From 296eac693f2702e49e4e6b7fbe7779b3e843690a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Jan 2026 16:49:56 +0000
Subject: [PATCH] chore(deps): bump tar from 6.2.1 to 7.5.7

Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.1 to 7.5.7.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v6.2.1...v7.5.7)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 packages/utils/package.json |  2 +-
 pnpm-lock.yaml              | 15 +++++++--------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/packages/utils/package.json b/packages/utils/package.json
index c3ce844e8a..cfaa4bb77e 100644
--- a/packages/utils/package.json
+++ b/packages/utils/package.json
@@ -24,7 +24,7 @@
     "cachedir": "^2.4.0",
     "charm": "^1.0.2",
     "minimatch": "^9.0.5",
-    "tar": "^6.2.1",
+    "tar": "^7.5.7",
     "tar-stream": "^3.1.7",
     "which": "^4.0.0"
   },
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 47f9a3b0cb..c66b8e7d0c 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -478,8 +478,8 @@ importers:
         specifier: ^9.0.5
         version: 9.0.5
       tar:
-        specifier: ^6.2.1
-        version: 6.2.1
+        specifier: ^7.5.7
+        version: 7.5.7
       tar-stream:
         specifier: ^3.1.7
         version: 3.1.7
@@ -4781,10 +4781,9 @@ packages:
     engines: {node: '>=10'}
     deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me
 
-  tar@7.5.1:
-    resolution: {integrity: sha512-nlGpxf+hv0v7GkWBK2V9spgactGOp0qvfWRxUMjqHyzrt3SgwE48DIv/FhqPHJYLHpgW1opq3nERbz5Anq7n1g==}
+  tar@7.5.7:
+    resolution: {integrity: sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==}
     engines: {node: '>=18'}
-    deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me
 
   term-size@2.2.1:
     resolution: {integrity: sha512-wK0Ri4fOGjv/XPy8SBHZChl8CM7uMc5VML7SqiQ0zG7+J5Vr+RMQDoHa2CNT6KHUnTGIXH34UDMkPzAUyapBZg==}
@@ -7381,7 +7380,7 @@ snapshots:
       minipass-pipeline: 1.2.4
       p-map: 7.0.3
       ssri: 12.0.0
-      tar: 7.5.1
+      tar: 7.5.7
       unique-filename: 4.0.0
 
   cachedir@2.4.0: {}
@@ -9511,7 +9510,7 @@ snapshots:
       nopt: 8.1.0
       proc-log: 5.0.0
       semver: 7.7.3
-      tar: 7.5.1
+      tar: 7.5.7
       tinyglobby: 0.2.15
       which: 5.0.0
     transitivePeerDependencies:
@@ -10464,7 +10463,7 @@ snapshots:
       mkdirp: 1.0.4
       yallist: 4.0.0
 
-  tar@7.5.1:
+  tar@7.5.7:
     dependencies:
       '@isaacs/fs-minipass': 4.0.1
       chownr: 3.0.0