chore(wren-ui): update tar-fs library to 2.1.4 [WREN-539]

[onlyjackfrost]

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to maintain system stability and performance.

[coderabbitai]

Walkthrough

The tar-fs dependency in wren-ui/package.json was updated from version 2.1.3 to 2.1.4. This is a patch-level version bump for a file system utility library.

Changes

Cohort / File(s)	Change Summary
Dependency update wren-ui/package.json	Bumped tar-fs from 2.1.3 to 2.1.4

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Canner/WrenAI#1798: Also modifies the resolved version of the tar-fs dependency in wren-ui/package.json

Suggested labels

module/ui

Suggested reviewers

• wwwy3y3
• andreashimin

Poem

🐰 A tiny hop, a version bump so small,
tar-fs 2.1.4 answers the call,
From 2.1.3 we gently ascend,
A patch-level fix, a dependency friend! 📦✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "chore(wren-ui): update tar-fs library to 2.1.4 [WREN-539]" directly and accurately describes the main change in the changeset: updating the tar-fs dependency from 2.1.3 to 2.1.4 in wren-ui/package.json. The title is concise, clear, and uses the conventional commit format with appropriate scope notation. It provides specific information about what was changed (the library name and target version) without unnecessary noise, allowing a teammate to quickly understand the primary change when scanning the repository history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/depend-bot-110

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 43166d9 and 6731f7e.

⛔ Files ignored due to path filters (1)

• wren-ui/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• wren-ui/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (go)

🔇 Additional comments (1)

wren-ui/package.json (1)

100-100: tar-fs 2.1.4 is a justified security patch—no concerns.

tar-fs v2.1.4 fixes a high-severity symlink validation bypass vulnerability (CVE-2025-59343, CVSS 8.7) that existed in 2.1.3. The update is appropriate and introduces no regressions.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[fredalai]

LGTM