Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update TAR dependency to 6.2.1 for Security Vulnerability #348

Closed
1 task done
ChewuuHi opened this issue Apr 1, 2024 · 1 comment
Closed
1 task done

Update TAR dependency to 6.2.1 for Security Vulnerability #348

ChewuuHi opened this issue Apr 1, 2024 · 1 comment
Labels
Bug thing that needs fixing Needs Triage needs an initial review

Comments

@ChewuuHi
Copy link

ChewuuHi commented Apr 1, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

The package 'tar' has a security vunerability, seehttps://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 or npm audit .pls kindly upgrade TAR dependency to secure version in pacote 15.2.X version.

Expected Behavior

tar dependency should be upgraded to 6.2.1 in pacote 15.2.X version.

Steps To Reproduce

No response

Environment

No response
@ChewuuHi ChewuuHi added Bug thing that needs fixing Needs Triage needs an initial review labels Apr 1, 2024
@ChewuuHi ChewuuHi changed the title [BUG] <title> Update TAR dependency to 6.2.1 for Security Vulnerability Apr 1, 2024
@wraithgar
Copy link
Member 

$ npm view pacote dependencies.tar
^6.1.11

Folks installing the current version of pacote will be able to update to a secure version of tar without any changes to pacote itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs an initial review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wraithgar @ChewuuHi