Skip to content

Bump tar from 2.2.1 to 2.2.2 in /fixtures/packaging/brunch/prod#36025

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/fixtures/packaging/brunch/prod/tar-2.2.2
Closed

Bump tar from 2.2.1 to 2.2.2 in /fixtures/packaging/brunch/prod#36025
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/fixtures/packaging/brunch/prod/tar-2.2.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps tar from 2.2.1 to 2.2.2.

Commits
  • 523c5c7 2.2.2
  • 7ecef07 Bump fstream to fix hardlink overwriting vulnerability
  • 9fc84b9 Use {} for hardlink tracking instead of []
  • 15e59f1 Only track previously seen hardlinks
  • 4f85851 Ignore potentially unsafe files
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 12, 2026
@meta-cla meta-cla Bot added the CLA Signed label Mar 12, 2026
@react-sizebot

react-sizebot commented Mar 12, 2026
edited
Loading

Copy link
Copy Markdown

Comparing: 1b45e24...d9b0ae0

Critical size changes

Includes critical production bundles, as well as any change greater than 2%:

Name +/- Base Current +/- gzip Base gzip Current gzip
oss-stable/react-dom/cjs/react-dom.production.js = 6.84 kB 6.84 kB = 1.88 kB 1.88 kB
oss-stable/react-dom/cjs/react-dom-client.production.js = 612.91 kB 612.91 kB = 108.30 kB 108.30 kB
oss-experimental/react-dom/cjs/react-dom.production.js = 6.84 kB 6.84 kB = 1.88 kB 1.88 kB
oss-experimental/react-dom/cjs/react-dom-client.production.js = 678.85 kB 678.85 kB = 119.27 kB 119.27 kB
facebook-www/ReactDOM-prod.classic.js = 698.24 kB 698.24 kB = 122.65 kB 122.65 kB
facebook-www/ReactDOM-prod.modern.js = 688.55 kB 688.55 kB = 121.03 kB 121.03 kB

Significant size changes

Includes any change greater than 0.2%:

(No significant changes)

Generated by 🚫 dangerJS against d9b0ae0

@everettbu everettbu mentioned this pull request Mar 12, 2026
Open
@dependabot
Bump tar from 2.2.1 to 2.2.2 in /fixtures/packaging/brunch/prod
d9b0ae0 
Bumps [tar](https://github.com/isaacs/node-tar) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v2.2.1...v2.2.2)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 2.2.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/fixtures/packaging/brunch/prod/tar-2.2.2 branch from 79b5855 to d9b0ae0 Compare April 2, 2026 17:04
@dependabot @github

dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

Looks like tar is no longer being updated by Dependabot, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CLA Signed dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@react-sizebot