download icon indicating copy to clipboard operation
download copied to clipboard

Published 20 hours ago verified publisher icon kevva

Open vunerability with the decompress package and decompress-tar

Open nicholasgriffintn opened this issue 3 years ago • 0 comments

Hey,

I've received notification from Synk about an open vulnerability with the decompress-tar package that the decompress package uses and in turn download:

https://app.snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095

This has been raised here:

https://github.com/kevva/decompress-tar/issues/17

I thought I would also raise it within this package for tracking purposes as we rely on this package which in turn uses the packages with the vunerability.

nicholasgriffintn avatar Jul 09 '21 13:07 nicholasgriffintn