fun icon indicating copy to clipboard operation
fun copied to clipboard
verified publisher icon vercel

Update `tar` for security

Open G-Rath opened this issue 1 year ago • 4 comments

The current version of tar being depended on (4.4.18) is vulnerable to GHSA-f5x3-32g6-xq36 - while it's unlikely to be exploitable in this context, it still would be good to resolve since it creates noise in security scanners.

tar 5 and 6 dropped support for Node 4, 6, and 8 but this package already only supports Node 10+ so that shouldn't be a problem.

https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md

G-Rath avatar Apr 14 '24 18:04 G-Rath

Related to https://github.com/vercel/vercel/issues/11543

G-Rath avatar May 04 '24 21:05 G-Rath

I was also chasing this down and landed on this issue. It would be great to get this updated ASAP.

mrmckeb avatar Oct 10 '24 01:10 mrmckeb

bump @sionicion @cb1kenobi @dfrankland @trek @styfle @stkevintan @AndyBitz @TooTallNate

jeffsays avatar Oct 21 '24 15:10 jeffsays

bump!

slimshreydy avatar Jan 29 '25 23:01 slimshreydy