Skip to content

ci(deps-dev): bump tar from 7.5.15 to 7.5.19 in /docs#1926

Merged
radius-dependabot-manager[bot] merged 1 commit into
v0.59from
dependabot/npm_and_yarn/docs/tar-7.5.16
Jul 1, 2026
Merged

ci(deps-dev): bump tar from 7.5.15 to 7.5.19 in /docs#1926
radius-dependabot-manager[bot] merged 1 commit into
v0.59from
dependabot/npm_and_yarn/docs/tar-7.5.16

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps tar from 7.5.15 to 7.5.19.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 18, 2026
@dependabot dependabot Bot requested review from a team as code owners June 18, 2026 21:56
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 18, 2026
@radius-dependabot-manager radius-dependabot-manager Bot enabled auto-merge (squash) June 18, 2026 21:56
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/tar 7.5.19 🟢 6.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Maintained🟢 1016 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • docs/package-lock.json

lakshmimsft
lakshmimsft previously approved these changes Jun 23, 2026
sk593
sk593 previously approved these changes Jun 23, 2026
@brooke-hamilton brooke-hamilton disabled auto-merge July 1, 2026 14:53
@brooke-hamilton

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot dependabot Bot changed the title ci(deps-dev): bump tar from 7.5.15 to 7.5.16 in /docs ci(deps-dev): bump tar from 7.5.15 to 7.5.19 in /docs Jul 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/tar-7.5.16 branch from 9d2b460 to 150f063 Compare July 1, 2026 14:55
@radius-dependabot-manager radius-dependabot-manager Bot enabled auto-merge (squash) July 1, 2026 14:55
@brooke-hamilton

Copy link
Copy Markdown
Member

@copilot recreate this PR to target the edge branch

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@brooke-hamilton I've opened a new pull request, #1944, to work on those changes. Once the pull request is ready, I'll request review from you.

@brooke-hamilton

Copy link
Copy Markdown
Member

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/tar-7.5.16 branch from 150f063 to d4441ff Compare July 1, 2026 15:39
@brooke-hamilton

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.15 to 7.5.19.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.15...v7.5.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/tar-7.5.16 branch from d4441ff to 2a182e6 Compare July 1, 2026 17:35
@radius-dependabot-manager radius-dependabot-manager Bot enabled auto-merge (squash) July 1, 2026 17:36
@radius-dependabot-manager radius-dependabot-manager Bot merged commit da21855 into v0.59 Jul 1, 2026
11 checks passed
@radius-dependabot-manager radius-dependabot-manager Bot deleted the dependabot/npm_and_yarn/docs/tar-7.5.16 branch July 1, 2026 17:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants