build(deps): bump tar and electron-builder in /src-electron by dependabot[bot] · Pull Request #668

build(deps): bump tar and electron-builder in /src-electron by dependabot[bot] · Pull Request #668 · phcode-dev/phoenix-desktop

Bumps tar to 7.5.7 and updates ancestor dependency electron-builder. These dependencies need to be updated together.

Updates tar from 6.2.1 to 7.5.7

Changelog

Sourced from tar's changelog.

Changelog

7.5

Added zstd compression support.

Consistent TOCTOU behavior in sync t.list

Only read from ustar block if not specified in Pax

Fix sync tar.list when file size reduces while reading

Sanitize absolute linkpaths properly

Prevent writing hardlink entries to the archive ahead of their file target

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Drop support for node <18

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

4a37eb9 7.5.7
f4a7aa9 fix: properly sanitize hard links containing ..
394ece6 7.5.6
7d4cc17 fix race puting a Link ahead of its target File
26ab904 7.5.5
e9a1ddb fix: do not prevent valid linkpaths within archive
911c886 7.5.4
3b1abfa normalize out unicode ligatures
a43478c remove some unused files
970c58f update deps
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Updates electron-builder from 24.13.3 to 26.6.0

Release notes

Sourced from electron-builder's releases.

electron-builder@26.6.0

What's Changed

feat(flatpak): use configuration for executableArgs by @mmaietta in electron-userland/electron-builder#9530

fix(nsis): allow $INSTDIR to be removed by @liamcmitchell in electron-userland/electron-builder#9520

fix: pnpm collector returning zero modules by @mmaietta in electron-userland/electron-builder#9535

chore(deploy): migrating to multi-branch CI/CD release flow by @mmaietta in electron-userland/electron-builder#9533

feat: update dmgbuild and migrate to portable dmgbuild python bundle by @mmaietta in electron-userland/electron-builder#9516

chore(tests): stabilize yarn v1 yarn install by @mmaietta in electron-userland/electron-builder#9540

chore(deps): updating electron/rebuild tar and form-data by @mmaietta in electron-userland/electron-builder#9528

chore(deploy): Release (next) by @electron-builder-release-bot[bot] in electron-userland/electron-builder#9531

New Contributors

@liamcmitchell made their first contribution in electron-userland/electron-builder#9520

Full Changelog: https://github.com/electron-userland/electron-builder/compare/electron-builder@26.5.0...electron-builder@26.6.0

electron-builder@26.5.0

What's Changed

chore: running eslint --fix on more files by @mmaietta in electron-userland/electron-builder#9502

chore: fix dmg background by updating vendor dmgbuild by @mmaietta in electron-userland/electron-builder#9512

feat: add support for dmgbuild's badge-icon configuration by @mmaietta in electron-userland/electron-builder#9513

chore: update tar to latest release 7.5.3 to resolve dependabot by @mmaietta in electron-userland/electron-builder#9514

fix: Windows build fails with spawn EINVAL after Node.js security fix by @mmaietta in electron-userland/electron-builder#9489

chore(deploy): Release by @electron-builder-release-bot[bot] in electron-userland/electron-builder#9503

Full Changelog: https://github.com/electron-userland/electron-builder/compare/electron-builder@26.4.1...electron-builder@26.5.0

electron-builder@26.4.1

What's Changed

fix: post-process parent directories of unpacked files by @mmaietta in electron-userland/electron-builder#9419

chore(config): migrate Renovate config by @renovate[bot] in electron-userland/electron-builder#9457

feat: Provide progress updates for multiple range differential downloads by @eliotschu in electron-userland/electron-builder#9448

chore(deps): update actions/setup-node action to v6 by @renovate[bot] in electron-userland/electron-builder#9463

chore(deps): update actions/cache action to v5 by @renovate[bot] in electron-userland/electron-builder#9460

chore(deps): update actions/stale action to v10 by @renovate[bot] in electron-userland/electron-builder#9467

chore(deps): update actions/checkout action to v6 by @renovate[bot] in electron-userland/electron-builder#9461

chore(deps): update actions/labeler action to v6 by @renovate[bot] in electron-userland/electron-builder#9462

fix: update pr-labeler config to correct syntax by @mmaietta in electron-userland/electron-builder#9471

fix: pnpm "Invalid string length" errors during node module collection by @danteissaias in electron-userland/electron-builder#9470

chore(deps): update amannn/action-semantic-pull-request action to v6 by @renovate[bot] in electron-userland/electron-builder#9468

chore(deps): update actions/setup-python action to v6 by @renovate[bot] in electron-userland/electron-builder#9466

fix: skip Netlify PR deploy workflow on forks by @biw in electron-userland/electron-builder#9474

chore: update snapshots due to transitive fixture dependency changed by @mmaietta in electron-userland/electron-builder#9482

fix: deleting default macOS appPlist keys using extendInfo by @Lemonexe in electron-userland/electron-builder#9481

chore: warn about implicit publishing in CI by @biw in electron-userland/electron-builder#9475

chore: update snapshots again? by @mmaietta in electron-userland/electron-builder#9484

chore: updating ran test server for updater tests by @mmaietta in electron-userland/electron-builder#9485

fix: update the dmgbuild hex regex to be case insensitive by @Kilian in electron-userland/electron-builder#9487

chore: update snapshots due to transitive fixture dependency changed by @mmaietta in electron-userland/electron-builder#9493

... (truncated)

Changelog

Sourced from electron-builder's changelog.

26.6.0

Patch Changes

cf10da8 9b1dbb2 e46b407 88070e9 d56550f

app-builder-lib@26.6.0

dmg-builder@26.6.0

26.5.0

Patch Changes

666d85a b1d6e24 6c20eeb 3022f0f 2c11709

dmg-builder@26.5.0

app-builder-lib@26.5.0

26.4.1

Patch Changes

cb5b9c6 d38ae8e 1c94529 ef43f42 25b5dd2 c3af390 97e5503

app-builder-lib@26.4.1

dmg-builder@26.4.1

builder-util@26.4.1

... (truncated)

Commits

e394e0c chore(deploy): Release v26.6.0 (#9531)
7b5901b chore(deploy): Release v26.5.0 (electron-updater@6.8.1) (#9503)
06de969 chore(deploy): Release v26.4.1 (electron-updater@6.8.0) (#9458)
caf2cb2 chore(deploy): Release v26.4.0 (#9447)
85437a7 chore(deploy): Release v26.3.6 (#9433)
5f9c143 chore(deploy): Release v26.3.5 (electron-updater@6.7.3) (#9422)
fa863f8 chore(deploy): Release v26.3.4 (#9410)
8138e27 chore(deploy): Release v26.3.3 (#9404)
70da68a chore(deploy): Release v26.3.2 (#9388)
727a82c chore(deploy): Release v26.3.1 (#9372)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for electron-builder since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.