chore(deps): bump tar and npm by dependabot[bot] · Pull Request #1335 · ideal-postcodes/postcodes.io

dependabot · 2026-03-20T17:34:31Z

Removes tar. It's no longer used after updating ancestor dependencies tar and npm. These dependencies need to be updated together.

Removes tar

Updates npm from 11.7.0 to 11.12.0

Release notes

Sourced from npm's releases.

v11.12.0

11.12.0 (2026-03-18)

Features

8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@mitchdenny)

Bug Fixes

03af94d #9123 skip synopsis code block when command has no usage (@owlstronaut)

21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@manzoorwanijk)

Dependencies

03f4c3a #9131 @sigstore/tuf@4.0.2

4d5f7d9 #9131 @gar/promise-retry@1.0.3

8dcfe69 #9131 @sigstore/sign@4.1.1

e5a7e22 #9127 lru-cache@11.2.7

82deab6 #9127 make-fetch-happen@15.0.5

ce195dc #9127 cacache@20.0.4

Chores

95fa7f4 #9132 fix docs test snapshot (#9132) (@wraithgar)

7e9d538 #9127 dev dependency updates (@wraithgar)

920e5ed #9127 test snapshots (@wraithgar)

98ccf92 #9125 fix snap tests (@owlstronaut)

workspace: @npmcli/arborist@9.4.2

workspace: @npmcli/config@10.8.0

workspace: libnpmdiff@8.1.5

workspace: libnpmexec@10.2.5

workspace: libnpmfund@7.0.19

workspace: libnpmpack@9.1.5

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

a9d242b #9099 include all subcommands on main command help (#9099) (@wraithgar)

29b8407 #9087 unwrap comments and lines meant for output (#9087) (@wraithgar)

b56986a #9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#9095) (@manzoorwanijk)

76c76e5 #9083 ci: don't error on optional deps in the lockfile (#9083) (@wraithgar)

a29aeee #9028 arborist: retry bin-links on Windows EPERM (#9028) (@manzoorwanijk)

6565eeb #9045 bypass packument cache to prevent ETARGET errors after publish (#9045) (@Jadu07)

Documentation

3b96929 #9074 scripts: remove mention of obsolete root user behavior (#9074) (@mohd-akram)

16ac4e0 #9054 fix workspace cross-dependency documentation (@owlstronaut)

Dependencies

075ae23 #9086 tar@7.5.11

13fa40d #9086 pacote@21.5.0

bf7ea2b #9060 brace-expansion@5.0.4

2000d2c #9060 minimatch@10.2.4

d86b260 #9060 tar@7.5.10

dff1853 #9060 @npmcli/run-script@10.0.4

93c3365 #9060 write-file-atomic@7.0.1

Chores

d1996a7 #9060 dev dependency updates (@wraithgar)

workspace: @npmcli/arborist@9.4.1

workspace: libnpmdiff@8.1.4

... (truncated)

Changelog

Sourced from npm's changelog.

11.12.0 (2026-03-18)

Features

8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@mitchdenny)

Bug Fixes

03af94d #9123 skip synopsis code block when command has no usage (@owlstronaut)

21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@manzoorwanijk)

Dependencies

03f4c3a #9131 @sigstore/tuf@4.0.2

4d5f7d9 #9131 @gar/promise-retry@1.0.3

8dcfe69 #9131 @sigstore/sign@4.1.1

e5a7e22 #9127 lru-cache@11.2.7

82deab6 #9127 make-fetch-happen@15.0.5

ce195dc #9127 cacache@20.0.4

Chores

95fa7f4 #9132 fix docs test snapshot (#9132) (@wraithgar)

7e9d538 #9127 dev dependency updates (@wraithgar)

920e5ed #9127 test snapshots (@wraithgar)

98ccf92 #9125 fix snap tests (@owlstronaut)

workspace: @npmcli/arborist@9.4.2

workspace: @npmcli/config@10.8.0

workspace: libnpmdiff@8.1.5

workspace: libnpmexec@10.2.5

workspace: libnpmfund@7.0.19

workspace: libnpmpack@9.1.5

11.11.1 (2026-03-10)

Bug Fixes

a9d242b #9099 include all subcommands on main command help (#9099) (@wraithgar)

29b8407 #9087 unwrap comments and lines meant for output (#9087) (@wraithgar)

b56986a #9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#9095) (@manzoorwanijk)

76c76e5 #9083 ci: don't error on optional deps in the lockfile (#9083) (@wraithgar)

a29aeee #9028 arborist: retry bin-links on Windows EPERM (#9028) (@manzoorwanijk)

6565eeb #9045 bypass packument cache to prevent ETARGET errors after publish (#9045) (@Jadu07)

Documentation

3b96929 #9074 scripts: remove mention of obsolete root user behavior (#9074) (@mohd-akram)

16ac4e0 #9054 fix workspace cross-dependency documentation (@owlstronaut)

Dependencies

075ae23 #9086 tar@7.5.11

13fa40d #9086 pacote@21.5.0

bf7ea2b #9060 brace-expansion@5.0.4

2000d2c #9060 minimatch@10.2.4

d86b260 #9060 tar@7.5.10

dff1853 #9060 @npmcli/run-script@10.0.4

93c3365 #9060 write-file-atomic@7.0.1

Chores

d1996a7 #9060 dev dependency updates (@wraithgar)

workspace: @npmcli/arborist@9.4.1

workspace: libnpmdiff@8.1.4

workspace: libnpmexec@10.2.4

workspace: libnpmfund@7.0.18

... (truncated)

Commits

1afa738 chore: release 11.12.0
95fa7f4 chore: fix docs test snapshot (#9132)
03f4c3a deps: @sigstore/tuf@4.0.2
4d5f7d9 deps: @gar/promise-retry@1.0.3
8dcfe69 deps: @sigstore/sign@4.1.1
d273380 fix(config): make prefer-offline and prefer-online exclusive (#9129)
7e9d538 chore: dev dependency updates
e5a7e22 deps: lru-cache@11.2.7
82deab6 deps: make-fetch-happen@15.0.5
920e5ed chore: test snapshots
Additional commits viewable in compare view

Updates npm from 10.9.2 to 10.9.7

Release notes

Sourced from npm's releases.

v11.12.0

11.12.0 (2026-03-18)

Features

8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@mitchdenny)

Bug Fixes

03af94d #9123 skip synopsis code block when command has no usage (@owlstronaut)

21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@manzoorwanijk)

Dependencies

03f4c3a #9131 @sigstore/tuf@4.0.2

4d5f7d9 #9131 @gar/promise-retry@1.0.3

8dcfe69 #9131 @sigstore/sign@4.1.1

e5a7e22 #9127 lru-cache@11.2.7

82deab6 #9127 make-fetch-happen@15.0.5

ce195dc #9127 cacache@20.0.4

Chores

95fa7f4 #9132 fix docs test snapshot (#9132) (@wraithgar)

7e9d538 #9127 dev dependency updates (@wraithgar)

920e5ed #9127 test snapshots (@wraithgar)

98ccf92 #9125 fix snap tests (@owlstronaut)

workspace: @npmcli/arborist@9.4.2

workspace: @npmcli/config@10.8.0

workspace: libnpmdiff@8.1.5

workspace: libnpmexec@10.2.5

workspace: libnpmfund@7.0.19

workspace: libnpmpack@9.1.5

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

a9d242b #9099 include all subcommands on main command help (#9099) (@wraithgar)

29b8407 #9087 unwrap comments and lines meant for output (#9087) (@wraithgar)

b56986a #9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#9095) (@manzoorwanijk)

76c76e5 #9083 ci: don't error on optional deps in the lockfile (#9083) (@wraithgar)

a29aeee #9028 arborist: retry bin-links on Windows EPERM (#9028) (@manzoorwanijk)

6565eeb #9045 bypass packument cache to prevent ETARGET errors after publish (#9045) (@Jadu07)

Documentation

3b96929 #9074 scripts: remove mention of obsolete root user behavior (#9074) (@mohd-akram)

16ac4e0 #9054 fix workspace cross-dependency documentation (@owlstronaut)

Dependencies

075ae23 #9086 tar@7.5.11

13fa40d #9086 pacote@21.5.0

bf7ea2b #9060 brace-expansion@5.0.4

2000d2c #9060 minimatch@10.2.4

d86b260 #9060 tar@7.5.10

dff1853 #9060 @npmcli/run-script@10.0.4

93c3365 #9060 write-file-atomic@7.0.1

Chores

d1996a7 #9060 dev dependency updates (@wraithgar)

workspace: @npmcli/arborist@9.4.1

workspace: libnpmdiff@8.1.4

... (truncated)

Changelog

Sourced from npm's changelog.

11.12.0 (2026-03-18)

Features

8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@mitchdenny)

Bug Fixes

03af94d #9123 skip synopsis code block when command has no usage (@owlstronaut)

21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@manzoorwanijk)

Dependencies

03f4c3a #9131 @sigstore/tuf@4.0.2

4d5f7d9 #9131 @gar/promise-retry@1.0.3

8dcfe69 #9131 @sigstore/sign@4.1.1

e5a7e22 #9127 lru-cache@11.2.7

82deab6 #9127 make-fetch-happen@15.0.5

ce195dc #9127 cacache@20.0.4

Chores

95fa7f4 #9132 fix docs test snapshot (#9132) (@wraithgar)

7e9d538 #9127 dev dependency updates (@wraithgar)

920e5ed #9127 test snapshots (@wraithgar)

98ccf92 #9125 fix snap tests (@owlstronaut)

workspace: @npmcli/arborist@9.4.2

workspace: @npmcli/config@10.8.0

workspace: libnpmdiff@8.1.5

workspace: libnpmexec@10.2.5

workspace: libnpmfund@7.0.19

workspace: libnpmpack@9.1.5

11.11.1 (2026-03-10)

Bug Fixes

a9d242b #9099 include all subcommands on main command help (#9099) (@wraithgar)

29b8407 #9087 unwrap comments and lines meant for output (#9087) (@wraithgar)

b56986a #9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#9095) (@manzoorwanijk)

76c76e5 #9083 ci: don't error on optional deps in the lockfile (#9083) (@wraithgar)

a29aeee #9028 arborist: retry bin-links on Windows EPERM (#9028) (@manzoorwanijk)

6565eeb #9045 bypass packument cache to prevent ETARGET errors after publish (#9045) (@Jadu07)

Documentation

3b96929 #9074 scripts: remove mention of obsolete root user behavior (#9074) (@mohd-akram)

16ac4e0 #9054 fix workspace cross-dependency documentation (@owlstronaut)

Dependencies

075ae23 #9086 tar@7.5.11

13fa40d #9086 pacote@21.5.0

bf7ea2b #9060 brace-expansion@5.0.4

2000d2c #9060 minimatch@10.2.4

d86b260 #9060 tar@7.5.10

dff1853 #9060 @npmcli/run-script@10.0.4

93c3365 #9060 write-file-atomic@7.0.1

Chores

d1996a7 #9060 dev dependency updates (@wraithgar)

workspace: @npmcli/arborist@9.4.1

workspace: libnpmdiff@8.1.4

workspace: libnpmexec@10.2.4

workspace: libnpmfund@7.0.18

... (truncated)

Commits

1afa738 chore: release 11.12.0
95fa7f4 chore: fix docs test snapshot (#9132)
03f4c3a deps: @sigstore/tuf@4.0.2
4d5f7d9 deps: @gar/promise-retry@1.0.3
8dcfe69 deps: @sigstore/sign@4.1.1
d273380 fix(config): make prefer-offline and prefer-online exclusive (#9129)
7e9d538 chore: dev dependency updates
e5a7e22 deps: lru-cache@11.2.7
82deab6 deps: make-fetch-happen@15.0.5
920e5ed chore: test snapshots
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependencies [tar](https://github.com/isaacs/node-tar) and [npm](https://github.com/npm/cli). These dependencies need to be updated together. Removes `tar` Updates `npm` from 11.7.0 to 11.12.0 - [Release notes](https://github.com/npm/cli/releases) - [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md) - [Commits](npm/cli@v11.7.0...v11.12.0) Updates `npm` from 10.9.2 to 10.9.7 - [Release notes](https://github.com/npm/cli/releases) - [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md) - [Commits](npm/cli@v11.7.0...v11.12.0) --- updated-dependencies: - dependency-name: tar dependency-version: dependency-type: indirect - dependency-name: npm dependency-version: 11.12.0 dependency-type: indirect - dependency-name: npm dependency-version: 10.9.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-28T07:39:40Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2026

cblanc closed this May 28, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/multi-2068b04744 branch May 28, 2026 07:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump tar and npm#1335

chore(deps): bump tar and npm#1335
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-2068b04744

dependabot Bot commented on behalf of github Mar 20, 2026

Uh oh!

dependabot Bot commented on behalf of github May 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Mar 20, 2026

v11.12.0

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

Chores

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

Chores

v11.12.0

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

Chores

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

Chores

Uh oh!

dependabot Bot commented on behalf of github May 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant