Merge pull request #112 from voc0der/fix/dependabot-tar-hardlink-path-traversal

fix(deps): bump tar to 7.5.10 to resolve advisory
2 months ago · 4b3d738e34
parent 0c036b6115 10a851d00e
commit 4b3d738e34
2 changed files with 4 additions and 3 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -15374,9 +15374,9 @@
      }
    },
    "node_modules/tar": {
-      "version": "7.5.9",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.9.tgz",
-      "integrity": "sha512-BTLcK0xsDh2+PUe9F6c2TlRp4zOOBMTkoQHQIWSIzI0R7KG46uEwq4OPk2W7bZcprBMsuaeFsqwYr7pjh6CuHg==",
+      "version": "7.5.10",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.10.tgz",
+      "integrity": "sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw==",
      "dev": true,
      "license": "BlueOak-1.0.0",
      "dependencies": {
--- a/package.json
+++ b/package.json
@ -87,6 +87,7 @@
    },
    "immutable": "5.1.5",
    "serialize-javascript": "7.0.3",
+    "tar": "7.5.10",
    "tmp": "0.2.5"
  }
 }