Bump tar from 6.2.1 to 7.5.7 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: tar.

Updates tar from 6.2.1 to 7.5.7

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• 4a37eb9 7.5.7
• f4a7aa9 fix: properly sanitize hard links containing ..
• 394ece6 7.5.6
• 7d4cc17 fix race puting a Link ahead of its target File
• 26ab904 7.5.5
• e9a1ddb fix: do not prevent valid linkpaths within archive
• 911c886 7.5.4
• 3b1abfa normalize out unicode ligatures
• a43478c remove some unused files
• 970c58f update deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🤖 Claude Code Review

I'll analyze this PR diff against the provided checklist and provide a comprehensive code review.

Code Review: Angular CLI Version Update

Code Quality

✅ Code follows our style guide

Status: PASS - This is a dependency update via package-lock.json. No code style issues.

✅ No commented-out code

Status: PASS - No commented code present.

✅ Meaningful variable names

Status: PASS - N/A for dependency updates.

✅ DRY principle followed

Status: PASS - N/A for dependency updates.

✅ Identify Defects

Status: ⚠️ NEEDS ATTENTION

Critical Issue Found:

• The Angular CLI is being upgraded from ~19.2.12 to ~21.1.2 (a major version jump from 19 to 21)
• However, the Angular framework packages remain at version 19.2.18:
  • @angular/animations: 19.2.18
  • @angular/common: 19.2.18
  • @angular/core: 19.2.18
  • @angular/compiler-cli: 19.2.18

This creates a version mismatch issue:

• Angular CLI 21.x is designed to work with Angular 21.x
• Running Angular CLI 21.x with Angular 19.x framework can cause:
  • Build failures
  • Runtime errors
  • Incompatible schematics
  • Breaking changes in build configuration

Recommendation: Either:

1. Keep Angular CLI at version 19.x to match the framework version
2. OR upgrade all Angular packages together to version 21.x

✅ Project memory configuration

Status: PASS - Not applicable to dependency updates.

---

Testing

❌ Unit tests for new functions

Status: N/A - This is a dependency update.

❌ Integration tests for new endpoints

Status: N/A - No new endpoints.

❌ Edge cases covered

Status: N/A - No new functionality.

⚠️ Test coverage > 80%

Status: CANNOT VERIFY - Dependency update should maintain existing coverage, but the version mismatch may cause tests to fail.

---

Documentation

✅ Readme updated if needed

Status: PASS - No README update needed for internal dependency change.

✅ API docs updated

Status: PASS - No API changes.

✅ Inline comments for complex logic

Status: N/A - No code logic changes.

⚠️ CHANGELOG.md updated

Status: NEEDS ATTENTION - Should document this breaking dependency change in CHANGELOG.md

✅ Markdown files follow CommonMark

Status: PASS - No markdown files modified.

---

Security

✅ No hardcoded credentials

Status: PASS - No credentials present.

✅ Input validation implemented

Status: N/A - No input validation changes.

✅ Proper error handling

Status: N/A - No error handling changes.

✅ No sensitive data in logs

Status: PASS - No logging changes.

✅ No checked-in license files (.lic) or AQAAAD strings

Status: PASS - No license files or suspicious strings detected.

---

Summary

🔴 CRITICAL ISSUES

1. Major Version Mismatch (package.json:81)
   • Angular CLI upgraded to 21.1.2 while Angular framework remains at 19.2.18
   • This will likely cause build and runtime issues
   • Action Required: Align versions or revert CLI upgrade

⚠️ WARNINGS

1. Missing CHANGELOG Update
   • This dependency change should be documented
   • Recommendation: Add entry to CHANGELOG.md describing the CLI version change

Additional Observations

The diff shows numerous transitive dependency updates including:

• @angular-devkit/* packages upgraded to 21.x
• @schematics/angular upgraded to 21.x
• New dependencies added (Algolia packages, MCP SDK, Express 5.x, etc.)
• Several @npmcli/* packages upgraded
• Build tool updates (sass, vite, rollup, etc.)

Node.js Version Requirements:
The new CLI requires: ^20.19.0 || ^22.12.0 || >=24.0.0
Ensure your development and CI/CD environments meet this requirement.

Recommendation

DO NOT MERGE until the version mismatch is resolved. This PR requires one of the following approaches:

1. Option A (Recommended): Revert CLI to 19.x to match framework version
2. Option B: Upgrade all Angular packages to 21.x (requires migration testing)
3. Update CHANGELOG.md regardless of chosen option

---

Automated code review analyzing defects and coding standards

[arawinters]

no. major version jump.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml