diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 37bf6ab6..e95ae8c6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -77,9 +77,9 @@ jobs:
             const comments = await github.paginate(github.rest.issues.listComments, issue)
             let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id
 
-            body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n`
+            body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n`
             body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. `
-            body += `To force CI to rerun, run this command:\n\n`
+            body += `To force CI to update this PR, run this command:\n\n`
             body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\``
 
             if (commentId) {
@@ -174,7 +174,7 @@ jobs:
           RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          npm exec --offline -- template-oss-release-manager
+          npm exec --offline -- template-oss-release-manager --lockfile=false
           npm run rp-pull-request --ignore-scripts --if-present
       - name: Commit
         id: commit
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 1997844d..a0488a9b 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "6.1.12"
+  ".": "6.1.13"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7456e423..9ee82011 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## [6.1.13](https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13) (2022-12-07)
+
+### Dependencies
+
+* [`cc4e0dd`](https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486) [#343](https://github.com/npm/node-tar/pull/343) bump minipass from 3.3.6 to 4.0.0
+
 ## [6.1.12](https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12) (2022-10-31)
 
 ### Bug Fixes
diff --git a/SECURITY.md b/SECURITY.md
index a93106d0..4e7c26c6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,14 @@
 <!-- This file is automatically added by @npmcli/template-oss. Do not edit. -->
 
-Please send vulnerability reports through [hackerone](https://hackerone.com/github).
+GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
+
+If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. 
+
+If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
+
+If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Thanks for helping make GitHub safe for everyone.
+
diff --git a/package.json b/package.json
index 3a02105c..e6d6b933 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "GitHub Inc.",
   "name": "tar",
   "description": "tar for node",
-  "version": "6.1.12",
+  "version": "6.1.13",
   "repository": {
     "type": "git",
     "url": "https://github.com/npm/node-tar.git"
@@ -20,17 +20,17 @@
   "dependencies": {
     "chownr": "^2.0.0",
     "fs-minipass": "^2.0.0",
-    "minipass": "^3.0.0",
+    "minipass": "^4.0.0",
     "minizlib": "^2.1.1",
     "mkdirp": "^1.0.3",
     "yallist": "^4.0.0"
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.8.0",
+    "@npmcli/template-oss": "4.10.0",
     "chmodr": "^1.2.0",
     "end-of-stream": "^1.4.3",
-    "events-to-array": "^1.1.2",
+    "events-to-array": "^2.0.3",
     "mutate-fs": "^2.1.1",
     "nock": "^13.2.9",
     "rimraf": "^3.0.2",
@@ -55,7 +55,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.8.0",
+    "version": "4.10.0",
     "content": "scripts/template-oss",
     "engines": ">=10",
     "distPaths": [