Skip to content

fix(security): tar vulnerability #4085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2021
Merged

fix(security): tar vulnerability #4085

merged 1 commit into from
Sep 3, 2021

Conversation

jsjoeio
Copy link
Contributor

@jsjoeio jsjoeio commented Sep 1, 2021

This PR is based off of #4071 and fixes a tar vulnerability.

@jsjoeio jsjoeio requested a review from a team as a code owner September 1, 2021 21:01
@jsjoeio jsjoeio self-assigned this Sep 1, 2021
@jsjoeio jsjoeio added dependencies Pull requests that update a dependency file security Security related labels Sep 1, 2021
@jsjoeio jsjoeio added this to the 3.12.0 milestone Sep 1, 2021
@jsjoeio jsjoeio mentioned this pull request Sep 1, 2021
Merged
@codecov
Copy link

codecov bot commented Sep 1, 2021
edited
Loading

Codecov Report

Merging #4085 (b4dff04) into jsjoeio-fix-revert-docs (5c47c3e) will not change coverage.
The diff coverage is n/a.

❗ Current head b4dff04 differs from pull request most recent head a24e8f5. Consider uploading reports for the commit a24e8f5 to get more accurate results
Impacted file tree graph

@@                   Coverage Diff                    @@
##           jsjoeio-fix-revert-docs    #4085   +/-   ##
========================================================
  Coverage                    64.12%   64.12%           
========================================================
  Files                           36       36           
  Lines                         1873     1873           
  Branches                       379      379           
========================================================
  Hits                          1201     1201           
  Misses                         571      571           
  Partials                       101      101

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c47c3e...a24e8f5. Read the comment docs.

@github-actions
Copy link

github-actions bot commented Sep 1, 2021

✨ Coder.com for PR #4085 deployed! It will be updated on every commit.

@GirlBossRush
Copy link
Contributor

GirlBossRush commented Sep 3, 2021
edited
Loading

@jsjoeio I believe this may be outdated as we no longer need tar for extensions in an upcoming fork clean up PR

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Sep 3, 2021

@jsjoeio I believe this may be outdated as we no longer need tar for extensions in an upcoming fork clean up PR

Sweet! I wonder when that will land though? If we have PRs coming in before that, should we fix this sooner?

(though looks like something is still failing)

@jsjoeio jsjoeio changed the base branch from main to jsjoeio-fix-revert-docs September 3, 2021 20:58
@jsjoeio jsjoeio force-pushed the jsjoeio-fix-tar-vul branch from b4dff04 to a24e8f5 Compare September 3, 2021 21:03
@jsjoeio jsjoeio merged commit aed32c2 into jsjoeio-fix-revert-docs Sep 3, 2021
@jsjoeio jsjoeio deleted the jsjoeio-fix-tar-vul branch September 3, 2021 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@jawnsy jawnsy jawnsy approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@jsjoeio jsjoeio

Labels
dependencies Pull requests that update a dependency file security Security related
Projects
None yet
Milestone
3.12.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jsjoeio @GirlBossRush @jawnsy