red#5416
• Update body-parser by @​knolleary in node-red/node-red#5418
• Allow actions show-next-tab and previous to loop by @​GogoVega in node-red/node-red#5355
• Editor: Flow & subflow names are changed to all lowercase in search dialog #5348 by @​n-lark in node-red/node-red#5401
• File node TypedInput width fix by @​knolleary in node-red/node-red#5425
• Fix flushing when in variable delay mode by @​dceejay in node-red/node-red#5382
• fix(http-request): prevent uncaught exceptions in async hooks by @​Dennis-SEG in node-red/node-red#5392
• TreeList: Fix widget treeList keyboard navigation scroll behavior by @​piotrbogun in node-red/node-red#5421
• Ensure quick-add filter is applied properly when retriggering add by @​knolleary in node-red/node-red#5427
• Readme markdown refactor for legibility in IDE's by @​dimitrieh in node-red/node-red#5423
• 5343/Editor/Bug: Node help tab resets focus when arrow keys are used to switch between nodes by @​piotrbogun in node-red/node-red#5406
• Add package-lock.json for reproducible dependency chains by @​dimitrieh in node-red/node-red#5426
• Bump for 4.1.3 by @​knolleary in node-red/node-red#5428

... (truncated)

Changelog

Sourced from node-red's changelog.

4.1.5: Maintenance Release

• chore: bump tar to 7.5.7 (#5472) @​bryopsida
• Update node-red-admin dependency @​knolleary

4.1.4: Maintenance Release

• Update tar dependency @​knolleary
• Revert overflow fix in editableList (#5467) @​knolleary
• registry: fix importModule base dir for exports subpaths (#5465) @​yuan-cloud
• fix: prevent race condition in localfilesystem context store during shutdown (#5462) @​Dennis-SEG
• fix: prevent double resolve in node close callback (#5461) @​Dennis-SEG
• fix: prevent incorrect array modification in delay node (#5457) @​Dennis-SEG
• fix: prevent uncaught exceptions in core node event handlers (#5438) @​Dennis-SEG

4.1.3: Maintenance Release

Editor

• 5343/Editor/Bug: Node help tab resets focus when arrow keys are used to switch between nodes (#5406) @​piotrbogun
• Ensure quick-add filter is applied properly when retriggering add (#5427) @​knolleary
• TreeList: Fix widget treeList keyboard navigation scroll behavior (#5421) @​piotrbogun
• Editor: Flow & subflow names are changed to all lowercase in search dialog #5348 (#5401) @​n-lark
• Allow actions show-next-tab and previous to loop (#5355) @​GogoVega
• 5404/Editor/Bug: Junction error in Quick Add dialog (#5407) @​piotrbogun
• Add tooltip to delete button in node property UI (#5410) @​kazuhitoyokoi
• Fix invalid node size in quick add dialog (#5403) @​kazuhitoyokoi
• Expand folder to avoid error in library (#5399) @​kazuhitoyokoi
• Stricter validator for flow file name in project feature (#5398) @​kazuhitoyokoi
• Fix size and scrolling in Git config UI (#5396) @​kazuhitoyokoi
• Reveal node in search results via mouseover (#5368) @​gorenje

Runtime

• Add package-lock.json for reproducible dependency chains (#5426) @​dimitrieh
• Readme markdown refactor for legibility in IDE's (#5423) @​dimitrieh
• Update body-parser (#5418) @​knolleary

Nodes

• fix(http-request): prevent uncaught exceptions in async hooks (#5392) @​Dennis-SEG
• Fix flushing when in variable delay mode (#5382) @​dceejay
• File node TypedInput width fix (#5425) @​knolleary
• Use TextDecoder() to decode UTF-8 characters (#5416) @​kazuhitoyokoi
• Support source information in complete node (#5414) @​kazuhitoyokoi
• Fix status node to retrieve status from all nodes (#5412) @​kazuhitoyokoi
• Decrement count of http requests after error (#5409) @​kazuhitoyokoi
• Fix debug tab to copy displayed value (#5400) @​kazuhitoyokoi

Commits

• 661828b Merge pull request #5480 from node-red/rel415-2
• df96cfa Fix package versions
• ce91d5d Merge pull request #5479 from node-red/rel415
• dadf7a3 Update for 4.1.5 release
• dc6a86d Merge pull request #5472 from bryopsida/patch-tar
• c2f2e57 chore: bump tar to 7.5.7
• 56c641f Merge pull request #5468 from node-red/rel414
• 866d2b0 Update changelog
• 12c575b Bump dependencies and version
• 2151592 Merge pull request #5467 from node-red/5463-fix-editablelist-overflow
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.