Skip to content

chore(deps): bump tar, serverless-s3-sync and supabase#140

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-a4b47c2149
Open

chore(deps): bump tar, serverless-s3-sync and supabase#140
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-a4b47c2149

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 11, 2026

Copy link
Copy Markdown
Contributor

Bumps tar to 7.5.11 and updates ancestor dependencies tar, serverless-s3-sync and supabase. These dependencies need to be updated together.

Updates tar from 6.2.0 to 7.5.11

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates serverless-s3-sync from 3.2.0 to 3.5.1

Release notes

Sourced from serverless-s3-sync's releases.

v3.4.0

What's Changed

New Contributors

Full Changelog: k1LoW/serverless-s3-sync@v3.3.0...v3.4.0

v3.3.0

What's Changed

New Contributors

Full Changelog: k1LoW/serverless-s3-sync@v3.2.0...v3.3.0

Commits

Updates supabase from 1.136.3 to 2.78.1

Release notes

Sourced from supabase's releases.

v2.78.1

Changelog

Bug fixes

  • 3db642adde91f7f784437dd54af863791375411e: fix: add privilege migration note for db dump (#4885) (@​7ttp)

Others

  • 0335b2434d9ac3996d797337c079d1d4f188ed06: chore(ci): skip Link job on fork PRs (#4915) (@​lightstrike)

v2.78.0

Changelog

Features

Others

  • e616dbce6efc2a96c835bb91fa088758caaa8a40: chore(deps): bump tar from 7.5.10 to 7.5.11 in the npm-major group (#4944) (@​dependabot[bot])
  • f73cfdcff19c8ad84827e1c43cbe0a3faebd9007: chore: sync API types from infrastructure (#4943) (@​supabase-cli-releaser[bot])

v2.77.1

Changelog

Bug fixes

  • 31a4925438ad247e8c21d7d171ab8bc09daee7bc: fix(docker): bump supabase/postgres from 17.6.1.093 to 17.6.1.095 in /pkg/config/templates (#4938) (@​dependabot[bot])
  • b4918f383f80633db5e46946e4960552e3fa08ee: fix: save profile to global path (#4697) (@​sweatybridge)

Others

  • db0bfe728883eb7fc235a7279154b615d91e2418: chore(deps): bump the go-minor group across 2 directories with 2 updates (#4939) (@​dependabot[bot])
  • ba32edc29e0f71015b8839673944137f94d2a9d6: chore(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in the go-minor group across 1 directory (#4942) (@​dependabot[bot])

v2.77.0

Changelog

Features

  • fa5bc6cc7b6d427a9d99aca0dd52c5ac83b898b9: feat: pass pgrst config to studio container (#4920) (@​charislam)

Bug fixes

  • 7404c577b14f87274e4526d223959e2d4c3bf691: fix(docker): bump the docker-minor group across 1 directory with 5 updates (#4935) (@​dependabot[bot])

v2.76.17

Changelog

Bug fixes

  • e575ff04d08742e5c60efab837873641793274ca: fix(docker): bump the docker-minor group in /pkg/config/templates with 4 updates (#4926) (@​dependabot[bot])
  • 67510a2edf2276a41ea0bec4bba835b0a177157c: fix(function): support multiline import type statements in import scanning (#4872) (@​lightstrike)

Others

  • 3defd608a41611650e2670f6424047178d15bc8d: chore(deps): bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in the go-minor group across 1 directory (#4924) (@​dependabot[bot])
  • 4544462f76b5e7eb9c267d328bc9eab6b82f9966: chore(deps): bump tar from 7.5.9 to 7.5.10 in the npm-major group (#4928) (@​dependabot[bot])
  • 9efbdaa9e371c83c1503043ee73a91db2119b50b: chore(deps): bump github.com/slack-go/slack from 0.18.0 to 0.19.0 in the go-minor group across 1 directory (#4931) (@​dependabot[bot])

v2.76.16

Changelog

Bug fixes

  • f750a9b26879881c6fec44b65c43290d4c10e888: fix(docker): bump supabase/postgres from 17.6.1.088 to 17.6.1.089 in /pkg/config/templates (#4900) (@​dependabot[bot])
  • 6258d35f045f48551bfd699b9b324524be4019f5: fix(docker): bump the docker-minor group in /pkg/config/templates with 2 updates (#4899) (@​dependabot[bot])
  • 2d64b8a8bafe06e306962549fb75962bb7e5e95b: fix(docker): bump supabase/postgres from 17.6.1.089 to 17.6.1.090 in /pkg/config/templates (#4905) (@​dependabot[bot])
  • f01a81ca79f0c446a33e8de563fc3d12ca9e64cf: fix(docker): bump the docker-minor group in /pkg/config/templates with 3 updates (#4904) (@​dependabot[bot])
  • 461fdd29f8d87139f24be6ee6f2cf886921a0b15: fix(docker): bump the docker-minor group in /pkg/config/templates with 2 updates (#4909) (@​dependabot[bot])
  • 635a283915ef0e28b777fd740980a1a6baf77738: fix(docker): bump supabase/postgres from 17.6.1.090 to 17.6.1.091 in /pkg/config/templates (#4910) (@​dependabot[bot])

... (truncated)

Commits
  • 3db642a fix: add privilege migration note for db dump (#4885)
  • 0335b24 chore(ci): skip Link job on fork PRs (#4915)
  • 35867ca feat: add hybrid jwt verification (#4721)
  • f73cfdc chore: sync API types from infrastructure (#4943)
  • e616dbc chore(deps): bump tar from 7.5.10 to 7.5.11 in the npm-major group (#4944)
  • b4918f3 fix: save profile to global path (#4697)
  • ba32edc chore(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in the go-minor g...
  • db0bfe7 chore(deps): bump the go-minor group across 2 directories with 2 updates (#4939)
  • 31a4925 fix(docker): bump supabase/postgres from 17.6.1.093 to 17.6.1.095 in /pkg/con...
  • fa5bc6c feat: pass pgrst config to studio container (#4920)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for supabase since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump tar, serverless-s3-sync and supabase
3487a60 
Bumps [tar](https://github.com/isaacs/node-tar) to 7.5.11 and updates ancestor dependencies [tar](https://github.com/isaacs/node-tar), [serverless-s3-sync](https://github.com/k1LoW/serverless-s3-sync) and [supabase](https://github.com/supabase/cli). These dependencies need to be updated together.


Updates `tar` from 6.2.0 to 7.5.11
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.0...v7.5.11)

Updates `serverless-s3-sync` from 3.2.0 to 3.5.1
- [Release notes](https://github.com/k1LoW/serverless-s3-sync/releases)
- [Commits](https://github.com/k1LoW/serverless-s3-sync/commits)

Updates `supabase` from 1.136.3 to 2.78.1
- [Release notes](https://github.com/supabase/cli/releases)
- [Commits](supabase/cli@v1.136.3...v2.78.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: indirect
- dependency-name: serverless-s3-sync
  dependency-version: 3.5.1
  dependency-type: direct:production
- dependency-name: supabase
  dependency-version: 2.78.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026
@dependabot dependabot Bot mentioned this pull request Mar 11, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants