fix(deps): update tar override to 7.5.11 to fix symlink path traversal
Updates pnpm override for tar to resolve GHSA-9ppj-qmqm-q256.
This commit is contained in:
parent
e20af6df40
commit
dc581fdcbe
|
|
@ -65,7 +65,7 @@
|
|||
],
|
||||
"overrides": {
|
||||
"minimatch": "^10.2.3",
|
||||
"tar": "^7.5.10",
|
||||
"tar": "^7.5.11",
|
||||
"@tootallnate/once": "^3.0.1"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ settings:
|
|||
|
||||
overrides:
|
||||
minimatch: ^10.2.3
|
||||
tar: ^7.5.10
|
||||
tar: ^7.5.11
|
||||
'@tootallnate/once': ^3.0.1
|
||||
|
||||
importers:
|
||||
|
|
@ -1040,6 +1040,10 @@ packages:
|
|||
resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
|
||||
engines: {node: '>=16 || 14 >=14.17'}
|
||||
|
||||
minipass@7.1.3:
|
||||
resolution: {integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==}
|
||||
engines: {node: '>=16 || 14 >=14.17'}
|
||||
|
||||
minizlib@3.1.0:
|
||||
resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==}
|
||||
engines: {node: '>= 18'}
|
||||
|
|
@ -1263,8 +1267,8 @@ packages:
|
|||
resolution: {integrity: sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==}
|
||||
engines: {node: '>=11.0.0'}
|
||||
|
||||
sax@1.5.0:
|
||||
resolution: {integrity: sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==}
|
||||
sax@1.6.0:
|
||||
resolution: {integrity: sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==}
|
||||
engines: {node: '>=11.0.0'}
|
||||
|
||||
semver-compare@1.0.0:
|
||||
|
|
@ -1405,8 +1409,8 @@ packages:
|
|||
resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==}
|
||||
engines: {node: '>=6'}
|
||||
|
||||
tar@7.5.10:
|
||||
resolution: {integrity: sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw==}
|
||||
tar@7.5.11:
|
||||
resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==}
|
||||
engines: {node: '>=18'}
|
||||
|
||||
temp-file@3.4.0:
|
||||
|
|
@ -1647,7 +1651,7 @@ snapshots:
|
|||
ora: 5.4.1
|
||||
read-binary-file-arch: 1.0.6
|
||||
semver: 7.7.4
|
||||
tar: 7.5.10
|
||||
tar: 7.5.11
|
||||
yargs: 17.7.2
|
||||
transitivePeerDependencies:
|
||||
- supports-color
|
||||
|
|
@ -1687,7 +1691,7 @@ snapshots:
|
|||
|
||||
'@isaacs/fs-minipass@4.0.1':
|
||||
dependencies:
|
||||
minipass: 7.1.2
|
||||
minipass: 7.1.3
|
||||
|
||||
'@malept/cross-spawn-promise@1.1.1':
|
||||
dependencies:
|
||||
|
|
@ -1847,7 +1851,7 @@ snapshots:
|
|||
read-config-file: 6.3.2
|
||||
sanitize-filename: 1.6.3
|
||||
semver: 7.7.4
|
||||
tar: 7.5.10
|
||||
tar: 7.5.11
|
||||
temp-file: 3.4.0
|
||||
transitivePeerDependencies:
|
||||
- supports-color
|
||||
|
|
@ -1888,7 +1892,7 @@ snapshots:
|
|||
proper-lockfile: 4.1.2
|
||||
resedit: 1.7.2
|
||||
semver: 7.7.4
|
||||
tar: 7.5.10
|
||||
tar: 7.5.11
|
||||
temp-file: 3.4.0
|
||||
tiny-async-pool: 1.3.0
|
||||
which: 5.0.0
|
||||
|
|
@ -1998,7 +2002,7 @@ snapshots:
|
|||
builder-util-runtime@9.2.4:
|
||||
dependencies:
|
||||
debug: 4.4.3
|
||||
sax: 1.5.0
|
||||
sax: 1.6.0
|
||||
transitivePeerDependencies:
|
||||
- supports-color
|
||||
|
||||
|
|
@ -2065,7 +2069,7 @@ snapshots:
|
|||
minipass-pipeline: 1.2.4
|
||||
p-map: 7.0.4
|
||||
ssri: 12.0.0
|
||||
tar: 7.5.10
|
||||
tar: 7.5.11
|
||||
unique-filename: 4.0.0
|
||||
|
||||
cacheable-lookup@5.0.4: {}
|
||||
|
|
@ -2876,9 +2880,11 @@ snapshots:
|
|||
|
||||
minipass@7.1.2: {}
|
||||
|
||||
minipass@7.1.3: {}
|
||||
|
||||
minizlib@3.1.0:
|
||||
dependencies:
|
||||
minipass: 7.1.2
|
||||
minipass: 7.1.3
|
||||
|
||||
ms@2.1.3: {}
|
||||
|
||||
|
|
@ -2904,7 +2910,7 @@ snapshots:
|
|||
nopt: 8.1.0
|
||||
proc-log: 5.0.0
|
||||
semver: 7.7.4
|
||||
tar: 7.5.10
|
||||
tar: 7.5.11
|
||||
tinyglobby: 0.2.15
|
||||
which: 5.0.0
|
||||
transitivePeerDependencies:
|
||||
|
|
@ -3114,7 +3120,7 @@ snapshots:
|
|||
|
||||
sax@1.4.4: {}
|
||||
|
||||
sax@1.5.0: {}
|
||||
sax@1.6.0: {}
|
||||
|
||||
semver-compare@1.0.0:
|
||||
optional: true
|
||||
|
|
@ -3285,11 +3291,11 @@ snapshots:
|
|||
inherits: 2.0.4
|
||||
readable-stream: 3.6.2
|
||||
|
||||
tar@7.5.10:
|
||||
tar@7.5.11:
|
||||
dependencies:
|
||||
'@isaacs/fs-minipass': 4.0.1
|
||||
chownr: 3.0.0
|
||||
minipass: 7.1.2
|
||||
minipass: 7.1.3
|
||||
minizlib: 3.1.0
|
||||
yallist: 5.0.0
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue