From 809db27298d8b6f556c5d819b9d1e8b940d73bb0 Mon Sep 17 00:00:00 2001 From: jdalton Date: Wed, 18 Feb 2026 13:31:00 -0500 Subject: [PATCH 1/2] Initial commit --- packages/build-infra/test/validate-checkpoints.mts | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/build-infra/test/validate-checkpoints.mts b/packages/build-infra/test/validate-checkpoints.mts index 26f7c366..3d884335 100644 --- a/packages/build-infra/test/validate-checkpoints.mts +++ b/packages/build-infra/test/validate-checkpoints.mts @@ -48,7 +48,7 @@ function isCheckpointFile(filename: string): boolean { } /** - * Validates a single tar archive using tar -tzf command. + * Validates a single tar archive using tar command. * Checks both integrity (readable) and that it contains files. */ function validateTarArchive(tarPath: string): boolean { @@ -56,8 +56,12 @@ function validateTarArchive(tarPath: string): boolean { // Check if file exists and is readable. accessSync(tarPath, constants.R_OK) - // Use tar -tzf to list contents (validates archive integrity). - const result = spawnSync('tar', ['-tzf', tarPath], { + // Use tar -tf for .tar files, tar -tzf for compressed files. + // The -z flag is for gzip compression (.tar.gz, .tgz). + const isCompressed = tarPath.endsWith('.tar.gz') || tarPath.endsWith('.tgz') + const flags = isCompressed ? '-tzf' : '-tf' + + const result = spawnSync('tar', [flags, tarPath], { encoding: 'utf8', stdio: ['ignore', 'pipe', 'pipe'], }) From fd6bd22e8cd9522e539561b5df2d713adc3f7f2c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Feb 2026 17:05:03 +0000 Subject: [PATCH 2/2] Bump tar from 7.4.3 to 7.5.8 Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.8. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.8) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.8 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- pnpm-lock.yaml | 31 +++++++++++-------------------- pnpm-workspace.yaml | 2 +- 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 32b78512..8f1c3203 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -34,8 +34,8 @@ catalogs: specifier: 5.0.5 version: 5.0.5 tar: - specifier: 7.4.3 - version: 7.4.3 + specifier: 7.5.8 + version: 7.5.8 vitest: specifier: 4.0.3 version: 4.0.3 @@ -133,7 +133,7 @@ importers: version: link:../build-infra tar: specifier: 'catalog:' - version: 7.4.3 + version: 7.5.8 vitest: specifier: 'catalog:' version: 4.0.3(jiti@2.6.1)(yaml@2.8.2) @@ -175,7 +175,7 @@ importers: version: link:../build-infra tar: specifier: 'catalog:' - version: 7.4.3 + version: 7.5.8 vitest: specifier: 'catalog:' version: 4.0.3(jiti@2.6.1)(yaml@2.8.2) @@ -1909,11 +1909,6 @@ packages: mkdirp-classic@0.5.3: resolution: {integrity: sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==} - mkdirp@3.0.1: - resolution: {integrity: sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==} - engines: {node: '>=10'} - hasBin: true - ms@2.1.3: resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==} @@ -2239,15 +2234,14 @@ packages: resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==} engines: {node: '>=6'} - tar@7.4.3: - resolution: {integrity: sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==} - engines: {node: '>=18'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me - tar@7.5.2: resolution: {integrity: sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==} engines: {node: '>=18'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + + tar@7.5.8: + resolution: {integrity: sha512-SYkBtK99u0yXa+IWL0JRzzcl7RxNpvX/U08Z+8DKnysfno7M+uExnTZH8K+VGgShf2qFPKtbNr9QBl8n7WBP6Q==} + engines: {node: '>=18'} taze@19.9.2: resolution: {integrity: sha512-If8bq7lSckIMPfXV+C9jjEfdsQnRryh/foKfpX/ah6zI0TrQfUGWSGCaaD32Bqy5/KGRmLZie3EwMSr3Au21XQ==} @@ -3908,8 +3902,6 @@ snapshots: mkdirp-classic@0.5.3: {} - mkdirp@3.0.1: {} - ms@2.1.3: {} nanoid@3.3.11: {} @@ -4260,16 +4252,15 @@ snapshots: inherits: 2.0.4 readable-stream: 3.6.2 - tar@7.4.3: + tar@7.5.2: dependencies: '@isaacs/fs-minipass': 4.0.1 chownr: 3.0.0 minipass: 7.1.2 minizlib: 3.1.0 - mkdirp: 3.0.1 yallist: 5.0.0 - tar@7.5.2: + tar@7.5.8: dependencies: '@isaacs/fs-minipass': 4.0.1 chownr: 3.0.0 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 51049b23..9b208002 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -17,6 +17,6 @@ catalog: magic-string: 0.30.19 octokit: 5.0.5 postject: 1.0.0-alpha.6 - tar: 7.4.3 + tar: 7.5.8 vitest: 4.0.3 yoctocolors-cjs: 2.1.3