Bump tar from 6.2.1 to 7.5.3 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: tar.

Updates tar from 6.2.1 to 7.5.3

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

... (truncated)

Commits

• 0313844 7.5.3
• 340eb28 fix: sanitize absolute linkpaths properly
• 8bb83f7 update deps
• 1c4aedd Fix typo in onWriteEntry documentation
• d9ea73a 7.5.2
• 5e1a8e6 Fix sync tar.list when file size reduces while reading
• 0fbeaed formatting
• 2dbacfe add types for make-tar util
• c5865d3 remove unused taprc file
• bdb3809 header: only read from ustar block if not specified in Pax
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🤖 Claude Code Review

PR Code Review - Angular CLI Upgrade (19.2 → 21.1)

Review Summary

This PR upgrades @angular/cli from ~19.2.12 to ~21.1.0, which is a major version jump (skipping version 20) and includes extensive dependency updates in package-lock.json.

---

Code Quality

✅ Code follows our style guide

No code changes - only dependency updates.

✅ No commented-out code

No commented-out code present.

✅ Meaningful variable names

N/A - no code changes.

✅ DRY principle followed

N/A - no code changes.

⚠️ Identify Defects

MAJOR CONCERN - Breaking Changes:

1. Angular CLI major version jump (package.json:81)

   • Upgrading from v19.2 to v21.1 skips an entire major version (20.x)
   • This is unusual and risky - typically major versions should be upgraded incrementally
   • Node.js version requirements changed: The new CLI requires ^20.19.0 || ^22.12.0 || >=24.0.0 (was ^18.19.1 || ^20.11.1 || >=22.0.0)
   • Risk: Projects running on Node 18 will break

2. Missing Angular framework updates

   • CLI is upgraded but Angular core packages (@angular/core, @angular/common, etc.) remain at v19.x
   • This version mismatch could cause build failures and runtime errors
   • The CLI v21 is designed for Angular v21 projects

3. Schematics version mismatch

   • @angular-devkit/schematics upgraded to 21.1.0 (package-lock.json:534)
   • @schematics/angular upgraded to 21.1.0 (package-lock.json:6951)
   • These expect Angular 21 projects but the app is still on Angular 19

4. Extensive transitive dependency changes

   • Many core build tools updated (@npmcli packages, node-gyp, cacache, etc.)
   • Potential for unexpected build or runtime issues

❌ Project memory configuration not checked

No .claude/CLAUDE.md file exists in the repository to verify against.

---

Testing

❌ Unit tests for new functions

N/A - no new functions, but tests should verify the build still works.

❌ Integration tests for new endpoints

N/A - no new endpoints.

❌ Edge cases covered

N/A - but compatibility testing is critical.

❌ Test coverage > 80%

Cannot verify without running tests. Build and test execution should be verified before merge.

---

Documentation

⚠️ Readme updated if needed

RECOMMENDED: Update README/documentation to specify:

• New Node.js version requirements (>=20.19.0 or >=22.12.0)
• Build system changes
• Any required developer environment updates

✅ API docs updated

N/A - no API changes.

✅ Inline comments for complex logic

N/A - no code changes.

❌ CHANGELOG.md updated

CRITICAL: CHANGELOG.md should document:

• Major CLI version upgrade
• Breaking changes to Node.js requirements
• Any migration steps required

⚠️ Markdown files formatting

No markdown file changes in this PR, but future updates should follow CommonMark spec.

---

Security

✅ No hardcoded credentials

No credentials present.

✅ Input validation implemented

N/A - no code changes.

✅ Proper error handling

N/A - no code changes.

✅ No sensitive data in logs

N/A - no code changes.

✅ No license files checked in

No .lic files or AQAAAD strings detected.

---

Critical Issues & Recommendations

🚨 BLOCKERS

1. Angular version mismatch - CLI v21 with Angular v19 is likely incompatible

   • Action: Either downgrade CLI back to v19.x or upgrade all @angular/* packages to v21.x

2. Node.js breaking change - Minimum Node version now 20.19.0

   • Action: Document this requirement and verify CI/CD uses compatible Node versions

3. Missing testing evidence - No indication that build/tests pass with these changes

   • Action: Run full build and test suite before merging

⚠️ HIGH PRIORITY

1. Incremental upgrade path missing - Skipping v20 is risky

   • Recommendation: Follow Angular's upgrade guide and go through v20 first

2. CHANGELOG.md not updated - Breaking changes must be documented

   • Action: Add detailed changelog entry

3. Dependency audit needed - Extensive transitive dependency changes

   • Action: Run npm audit and review security advisories

📋 MEDIUM PRIORITY

1. README updates needed - Document new Node.js requirements
2. Migration guide needed - For developers upgrading their local environments

---

Verdict

❌ REJECT - Do Not Merge

Reasons:

1. Breaking version mismatch: Angular CLI v21 incompatible with Angular v19 framework
2. Missing Node.js requirement documentation: Breaking change not documented
3. No test evidence: Cannot verify builds succeed
4. Missing CHANGELOG.md entry: Required for breaking changes
5. Risky upgrade path: Skipping major version (v20) without justification

Required Actions Before Re-Review:

1. Either:
   • Downgrade @angular/cli back to ~19.2.x, OR
   • Upgrade all @angular/* packages to v21.x in a coordinated manner
2. Update CHANGELOG.md with breaking changes
3. Update README with new Node.js requirements
4. Provide test results showing successful build
5. Consider incremental upgrade path through v20

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

I'll analyze this PR diff against the Senzing code review checklist.

Code Review Analysis

Code Quality

✅ Code follows style guide: N/A - This is a dependency update (package-lock.json only)

✅ No commented-out code: No commented-out code present

✅ Meaningful variable names: N/A - No new variables introduced

✅ DRY principle followed: N/A - No code duplication

✅ Identify Defects: No bugs, logic errors, or obvious security vulnerabilities detected. This is a dependency version bump from Angular CLI ~19.2.12 to ~21.1.0.

⚠️ Project memory claude configuration: No .claude/CLAUDE.md file was referenced or needed for this review.

Testing

❌ Unit tests for new functions: No tests included (expected for dependency updates)

❌ Integration tests for new endpoints: No tests included (expected for dependency updates)

❌ Edge cases covered: No tests included (expected for dependency updates)

❌ Test coverage > 80%: Cannot determine test coverage impact from package-lock.json changes alone

Note: For dependency updates, testing should be performed through:

• Running existing test suites
• Manual verification of build/dev processes
• Checking for breaking changes in the upgrade path

Documentation

⚠️ Readme updated if needed: Not updated, but likely not needed for minor CLI version bump

⚠️ API docs updated: Not applicable for CLI tooling update

✅ Inline comments for complex logic: N/A - No code changes

❌ CHANGELOG.md updated: CHANGELOG.md not updated to reflect the Angular CLI version bump (should document this upgrade)

✅ Markdown files follow CommonMark: N/A - No markdown changes

Security

✅ No hardcoded credentials: None detected

✅ Input validation implemented: N/A - No new input handling

✅ Proper error handling: N/A - No error handling changes

✅ No sensitive data in logs: N/A - No logging changes

✅ No license files (.lic) or AQAAAD strings: No .lic files or license strings detected in the diff

---

Summary

This PR upgrades the Angular CLI from version ~19.2.12 to ~21.1.0, which is a major version jump (19 → 21). The package-lock.json shows extensive dependency tree updates as expected.

⚠️ Critical Concerns:

1. Major Version Upgrade: Jumping from v19 to v21 skips v20 entirely. This should be carefully tested for breaking changes.

2. Missing CHANGELOG.md entry: package.json line 81 shows the CLI version change, but CHANGELOG.md should document this upgrade.

3. Node version requirements: The new Angular CLI 21.1.0 requires Node.js ^20.19.0 || ^22.12.0 || >=24.0.0 (visible in multiple dependency entries). Verify your development and CI/CD environments meet these requirements.

4. Testing Required: Since this is a major tooling upgrade:

   • Run full test suite
   • Verify build processes work correctly
   • Test development server
   • Check for any deprecated API usage warnings

Recommendations:

1. Add CHANGELOG.md entry documenting the Angular CLI upgrade from 19.2.12 to 21.1.0
2. Verify Node.js version compatibility across all development and deployment environments
3. Review Angular CLI 20 and 21 migration guides for breaking changes:
   • https://angular.io/guide/update
   • Check for deprecated features between v19 and v21
4. Run comprehensive tests before merging to catch any compatibility issues

File-Specific Issues:

• package-lock.json: Multiple dependency version bumps detected including:
  • @angular-devkit/schematics: 19.2.19 → 21.1.0
  • @angular/cli: 19.2.19 → 21.1.0
  • New dependencies added (Algolia search packages, Model Context Protocol SDK, etc.)
  • Updated engine requirements throughout

No security vulnerabilities, hardcoded credentials, or license file issues detected in the diff.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

I'll analyze this pull request diff against the provided checklist. This appears to be a dependency update PR, primarily updating Angular CLI and various npm packages.

Code Review

Code Quality

✅ Code follows our style guide: N/A - This is a dependency update with no source code changes.

✅ No commented-out code: N/A - No code changes.

✅ Meaningful variable names: N/A - No code changes.

✅ DRY principle followed: N/A - No code changes.

✅ Identify Defects: No defects introduced. This is a package-lock.json update with dependency version bumps.

✅ Project memory configuration: Not applicable for dependency updates.

Testing

❌ Unit tests for new functions: Not applicable, but no test updates were included to verify the dependency changes don't break existing functionality.

❌ Integration tests for new endpoints: Not applicable.

❌ Edge cases covered: Not applicable.

❌ Test coverage > 80%: Cannot determine from this diff, but dependency updates should maintain existing coverage.

Documentation

✅ Readme updated if needed: Not needed for internal dependency updates.

✅ API docs updated: Not applicable.

✅ Inline comments for complex logic: Not applicable.

❌ CHANGELOG.md updated: No CHANGELOG.md update present. For dependency updates, especially Angular CLI version changes, this should be documented.

✅ Markdown files formatting: Not applicable - no markdown changes.

Security

✅ No hardcoded credentials: No credentials present.

✅ Input validation implemented: Not applicable.

✅ Proper error handling: Not applicable.

✅ No sensitive data in logs: Not applicable.

✅ No license files (.lic) or AQAAAD strings: No license files or suspicious strings detected.

---

Summary

Overall Assessment: ✅ Safe to merge with minor recommendations

This PR updates the Angular CLI from ~19.2.12 to ~19.2.19 and includes cascading dependency updates in package-lock.json. The changes are primarily:

1. Angular CLI: 19.2.12 → 19.2.19
2. Angular core packages: 19.2.17 → 19.2.18
3. Various Babel packages: Multiple minor version updates
4. Compodoc: 1.1.32 → 1.2.1
5. Other transitive dependencies: Various patch/minor version updates

Key Observations:

Positive:

• All changes are minor/patch version updates following semver
• No breaking changes expected
• Security-relevant packages updated (tar, body-parser, etc.)
• No new vulnerabilities introduced based on the diff

Recommendations:

1. ⚠️ Add CHANGELOG.md entry documenting the Angular CLI version update (package.json line 81: @angular/cli updated from ~19.2.12 to ~19.2.19)

2. ⚠️ Verify CI/CD passes - While no code changes are present, ensure all existing tests pass with the new dependency versions

3. ℹ️ Note deprecated package: The diff shows tar package has a deprecation warning. Consider updating to the latest version in a future PR.

Specific File References:

• package.json:81 - Angular CLI version update
• package-lock.json - Comprehensive dependency tree updates (multiple packages updated to latest patch versions)

No critical issues identified. The dependency updates appear to be routine maintenance keeping the project current with Angular 19.2.x releases.

Automated code review analyzing defects and coding standards

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml