Skip to content

chore(deps): bump tar and @angular/cli in /examples/angular-universal #4239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump tar and @angular/cli in /examples/angular-universal #4239

dependabot wants to merge 1 commit into from
+17,263 −12,876

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 17, 2026
edited by cursor bot
Loading

Bumps tar to 7.5.3 and updates ancestor dependency @angular/cli. These dependencies need to be updated together.

Updates tar from 6.1.11 to 7.5.3

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

Documentation

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

  • Add support for brotli compression
  • Add maxDepth option to prevent extraction into excessively deep folders.

... (truncated)

Commits

Updates @angular/cli from 13.2.4 to 21.1.0

Release notes

Sourced from @​angular/cli's releases.

21.1.0

@​schematics/angular

Commit Description
feat - 36cf3afb4 add browserMode option to jasmine-vitest schematic
feat - e71a72ffd generate detailed migration report for refactor-jasmine-vitest
fix - 18cf6c51b add MCP configuration file to new workspaces

@​angular/cli

Commit Description
feat - 772e6efe7 add 'test' and 'e2e' MCP tools
feat - 8efb86318 Add "all" as an experimental tool group
feat - c3c9ac506 Add MCP tools for building and running devservers
feat - d635a6c63 add signal forms lessons
fix - d8b76e93d correctly handle yarn classic tag manifest fetching
fix - 7ab5c0b0a correctly spawn package managers on Windows in new abstraction
fix - 348096623 enhance list_projects MCP tool file system traversal and symlink handling
fix - 316fca862 handle array output from npm view in manifest parser
fix - 032257a6d improve signal forms lesson examples in AI tutor
fix - 18d74dde8 rename mcp devserver tools to comply with naming spec
fix - 1ad773671 update dependency @​modelcontextprotocol/sdk to v1.25.2
fix - 45d4f5668 update yarn berry package manager configuration
fix - 122ed27c9 use project-local temporary directory in ng add
perf - a15db28b2 cache resolved specific version in package manager abstraction
perf - 240588b7e optimize ng add version discovery

@​angular/build

Commit Description
feat - 1eda0a99f directly support ng-packagr in unit-test builder
feat - 87175f9dc disable TestBed teardown during debugging in Vitest
fix - 1e39c77a4 inject source-map-support for Vitest browser tests
fix - 3fd7dcd76 normalize roots to POSIX in test discovery for Windows compatibility
fix - 164e7dbbc resolve test files correctly on Windows when using non-C drives
fix - ad99e00ad simplify SSL handling for ng serve with SSR (#31722)

21.1.0-rc.0

@​schematics/angular

Commit Description
fix - 9006ec057 move 'provideZoneChangeDetection' to the root module
fix - 42d4febf4 update application schematics for module-based apps to use 'provideZoneChangeDetection'
fix - 5dfc0eea0 update default app component message
fix - 424a465df update default app component welcome message

@​angular/cli

Commit Description
feat - 772e6efe7 add 'test' and 'e2e' MCP tools
feat - 8efb86318 Add "all" as an experimental tool group
fix - 316fca862 handle array output from npm view in manifest parser
fix - 1ad773671 update dependency @​modelcontextprotocol/sdk to v1.25.2

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

21.1.0 (2026-01-14)

@​angular/cli

Commit Type Description
772e6efe7 feat add 'test' and 'e2e' MCP tools
8efb86318 feat Add "all" as an experimental tool group
c3c9ac506 feat Add MCP tools for building and running devservers
d635a6c63 feat add signal forms lessons
d8b76e93d fix correctly handle yarn classic tag manifest fetching
7ab5c0b0a fix correctly spawn package managers on Windows in new abstraction
348096623 fix enhance list_projects MCP tool file system traversal and symlink handling
316fca862 fix handle array output from npm view in manifest parser
032257a6d fix improve signal forms lesson examples in AI tutor
18d74dde8 fix rename mcp devserver tools to comply with naming spec
1ad773671 fix update dependency @​modelcontextprotocol/sdk to v1.25.2
45d4f5668 fix update yarn berry package manager configuration
122ed27c9 fix use project-local temporary directory in ng add
a15db28b2 perf cache resolved specific version in package manager abstraction
240588b7e perf optimize ng add version discovery

@​schematics/angular

Commit Type Description
36cf3afb4 feat add browserMode option to jasmine-vitest schematic
e71a72ffd feat generate detailed migration report for refactor-jasmine-vitest
18cf6c51b fix add MCP configuration file to new workspaces

@​angular/build

Commit Type Description
1eda0a99f feat directly support ng-packagr in unit-test builder
87175f9dc feat disable TestBed teardown during debugging in Vitest
1e39c77a4 fix inject source-map-support for Vitest browser tests
3fd7dcd76 fix normalize roots to POSIX in test discovery for Windows compatibility
164e7dbbc fix resolve test files correctly on Windows when using non-C drives
ad99e00ad fix simplify SSL handling for ng serve with SSR (#31722)

21.0.6 (2026-01-14)

@​angular/ssr

| Commit | Type | Description |

... (truncated)

Commits
  • 9c5a2e3 release: cut the v21.1.0 release
  • 94e7f49 build: update Angular versions to 21.1.0 stable versions
  • 84a228c build: update dependency bazel to v8.5.1
  • 9ae6844 build: update dependency node to v22.22.0
  • 09c5c9f build: lock file maintenance
  • 977d461 refactor: update license URL from angular.io to angular.dev and angular mater...
  • f13c845 refactor: update copyright from Google Inc to Google LLC
  • 8d99cfe fix(@​angular/ssr): handle platform destruction during rendering
  • 8195bf8 build: update cross-repo angular dependencies
  • d45693a refactor(@​angular/cli): support copying config files to temp package directory
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Dependency updates in the Angular Universal example

  • Bumps tar to 7.5.3
  • Updates @angular/cli to ^21.1.0 and aligns related tooling in package.json

Written by Cursor Bugbot for commit 7ecd1db. This will update automatically on new commits. Configure here.

@dependabot
chore(deps): bump tar and @angular/cli in /examples/angular-universal
7ecd1db 
Bumps [tar](https://github.com/isaacs/node-tar) to 7.5.3 and updates ancestor dependency [@angular/cli](https://github.com/angular/angular-cli). These dependencies need to be updated together.


Updates `tar` from 6.1.11 to 7.5.3
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.11...v7.5.3)

Updates `@angular/cli` from 13.2.4 to 21.1.0
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@13.2.4...v21.1.0)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.3
  dependency-type: indirect
- dependency-name: "@angular/cli"
  dependency-version: 21.1.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 17, 2026
@changeset-bot
Copy link

changeset-bot bot commented Jan 17, 2026

⚠️ No Changeset found

Latest commit: 7ecd1db

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

cursor[bot]
cursor bot reviewed Jan 17, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

examples/angular-universal/package.json
"devDependencies": {
"@angular-devkit/build-angular": "^17.3.3",
"@angular/cli": "^13.2.0",
"@angular/cli": "^21.1.0",
Copy link

@cursor cursor bot Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Major Angular version mismatch breaks the build

High Severity

Upgrading @angular/cli to ^21.1.0 while keeping all other Angular packages (@angular/core, @angular/common, @angular/compiler, @angular/platform-browser, etc.) at ^13.2.0 creates a severe version incompatibility. Angular packages must be kept at the same major version. This mismatch will cause build failures and break the Angular Universal example project entirely.

Additional Locations (1)

Fix in Cursor Fix in Web

@nx-cloud
Copy link

nx-cloud bot commented Jan 17, 2026
edited
Loading

View your CI Pipeline Execution ↗ for commit 7ecd1db

Command Status Duration Result
nx build @builder.io/sdk ✅ Succeeded <1s View ↗
nx test @builder.io/sdk ✅ Succeeded 5s View ↗
nx test @builder.io/sdks ✅ Succeeded 12s View ↗
nx typecheck @builder.io/sdks ✅ Succeeded 5s View ↗

☁️ Nx Cloud last updated this comment at 2026-01-17 04:54:13 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant