build(deps): bump tar, @hey-api/openapi-ts and npm-check-updates in /frontend

[dependabot]

Removes tar. It's no longer used after updating ancestor dependencies tar, @hey-api/openapi-ts and npm-check-updates. These dependencies need to be updated together.

Removes tar

Updates @hey-api/openapi-ts from 0.55.2 to 0.98.2

Release notes

Sourced from @​hey-api/openapi-ts's releases.

@​hey-api/openapi-ts@​0.95.0

Minor Changes

• plugin(valibot): remove request data schema (#3671) (96f60ad) by @​mrlubos

Validator request schemas

Valibot plugin no longer exports composite request Data schemas. Instead, each layer is exported as a separate schema. If you're using validators with SDKs, you can preserve the composite schema with shouldExtract:

export default {
  input: "hey-api/backend", // sign up at app.heyapi.dev
  output: "src/client",
  plugins: [
    // ...other plugins
    {
      name: "sdk",
      validator: "valibot",
    },
    {
      name: "valibot",
      requests: {
        shouldExtract: true,
      },
    },
  ],
};

• internal: remove plugin.getSymbol() function (#3671) (96f60ad) by @​mrlubos

Removed plugin.getSymbol() function

This function has been removed. You can use plugin.querySymbol() instead. It accepts the same arguments and returns the same result.

• plugin(zod): remove request data schema (#3671) (96f60ad) by @​mrlubos

Validator request schemas

Zod plugin no longer exports composite request Data schemas. Instead, each layer is exported as a separate schema. If you're using validators with SDKs, you can preserve the composite schema with shouldExtract:

export default {
  input: "hey-api/backend", // sign up at app.heyapi.dev
  output: "src/client",
  plugins: [
    // ...other plugins
    {
      name: "sdk",
      validator: "zod",
</tr></table> 

... (truncated)

Changelog

Sourced from @​hey-api/openapi-ts's changelog.

@​hey-api/openapi-ts 0.98.2

Plugins

@​hey-api/client-angular

• reassign the result of HttpHeaders.delete() back to opts.headers (#3988)
• export augmentable ClientMeta interface (#3996)

@​hey-api/client-axios

• export augmentable ClientMeta interface (#3996)

@​hey-api/client-fetch

• export augmentable ClientMeta interface (#3996)

@​hey-api/client-ky

• export augmentable ClientMeta interface (#3996)

@​hey-api/client-next

• export augmentable ClientMeta interface (#3996)

@​hey-api/client-nuxt

• export augmentable ClientMeta interface (#3996)

@​hey-api/client-ofetch

• export augmentable ClientMeta interface (#3996)

@​hey-api/sdk

• don't expose SSE errors as iterator return types (#3989)
• support type-safe meta option via augmentable ClientMeta interface (#3996)

---

@​hey-api/codegen-core 0.9.0

Updates

• symbol: add event listeners (#3998)
• types: rename ProjectRenderMeta to ProjectMeta and key it by language (#3984)
• utils: expose Version class (#3991)

---

... (truncated)

Commits

• 873d05f Merge pull request #3985 from hey-api/changeset-release/main
• c7c82b4 ci: release
• 30a6bca Merge pull request #4021 from hey-api/renovate/semver-7.x
• 07150d5 Merge pull request #4022 from hey-api/chore/yaml-deps
• ce508be chore: clean up yaml dependencies
• 0ca7962 Merge pull request #4020 from hey-api/renovate/js-yaml-4.x
• da019f0 fix(deps): update dependency semver to v7.8.2
• 6e268eb fix(deps): update dependency js-yaml to v4.2.0
• 402f5ea Merge pull request #3988 from joshkaplinsky/fix/angular-http-headers-immutable
• 92358e7 Update orange-symbols-reply.md
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​hey-api/openapi-ts since your current version.

Updates npm-check-updates from 16.14.20 to 22.2.3

Release notes

Sourced from npm-check-updates's releases.

v22.2.3

What's Changed

• build(deps-dev): bump semver from 7.8.0 to 7.8.1 by @​dependabot[bot] in raineorshine/npm-check-updates#1760
• build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1781
• build(deps-dev): bump unplugin-dts from 1.0.1 to 1.0.2 by @​dependabot[bot] in raineorshine/npm-check-updates#1780
• build(deps-dev): bump eslint-import-resolver-typescript by @​dependabot[bot] in raineorshine/npm-check-updates#1779
• build(deps-dev): bump tsx from 4.22.3 to 4.22.4 by @​dependabot[bot] in raineorshine/npm-check-updates#1778
• fix: handle registries missing 'time' metadata during version resolution by @​onemen in raineorshine/npm-check-updates#1763
• Fall back to pnpm global config for minimumReleaseAge cooldown by @​Copilot in raineorshine/npm-check-updates#1777

Full Changelog: raineorshine/npm-check-updates@v22.2.2...v22.2.3

v22.2.2

What's Changed

• test: use node util to strip ansi in deep test by @​terminalchai in raineorshine/npm-check-updates#1769
• build(deps-dev): bump vite from 8.0.13 to 8.0.16 by @​dependabot[bot] in raineorshine/npm-check-updates#1774
• Switch from vite-plugin-dts to unplugin-dts by @​Copilot in raineorshine/npm-check-updates#1749
• test: remove unused temp directory creation by @​terminalchai in raineorshine/npm-check-updates#1770
• test: cover Windows spawn command fallback by @​terminalchai in raineorshine/npm-check-updates#1771
• build(deps-dev): bump sinon from 21.1.2 to 22.0.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1751
• fix: parse Yarn duration string format for npmMinimalAgeGate by @​Copilot in raineorshine/npm-check-updates#1768
• build(deps-dev): bump @​types/bun from 1.3.13 to 1.3.14 by @​dependabot[bot] in raineorshine/npm-check-updates#1754
• build(deps-dev): bump @​typescript-eslint/parser from 8.59.4 to 8.60.1 by @​dependabot[bot] in raineorshine/npm-check-updates#1773
• build(deps-dev): bump mocha from 11.7.5 to 11.7.6 by @​dependabot[bot] in raineorshine/npm-check-updates#1753
• build(deps-dev): bump verdaccio from 6.6.0 to 6.7.2 by @​dependabot[bot] in raineorshine/npm-check-updates#1759

Full Changelog: raineorshine/npm-check-updates@v22.2.1...v22.2.2

v22.2.1

What's Changed

• build(deps-dev): bump @​typescript-eslint/eslint-plugin by @​dependabot[bot] in raineorshine/npm-check-updates#1727
• build(deps-dev): bump verdaccio from 6.5.2 to 6.6.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1728
• build(deps-dev): bump yaml from 2.8.4 to 2.9.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1729
• fix: normalize blank-line spacing between packages in --deep mode by @​terminalchai in raineorshine/npm-check-updates#1738
• Fix TypeError when running ncu from a subdirectory without a package.json by @​Copilot in raineorshine/npm-check-updates#1737
• build(deps-dev): bump semver from 7.7.4 to 7.8.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1731
• build(deps-dev): bump ini from 6.0.0 to 7.0.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1726
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.59.3 to 8.59.4 by @​dependabot[bot] in raineorshine/npm-check-updates#1739
• build(deps-dev): bump vite from 8.0.9 to 8.0.13 by @​dependabot[bot] in raineorshine/npm-check-updates#1740
• build(deps-dev): bump tsx from 4.21.0 to 4.22.3 by @​dependabot[bot] in raineorshine/npm-check-updates#1741
• build(deps-dev): bump @​typescript-eslint/parser from 8.59.3 to 8.59.4 by @​dependabot[bot] in raineorshine/npm-check-updates#1743
• build(deps-dev): bump @​types/node from 25.6.0 to 25.9.1 by @​dependabot[bot] in raineorshine/npm-check-updates#1744
• build(deps-dev): bump vite-plugin-dts from 4.5.4 to 5.0.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1713
• build(deps-dev): bump @​eslint/compat from 2.0.5 to 2.1.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1732

Full Changelog: raineorshine/npm-check-updates@v22.2.0...v22.2.1

... (truncated)

Commits

• 5814d25 22.2.3
• 9f71155 docs(cooldown): document package manager cooldown configs
• f076b61 Fall back to pnpm global config for minimumReleaseAge cooldown (#1777)
• a0c4e64 fix: handle registries missing 'time' metadata during version resolution (#1763)
• 4a83d68 build(deps-dev): bump tsx from 4.22.3 to 4.22.4 (#1778)
• b745800 build(deps-dev): bump eslint-import-resolver-typescript (#1779)
• e1f401a build(deps-dev): bump unplugin-dts from 1.0.1 to 1.0.2 (#1780)
• 298c6f9 build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 (#1781)
• 51c1870 build(deps-dev): bump semver from 7.8.0 to 7.8.1 (#1760)
• 290d62b 22.2.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

⚠️ NPM Dependency Update - Manual Review Required

This Dependabot PR updates npm dependencies. Due to recent npm supply chain attacks, this PR requires manual security review before merging.

Security Checklist:

• Review the changed packages for known vulnerabilities
• Check for suspicious postinstall scripts
• Verify package authenticity and maintainer reputation
• Run ./utils/scan-npm-compromise.sh locally
• Review npm audit output

Do not enable auto-merge for this PR.