From 494b64c20716b633d427c6a2961d5e19b48d6f92 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jan 2026 00:52:51 +0100
Subject: [PATCH] build(deps): bump tar from 7.5.3 to 7.5.4 (#1658)

Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.3 to 7.5.4.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.3...v7.5.4)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package.json   |  2 +-
 pnpm-lock.yaml | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/package.json b/package.json
index 7995da8b..a41cddf4 100644
--- a/package.json
+++ b/package.json
@@ -89,7 +89,7 @@
     "mnemonist": "0.40.3",
     "mongodb": "^7.0.0",
     "poolifier": "^5.1.7",
-    "tar": "^7.5.2",
+    "tar": "^7.5.4",
     "winston": "^3.19.0",
     "winston-daily-rotate-file": "^5.0.0",
     "ws": "^8.19.0"
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 8a58d29d..c79dc1fa 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -61,8 +61,8 @@ importers:
         specifier: ^5.1.7
         version: 5.1.7
       tar:
-        specifier: ^7.5.2
-        version: 7.5.3
+        specifier: ^7.5.4
+        version: 7.5.4
       winston:
         specifier: ^3.19.0
         version: 3.19.0
@@ -5558,9 +5558,10 @@ packages:
   tar@6.2.1:
     resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==}
     engines: {node: '>=10'}
+    deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me
 
-  tar@7.5.3:
-    resolution: {integrity: sha512-ENg5JUHUm2rDD7IvKNFGzyElLXNjachNLp6RaGf4+JOgxXHkqA+gq81ZAMCUmtMtqBsoU62lcp6S27g1LCYGGQ==}
+  tar@7.5.4:
+    resolution: {integrity: sha512-AN04xbWGrSTDmVwlI4/GTlIIwMFk/XEv7uL8aa57zuvRy6s4hdBed+lVq2fAZ89XDa7Us3ANXcE3Tvqvja1kTA==}
     engines: {node: '>=18'}
 
   tarn@3.0.2:
@@ -12360,7 +12361,7 @@ snapshots:
       mkdirp: 1.0.4
       yallist: 4.0.0
 
-  tar@7.5.3:
+  tar@7.5.4:
     dependencies:
       '@isaacs/fs-minipass': 4.0.1
       chownr: 3.0.0
-- 
2.43.0