[Security]: @capacitor/cli depends on vulnerable version of node-tar

### Capacitor Version

8

### Platforms Affected

- [x] Android
- [x] iOS
- [x] Web

### Current Behavior

@capacitor/cli depends on vulnerable version of node-tar

node-tar <=7.5.2 is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization - https://github.com/advisories/GHSA-8qq5-rm4j-mr97.

Version that has fixed that vulnerability is 7.5.3.

I doubt this affects things really, but might cause concern among users upon seeing the security vulnerability, and the fix that is recommended by audit fix is ridiculous (downgrade to @capacitor/cli@2.5).

### Expected Behavior

No error during update or audit fix.

### Additional Information

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security]: @capacitor/cli depends on vulnerable version of node-tar #8308

Capacitor Version

Platforms Affected

Current Behavior

Expected Behavior

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security]: @capacitor/cli depends on vulnerable version of node-tar #8308

Description

Capacitor Version

Platforms Affected

Current Behavior

Expected Behavior

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions