Skip to content

Bump tar and dapr-client in /custom-component-dapr #583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump tar and dapr-client in /custom-component-dapr #583

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 17, 2026

Removes tar. It's no longer used after updating ancestor dependency dapr-client. These dependencies need to be updated together.

Removes tar

Updates dapr-client from 1.0.2 to 3.6.1

Release notes

Sourced from dapr-client's releases.

v3.6.0

What's Changed

Full Changelog: dapr/js-sdk@v3.5.2...v3.6.0

Huge thank you to everyone that participated in this release!

v3.5.2

What's Changed

Full Changelog: dapr/js-sdk@v3.5.1...v3.5.2

v3.5.1

Incremented version in package.json so it can publish to NPM.

Full Changelog: dapr/js-sdk@v3.5.0...v3.5.1

v3.5.0

What's Changed

New Contributors

Full Changelog: dapr/js-sdk@v3.4.1...v3.5.0

v3.5.0-rc.2

What's Changed

... (truncated)

Changelog

Sourced from dapr-client's changelog.

Changelog

3.x release

v3.0.0

Breaking Changes

General: Fix serialization of data in HTTP

There is a new serializer in place to automatically detect the Content-Type for the data when using the HTTP Protocol and serialize accordingly. Objects will be send as application/json, Cloud-Events as applications/cloudevents+json, Strings as text/plain, and others as application/octet-stream.

An example of this change can be seen when performing client.invoke with "hello world" as data. The new serializer will correctly return the string type, as opposed to the previous behavior of calling JSON.serialize and returning '"hello world"'.

PubSub: Changes to the subscribe callback for HTTP

The HTTP subscribe callback now returns data after parsing it correctly. Data is either extracted from the body's data field, or the data_base64 field. data_base64 is always expected to be a base64 encoded string, and will be decoded and parsed as JSON if possible. If it is not JSON, it will be returned as a string. If data is not found in either field, the entire body will be returned as-is.

2.x release

v2.0.1

Actors

To make development easier, Actors can now be called in 2 ways:

  1. By creating an actor through a helper method in the DaprClient class, removing the need of needing to know how a builder works.
const actor = await client.actor.create<DemoActorSayImpl>(DemoActorSayImpl);
const res = await actor.sayMulti(123, "123", { hello: "world 123" }, [1, 2, 3]);
  1. By utilizing the Actor builder, where we create a Proxy object that does this for us.
const builder = new ActorProxyBuilder<DemoActorSayImpl>(DemoActorSayImpl, client);
const actor = builder.build(ActorId.createRandomId());
const res = await actor.sayMulti(123, "123", { hello: "world 123" }, [1, 2, 3]);

Behind the hoods, method #1 will utilize method #2

v2.0.0

Version 2.0.0 brings a lot of changes to the Dapr JS SDK that were long due. Below an overview of the major contributions can be found, with a more detailed overview of the Breaking Changes under it.

  • Actor Support has been added
  • Actor Proxy has been added for Actor Access
  • The HTTP Connection is now being reused to reduce the CONNRESET errors when intensively using the JS SDK

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump tar and dapr-client in /custom-component-dapr
a409aff 
Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependency [dapr-client](https://github.com/dapr/js-sdk/tree/HEAD). These dependencies need to be updated together.


Removes `tar`

Updates `dapr-client` from 1.0.2 to 3.6.1
- [Release notes](https://github.com/dapr/js-sdk/releases)
- [Changelog](https://github.com/dapr/js-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dapr/js-sdk/commits/v3.6.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 
  dependency-type: indirect
- dependency-name: dapr-client
  dependency-version: 3.6.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abbi-gaurav abbi-gaurav Awaiting requested review from abbi-gaurav abbi-gaurav is a code owner

@mmitoraj mmitoraj Awaiting requested review from mmitoraj mmitoraj is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant