Skip to content

Bump tar-fs from 1.16.5 to 1.16.6 in /npm_and_yarn/helpers#38

Open
dependabot[bot] wants to merge 17 commits into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn/helpers/tar-fs-1.16.6
Open

Bump tar-fs from 1.16.5 to 1.16.6 in /npm_and_yarn/helpers#38
dependabot[bot] wants to merge 17 commits into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn/helpers/tar-fs-1.16.6

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jan 29, 2026
edited
Loading

Bumps tar-fs from 1.16.5 to 1.16.6.

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by cubic

Bump tar-fs from 1.16.5 to 1.16.6 in npm_and_yarn/helpers to pull in upstream bug fixes.

Written for commit e0b28e8. Summary will update on new commits.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot Bot and others added 17 commits January 23, 2026 21:35
@dependabot
Bump lodash from 4.17.21 to 4.17.23 in /bun/helpers
7fa5537 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@JaclynCodes
Merge pull request #3 from JaclynCodes/dependabot/npm_and_yarn/bun/he…
cd6d109 
…lpers/lodash-4.17.23
@dependabot
Bump tar, @npmcli/arborist and npm in /bun/helpers
3f4f9d3 
Bumps [tar](https://github.com/isaacs/node-tar) to 7.5.6 and updates ancestor dependencies [tar](https://github.com/isaacs/node-tar), [@npmcli/arborist](https://github.com/npm/cli/tree/HEAD/workspaces/arborist) and [npm](https://github.com/npm/cli). These dependencies need to be updated together.


Updates `tar` from 6.2.1 to 7.5.6
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.6)

Updates `@npmcli/arborist` from 8.0.0 to 9.1.10
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/workspaces/arborist/CHANGELOG.md)
- [Commits](https://github.com/npm/cli/commits/arborist-v9.1.10/workspaces/arborist)

Updates `npm` from 6.14.18 to 11.8.0
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v6.14.18...v11.8.0)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.6
  dependency-type: indirect
- dependency-name: "@npmcli/arborist"
  dependency-version: 9.1.10
  dependency-type: direct:production
- dependency-name: npm
  dependency-version: 11.8.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@JaclynCodes
Merge pull request #4 from JaclynCodes/dependabot/npm_and_yarn/bun/he…
82a0666 
…lpers/multi-6afa301cf6

Bump tar, @npmcli/arborist and npm in /bun/helpers
@dependabot
Bump symfony/process from 7.3.0 to 7.4.5 in /composer/helpers/v2
98c3cea 
Bumps [symfony/process](https://github.com/symfony/process) from 7.3.0 to 7.4.5.
- [Release notes](https://github.com/symfony/process/releases)
- [Changelog](https://github.com/symfony/process/blob/8.1/CHANGELOG.md)
- [Commits](symfony/process@v7.3.0...v7.4.5)

---
updated-dependencies:
- dependency-name: symfony/process
  dependency-version: 7.4.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump nuget/helpers/lib/NuGet.Client from 2948e02 to 53c7a9c
8379397 
Bumps [nuget/helpers/lib/NuGet.Client](https://github.com/NuGet/NuGet.Client) from `2948e02` to `53c7a9c`.
- [Release notes](https://github.com/NuGet/NuGet.Client/releases)
- [Commits](NuGet/NuGet.Client@2948e02...53c7a9c)

---
updated-dependencies:
- dependency-name: nuget/helpers/lib/NuGet.Client
  dependency-version: 53c7a9c9b4a3c31d9adf13fc873f2432eb53768e
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump library/rust from 1.88.0-bookworm to 1.93.0-bookworm in /cargo
d0e8f6b 
Bumps library/rust from 1.88.0-bookworm to 1.93.0-bookworm.

---
updated-dependencies:
- dependency-name: library/rust
  dependency-version: 1.93.0-bookworm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump golang.org/x/mod from 0.26.0 to 0.32.0 in /go_modules/helpers
b73e3e9 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.26.0 to 0.32.0.
- [Commits](golang/mod@v0.26.0...v0.32.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump dotnet-sdk in /nuget/helpers/lib/NuGetUpdater
f42a4a1 
Bumps [dotnet-sdk](https://github.com/dotnet/sdk) from 9.0.302 to 10.0.102.
- [Release notes](https://github.com/dotnet/sdk/releases)
- [Commits](dotnet/sdk@v9.0.302...v10.0.102)

---
updated-dependencies:
- dependency-name: dotnet-sdk
  dependency-version: 10.0.102
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump pip-tools in /python/helpers in the pip-tools group
e870168 
Bumps the pip-tools group in /python/helpers with 1 update: [pip-tools](https://github.com/jazzband/pip-tools).


Updates `pip-tools` from 7.4.1 to 7.5.2
- [Release notes](https://github.com/jazzband/pip-tools/releases)
- [Changelog](https://github.com/jazzband/pip-tools/blob/main/CHANGELOG.md)
- [Commits](jazzband/pip-tools@7.4.1...v7.5.2)

---
updated-dependencies:
- dependency-name: pip-tools
  dependency-version: 7.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-tools
...

Signed-off-by: dependabot[bot] <support@github.com>
@JaclynCodes
Merge pull request #11 from JaclynCodes/dependabot/dotnet_sdk/nuget/h…
3909d20 
…elpers/lib/NuGetUpdater/dotnet-sdk-10.0.102
@JaclynCodes
Merge pull request #17 from JaclynCodes/dependabot/pip/python/helpers…
044211a 
…/pip-tools-ae90bfcbbe
@JaclynCodes
Merge pull request #8 from JaclynCodes/dependabot/docker/cargo/librar…
d32e152 
…y/rust-1.93.0-bookworm
@JaclynCodes
Merge pull request #5 from JaclynCodes/dependabot/composer/composer/h…
c931ab1 
…elpers/v2/symfony/process-7.4.5
@JaclynCodes
Merge pull request #9 from JaclynCodes/dependabot/go_modules/go_modul…
96b1e3d 
…es/helpers/golang.org/x/mod-0.32.0
@JaclynCodes
Merge pull request #6 from JaclynCodes/dependabot/submodules/nuget/he…
716bdde 
…lpers/lib/NuGet.Client-53c7a9c
@dependabot
Bump tar-fs from 1.16.5 to 1.16.6 in /npm_and_yarn/helpers
e0b28e8 
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 1.16.5 to 1.16.6.
- [Commits](mafintosh/tar-fs@v1.16.5...v1.16.6)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 1.16.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 29, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jan 29, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Jan 29, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code L: javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JaclynCodes