Skip to content

Commit 45e1223

Browse files
author
Alexandre Machado
committed
fix: upgrade tar to ^7.5.7 to patch path traversal vulnerability
Security fix for CVE in node-tar package that allows arbitrary file creation outside extraction directory via hardlink path traversal. See: https://github.com/advisories/GHSA-9r2w-394v-53g6
1 parent 174b73c commit 45e1223

File tree

2 files changed

+42
-94
lines changed

2 files changed

+42
-94
lines changed

package-lock.json

Lines changed: 39 additions & 94 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,5 +32,8 @@
3232
},
3333
"engines": {
3434
"node": ">=18.0.0"
35+
},
36+
"overrides": {
37+
"tar": "^7.5.7"
3538
}
3639
}

0 commit comments

Comments
 (0)