New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade tar from 6.1.0 to 6.1.11 #3

Open

snyk-bot wants to merge 1 commit into latest from snyk-upgrade-39721eea368720d40aa9f474673720f9

snyk-bot commented Jul 22, 2022

Snyk has created this PR to upgrade tar from 6.1.0 to 6.1.11.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 11 versions ahead of your current version.
The recommended version was released a year ago, on 2021-08-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Write SNYK-JS-TAR-1579155	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: tar

6.1.11 - 2021-08-26
6.1.11
6.1.10 - 2021-08-19
6.1.10
6.1.9 - 2021-08-19
6.1.9
6.1.8 - 2021-08-11
6.1.8
6.1.7 - 2021-08-09
6.1.6 - 2021-08-04
6.1.5 - 2021-08-04
6.1.4 - 2021-08-03
6.1.3 - 2021-08-02
6.1.2 - 2021-07-26
6.1.1 - 2021-07-23
6.1.0 - 2021-01-07

from tar GitHub release notes

Commit messages

Package name: tar

e573aee 6.1.11
edb8e9a fix: perf regression on hot string munging path
a9d9b05 chore(test): Avoid spurious failures packing node_modules/.cache
24b8bda fix(test): use posix path for testing path reservations
e5a223c fix(test): make unpack test pass on case-sensitive fs
188badd 6.1.10
23312ce drop dirCache for symlink on all platforms
4f1f4a2 6.1.9
875a37e fix: prevent path escape using drive-relative paths
b6162c7 fix: reserve paths properly for unicode, windows
3aaf19b fix: prune dirCache properly for unicode, windows
6a9c51d 6.1.8
dfc5923 fix: skip extract if linkpath is stripped entirely
575a511 fix: reserve paths case-insensitively
d61628c 6.1.7
9e018cf tests: run (and pass) on windows
c2a0948 fix: refactoring to pass tests on Windows
d0ce670 update deps
5360266 fix: normalize paths on Windows systems
9bc1729 6.1.6
bdf4f51 fix: properly prefix hard links
94b2a74 chore: remove benchmarks from git repo
ecaafb4 update deps
bd4691c 6.1.5

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade tar from 6.1.0 to 6.1.11

7c37588

Snyk has created this PR to upgrade tar from 6.1.0 to 6.1.11.

See this package in npm:
https://www.npmjs.com/package/tar

See this project in Snyk:
https://app.snyk.io/org/mrbrain295/project/efaed915-a6f1-466d-8bbf-5193dec2b6a1?utm_source=github&utm_medium=referral&page=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment