Skip to content

Commit 051823c

Browse files
scalvertclaude
andcommitted
fix(security): Override tar to ^7.5.6 to fix high vulnerabilities
Add npm override for tar package to address: - GHSA-8qq5-rm4j-mr97: Arbitrary File Overwrite and Symlink Poisoning - GHSA-r6q2-hw4h-h46w: Race Condition via Unicode Ligature Collisions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 3d1e56e commit 051823c

2 files changed

Lines changed: 49 additions & 25 deletions

File tree

package-lock.json

Lines changed: 46 additions & 25 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,9 @@
124124
"engines": {
125125
"node": ">=20.0.0"
126126
},
127+
"overrides": {
128+
"tar": "^7.5.6"
129+
},
127130
"publishConfig": {
128131
"registry": "https://registry.npmjs.org"
129132
},

0 commit comments

Comments
 (0)