chore(deps): bump tar, @asyncapi/generator, @semantic-release/commit-analyzer, @semantic-release/github, @semantic-release/npm and semantic-release

[dependabot]

Bumps tar to 7.5.16 and updates ancestor dependencies tar, @asyncapi/generator, @semantic-release/commit-analyzer, @semantic-release/github, @semantic-release/npm and semantic-release. These dependencies need to be updated together.

Updates tar from 6.1.11 to 7.5.16

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• cf21338 7.5.16
• 21a8220 do not apply PAX header fields to meta entries
• 52632cf update project deps
• 302f51f fix inconsequential typo in PENDINGLINKS symbol name
• 55dbb99 remove some uses of mutate-fs
• 87cc309 7.5.15
• 7aef486 fix: regression in pending links detection
• 6244eb3 7.5.14
• 9704d8c stricter protection against hardlinks preempting their targets
• 700734f update workflows and deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @asyncapi/generator from 1.9.17 to 3.3.0

Release notes

Sourced from @​asyncapi/generator's releases.

@​asyncapi/generator@​3.3.0

Minor Changes

• 5fe91b0: Generated Python and JavaScript WebSocket clients no longer swallow send errors. Failures are now forwarded to the registered error handlers and raised by default, so callers learn when a message fails to send. Pass raise_send_errors=False (Python) or throwSendErrors=false (JavaScript) to the constructor to keep a high-throughput producer loop running and rely on the error handlers instead.

Patch Changes

• Updated dependencies [5fe91b0]
  • @​asyncapi/generator-components@​0.7.0

@​asyncapi/generator@​3.2.3

Patch Changes

• 69c2fa1: The mapBaseUrlToFolder resolver now rejects $refs that resolve outside the configured base folder. Previously a reference such as https://schema.example.com/crm/../../../etc/passwd was passed through unnormalized, letting a malicious AsyncAPI document read files outside the mapped folder (path traversal). References that escape the base folder are now blocked with an explicit error.

  This only affects references that start with the mapped base URL and then use ../ to climb out of the mapped folder (e.g. https://schema.example.com/crm/../shared/common.json reaching a sibling folder). If you relied on this to reference files outside the mapped folder, map a higher-level base instead — e.g. map https://schema.example.com/ to ./schemas/ and reference https://schema.example.com/shared/common.json directly — so the resolved paths stay within the mapped folder.

@​asyncapi/generator@​3.2.2

Patch Changes

• b43cd7c: Fix fetchSpec silently resolving on non-2xx HTTP responses. Previously, fetching an AsyncAPI document from a URL that returned a 4xx or 5xx status would resolve with the error response body (e.g. an HTML page) instead of rejecting. fetchSpec now throws a descriptive error including the URL and HTTP status code, so failures are surfaced immediately rather than propagating as invalid spec content.

@​asyncapi/generator@​3.2.1

Patch Changes

• 643f194: Fix browserslist error when using pnpm

  Set BROWSERSLIST_ROOT_PATH environment variable during template compilation to prevent browserslist from searching outside the template directory. This fixes an issue where pnpm's shim files were incorrectly parsed as browserslist configuration, causing "Unknown browser query" errors.

  Fixes: asyncapi/cli#1781

@​asyncapi/generator@​3.2.0

Minor Changes

• 8f06c14: Update @​npmcli/arborist from v5.6 to v9.2 This is a large jump but there are no breaking changes that affect us across these versions https://github.com/npm/cli/blob/latest/workspaces/arborist/CHANGELOG.md

@​asyncapi/generator@​3.1.2

Patch Changes

• 4a09f57: Bump @​asyncapi/parser to 3.6.0 to support AsyncAPI 3.1.0

@​asyncapi/generator@​3.1.1

Patch Changes

• 2bfad27: Fix generator handling of template parameters with false default values, ensuring defaults are correctly injected and conditional generation works as expected.

... (truncated)

Commits

• 2b6f977 chore(release): release and bump versions of packages (#2122)
• 5fe91b0 feat: improve js and python templates on send message error handling (#2109)
• 07d6a9f chore(release): release and bump versions of packages (#2121)
• 69c2fa1 fix: security issue with mapBaseUrlToFolder (#2110)
• 13d0f89 docs: add AI usage policy for contributors (#2111)
• 95dc0c0 chore(deps): bump protobufjs from 7.5.8 to 7.6.4 in /apps/generator/test/test...
• af16b14 refactor: support multiple WebSocket channels with query parameters #1973 (#2...
• db2a6fb refactor(dart): generate send methods dynamically from AsyncAPI operations (#...
• d87ed49 ci: update of files from global .github repo (#2116)
• d8d0db5 chore(release): release and bump versions of packages (#2115)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​asyncapi/generator since your current version.

Updates @semantic-release/commit-analyzer from 8.0.1 to 13.0.1

Release notes

Sourced from @​semantic-release/commit-analyzer's releases.

v13.0.1

13.0.1 (2025-01-03)

Bug Fixes

• deps: update dependency import-from-esm to v2 (#741) (f106b76)

v13.0.0

13.0.0 (2024-05-31)

Bug Fixes

• log the raw message again (e2f5d6c)

Features

• support latest conventional-changelog packages (0254d7a)

BREAKING CHANGES

• by supporting the latest major versions of conventional-changelog packages, we are dropping support for previous major versions of those packages due to the breaking changes between majors. this only impacts your project if you are installing alongside semantic-release, so updating those packages to latest version should be the only change you need for this update. no action should be necessary if you are using default semantic-release config

v13.0.0-beta.2

13.0.0-beta.2 (2024-05-25)

Bug Fixes

• log the raw message again (e2f5d6c)

v13.0.0-beta.1

13.0.0-beta.1 (2024-05-25)

Features

• support latest conventional-changelog packages (0254d7a)

BREAKING CHANGES

• by supporting the latest major versions of conventional-changelog packages, we are

... (truncated)

Commits

• f106b76 fix(deps): update dependency import-from-esm to v2 (#741)
• 5aa3378 chore(deps): lock file maintenance (#740)
• 87a21b4 chore(deps): lock file maintenance (#739)
• 780e812 chore(deps): update dependency npm-run-all2 to v7.0.2 (#737)
• b6474d1 chore(deps): update npm to v11 (#738)
• 9877406 chore(deps): lock file maintenance (#736)
• 59944a4 chore(deps): lock file maintenance (#735)
• 0de7ba6 chore(deps): update dependency c8 to v10.1.3 (#734)
• b8d058d chore(deps): lock file maintenance (#733)
• 2a1ed4b chore(deps): update npm to v10.9.2 (#732)
• Additional commits viewable in compare view

Updates @semantic-release/github from 7.2.3 to 12.0.8

Release notes

Sourced from @​semantic-release/github's releases.

v12.0.8

12.0.8 (2026-05-08)

Bug Fixes

• deps: update dependency http-proxy-agent to v9 (#1203) (edd1652)

v12.0.7

12.0.7 (2026-05-08)

Bug Fixes

• deps: update dependency https-proxy-agent to v9 (#1204) (1f17362)

v12.0.6

12.0.6 (2026-02-12)

Bug Fixes

• latest: add make_latest property to the GH release PATCH request during publish (#1169) (f516337)

v12.0.5

12.0.5 (2026-02-07)

Bug Fixes

• latest: add make_latest property to the GH release POST request during publish (#1157) (38051ba)

v12.0.4

12.0.4 (2026-02-06)

Bug Fixes

• remove failTitle arg in findSRIssues call (#1164) (f7bdd88)

v12.0.3

12.0.3 (2026-01-30)

Bug Fixes

• extend GraphQL alias prefix to prevent hash collisions (#1134) (ea6386d)

v12.0.2

12.0.2 (2025-11-08)

... (truncated)

Commits

• edd1652 fix(deps): update dependency http-proxy-agent to v9 (#1203)
• 1f17362 fix(deps): update dependency https-proxy-agent to v9 (#1204)
• 33fd115 chore(deps): update dependency cpy to v13.2.2 (#1221)
• 59fbe01 chore(deps): update dependency publint to v0.3.19 (#1220)
• ff5b17c chore(deps): lock file maintenance (#1219)
• 75faf16 chore(deps): update dependency ava to v8 (#1218)
• 56d65c0 chore(deps): lock file maintenance (#1217)
• 31a02d2 chore(deps): update npm to v11.13.0 (#1216)
• 3f06ad5 ci(action): update actions/setup-node action to v6.4.0 (#1214)
• 6ded611 chore(deps): lock file maintenance (#1213)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​semantic-release/github since your current version.

Updates @semantic-release/npm from 7.1.3 to 13.1.5

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

• deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

• deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

• deps: update dependency @​actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

• deps: update dependency read-pkg to v10 (#1032) (f3f1a00)

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

• publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

• trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958
• trusted-publishing: refine the messages for related errors (316ce21), closes #958
• trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
• trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
• trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958

... (truncated)

Commits

• daec492 fix(deps): update dependency normalize-url to v9 (#1095)
• af8362f chore(deps): update dependency strip-ansi to v7.2.0 (#1098)
• 7354e11 chore(deps): update node.js to v24 (#1027)
• 2c4d2c9 chore(deps): update npm to v11.11.0 (#1097)
• 95ba689 chore(deps): update dependency c8 to v11 (#1096)
• 5d32912 chore(deps): update npm to v11.10.1 (#1094)
• 54f908c chore(deps): lock file maintenance (#1093)
• 91e1f14 chore(deps): update npm to v11.10.0 (#1092)
• 0d7d37e chore(deps): lock file maintenance (#1089)
• c5411cc chore(deps): update npm to v11.9.0 (#1088)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​semantic-release/npm since your current version.

Updates semantic-release from 21.0.1 to 25.0.5

Release notes

Sourced from semantic-release's releases.

v25.0.5

25.0.5 (2026-06-09)

Bug Fixes

• revert: next (#4200) (db8ffaa)

v25.0.4

25.0.4 (2026-06-09)

Bug Fixes

• code-quality: add missing comma in context object for consistency (493d6cd)

v25.0.3

25.0.3 (2026-01-30)

Bug Fixes

• deps: remove deprecated semver-diff (#3980) (f404124)

v25.0.2

25.0.2 (2025-11-07)

Bug Fixes

• deps: update dependency read-package-up to v12 (#3935) (1494cb9)

v25.0.1

25.0.1 (2025-10-19)

Bug Fixes

• deps: update to the latest version of the npm plugin to add trusted publishing support (fad173e), closes semantic-release/npm#958

v25.0.1-beta.3

25.0.1-beta.3 (2025-10-19)

Bug Fixes

• deps: update to latest npm plugin (a96aced)

... (truncated)

Commits

• db8ffaa fix(revert): next (#4200)
• 4e476de docs: update README to include information about the new core engine integration
• 493d6cd fix(code-quality): add missing comma in context object for consistency
• d05e160 refactor: replace direct logger and env-ci replacements with a mockCore funct...
• 4f464a7 test: add tests for core delegation and dry-run policy handling
• 3f5d1b7 refactor: integrate core; remove unused imports and restructuring the main ...
• 7d71f2e refactor: remove obsolete release type constants and notes separator
• 1ae1a19 refactor: remove obsolete test files for logger, git, sensitive data handling...
• bedddc4 refactor: remove obsolete Git-related utilities and logging functions
• 7172195 refactor(tests): remove obsolete tests for plugins and verification
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for semantic-release since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud