Skip to content

Update tar to 7.5.11+ to fix Dependabot alert#21

Merged
KucharczykL merged 2 commits into
mainfrom
claude/upgrade-tar-dependency-9fvn4d
Jun 14, 2026
Merged

Update tar to 7.5.11+ to fix Dependabot alert#21
KucharczykL merged 2 commits into
mainfrom
claude/upgrade-tar-dependency-9fvn4d

Conversation

@KucharczykL

@KucharczykL KucharczykL commented Jun 14, 2026

Copy link
Copy Markdown
Owner

tar@6.2.1 was pulled in transitively via npm-check-updates' toolchain
(cacache, node-gyp, pacote). Add a pnpm override forcing tar >=7.5.11
to resolve the security advisory. Now resolves to tar@7.5.16.

https://claude.ai/code/session_01NPQ9AiNNnapeoTQFAR1ShY

claude added 2 commits June 14, 2026 12:19
@claude
Update tar to 7.5.11+ to fix Dependabot alert
029c65d 
tar@6.2.1 was pulled in transitively via npm-check-updates' toolchain
(cacache, node-gyp, pacote). Add a pnpm override forcing tar >=7.5.11
to resolve the security advisory. Now resolves to tar@7.5.16.

https://claude.ai/code/session_01NPQ9AiNNnapeoTQFAR1ShY
@claude
Move tar override to pnpm-workspace.yaml
d9a8835 
pnpm v11 (installed in CI via `npm install -g pnpm`) no longer reads the
`pnpm.overrides` field from package.json, which caused
ERR_PNPM_LOCKFILE_CONFIG_MISMATCH during the frozen install. Move the
override to pnpm-workspace.yaml, the new home for the setting, so CI's
pnpm reads it and matches the lockfile.

https://claude.ai/code/session_01NPQ9AiNNnapeoTQFAR1ShY
@KucharczykL KucharczykL merged commit 0b7ddc2 into main Jun 14, 2026
2 checks passed
@KucharczykL KucharczykL deleted the claude/upgrade-tar-dependency-9fvn4d branch June 14, 2026 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@KucharczykL @claude