Skip to content

fix(deps): ran npm install to cleanup package-lock.json and remove unused tar-fs dependency #156323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 18 commits into from
Closed

fix(deps): ran npm install to cleanup package-lock.json and remove unused tar-fs dependency #156323

wants to merge 18 commits into from

Conversation

jasonMcCullough
Copy link

No description provided.

David Petran and others added 18 commits June 10, 2022 13:41
untidy replay of bugsnag changes on upto date fork
082a620
fix file paths
98a7004
fix file paths take2
c8d3a27
revert change to inlined code block as not needed
1e7857d
demangling is not required, hardcode default to false for BugsnagSymb…
4a61207 
…olize
PR Comments
ce03e0f
@DavidPetran
Merge pull request #1 from bugsnag/djp/replay_bugsnag_changes_on_upto…
216e4de 
…_date_version

Replay bugsnag changes on up-to date llvm version
sync upstream git@github.com:llvm/llvm-project.git
45d17e2
correction for undefined I in toJson
b18e54e
correction for new code
c20704f
convert more new code
ab9194b
function kind indicates that function name translates to linkage func…
64cb63f 
…tion name in this block
fix null ptr, fix warning on virtual method
772a026
fix a bug when getting first char of compilation directory when empty
cff93dc
@DavidPetran
Merge pull request #4 from bugsnag/djp/ready_for_kepler
d7775b7 
Prepare for kepler
remove comp directory from filename of inlined frames
ccfabfa
@DavidPetran
Merge pull request #5 from bugsnag/djp/fix_for_inlining_filenames
fc0d1fb 
patch that removes compilation dir from filename on inlined frames
@jasonMcCullough
fix(deps): ran npm install to cleanup package-lock.json and remove un…
fd9ba25 
…used tar-fs dependency
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 1, 2025

Thank you for submitting a Pull Request (PR) to the LLVM Project!

This PR will be automatically labeled and the relevant teams will be notified.

If you wish to, you can add reviewers by using the "Reviewers" section on this page.

If this is not working for you, it is probably because you do not have write permissions for the repository. In which case you can instead tag reviewers by name in a comment by using @ followed by their GitHub username.

If you have received no comments on your PR for a week, you can request a review by "ping"ing the PR by adding a comment “Ping”. The common courtesy "ping" rate is once a week. Please remember that you are asking for valuable time from other developers.

If you have further questions, they may be answered by the LLVM GitHub User Guide.

You can also ask questions in a comment on this PR, on the LLVM Discord or on the forums.

@jasonMcCullough jasonMcCullough changed the title Pipe 8792 security issue tar fs vulnerable to link following and path traversal via extracting a crafted tar file fix(deps): ran npm install to cleanup package-lock.json and remove unused tar-fs dependency Sep 1, 2025
@jasonMcCullough
Copy link
Author

raised in error

@jasonMcCullough jasonMcCullough deleted the PIPE-8792-security-issue-tar-fs-vulnerable-to-link-following-and-path-traversal-via-extracting-a-crafted-tar-file branch September 1, 2025 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaupov aaupov Awaiting requested review from aaupov aaupov is a code owner

@maksfb maksfb Awaiting requested review from maksfb maksfb is a code owner

@rafaelauler rafaelauler Awaiting requested review from rafaelauler rafaelauler is a code owner

@ayermolo ayermolo Awaiting requested review from ayermolo ayermolo is a code owner

@yota9 yota9 Awaiting requested review from yota9 yota9 is a code owner

@paschalis-mpeis paschalis-mpeis Awaiting requested review from paschalis-mpeis paschalis-mpeis is a code owner

@yozhu yozhu Awaiting requested review from yozhu yozhu is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasonMcCullough @DavidPetran