[PR #469] Bump tar from 0.4.45 to 0.4.46 #2979

New Issue

GiteaMirror · 2026-06-08T22:01:27-05:00

GiteaMirror commented

2026-06-08 22:01:27 -05:00

📋 Pull Request Information

Original PR: https://github.com/mountain-loop/yaak/pull/469
Author: @dependabot[bot]
Created: 5/29/2026
Status: 🔄 Open

Base: main ← Head: dependabot/cargo/tar-0.4.46

📝 Commits (1)

e2a9958 Bump tar from 0.4.45 to 0.4.46

📊 Changes

1 file changed (+9 additions, -9 deletions)

View changed files

📝 Cargo.lock (+9 -9)

📄 Description

Bumps tar from 0.4.45 to 0.4.46.

Release notes

Sourced from tar's releases.

0.4.46

Security

archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by @cgwalters in composefs/tar-rs#454

See also https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-3cv2-h65g-fgmm

Other changes

ci: Fix and re-enable reverse dependency testing by @cgwalters in composefs/tar-rs#444

Update astral-tokio-tar requirement from 0.5 to 0.6 by @dependabot[bot] in composefs/tar-rs#446

Update some links by @atouchet in composefs/tar-rs#445

Add support of absolute paths by @zxvfc in composefs/tar-rs#426

docs: Expand notes on concurrent mutations and following symlinks by @cgwalters in composefs/tar-rs#453

Update repo links by @cgwalters in composefs/tar-rs#451

ci: Add crates.io trusted publishing workflow by @cgwalters in composefs/tar-rs#456

Release 0.4.46 by @cgwalters in composefs/tar-rs#455

New Contributors

@dependabot[bot] made their first contribution in composefs/tar-rs#446

@atouchet made their first contribution in composefs/tar-rs#445

@zxvfc made their first contribution in composefs/tar-rs#426

Full Changelog: https://github.com/composefs/tar-rs/compare/0.4.45...0.4.46

Commits

fc459c1 Release 0.4.46
43e05a8 ci: Add crates.io trusted publishing workflow
bba5666 Update repo links
cd94c46 docs: Document TOCTOU / concurrent-mutation threat model
1b4997c builder: Expand docs for follow_symlinks and append_dir_all
bab14dd archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)
2349b49 Add support of absolute paths
39d0311 Update some links
59d803e Update astral-tokio-tar requirement from 0.5 to 0.6
8296b9a ci: Fix and re-enable reverse dependency testing (#444)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/mountain-loop/yaak/pull/469 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 5/29/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/cargo/tar-0.4.46` --- ### 📝 Commits (1) - [`e2a9958`](https://github.com/mountain-loop/yaak/commit/e2a9958b1a8dabe22ae9cc655c4e8a4c15f0d03a) Bump tar from 0.4.45 to 0.4.46 ### 📊 Changes **1 file changed** (+9 additions, -9 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+9 -9) </details> ### 📄 Description Bumps [tar](https://github.com/composefs/tar-rs) from 0.4.45 to 0.4.46. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/composefs/tar-rs/releases">tar's releases</a>.</em></p> <blockquote> <h2>0.4.46</h2> <h2>Security</h2> <ul> <li>archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm) by <a href="https://github.com/cgwalters"><code>@cgwalters</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/454">composefs/tar-rs#454</a></li> </ul> <p>See also <a href="https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-3cv2-h65g-fgmm">https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-3cv2-h65g-fgmm</a></p> <h2>Other changes</h2> <ul> <li>ci: Fix and re-enable reverse dependency testing by <a href="https://github.com/cgwalters"><code>@cgwalters</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/444">composefs/tar-rs#444</a></li> <li>Update astral-tokio-tar requirement from 0.5 to 0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/composefs/tar-rs/pull/446">composefs/tar-rs#446</a></li> <li>Update some links by <a href="https://github.com/atouchet"><code>@atouchet</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/445">composefs/tar-rs#445</a></li> <li>Add support of absolute paths by <a href="https://github.com/zxvfc"><code>@zxvfc</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/426">composefs/tar-rs#426</a></li> <li>docs: Expand notes on concurrent mutations and following symlinks by <a href="https://github.com/cgwalters"><code>@cgwalters</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/453">composefs/tar-rs#453</a></li> <li>Update repo links by <a href="https://github.com/cgwalters"><code>@cgwalters</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/451">composefs/tar-rs#451</a></li> <li>ci: Add crates.io trusted publishing workflow by <a href="https://github.com/cgwalters"><code>@cgwalters</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/456">composefs/tar-rs#456</a></li> <li>Release 0.4.46 by <a href="https://github.com/cgwalters"><code>@cgwalters</code></a> in <a href="https://redirect.github.com/composefs/tar-rs/pull/455">composefs/tar-rs#455</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/composefs/tar-rs/pull/446">composefs/tar-rs#446</a></li> <li><a href="https://github.com/atouchet"><code>@atouchet</code></a> made their first contribution in <a href="https://redirect.github.com/composefs/tar-rs/pull/445">composefs/tar-rs#445</a></li> <li><a href="https://github.com/zxvfc"><code>@zxvfc</code></a> made their first contribution in <a href="https://redirect.github.com/composefs/tar-rs/pull/426">composefs/tar-rs#426</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/composefs/tar-rs/compare/0.4.45...0.4.46">https://github.com/composefs/tar-rs/compare/0.4.45...0.4.46</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/composefs/tar-rs/commit/fc459c149f83bf4daceaa52e17d351989002e1a9"><code>fc459c1</code></a> Release 0.4.46</li> <li><a href="https://github.com/composefs/tar-rs/commit/43e05a85e053d5e64eeda0b04e279be8686419b6"><code>43e05a8</code></a> ci: Add crates.io trusted publishing workflow</li> <li><a href="https://github.com/composefs/tar-rs/commit/bba5666997d95dcd89a9d38235709a1d5e44565b"><code>bba5666</code></a> Update repo links</li> <li><a href="https://github.com/composefs/tar-rs/commit/cd94c46e0d74fbcc50eea3f30665a1b1159254cc"><code>cd94c46</code></a> docs: Document TOCTOU / concurrent-mutation threat model</li> <li><a href="https://github.com/composefs/tar-rs/commit/1b4997cf5ef115f8d82680016c28490b5645b9c7"><code>1b4997c</code></a> builder: Expand docs for follow_symlinks and append_dir_all</li> <li><a href="https://github.com/composefs/tar-rs/commit/bab14dd84b411ac16ecb56d4f2d2f7bfb88a9838"><code>bab14dd</code></a> archive: Fix another PAX header desync (GHSA-3cv2-h65g-fgmm)</li> <li><a href="https://github.com/composefs/tar-rs/commit/2349b494827807791473f3c6ca9b2fc5ef274cdb"><code>2349b49</code></a> Add support of absolute paths</li> <li><a href="https://github.com/composefs/tar-rs/commit/39d031184127427bd9a740b7e20afd31deead928"><code>39d0311</code></a> Update some links</li> <li><a href="https://github.com/composefs/tar-rs/commit/59d803e2f1ed39272c4c1d1cdb04d799280b3335"><code>59d803e</code></a> Update astral-tokio-tar requirement from 0.5 to 0.6</li> <li><a href="https://github.com/composefs/tar-rs/commit/8296b9a88cfcdbdd1e3b59cd820899b35e6151e1"><code>8296b9a</code></a> ci: Fix and re-enable reverse dependency testing (<a href="https://redirect.github.com/composefs/tar-rs/issues/444">#444</a>)</li> <li>See full diff in <a href="https://github.com/composefs/tar-rs/compare/0.4.45...0.4.46">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tar&package-manager=cargo&previous-version=0.4.45&new-version=0.4.46)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mountain-loop/yaak/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-06-08 22:01:27 -05:00

Sign in to join this conversation.

Branches Tags

main

dependabot/npm_and_yarn/hono-4.12.21

dependabot/cargo/tar-0.4.46

dependabot/npm_and_yarn/qs-6.15.2

codex-review/pr-457

migrate-vite-plus

fix/native-tls-legacy-servers

gschier/cli-plugin-send-render-http

pr-413

codex/cli-dev-plugin-dir-root

cli-improvements-2

mcp-client-plan

actions-system

omnara/premium-deviator

omnara/repose-aversion

copilot/create-beta-tag-for-main

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/yaak#2979