From 340be305f8b1f5776f14fe86d5f93fbb6575a8cf Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 16 Jun 2026 08:31:02 +0200 Subject: [PATCH] fix(deps): tighten tar override to >=7.5.16 The ^7.5.11 override resolved to the vulnerable 7.5.15. Pin to >=7.5.16. Resolves Dependabot alert #246 (desktop). --- desktop/package.json | 2 +- desktop/pnpm-lock.yaml | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/desktop/package.json b/desktop/package.json index a0f2a6de9..73e1c510a 100644 --- a/desktop/package.json +++ b/desktop/package.json @@ -74,7 +74,7 @@ ], "overrides": { "minimatch": "^10.2.3", - "tar": "^7.5.11", + "tar": ">=7.5.16", "@tootallnate/once": "^3.0.1", "picomatch": ">=4.0.4", "tmp": ">=0.2.7", diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml index 24c81fb9c..866cbbb3a 100644 --- a/desktop/pnpm-lock.yaml +++ b/desktop/pnpm-lock.yaml @@ -6,7 +6,7 @@ settings: overrides: minimatch: ^10.2.3 - tar: ^7.5.11 + tar: '>=7.5.16' '@tootallnate/once': ^3.0.1 picomatch: '>=4.0.4' tmp: '>=0.2.7' @@ -1303,8 +1303,8 @@ packages: resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==} engines: {node: '>=6'} - tar@7.5.15: - resolution: {integrity: sha512-dzGK0boVlC4W5QFuQN1EFSl3bIDYsk7Tj40U6eIBnK2k/8ml7TZ5agbI5j5+qnoVcAA+rNtBml8SEiLxZpNqRQ==} + tar@7.5.16: + resolution: {integrity: sha512-56adEpPMouktRlBLXiaYFFzZ/3+JXa8P9n7WbR+ibIjtviN55mEaOkiysCnPnWm+7kkui1Dn8J9l+g6zV8731w==} engines: {node: '>=18'} temp-file@3.4.0: @@ -1745,7 +1745,7 @@ snapshots: read-config-file: 6.3.2 sanitize-filename: 1.6.4 semver: 7.8.1 - tar: 7.5.15 + tar: 7.5.16 temp-file: 3.4.0 transitivePeerDependencies: - supports-color @@ -1790,7 +1790,7 @@ snapshots: proper-lockfile: 4.1.2 resedit: 1.7.2 semver: 7.7.4 - tar: 7.5.15 + tar: 7.5.16 temp-file: 3.4.0 tiny-async-pool: 1.3.0 unzipper: 0.12.3 @@ -2665,7 +2665,7 @@ snapshots: nopt: 9.0.0 proc-log: 6.1.0 semver: 7.8.1 - tar: 7.5.15 + tar: 7.5.16 tinyglobby: 0.2.15 undici: 6.26.0 which: 6.0.1 @@ -3017,7 +3017,7 @@ snapshots: inherits: 2.0.4 readable-stream: 3.6.2 - tar@7.5.15: + tar@7.5.16: dependencies: '@isaacs/fs-minipass': 4.0.1 chownr: 3.0.0