Skip to content

build(deps): bump tar, @lerna-lite/changed, @lerna-lite/cli, @lerna-lite/publish, @lerna-lite/run and @lerna-lite/version#1436

Merged
z3dev merged 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-a2942af2d7
Feb 11, 2026
Merged

build(deps): bump tar, @lerna-lite/changed, @lerna-lite/cli, @lerna-lite/publish, @lerna-lite/run and @lerna-lite/version#1436
z3dev merged 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-a2942af2d7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 11, 2026

Bumps tar to 7.5.7 and updates ancestor dependencies tar, @lerna-lite/changed, @lerna-lite/cli, @lerna-lite/publish, @lerna-lite/run and @lerna-lite/version. These dependencies need to be updated together.

Updates tar from 6.2.1 to 7.5.7

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.


Updates @lerna-lite/changed from 2.7.2 to 4.11.2

Release notes

Sourced from @​lerna-lite/changed's releases.

v4.11.2

4.11.2 (2026-02-07)

Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub ⭐

v4.11.1

4.11.1 (2026-01-17)

bump tar and node-tar to fix a CVE security identified in CVE-2026-23745

🐞 Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub!

v4.11.0

4.11.0 (2026-01-16)

This release includes 2 new lerna version options to add extra Header/Footer messages to your GitHub/GitLab Releases. This can be useful to automate the use of certain static texts (like a list of Sponsors or a link to your website), so that they're always included in your releases without having to insert them manually. You can see a demo of that at the bottom of this release which added a footer using one the new footer option.

See 2 new options

Note the text above was not inserted via the new options but the footer down below was inserted with the new release footer option.

✨ Features

🐞 Bug Fixes

... (truncated)

Changelog

Sourced from @​lerna-lite/changed's changelog.

4.11.2 (2026-02-07)

Note: Version bump only for package @​lerna-lite/changed

4.11.0 (2026-01-16)

Note: Version bump only for package @​lerna-lite/changed

4.10.5 (2026-01-07)

Note: Version bump only for package @​lerna-lite/changed

4.10.4 (2026-01-06)

Note: Version bump only for package @​lerna-lite/changed

4.10.3 (2025-12-27)

Note: Version bump only for package @​lerna-lite/changed

4.10.2 (2025-12-13)

Note: Version bump only for package @​lerna-lite/changed

4.10.1 (2025-12-12)

Note: Version bump only for package @​lerna-lite/changed

4.10.0 (2025-12-12)

Note: Version bump only for package @​lerna-lite/changed

4.9.4 (2025-11-27)

Note: Version bump only for package @​lerna-lite/changed

4.9.3 (2025-11-20)

Note: Version bump only for package @​lerna-lite/changed

4.9.2 (2025-11-04)

Note: Version bump only for package @​lerna-lite/changed

4.9.1 (2025-10-17)

Note: Version bump only for package @​lerna-lite/changed

4.9.0 (2025-09-26)

... (truncated)

Commits
  • 3b63fab chore(release): publish new version v4.11.2
  • ef74c14 chore(release): publish new version v4.11.0
  • 79d1054 chore(release): publish new version v4.10.5
  • 3ccae82 chore(release): publish new version v4.10.4
  • 413ca7d chore: reformat all files and insert newline & remove editorconfig file
  • 55c36f6 chore(release): publish new version v4.10.3
  • 4e6fc60 chore: run oxc format
  • cf9d74a chore(deps): update to latest oxfmt which now sorts all package.json
  • 2ce58cb chore(deps): update to latest oxfmt which now sorts all package.json (#1218)
  • 4046900 refactor(core): Conf to ESM, typescript-go, keep lifecycle config compat (#1199)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​lerna-lite/changed since your current version.


Updates @lerna-lite/cli from 2.7.2 to 4.11.2

Release notes

Sourced from @​lerna-lite/cli's releases.

v4.11.2

4.11.2 (2026-02-07)

Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub ⭐

v4.11.1

4.11.1 (2026-01-17)

bump tar and node-tar to fix a CVE security identified in CVE-2026-23745

🐞 Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub!

v4.11.0

4.11.0 (2026-01-16)

This release includes 2 new lerna version options to add extra Header/Footer messages to your GitHub/GitLab Releases. This can be useful to automate the use of certain static texts (like a list of Sponsors or a link to your website), so that they're always included in your releases without having to insert them manually. You can see a demo of that at the bottom of this release which added a footer using one the new footer option.

See 2 new options

Note the text above was not inserted via the new options but the footer down below was inserted with the new release footer option.

✨ Features

🐞 Bug Fixes

... (truncated)

Changelog

Sourced from @​lerna-lite/cli's changelog.

4.11.2 (2026-02-07)

Note: Version bump only for package @​lerna-lite/cli

4.11.0 (2026-01-16)

✨ Features

4.10.5 (2026-01-07)

Note: Version bump only for package @​lerna-lite/cli

4.10.4 (2026-01-06)

Note: Version bump only for package @​lerna-lite/cli

4.10.3 (2025-12-27)

Note: Version bump only for package @​lerna-lite/cli

4.10.2 (2025-12-13)

Note: Version bump only for package @​lerna-lite/cli

4.10.1 (2025-12-12)

Bug Fixes

4.10.0 (2025-12-12)

Features

4.9.4 (2025-11-27)

Note: Version bump only for package @​lerna-lite/cli

4.9.3 (2025-11-20)

Note: Version bump only for package @​lerna-lite/cli

4.9.2 (2025-11-04)

Note: Version bump only for package @​lerna-lite/cli

... (truncated)

Commits
  • 3b63fab chore(release): publish new version v4.11.2
  • 384d68d chore: use correct import paths in package.json
  • 1e2679e chore(deps): update to oxfmt v0.26.0 which now supports format overrides (#1252)
  • ef74c14 chore(release): publish new version v4.11.0
  • 5ad8425 feat: add customizable remote Release Header & Footer messages (#1243)
  • ea9c5b7 chore: enable new oxlint optional chaining rule (#1240)
  • 4b433dd chore: add missing lerna command options in JSON Schema (#1237)
  • 79d1054 chore(release): publish new version v4.10.5
  • 3ccae82 chore(release): publish new version v4.10.4
  • 413ca7d chore: reformat all files and insert newline & remove editorconfig file
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​lerna-lite/cli since your current version.


Updates @lerna-lite/publish from 2.7.2 to 4.11.2

Release notes

Sourced from @​lerna-lite/publish's releases.

v4.11.2

4.11.2 (2026-02-07)

Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub ⭐

v4.11.1

4.11.1 (2026-01-17)

bump tar and node-tar to fix a CVE security identified in CVE-2026-23745

🐞 Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub!

v4.11.0

4.11.0 (2026-01-16)

This release includes 2 new lerna version options to add extra Header/Footer messages to your GitHub/GitLab Releases. This can be useful to automate the use of certain static texts (like a list of Sponsors or a link to your website), so that they're always included in your releases without having to insert them manually. You can see a demo of that at the bottom of this release which added a footer using one the new footer option.

See 2 new options

Note the text above was not inserted via the new options but the footer down below was inserted with the new release footer option.

✨ Features

🐞 Bug Fixes

... (truncated)

Changelog

Sourced from @​lerna-lite/publish's changelog.

4.11.2 (2026-02-07)

Bug Fixes

4.11.1 (2026-01-17)

🐞 Bug Fixes

4.11.0 (2026-01-16)

Note: Version bump only for package @​lerna-lite/publish

4.10.5 (2026-01-07)

Note: Version bump only for package @​lerna-lite/publish

4.10.4 (2026-01-06)

Note: Version bump only for package @​lerna-lite/publish

4.10.3 (2025-12-27)

🐞 Bug Fixes

4.10.2 (2025-12-13)

Note: Version bump only for package @​lerna-lite/publish

4.10.1 (2025-12-12)

Bug Fixes

4.10.0 (2025-12-12)

Features

Bug Fixes

... (truncated)

Commits
  • 3b63fab chore(release): publish new version v4.11.2
  • 4b05ca2 fix(deps): update all non-major dependencies (#1263)
  • 597828f fix(deps): update all non-major dependencies (#1251)
  • a18a25e fix(deps): update dependency tar to v7.5.7 [security] (#1254)
  • 1e2679e chore(deps): update to oxfmt v0.26.0 which now supports format overrides (#1252)
  • 40aa57a chore(release): publish new version v4.11.1
  • 541fe07 fix(deps): update all non-major dependencies (#1248)
  • ef74c14 chore(release): publish new version v4.11.0
  • 7a5d6b3 chore: small code improvement with auto-confirm prompt (#1242)
  • ea9c5b7 chore: enable new oxlint optional chaining rule (#1240)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​lerna-lite/publish since your current version.


Updates @lerna-lite/run from 2.7.2 to 4.11.2

Release notes

Sourced from @​lerna-lite/run's releases.

v4.11.2

4.11.2 (2026-02-07)

Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub ⭐

v4.11.1

4.11.1 (2026-01-17)

bump tar and node-tar to fix a CVE security identified in CVE-2026-23745

🐞 Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub!

v4.11.0

4.11.0 (2026-01-16)

This release includes 2 new lerna version options to add extra Header/Footer messages to your GitHub/GitLab Releases. This can be useful to automate the use of certain static texts (like a list of Sponsors or a link to your website), so that they're always included in your releases without having to insert them manually. You can see a demo of that at the bottom of this release which added a footer using one the new footer option.

See 2 new options

Note the text above was not inserted via the new options but the footer down below was inserted with the new release footer option.

✨ Features

🐞 Bug Fixes

... (truncated)

Changelog

Sourced from @​lerna-lite/run's changelog.

4.11.2 (2026-02-07)

Note: Version bump only for package @​lerna-lite/run

4.11.1 (2026-01-17)

Note: Version bump only for package @​lerna-lite/run

4.11.0 (2026-01-16)

Note: Version bump only for package @​lerna-lite/run

4.10.5 (2026-01-07)

Note: Version bump only for package @​lerna-lite/run

4.10.4 (2026-01-06)

Note: Version bump only for package @​lerna-lite/run

4.10.3 (2025-12-27)

Note: Version bump only for package @​lerna-lite/run

4.10.2 (2025-12-13)

Note: Version bump only for package @​lerna-lite/run

4.10.1 (2025-12-12)

Note: Version bump only for package @​lerna-lite/run

4.10.0 (2025-12-12)

Note: Version bump only for package @​lerna-lite/run

4.9.4 (2025-11-27)

Note: Version bump only for package @​lerna-lite/run

4.9.3 (2025-11-20)

Note: Version bump only for package @​lerna-lite/run

4.9.2 (2025-11-04)

Note: Version bump only for package @​lerna-lite/run

4.9.1 (2025-10-17)

... (truncated)

Commits
  • 3b63fab chore(release): publish new version v4.11.2
  • 40aa57a chore(release): publish new version v4.11.1
  • ef74c14 chore(release): publish new version v4.11.0
  • ea9c5b7 chore: enable new oxlint optional chaining rule (#1240)
  • 79d1054 chore(release): publish new version v4.10.5
  • 3ccae82 chore(release): publish new version v4.10.4
  • 413ca7d chore: reformat all files and insert newline & remove editorconfig file
  • 55c36f6 chore(release): publish new version v4.10.3
  • 4e6fc60 chore: run oxc format
  • cf9d74a chore(deps): update to latest oxfmt which now sorts all package.json
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​lerna-lite/run since your current version.


Updates @lerna-lite/version from 2.7.2 to 4.11.2

Release notes

Sourced from @​lerna-lite/version's releases.

v4.11.2

4.11.2 (2026-02-07)

Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub ⭐

v4.11.1

4.11.1 (2026-01-17)

bump tar and node-tar to fix a CVE security identified in CVE-2026-23745

🐞 Bug Fixes

Released by Lerna-Lite 🤖. Star us on GitHub!

v4.11.0

4.11.0 (2026-01-16)

This release includes 2 new lerna version options to add extra Header/Footer messages to your GitHub/GitLab Releases. This can be useful to automate the use of certain static texts (like a list of Sponsors or a link to your website), so that they're always included in your releases without having to insert them manually. You can see a demo of that at the bottom of this release which added a footer using one the new footer option.

See 2 new options

Note the text above was not inserted via the new options but the footer down below was inserted with the new release footer option.

✨ Features

🐞 Bug Fixes

... (truncated)

Changelog

Sourced from @​lerna-lite/version's changelog.

4.11.2 (2026-02-07)

Bug Fixes

4.11.1 (2026-01-17)

🐞 Bug Fixes

4.11.0 (2026-01-16)

✨ Features

4.10.5 (2026-01-07)

Note: Version bump only for package @​lerna-lite/version

4.10.4 (2026-01-06)

🐞 Bug Fixes

4.10.3 (2025-12-27)

🐞 Bug Fixes

4.10.2 (2025-12-13)

Bug Fixes

4.10.1 (2025-12-12)

Bug Fixes

... (truncated)

Commits
  • 3b63fab chore(release): publish new version v4.11.2
  • 597828f fix(deps): update all non-major dependencies (#1251)
  • 5226ad1 fix: add missing Comment issues/PRs count in --dry-run mode (#1261)
  • 1e2679e chore(deps): update to oxfmt v0.26.0 which now supports format overrides (#1252)
  • 2e34064 chore: add missing date condition in comment query filter logs
  • 394d619 chore: add missing date condition in comment query filter logs
  • 40aa57a chore(release): publish new version v4.11.1
  • 882e311 chore: add more logs to show GitHub query search filters (#1249)
  • 39e0f55Description has been truncated

@dependabot
build(deps): bump tar, @lerna-lite/changed, @lerna-lite/cli, @lerna-l…
5a49d1f 
…ite/publish, @lerna-lite/run and @lerna-lite/version

Bumps [tar](https://github.com/isaacs/node-tar) to 7.5.7 and updates ancestor dependencies [tar](https://github.com/isaacs/node-tar), [@lerna-lite/changed](https://github.com/lerna-lite/lerna-lite/tree/HEAD/packages/changed), [@lerna-lite/cli](https://github.com/lerna-lite/lerna-lite/tree/HEAD/packages/cli), [@lerna-lite/publish](https://github.com/lerna-lite/lerna-lite/tree/HEAD/packages/publish), [@lerna-lite/run](https://github.com/lerna-lite/lerna-lite/tree/HEAD/packages/run) and [@lerna-lite/version](https://github.com/lerna-lite/lerna-lite/tree/HEAD/packages/version). These dependencies need to be updated together.


Updates `tar` from 6.2.1 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.7)

Updates `@lerna-lite/changed` from 2.7.2 to 4.11.2
- [Release notes](https://github.com/lerna-lite/lerna-lite/releases)
- [Changelog](https://github.com/lerna-lite/lerna-lite/blob/main/packages/changed/CHANGELOG.md)
- [Commits](https://github.com/lerna-lite/lerna-lite/commits/v4.11.2/packages/changed)

Updates `@lerna-lite/cli` from 2.7.2 to 4.11.2
- [Release notes](https://github.com/lerna-lite/lerna-lite/releases)
- [Changelog](https://github.com/lerna-lite/lerna-lite/blob/main/packages/cli/CHANGELOG.md)
- [Commits](https://github.com/lerna-lite/lerna-lite/commits/v4.11.2/packages/cli)

Updates `@lerna-lite/publish` from 2.7.2 to 4.11.2
- [Release notes](https://github.com/lerna-lite/lerna-lite/releases)
- [Changelog](https://github.com/lerna-lite/lerna-lite/blob/main/packages/publish/CHANGELOG.md)
- [Commits](https://github.com/lerna-lite/lerna-lite/commits/v4.11.2/packages/publish)

Updates `@lerna-lite/run` from 2.7.2 to 4.11.2
- [Release notes](https://github.com/lerna-lite/lerna-lite/releases)
- [Changelog](https://github.com/lerna-lite/lerna-lite/blob/main/packages/run/CHANGELOG.md)
- [Commits](https://github.com/lerna-lite/lerna-lite/commits/v4.11.2/packages/run)

Updates `@lerna-lite/version` from 2.7.2 to 4.11.2
- [Release notes](https://github.com/lerna-lite/lerna-lite/releases)
- [Changelog](https://github.com/lerna-lite/lerna-lite/blob/main/packages/version/CHANGELOG.md)
- [Commits](https://github.com/lerna-lite/lerna-lite/commits/v4.11.2/packages/version)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: indirect
- dependency-name: "@lerna-lite/changed"
  dependency-version: 4.11.2
  dependency-type: direct:development
- dependency-name: "@lerna-lite/cli"
  dependency-version: 4.11.2
  dependency-type: direct:development
- dependency-name: "@lerna-lite/publish"
  dependency-version: 4.11.2
  dependency-type: direct:development
- dependency-name: "@lerna-lite/run"
  dependency-version: 4.11.2
  dependency-type: direct:development
- dependency-name: "@lerna-lite/version"
  dependency-version: 4.11.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 11, 2026
@z3dev z3dev self-requested a review February 11, 2026 07:14
z3dev
z3dev approved these changes Feb 11, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@z3dev z3dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. I was going to do this anyway.

@z3dev z3dev merged commit d8a8290 into master Feb 11, 2026
4 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-a2942af2d7 branch February 11, 2026 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@z3dev z3dev z3dev approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@z3dev