Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove archive-tar-minitar as a dependency #1355

Merged
merged 1 commit into from Jun 20, 2017

Conversation

@dmmartins
Copy link
Contributor

dmmartins commented Jun 20, 2017

archive-tar-minitar is not used on fpm and version 0.5.2, pinned on current version of fpm, has vulnerabilities.

@jordansissel

This comment has been minimized.

Copy link
Owner

jordansissel commented Jun 20, 2017

Fair point. I grepped around and it seems we use the rubygems (Gem::...) tar writer for tar stuff in some places, and in other places we shell out to call tar directly.

LGTM

@jordansissel jordansissel merged commit 488863b into jordansissel:master Jun 20, 2017
1 check was pending
1 check was pending
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
@dmmartins dmmartins deleted the dmmartins:remove-minitar branch Jun 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.