Commit aed32c2

authored

Merge pull request #4085 from cdr/jsjoeio-fix-tar-vul

fix(security): tar vulnerability

2 parents 5c47c3e + a24e8f5 commit aed32c2Copy full SHA for aed32c2

File tree

6 files changed

+16

-15

lines changed

lib/vscode
- package.json
- yarn.lock
package.json
test
- package.json
- yarn.lock
yarn.lock

6 files changed

+16

-15

lines changed

`‎lib/vscode/package.json‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -218,6 +218,7 @@`
`218`	`218`	`"elliptic": "^6.5.3",`
`219`	`219`	`"nwmatcher": "^1.4.4",`
`220`	`220`	`"chrome-remote-interface": "^0.30.0",`
`221`		`- "glob-parent": "^5.1.2"`
	`221`	`+ "glob-parent": "^5.1.2",`
	`222`	`+ "tar": "^6.1.9"`
`222`	`223`	`}`
`223`	`224`	`}`

`‎lib/vscode/yarn.lock‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -8020,10 +8020,10 @@ tapable@^1.0.0, tapable@^1.1.3:`
`8020`	`8020`	`resolved "https://registry.yarnpkg.com/tapable/-/tapable-1.1.3.tgz#a1fccc06b58db61fd7a45da2da44f5f3a3e67ba2"`
`8021`	`8021`	`integrity sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==`
`8022`	`8022`
`8023`		`-tar@^6.0.2:`
`8024`		`- version "6.0.5"`
`8025`		`- resolved "https://registry.yarnpkg.com/tar/-/tar-6.0.5.tgz#bde815086e10b39f1dcd298e89d596e1535e200f"`
`8026`		`- integrity sha512-0b4HOimQHj9nXNEAA7zWwMM91Zhhba3pspja6sQbgTpynOJf+bkjBnfybNYzbpLbnwXnbyB4LOREvlyXLkCHSg==`
	`8023`	`+tar@^6.0.2, tar@^6.1.9:`
	`8024`	`+ version "6.1.11"`
	`8025`	`+ resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.11.tgz#6760a38f003afa1b2ffd0ffe9e9abbd0eab3d621"`
	`8026`	`+ integrity sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==`
`8027`	`8027`	`dependencies:`
`8028`	`8028`	`chownr "^2.0.0"`
`8029`	`8029`	`fs-minipass "^2.0.0"`

`‎package.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@`
`80`	`80`	`"browserslist": "^4.16.5",`
`81`	`81`	`"safe-buffer": "^5.1.1",`
`82`	`82`	`"vfile-message": "^2.0.2",`
`83`		`- "argon2/@mapbox/node-pre-gyp/tar": "^6.1.3",`
	`83`	`+ "argon2/@mapbox/node-pre-gyp/tar": "^6.1.9",`
`84`	`84`	`"path-parse": "^1.0.7"`
`85`	`85`	`},`
`86`	`86`	`"dependencies": {`

`‎test/package.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,6 @@`
`19`	`19`	`"wtfnode": "^0.9.0"`
`20`	`20`	`},`
`21`	`21`	`"resolutions": {`
`22`		`- "argon2/@mapbox/node-pre-gyp/tar": "^6.1.3"`
	`22`	`+ "argon2/@mapbox/node-pre-gyp/tar": "^6.1.9"`
`23`	`23`	`}`
`24`	`24`	`}`

`‎test/yarn.lock‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -4412,10 +4412,10 @@ symbol-tree@^3.2.4:`
`4412`	`4412`	`resolved "https://registry.yarnpkg.com/symbol-tree/-/symbol-tree-3.2.4.tgz#430637d248ba77e078883951fb9aa0eed7c63fa2"`
`4413`	`4413`	`integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==`
`4414`	`4414`
`4415`		`-tar@^6.1.0, tar@^6.1.3:`
`4416`		`- version "6.1.6"`
`4417`		`- resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.6.tgz#c23d797b0a1efe5d479b1490805c5443f3560c5d"`
`4418`		`- integrity sha512-oaWyu5dQbHaYcyZCTfyPpC+VmI62/OM2RTUYavTk1MDr1cwW5Boi3baeYQKiZbY2uSQJGr+iMOzb/JFxLrft+g==`
	`4415`	`+tar@^6.1.0, tar@^6.1.9:`
	`4416`	`+ version "6.1.11"`
	`4417`	`+ resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.11.tgz#6760a38f003afa1b2ffd0ffe9e9abbd0eab3d621"`
	`4418`	`+ integrity sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==`
`4419`	`4419`	`dependencies:`
`4420`	`4420`	`chownr "^2.0.0"`
`4421`	`4421`	`fs-minipass "^2.0.0"`

`‎yarn.lock‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -4882,10 +4882,10 @@ tar-stream@^2.1.4:`
`4882`	`4882`	`inherits "^2.0.3"`
`4883`	`4883`	`readable-stream "^3.1.1"`
`4884`	`4884`
`4885`		`-tar@^6.1.0, tar@^6.1.3:`
`4886`		`- version "6.1.6"`
`4887`		`- resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.6.tgz#c23d797b0a1efe5d479b1490805c5443f3560c5d"`
`4888`		`- integrity sha512-oaWyu5dQbHaYcyZCTfyPpC+VmI62/OM2RTUYavTk1MDr1cwW5Boi3baeYQKiZbY2uSQJGr+iMOzb/JFxLrft+g==`
	`4885`	`+tar@^6.1.0, tar@^6.1.9:`
	`4886`	`+ version "6.1.11"`
	`4887`	`+ resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.11.tgz#6760a38f003afa1b2ffd0ffe9e9abbd0eab3d621"`
	`4888`	`+ integrity sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==`
`4889`	`4889`	`dependencies:`
`4890`	`4890`	`chownr "^2.0.0"`
`4891`	`4891`	`fs-minipass "^2.0.0"`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit aed32c2

File tree

6 files changed

6 files changed

`‎lib/vscode/package.json‎`

`‎lib/vscode/yarn.lock‎`

`‎package.json‎`

`‎test/package.json‎`

`‎test/yarn.lock‎`

`‎yarn.lock‎`

0 commit comments