Skip to content

[compliance] Update tar dependency #591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
loreto merged 1 commit into from
Jan 21, 2026
Merged

[compliance] Update tar dependency #591

loreto merged 1 commit into from
Jan 21, 2026
+89 −96

Conversation

@loreto
Copy link
Contributor

@loreto loreto commented Jan 20, 2026

Summary

Added a resolutions field in package.json to enforce tar version ^7.5.3 and updated yarn.lock accordingly. This addresses potential security or compatibility issues with previous tar versions.

How was it tested?

Community Contribution License

All community contributions in this pull request are licensed to the project maintainers under the terms of the Apache 2 License.

By creating this pull request I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the Community Contribution License.

@loreto
Update tar dependency to ^7.5.3 via resolutions
474ed79 
Added a resolutions field in package.json to enforce tar version ^7.5.3 and updated yarn.lock accordingly. This addresses potential security or compatibility issues with previous tar versions.
@loreto loreto requested a review from Copilot January 20, 2026 21:01
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the dependency resolution for the typeid-sql Node tooling to ensure a newer tar version is used (compliance/security), and refreshes the lockfile accordingly.

Changes:

  • Added a Yarn resolutions override in package.json to enforce tar ^7.5.3.
  • Updated yarn.lock to resolve tar to 7.5.4 and refresh related transitive dependencies (including a supabase resolved-version bump).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
typeid/typeid-sql/package.json Adds a Yarn resolutions entry to force tar to ^7.5.3.
typeid/typeid-sql/yarn.lock Regenerated lockfile reflecting the tar override and updated resolved versions (notably supabase).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@loreto loreto enabled auto-merge (squash) January 21, 2026 15:25
@loreto loreto merged commit f60b696 into main Jan 21, 2026
15 checks passed
@loreto loreto deleted the claude branch January 21, 2026 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@savil savil savil approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@loreto @savil