Bump tar and sqlite3 in /server

[dependabot]

Bumps tar to 7.5.15 and updates ancestor dependency sqlite3. These dependencies need to be updated together.

Updates tar from 6.2.1 to 7.5.15

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• 87cc309 7.5.15
• 7aef486 fix: regression in pending links detection
• 6244eb3 7.5.14
• 9704d8c stricter protection against hardlinks preempting their targets
• 700734f update workflows and deps
• d6611ae 7.5.13
• 119c401 fix(extract): prevent raced symlink writes outside cwd
• 2a294d3 7.5.12
• 01082a4 fix: reject top promise on floating addFilesAsync rejections
• dd1c36a linting
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates sqlite3 from 5.1.7 to 6.0.1

Release notes

Sourced from sqlite3's releases.

v6.0.1

• Fixed prebuilt binaries for alpine/musl

Full Changelog: TryGhost/node-sqlite3@v6.0.0...v6.0.1

v6.0.0

What's Changed

• Mark repository as unmaintained by @​lsinger in TryGhost/node-sqlite3#1844
• v6.0.0 — Bump all dependencies, SQLite, and modernise CI by @​jonatansberg in TryGhost/node-sqlite3#1857

New Contributors

• @​lsinger made their first contribution in TryGhost/node-sqlite3#1844
• @​jonatansberg made their first contribution in TryGhost/node-sqlite3#1857

Full Changelog: TryGhost/node-sqlite3@v5.1.7...v6.0.0

Commits

• a7badce v6.0.1
• 0ed0c97 Fixed Alpine/musl builds, replaced QEMU with native ARM runners
• 20a3bd2 v6.0.0
• d808e57 Bumped bundled SQLite from 3.45.0 to 3.52.0
• a962b72 Bumped all dependencies and modernised CI for Node 20+/22+/24+
• 66d054a 2026
• a85f9e8 Mark repository as unmaintained (#1844)
• 528e15a 2025
• 2f0c799 Updated actions/upload-artifact to v4
• 1609684 Updated bundled SQLite to v3.45.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by jonatan-ghost, a new releaser for sqlite3 since your current version.

[cypress]

Commonsense    Run #360

Run Properties:   Passed #360  •  c6d2bf7fe0: Bump tar and sqlite3 in /server

Project	Commonsense
Branch Review	dependabot/npm_and_yarn/server/multi-8628985171
Run status	Passed #360
Run duration	01m 27s
Commit	c6d2bf7fe0: Bump tar and sqlite3 in /server
Committer	dependabot[bot]
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	14
View all changes introduced in this branch ↗︎