Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update tar dependency #446

Merged
merged 1 commit into from
May 4, 2022
Merged

Update tar dependency #446

merged 1 commit into from
May 4, 2022

Conversation

michaldudak
Copy link
Contributor

Updated the old tar dependency to the latest version and used its new API.

The @types/tar package seems to be incorrect (it shows the old API), so I decided to remove it completely. As the tar package is used in just one place, I think it's not a big deal to use the untyped library.

I haven't been able to definitely verify if setting directory permissions still works. 7Zip on Windows shows full permissions on the packed directory, but I haven't checked it on Linux yet.

Closes #347

@ghost
Copy link

ghost commented May 3, 2022

CLA assistant check
All CLA requirements met.

Copy link
Member

@sandersn sandersn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good although I have a question about yarn.lock

@sheetalkamat is on DT this week, so I want to let her know before merging this, just in case it causes problems.

@@ -8049,7 +8018,7 @@ tar@^4.4.12:
safe-buffer "^5.1.2"
yallist "^3.0.3"

tar@^6.0.2, tar@^6.1.0:
tar@^6.0.2, tar@^6.1.0, tar@^6.1.11:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are the old versions of tar still in yarn.lock?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are transitive dependencies (@lerna/pack-directory depends on ^6.1.0, node-gyp on ^6.0.2, etc.)

@sandersn
Copy link
Member

sandersn commented May 4, 2022

Actually, tar failures won't make dts-critic fail CI, and it'll show up in the overnight build. I'll be notified tomorrow if there are problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security vulnerability in @definitelytyped/utils dependency tar
2 participants