Skip to content

Bump tar, fabric and @angular/cli in /src/Website#91

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/src/Website/multi-ed40a2a29c
Open

Bump tar, fabric and @angular/cli in /src/Website#91
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/src/Website/multi-ed40a2a29c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 28, 2026

Bumps tar to 7.5.7 and updates ancestor dependencies tar, fabric and @angular/cli. These dependencies need to be updated together.

Updates tar from 7.4.3 to 7.5.7

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.


Updates fabric from 6.6.4 to 7.1.0

Release notes

Sourced from fabric's releases.

Version 7.1.0

What's Changed

New Contributors

Full Changelog: fabricjs/fabric.js@v700...v710

Version 7.0.0

No code changes compared to 7.0.0 - rc1

Version 6.9.1

Full Changelog: fabricjs/fabric.js@v690...v691

  • fix(): Fix the situation where undefined + char exists when calculating couple #10816
  • fix(): Fix toDataUrl writing on contextTop #10820

Version 6.9.0

What's Changed

Techinically a breaking change of private code. That is why the minor bump, otherwise would be a patch.

If you are not interacting with the fabric.charWidthsCache object directly, this release is not breaking

Full Changelog: fabricjs/fabric.js@v680...v690

Version 6.8.0

What's Changed

fix(): CWE-1333 CWE-400 CWE-730 Simplify some regexes in order to avoid slowness with craft bad string #10746 fix(): CWE-1333 CWE-400 CWE-730 in Text.ts regex #10745 fix(StaticCanvas): After executing loadFromJSON, it unexpectedly adds an objects property to the canvas. #10741 fix(textarea): A form field element has neither an id nor a name attribute. #10172 fix(Canvas): The mouse enter and leave events of child elements will be executed twice. #10699 chore(): Remove mouse wheel console warning by setting default explicitly. #10712 fix(): fix rendering of text when line height is set to 0 #10785

Full Changelog: fabricjs/fabric.js@v671...v680

Thanks to @​Smrtnyk and @​zhe-he

Version 6.7.1

What's Changed

... (truncated)

Changelog

Sourced from fabric's changelog.

[7.1.0]

  • fix(Text):Double offset when exporting SVG after setting deltaY in Text #10805
  • chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 in the npm_and_yarn group across 1 directory #10812
  • Correctly check for cache key equality in calcOwnMatrix #10831
  • chore(): Render circle control tweak for code reusability and style #10829
  • feat(): Cropping controls extension #10825

[7.0.0]

  • fix(): Fix toDataUrl writing on contextTop #10820
  • feat(): Multi touch gesture support with module westures #10813
  • fix(): Fix the situation where undefined + char exists when calculating couple #10816
  • feat(): Add configuration parameter for patternQuality in node #10804
  • fix(): BREAKING Fix text positioning #10803
  • fix(AligningGuidelines): Guidelines features updates #10120 (fabricjs/fabric.js#10120)
  • chore(deps-dev): bump inquirer from 12.9.6 to 12.10.0 #10789
  • chore(deps-dev): bump @​types/micromatch from 4.0.9 to 4.0.10 #10788
  • chore(): update major version of vitest #10786
  • fix(): Prototype pollution risk on text char cache #10782
  • fix(): fix rendering of text when line height is set to 0 #10785
  • chore(): update playwright #10780
  • chore(deps-dev): bump es-toolkit from 1.39.10 to 1.40.0 #10777
  • BREAKING chore(): Deprecate originX and originY and change their default to center/center #10715
  • chore(deps-dev): bump @​types/node from 24.7.0 to 24.7.2 #10778
  • chore(deps-dev): bump @​rollup/plugin-babel from 6.0.4 to 6.1.0 #10776
  • chore(): up dev deps #10773
  • chore(): up deps #10771
  • chore(): remove moment dev dependency #10770
  • ci(): Move firefox to headless: false to see if improves passing rate. Renamed config because of deprecation warning #10769
  • chore(): remove fs-extra dev dependency #10767
  • chore(deps-dev): bump @​playwright/test from 1.55.0 to 1.55.1 #10761
  • test(): Add new e2e import test for svg preserve aspect ratio #10766
  • chore() Revisit and reduce contribution guidelines, try to streamline things #10759
  • chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates #10734
  • chore(deps-dev): bump @​babel/core from 7.28.3 to 7.28.4 #10753
  • chore(): remove chalk #10758
  • chore(deps-dev): bump commander from 14.0.0 to 14.0.1 #10754
  • chore(deps-dev): bump chalk from 5.6.0 to 5.6.2 #10752
  • fix(): Fix some weaknesses in the changelog-update action ( various CWE ) #10747
  • fix(): CWE-1333 CWE-400 CWE-730 Simplify some regexes in order to avoid slowness with craft bad string #10746
  • fix(): CWE-1333 CWE-400 CWE-730 in Text.ts regex #10745
  • ci(): fix CWE-829 in action build-stats #10744
  • ci(): Fix CWE-829 in the coverage report action #10743
  • ci(): Foked the action find-create-update-comment in order to pin sha(s) #10742
  • fix(): After executing loadFromJSON, it unexpectedly adds an objects property to the canvas.
  • fix(): Incorrect sha for commenting action
  • fix(IText): A form field element has neither an id nor a name attribute. #10172
  • docs(): change CN comment to EN #10727
  • chore(): Remove paths for codeQL let it scan all the repo #10738

... (truncated)

Commits

Updates @angular/cli from 19.2.8 to 21.1.2

Release notes

Sourced from @​angular/cli's releases.

21.1.2

@​angular-devkit/schematics-cli

Commit Description
fix - e7458c81d Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular-devkit/architect

Commit Description
fix - d66f1fe64 Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular/build

Commit Description
fix - 80911af67 loosen Vitest dependency checks when runnerConfig is used
fix - 2d30639d3 support merging coverage thresholds with Vitest runnerConfig

21.1.1

@​schematics/angular

Commit Description
fix - 9da6d8fa7 correct vscode MCP configuration for new projects
fix - 361758c75 remove special characters from jasmine-vitest report filename

@​angular/cli

Commit Description
fix - 151b69587 Remove nonexistent link from MCP response

@​angular/build

Commit Description
fix - 1b7e3307a allow application assets in workspace root
fix - d1e596dc5 prevent incorrect catch binding removal in downleveled for-await
fix - 98ef0981a update undici to v7.18.2

21.1.0

@​schematics/angular

Commit Description
feat - 36cf3afb4 add browserMode option to jasmine-vitest schematic
feat - e71a72ffd generate detailed migration report for refactor-jasmine-vitest
fix - 18cf6c51b add MCP configuration file to new workspaces

@​angular/cli

Commit Description
feat - 772e6efe7 add 'test' and 'e2e' MCP tools
feat - 8efb86318 Add "all" as an experimental tool group
feat - c3c9ac506 Add MCP tools for building and running devservers
feat - d635a6c63 add signal forms lessons
fix - d8b76e93d correctly handle yarn classic tag manifest fetching
fix - 7ab5c0b0a correctly spawn package managers on Windows in new abstraction
fix - 348096623 enhance list_projects MCP tool file system traversal and symlink handling
fix - 316fca862 handle array output from npm view in manifest parser

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

21.1.2 (2026-01-28)

@​angular-devkit/schematics-cli

Commit Type Description
e7458c81d fix Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular-devkit/architect

Commit Type Description
d66f1fe64 fix Add boolean type inference for 'true' and 'false' string values in argument parsing

@​angular/build

Commit Type Description
80911af67 fix loosen Vitest dependency checks when runnerConfig is used
2d30639d3 fix support merging coverage thresholds with Vitest runnerConfig

21.1.1 (2026-01-21)

@​angular/cli

Commit Type Description
151b69587 fix Remove nonexistent link from MCP response

@​schematics/angular

Commit Type Description
9da6d8fa7 fix correct vscode MCP configuration for new projects
361758c75 fix remove special characters from jasmine-vitest report filename

@​angular/build

Commit Type Description
1b7e3307a fix allow application assets in workspace root
d1e596dc5 fix prevent incorrect catch binding removal in downleveled for-await
98ef0981a fix update undici to v7.18.2

... (truncated)

Commits
  • 702d717 release: cut the v21.1.2 release
  • d66f1fe fix(@​angular-devkit/architect): Add boolean type inference for 'true' and 'fa...
  • e7458c8 fix(@​angular-devkit/schematics-cli): Add boolean type inference for 'true' an...
  • e974e40 build: lock file maintenance
  • 2d30639 fix(@​angular/build): support merging coverage thresholds with Vitest runnerCo...
  • 80911af fix(@​angular/build): loosen Vitest dependency checks when runnerConfig is used
  • 7cf1d3b build: update cross-repo angular dependencies
  • 165e7d6 build: update all github actions
  • 8e7f86b build: update bazel dependencies
  • 3206b8b build: update cross-repo angular dependencies
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump tar, fabric and @angular/cli in /src/Website
db94531 
Bumps [tar](https://github.com/isaacs/node-tar) to 7.5.7 and updates ancestor dependencies [tar](https://github.com/isaacs/node-tar), [fabric](https://github.com/fabricjs/fabric.js) and [@angular/cli](https://github.com/angular/angular-cli). These dependencies need to be updated together.


Updates `tar` from 7.4.3 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.4.3...v7.5.7)

Updates `fabric` from 6.6.4 to 7.1.0
- [Release notes](https://github.com/fabricjs/fabric.js/releases)
- [Changelog](https://github.com/fabricjs/fabric.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fabricjs/fabric.js/commits)

Updates `@angular/cli` from 19.2.8 to 21.1.2
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@19.2.8...v21.1.2)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: indirect
- dependency-name: fabric
  dependency-version: 7.1.0
  dependency-type: direct:production
- dependency-name: "@angular/cli"
  dependency-version: 21.1.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 28, 2026
@dependabot dependabot bot mentioned this pull request Jan 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants