You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been receiving this moderate security error for a while
npm audit
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
@tensorflow/tfjs-node >=0.1.12
Depends on vulnerable versions of tar
node_modules/@tensorflow/tfjs-node
Hopefully as simple as updating the dependency and releasing a patched version to npm.
The text was updated successfully, but these errors were encountered:
We sincerely apologize for the delay in our response. We appreciate you bringing this important issue to our attention.
We've identified that the @tensorflow/tfjs-node package currently specifies a dependency on "tar": "^4.4.6". To address a known security vulnerability detailed in this GitHub security advisory: GHSA-f5x3-32g6-xq36, we'll need to update the tar dependency to a version greater than or equal to 6.2.1.
Our team is actively discussing this update and we will implement a fix shortly. We truly value your time and appreciate you helping us maintain a secure environment.
I've been receiving this moderate security error for a while
Hopefully as simple as updating the dependency and releasing a patched version to npm.
The text was updated successfully, but these errors were encountered: