Skip to content

force tar resolution to 7.5.11#192

Open
dividedmind wants to merge 3 commits intomainfrom
chore/bump-tar
Open

force tar resolution to 7.5.11#192
dividedmind wants to merge 3 commits intomainfrom
chore/bump-tar

Conversation

@dividedmind
Copy link
Collaborator

@dividedmind dividedmind commented Mar 16, 2026

Resolves GHSA-9ppj-qmqm-q256 by overriding the tar dependency version used by nested dependencies to 7.5.11 via Yarn resolutions.

Also, yarn dedupe. I forgot to do it last time and we got a lot of duplicated dependencies.

@dividedmind
chore: yarn dedupe
b3ddf4b
@dividedmind
chore(deps): force tar resolution to 7.5.11
5e5dc61 
Resolves GHSA-9ppj-qmqm-q256 by overriding the tar dependency version
used by nested dependencies to 7.5.11 via Yarn resolutions.
@dividedmind dividedmind self-assigned this Mar 16, 2026
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses GHSA-9ppj-qmqm-q256 by forcing the tar package version via Yarn resolutions, and regenerates yarn.lock with yarn dedupe to reduce duplicate transitive dependencies.

Changes:

  • Add a Yarn resolution to pin tar to 7.5.11.
  • Regenerate/dedupe yarn.lock, resulting in consolidated and updated transitive dependency entries.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Adds tar@7.5.11 under resolutions to override transitive dependency versions.
yarn.lock Reflects the tar@7.5.11 override and dependency deduplication/reshaping from Yarn.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dividedmind
chore(types): add strongly typed acorn-walk adapter for ESTree
4732f19 
Resolves type mismatch errors introduced by stricter types in
acorn-walk after deduplication. acorn-walk expects acorn.Node, while
our parser (meriyah) yields ESTree.Node, leading to TS compilation
failures in visitors and `walk` calls.

This adds `src/util/walk.ts` which provides `walkSimple` and
`walkAncestor` wrappers that map ESTree types safely without relying
on inline `as any` type casting.
@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 16, 2026

Open in StackBlitz

npm i https://pkg.pr.new/appmap-node@192

commit: 4732f19

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kgilpin kgilpin Awaiting requested review from kgilpin

@hleb-rubanau hleb-rubanau Awaiting requested review from hleb-rubanau

At least 1 approving review is required to merge this pull request.

Assignees

@dividedmind dividedmind

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dividedmind