chore(deps): bump tar and @angular/cli

[dependabot]

Bumps tar to 7.5.16 and updates ancestor dependency @angular/cli. These dependencies need to be updated together.

Updates tar from 6.2.1 to 7.5.16

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• cf21338 7.5.16
• 21a8220 do not apply PAX header fields to meta entries
• 52632cf update project deps
• 302f51f fix inconsequential typo in PENDINGLINKS symbol name
• 55dbb99 remove some uses of mutate-fs
• 87cc309 7.5.15
• 7aef486 fix: regression in pending links detection
• 6244eb3 7.5.14
• 9704d8c stricter protection against hardlinks preempting their targets
• 700734f update workflows and deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @angular/cli from 19.2.27 to 22.0.0

Release notes

Sourced from @​angular/cli's releases.

22.0.0

@​schematics/angular

Commit	Description
	add migrate-karma-to-vitest update migration
	add migration to add istanbul-lib-instrument
	conditionally install istanbul coverage provider for Vitest migration
	migrate fake async to Vitest fake timers
	migrate fakeAsync's flush behavior when used in beforeEach
	rely on strict template default in generated workspaces
	set up fake timers in beforeEach instead of beforeAll
	stabilize refactor-jasmine-vitest schematic
	update TSConfig globals during karma to vitest migration
	add istanbul-lib-instrument to application/library generator dependencies
	add trusted-proxy-headers migration
	default components to OnPush change detection
	defer karma config deletion in Karma to Vitest migration
	preserve Jasmine stub-by-default semantics for bare spies
	replace deprecated ChangeDetectionStrategy.Default with Eager
	support spy call arguments migration in refactor-jasmine-vitest
	use service decorator in ng generate

@​angular/cli

Commit	Description
	add support for Node.js 26.0.0
	reflect new minimum supported Node version in ng.js
	update odd-numbered Node.js version warning condition for future releases
	update zoneless migration tool to handle ChangeDetectionStrategy.Eager
	cache root manifest and resolve restricted package exports in ng add

Commit	Description
	update minimum supported Node.js versions
	remove @angular-devkit/architect-cli package
	remove experimental Jest and Web Test Runner builders

@​angular-devkit/build-angular

Commit	Description
	deprecate Webpack builders

@​angular-devkit/build-webpack

Commit	Description
	deprecate webpack and webpack-dev-server builders

@​angular/build

Commit	Description
	add isolate option to unit-test builder
	add process.env.PORT support to the dev server
	add quiet option to suppress build noise in unit tests
	enable chunk optimization by default with heuristics

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

22.0.0 (2026-06-03)

Breaking Changes

• Node.js v20 is no longer supported. The minimum supported Node.js versions are now v22.22.0 and v24.13.1.
• The @angular-devkit/architect-cli package is no longer available. The architect CLI tool has been moved to the @angular-devkit/architect package.
• The experimental @angular-devkit/build-angular:jest and @angular-devkit/build-angular:web-test-runner builders have been removed.

@​angular/build

• The @angular/build:dev-server (ng serve) now assigns the highest priority to the PORT environment variable. This value will override any port configurations specified in angular.json or via the --port command-line flag. This includes the default port 4200.
• istanbul-lib-instrument is now an optional peer dependency. Projects using karma with code coverage enabled will need to ensure that istanbul-lib-instrument is installed. Note: ng update will automatically add this dependency during the update process.

@​angular/ssr

• The server no longer falls back to Client-Side Rendering (CSR) when a request fails host validation. Requests with unrecognized 'Host' headers will now return a 400 Bad Request status code. Users must ensure all valid hosts are correctly configured in the 'allowedHosts' option.

Deprecations

@​angular-devkit/build-angular

• Webpack builders in build-angular are deprecated. Use @​angular/build builders instead.

@​angular-devkit/build-webpack

• Webpack builders in build-webpack are deprecated. Use @​angular/build builders instead.

@​angular/ssr

• CommonEngine APIs are deprecated in favor of AngularNodeAppEngine or AngularAppEngine.

@​ngtools/webpack

• @​ngtools/webpack loader and plugin are deprecated. Use @​angular/build instead.

@​angular/cli

Commit	Type	Description
58c0978f6	feat	add support for Node.js 26.0.0
a5c7c0b5f	fix	reflect new minimum supported Node version in ng.js
a5e1e48db	fix	update odd-numbered Node.js version warning condition for future releases
93c3eb8fb	fix	update zoneless migration tool to handle ChangeDetectionStrategy.Eager
a39a33128	perf	cache root manifest and resolve restricted package exports in ng add

@​schematics/angular

... (truncated)

Commits

• 9b15fa6 release: cut the v22.0.0 release
• 4d30ed2 build: update Angular framework and ng-packagr versions to 22.0.0
• 04b2353 release: cut the v22.0.0-rc.3 release
• dea19c8 build: update pnpm to v10.34.1
• d9d8cf3 refactor(@​schematics/angular): decompose transformSpies into modular helper f...
• 4fbc608 fix(@​schematics/angular): preserve Jasmine stub-by-default semantics for bare...
• 418abd8 fix(@​angular/build): prevent esbuild service child process leakage
• f05343a fix(@​angular/cli): expand package groups for newly added peer dependencies in...
• 8471ba6 fix(@​angular/ssr): support server-side rendering configuration options
• 7b15742 build: update github/codeql-action action to v4.36.0
• Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[emersion]

Seems unsafe to desync @angular/cli version from the rest of the Angular deps. Let's wait before we merge this.