Upgrade tar to address security vulnerability
#713
Conversation
iAmmar7
changed the title
tar to address security vulnerabilitytar to address security vulnerability
|
Please insert the line |
| @@ -24,6 +24,7 @@ install: | |||
| - IF /I "%PLATFORM%" == "x64" CALL "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 | |||
| - IF /I "%PLATFORM%" == "x86" CALL "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 | |||
| - npm ci | |||
| - npm run update-crosswalk | |||
There was a problem hiding this comment.
Great! Now set lines 5 thru 7 of appveyor.yml to
- nodejs_version: 18
- nodejs_version: 20
- nodejs_version: 22to match https://nodejs.org/en/about/previous-releases#release-schedule and your tests should be green. ✅
There was a problem hiding this comment.
The tests would be green because of the newer Node versions, but are you sure I should remove the older versions from the tests?
There was a problem hiding this comment.
Well, it did not pass for Node 20 and 21.
|
I'm out of my depth here, but just to say we're seeing pressure to also update our packages because of the above tar dependancy. |
|
@bensquire I would recommend dropping |
|
Thanks @cclauss. Will look at what I need to tear out in turn :) |
Upgrade the
tardependency to the latest v7.0.1 to address the following security issue:GHSA-f5x3-32g6-xq36