chore(deps): bump tar and npm by dependabot[bot] · Pull Request #2674 · Automattic/newspack-theme

dependabot · 2026-04-10T05:39:43Z

Removes tar. It's no longer used after updating ancestor dependency npm. These dependencies need to be updated together.

Removes tar

Updates npm from 11.6.2 to 11.12.1

Release notes

Sourced from npm's releases.

v11.12.1

11.12.1 (2026-03-24)

Bug Fixes

596706a #9148 revert prefer-offline/prefer-online exclusivity (#9129) (@owlstronaut)

Documentation

d1ee8a5 #9140 Add note on relative path prefix for npm publish (#9140) (@pydsigner)

Dependencies

workspace: @npmcli/config@10.8.1

v11.12.0

11.12.0 (2026-03-18)

Features

8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@mitchdenny)

Bug Fixes

03af94d #9123 skip synopsis code block when command has no usage (@owlstronaut)

21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@manzoorwanijk)

Dependencies

03f4c3a #9131 @sigstore/tuf@4.0.2

4d5f7d9 #9131 @gar/promise-retry@1.0.3

8dcfe69 #9131 @sigstore/sign@4.1.1

e5a7e22 #9127 lru-cache@11.2.7

82deab6 #9127 make-fetch-happen@15.0.5

ce195dc #9127 cacache@20.0.4

Chores

95fa7f4 #9132 fix docs test snapshot (#9132) (@wraithgar)

7e9d538 #9127 dev dependency updates (@wraithgar)

920e5ed #9127 test snapshots (@wraithgar)

98ccf92 #9125 fix snap tests (@owlstronaut)

workspace: @npmcli/arborist@9.4.2

workspace: @npmcli/config@10.8.0

workspace: libnpmdiff@8.1.5

workspace: libnpmexec@10.2.5

workspace: libnpmfund@7.0.19

workspace: libnpmpack@9.1.5

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

a9d242b #9099 include all subcommands on main command help (#9099) (@wraithgar)

29b8407 #9087 unwrap comments and lines meant for output (#9087) (@wraithgar)

b56986a #9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#9095) (@manzoorwanijk)

76c76e5 #9083 ci: don't error on optional deps in the lockfile (#9083) (@wraithgar)

a29aeee #9028 arborist: retry bin-links on Windows EPERM (#9028) (@manzoorwanijk)

6565eeb #9045 bypass packument cache to prevent ETARGET errors after publish (#9045) (@Jadu07)

Documentation

3b96929 #9074 scripts: remove mention of obsolete root user behavior (#9074) (@mohd-akram)

16ac4e0 #9054 fix workspace cross-dependency documentation (@owlstronaut)

... (truncated)

Changelog

Sourced from npm's changelog.

11.12.1 (2026-03-24)

Bug Fixes

596706a #9148 revert prefer-offline/prefer-online exclusivity (#9129) (@owlstronaut)

Documentation

d1ee8a5 #9140 Add note on relative path prefix for npm publish (#9140) (@pydsigner)

Dependencies

workspace: @npmcli/config@10.8.1

11.12.0 (2026-03-18)

Features

8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@mitchdenny)

Bug Fixes

03af94d #9123 skip synopsis code block when command has no usage (@owlstronaut)

21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@manzoorwanijk)

Dependencies

03f4c3a #9131 @sigstore/tuf@4.0.2

4d5f7d9 #9131 @gar/promise-retry@1.0.3

8dcfe69 #9131 @sigstore/sign@4.1.1

e5a7e22 #9127 lru-cache@11.2.7

82deab6 #9127 make-fetch-happen@15.0.5

ce195dc #9127 cacache@20.0.4

Chores

95fa7f4 #9132 fix docs test snapshot (#9132) (@wraithgar)

7e9d538 #9127 dev dependency updates (@wraithgar)

920e5ed #9127 test snapshots (@wraithgar)

98ccf92 #9125 fix snap tests (@owlstronaut)

workspace: @npmcli/arborist@9.4.2

workspace: @npmcli/config@10.8.0

workspace: libnpmdiff@8.1.5

workspace: libnpmexec@10.2.5

workspace: libnpmfund@7.0.19

workspace: libnpmpack@9.1.5

11.11.1 (2026-03-10)

Bug Fixes

a9d242b #9099 include all subcommands on main command help (#9099) (@wraithgar)

29b8407 #9087 unwrap comments and lines meant for output (#9087) (@wraithgar)

b56986a #9095 ls: suppress false UNMET DEPENDENCYs in linked strategy (#9095) (@manzoorwanijk)

76c76e5 #9083 ci: don't error on optional deps in the lockfile (#9083) (@wraithgar)

a29aeee #9028 arborist: retry bin-links on Windows EPERM (#9028) (@manzoorwanijk)

6565eeb #9045 bypass packument cache to prevent ETARGET errors after publish (#9045) (@Jadu07)

Documentation

3b96929 #9074 scripts: remove mention of obsolete root user behavior (#9074) (@mohd-akram)

16ac4e0 #9054 fix workspace cross-dependency documentation (@owlstronaut)

Dependencies

075ae23 #9086 tar@7.5.11

13fa40d #9086 pacote@21.5.0

... (truncated)

Commits

63b9a7c chore: release 11.12.1
596706a fix: revert prefer-offline/prefer-online exclusivity (#9129)
d1ee8a5 docs: Add note on relative path prefix for npm publish (#9140)
1afa738 chore: release 11.12.0
95fa7f4 chore: fix docs test snapshot (#9132)
03f4c3a deps: @sigstore/tuf@4.0.2
4d5f7d9 deps: @gar/promise-retry@1.0.3
8dcfe69 deps: @sigstore/sign@4.1.1
d273380 fix(config): make prefer-offline and prefer-online exclusive (#9129)
7e9d538 chore: dev dependency updates
Additional commits viewable in compare view

Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependency [npm](https://github.com/npm/cli). These dependencies need to be updated together. Removes `tar` Updates `npm` from 11.6.2 to 11.12.1 - [Release notes](https://github.com/npm/cli/releases) - [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md) - [Commits](npm/cli@v11.6.2...v11.12.1) --- updated-dependencies: - dependency-name: tar dependency-version: dependency-type: indirect - dependency-name: npm dependency-version: 11.12.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 10, 2026

dependabot bot requested a review from a team as a code owner April 10, 2026 05:39

dependabot bot force-pushed the dependabot/npm_and_yarn/multi-60e8aced34 branch 3 times, most recently from 010b553 to 1bba2bf Compare April 13, 2026 02:35

dependabot bot force-pushed the dependabot/npm_and_yarn/multi-60e8aced34 branch from 1bba2bf to 4673ac1 Compare April 15, 2026 19:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump tar and npm#2674

chore(deps): bump tar and npm#2674
dependabot[bot] wants to merge 1 commit intotrunkfrom
dependabot/npm_and_yarn/multi-60e8aced34

dependabot bot commented on behalf of github Apr 10, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v11.12.1

11.12.1 (2026-03-24)

Bug Fixes

Documentation

Dependencies

v11.12.0

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

v11.11.1

11.11.1 (2026-03-10)

Bug Fixes

Documentation

11.12.1 (2026-03-24)

Bug Fixes

Documentation

Dependencies

11.12.0 (2026-03-18)

Features

Bug Fixes

Dependencies

Chores

11.11.1 (2026-03-10)

Bug Fixes

Documentation

Dependencies

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Apr 10, 2026 •

edited

Loading