Bump tar and njre

[dependabot]

Bumps tar to 7.5.15 and updates ancestor dependency njre. These dependencies need to be updated together.

Updates tar from 4.4.19 to 7.5.15

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• 87cc309 7.5.15
• 7aef486 fix: regression in pending links detection
• 6244eb3 7.5.14
• 9704d8c stricter protection against hardlinks preempting their targets
• 700734f update workflows and deps
• d6611ae 7.5.13
• 119c401 fix(extract): prevent raced symlink writes outside cwd
• 2a294d3 7.5.12
• 01082a4 fix: reject top promise on floating addFilesAsync rejections
• dd1c36a linting
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates njre from 0.2.0 to 1.5.4

Release notes

Sourced from njre's releases.

v1.5.4

What's Changed

• Upgrade dependencies

Pull Requests

• Bump tar from 7.5.9 to 7.5.11 by @​dependabot[bot] in nvuillam/njre#142
• Update all non-major dependencies by @​renovate[bot] in nvuillam/njre#139
• Bump yauzl from 3.2.0 to 3.2.1 by @​dependabot[bot] in nvuillam/njre#143
• Bump handlebars from 4.7.8 to 4.7.9 by @​dependabot[bot] in nvuillam/njre#147
• [GitHub Dependents Info] Updated markdown file by @​github-actions[bot] in nvuillam/njre#124

Full Changelog: nvuillam/njre@v1.5.3...v1.5.4

v1.5.3

What's Changed

• Update dependency tar to v7.5.7 by @​renovate[bot] in nvuillam/njre#131
• Update dependency tar to v7.5.8 [SECURITY] by @​renovate[bot] in nvuillam/njre#135
• Update dependency nyc to v18 by @​renovate[bot] in nvuillam/njre#136
• Upgrade npm dependencies by @​nvuillam in nvuillam/njre#138
• Update actions/upload-artifact action to v7 by @​renovate[bot] in nvuillam/njre#137
• Update dependency eslint to v9.39.3 by @​renovate[bot] in nvuillam/njre#133
• Update dependency eslint to v10 by @​renovate[bot] in nvuillam/njre#132

Full Changelog: nvuillam/njre@v1.5.2...v1.5.3

v1.5.2

What's Changed

• Fix OIDC deployment workflow
• Bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in nvuillam/njre#130

Full Changelog: nvuillam/njre@v1.5.1...v1.5.2

v1.5.0

What's Changed

• Update all non-major dependencies by @​renovate[bot] in nvuillam/njre#100
• Update dependency debug to v4.4.1 by @​renovate[bot] in nvuillam/njre#103
• Update all non-major dependencies by @​renovate[bot] in nvuillam/njre#104
• Update all non-major dependencies by @​renovate[bot] in nvuillam/njre#105
• Update stefanzweifel/git-auto-commit-action action to v6 by @​renovate[bot] in nvuillam/njre#106
• Update oxsecurity/megalinter action to v9 by @​renovate[bot] in nvuillam/njre#112
• Update actions/setup-node action to v6 by @​renovate[bot] in nvuillam/njre#114
• Update actions/upload-artifact action to v5 by @​renovate[bot] in nvuillam/njre#115
• Update dependency node to v24 by @​renovate[bot] in nvuillam/njre#116
• Update dependency lint-staged to v16 by @​renovate[bot] in nvuillam/njre#102

... (truncated)

Changelog

Sourced from njre's changelog.

[v1.5.4] - 2025-03-29

• Upgrade dependencies

[v1.5.3] - 2025-02-28

• Upgrade dependencies

[v1.5.2] - 2025-01-22

• Upgrade dependencies
• Fix workflow to use npm Trusted publishers to release (OIDC) - needs npm publish instead of yarn publish, not yarn publish with NODE_AUTH_TOKEN

[v1.5.1] - 2025-01-21

• Upgrade dependencies
• Use npm Trusted publishers to release (OIDC)

[v1.5.0] - 2025-12-03

• CI: Upgrade MegaLinter to v9
• Upgrade dependencies

[v1.4.2] - 2025-02-23

• Remove fallback for release workflow
• Upgrade dependencies

[v1.4.1] - 2025-02-09

• fix: Add installPath parameter type annotation.

[v1.4.0] - 2024-08-30

• Allow to force an installation path for java using option installPath

[v1.3.0] - 2024-08-20

• Add github-dependents-info
• Upgrade npm dependencies

[v1.2.2] - 2024-07-16

• Upgrade npm dependencies

[v1.2.1] - 2024-05-08

• Fix bug always installing Java 11 on Mac
• Block combination Java 8 + Darwin (Mac)

... (truncated)

Commits

• feaeb89 v1.5.4
• d75cb7f [GitHub Dependents Info] Updated markdown file(s) (#124)
• 6205574 Bump handlebars from 4.7.8 to 4.7.9 (#147)
• 60c1573 Bump yauzl from 3.2.0 to 3.2.1 (#143)
• 1d78716 Update all non-major dependencies (#139)
• 0077cad Bump tar from 7.5.9 to 7.5.11 (#142)
• 91c6189 v1.5.3
• 39c0a36 Update dependency eslint to v10 (#132)
• d83ddbf Update dependency eslint to v9.39.3 (#133)
• 9093d41 Update actions/upload-artifact action to v7 (#137)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for njre since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #4.