Build(deps): Bump tar and @angular/cli in /angular

[dependabot]

Bumps tar to 7.5.7 and updates ancestor dependency @angular/cli. These dependencies need to be updated together.

Updates tar from 7.4.3 to 7.5.7

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• 4a37eb9 7.5.7
• f4a7aa9 fix: properly sanitize hard links containing ..
• 394ece6 7.5.6
• 7d4cc17 fix race puting a Link ahead of its target File
• 26ab904 7.5.5
• e9a1ddb fix: do not prevent valid linkpaths within archive
• 911c886 7.5.4
• 3b1abfa normalize out unicode ligatures
• a43478c remove some unused files
• 970c58f update deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Updates @angular/cli from 19.2.7 to 21.1.2

Release notes

Sourced from @​angular/cli's releases.

21.1.2

@​angular-devkit/schematics-cli

Commit	Description
	Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular-devkit/architect

Commit	Description
	Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular/build

Commit	Description
	loosen Vitest dependency checks when runnerConfig is used
	support merging coverage thresholds with Vitest runnerConfig

21.1.1

@​schematics/angular

Commit	Description
	correct vscode MCP configuration for new projects
	remove special characters from jasmine-vitest report filename

@​angular/cli

Commit	Description
	Remove nonexistent link from MCP response

@​angular/build

Commit	Description
	allow application assets in workspace root
	prevent incorrect catch binding removal in downleveled for-await
	update undici to v7.18.2

21.1.0

@​schematics/angular

Commit	Description
	add browserMode option to jasmine-vitest schematic
	generate detailed migration report for refactor-jasmine-vitest
	add MCP configuration file to new workspaces

@​angular/cli

Commit	Description
	add 'test' and 'e2e' MCP tools
	Add "all" as an experimental tool group
	Add MCP tools for building and running devservers
	add signal forms lessons
	correctly handle yarn classic tag manifest fetching
	correctly spawn package managers on Windows in new abstraction
	enhance list_projects MCP tool file system traversal and symlink handling
	handle array output from npm view in manifest parser

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

21.1.2 (2026-01-28)

@​angular-devkit/schematics-cli

Commit	Type	Description
e7458c81d	fix	Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular-devkit/architect

Commit	Type	Description
d66f1fe64	fix	Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular/build

Commit	Type	Description
80911af67	fix	loosen Vitest dependency checks when runnerConfig is used
2d30639d3	fix	support merging coverage thresholds with Vitest runnerConfig

21.1.1 (2026-01-21)

@​angular/cli

Commit	Type	Description
151b69587	fix	Remove nonexistent link from MCP response

@​schematics/angular

Commit	Type	Description
9da6d8fa7	fix	correct vscode MCP configuration for new projects
361758c75	fix	remove special characters from jasmine-vitest report filename

@​angular/build

Commit	Type	Description
1b7e3307a	fix	allow application assets in workspace root
d1e596dc5	fix	prevent incorrect catch binding removal in downleveled for-await
98ef0981a	fix	update undici to v7.18.2

... (truncated)

Commits

• 702d717 release: cut the v21.1.2 release
• d66f1fe fix(@​angular-devkit/architect): Add boolean type inference for 'true' and 'fa...
• e7458c8 fix(@​angular-devkit/schematics-cli): Add boolean type inference for 'true' an...
• e974e40 build: lock file maintenance
• 2d30639 fix(@​angular/build): support merging coverage thresholds with Vitest runnerCo...
• 80911af fix(@​angular/build): loosen Vitest dependency checks when runnerConfig is used
• 7cf1d3b build: update cross-repo angular dependencies
• 165e7d6 build: update all github actions
• 8e7f86b build: update bazel dependencies
• 3206b8b build: update cross-repo angular dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.59%. Comparing base (94b5304) to head (4ad7110).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3646      +/-   ##
==========================================
- Coverage   48.60%   48.59%   -0.02%     
==========================================
  Files         184      184              
  Lines       10899    10899              
  Branches     1661     1661              
==========================================
- Hits         5298     5296       -2     
- Misses       5370     5372       +2     
  Partials      231      231              

Flag	Coverage Δ
backend-bruno	?
backend-mocha	44.51% <ø> (-0.03%)	⬇️
frontend-app-config	97.87% <ø> (ø)
frontend-core-lib	53.78% <ø> (ø)
frontend-dashboard	76.59% <ø> (ø)
frontend-deleted-records	86.59% <ø> (ø)
frontend-export	100.00% <ø> (ø)
frontend-local-auth	100.00% <ø> (ø)
frontend-manage-roles	63.33% <ø> (ø)
frontend-manage-users	59.81% <ø> (ø)
frontend-report	95.06% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.