chore(deps): bump tar, semantic-release and @semantic-release/npm by dependabot[bot] · Pull Request #473 · cameri/nostream

dependabot · 2026-04-15T22:59:02Z

Removes tar. It's no longer used after updating ancestor dependencies tar, semantic-release and @semantic-release/npm. These dependencies need to be updated together.

Removes tar

Updates semantic-release from 19.0.5 to 25.0.3

Release notes

Sourced from semantic-release's releases.

v25.0.3

25.0.3 (2026-01-30)

Bug Fixes

deps: remove deprecated semver-diff (#3980) (f404124)

v25.0.2

25.0.2 (2025-11-07)

Bug Fixes

deps: update dependency read-package-up to v12 (#3935) (1494cb9)

v25.0.1

25.0.1 (2025-10-19)

Bug Fixes

deps: update to the latest version of the npm plugin to add trusted publishing support (fad173e), closes semantic-release/npm#958

v25.0.1-beta.3

25.0.1-beta.3 (2025-10-19)

Bug Fixes

deps: update to latest npm plugin (a96aced)

v25.0.1-beta.2

25.0.1-beta.2 (2025-10-19)

Bug Fixes

deps: update to the stable version of the npm plugin to add trusted publishing support (fad173e), closes semantic-release/npm#958

v25.0.1-beta.1

25.0.1-beta.1 (2025-10-16)

Bug Fixes

deps: update to the beta of the npm plugin (c770748), closes semantic-release/npm#958

... (truncated)

Commits

f404124 fix(deps): remove deprecated semver-diff (#3980)
fef7e34 docs: warn against using registry-url in setup-node (#4024)
699d470 chore(deps): update dependency lockfile-lint to v5 (#4022)
c7c6f7a chore(deps): update dependency tempy to v3.1.2 (#4021)
1ce5088 ci(action): update github/codeql-action action to v4.32.0 (#4019)
9bb0d87 chore(deps): lock file maintenance (#4016)
490171c chore(deps): update npm to v11.8.0 (#4015)
f6411e9 chore(deps): update dependency prettier to v3.8.1 (#4014)
c71c576 chore(deps): update dependency publint to v0.3.17 (#4013)
989e18c chore(deps): update dependency tempy to v3.1.1 (#4012)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for semantic-release since your current version.

Updates @semantic-release/npm from 9.0.1 to 13.1.5

Release notes

Sourced from @semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

deps: update dependency @actions/core to v3 (#1085) (17abfe1)

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

deps: update dependency @actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

deps: update dependency read-pkg to v10 (#1032) (f3f1a00)

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958

trusted-publishing: refine the messages for related errors (316ce21), closes #958

trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958

trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958

trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958

... (truncated)

Commits

daec492 fix(deps): update dependency normalize-url to v9 (#1095)
af8362f chore(deps): update dependency strip-ansi to v7.2.0 (#1098)
7354e11 chore(deps): update node.js to v24 (#1027)
2c4d2c9 chore(deps): update npm to v11.11.0 (#1097)
95ba689 chore(deps): update dependency c8 to v11 (#1096)
5d32912 chore(deps): update npm to v11.10.1 (#1094)
54f908c chore(deps): lock file maintenance (#1093)
91e1f14 chore(deps): update npm to v11.10.0 (#1092)
0d7d37e chore(deps): lock file maintenance (#1089)
c5411cc chore(deps): update npm to v11.9.0 (#1088)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @semantic-release/npm since your current version.

socket-security · 2026-04-15T22:59:35Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@semantic-release/npm@9.0.1 ⏵ 13.1.5

View full report

Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependencies [tar](https://github.com/isaacs/node-tar), [semantic-release](https://github.com/semantic-release/semantic-release) and [@semantic-release/npm](https://github.com/semantic-release/npm). These dependencies need to be updated together. Removes `tar` Updates `semantic-release` from 19.0.5 to 25.0.3 - [Release notes](https://github.com/semantic-release/semantic-release/releases) - [Commits](semantic-release/semantic-release@v19.0.5...v25.0.3) Updates `@semantic-release/npm` from 9.0.1 to 13.1.5 - [Release notes](https://github.com/semantic-release/npm/releases) - [Commits](semantic-release/npm@v9.0.1...v13.1.5) --- updated-dependencies: - dependency-name: tar dependency-version: dependency-type: indirect - dependency-name: semantic-release dependency-version: 25.0.3 dependency-type: direct:development - dependency-name: "@semantic-release/npm" dependency-version: 13.1.5 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-18T04:55:26Z

Looks like these dependencies are up-to-date now, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 15, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-20d79320d3 branch from ea64d23 to 52eb7d6 Compare April 17, 2026 03:24

dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-20d79320d3 branch from 52eb7d6 to 0cf841b Compare April 18, 2026 01:23

dependabot Bot closed this Apr 18, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/multi-20d79320d3 branch April 18, 2026 04:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump tar, semantic-release and @semantic-release/npm#473

chore(deps): bump tar, semantic-release and @semantic-release/npm#473
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-20d79320d3

dependabot Bot commented on behalf of github Apr 15, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Apr 15, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Apr 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v25.0.3

25.0.3 (2026-01-30)

Bug Fixes

v25.0.2

25.0.2 (2025-11-07)

Bug Fixes

v25.0.1

25.0.1 (2025-10-19)

Bug Fixes

v25.0.1-beta.3

25.0.1-beta.3 (2025-10-19)

Bug Fixes

v25.0.1-beta.2

25.0.1-beta.2 (2025-10-19)

Bug Fixes

v25.0.1-beta.1

25.0.1-beta.1 (2025-10-16)

Bug Fixes

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

v13.1.0

13.1.0 (2025-10-19)

Features

Uh oh!

socket-security Bot commented Apr 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot Bot commented on behalf of github Apr 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 15, 2026 •

edited

Loading

socket-security Bot commented Apr 15, 2026 •

edited

Loading