From dc581fdcbe2c638a466dd944443be77833ddaf08 Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 17 Mar 2026 09:45:29 +0100 Subject: [PATCH] fix(deps): update tar override to 7.5.11 to fix symlink path traversal Updates pnpm override for tar to resolve GHSA-9ppj-qmqm-q256. --- desktop/package.json | 2 +- desktop/pnpm-lock.yaml | 38 ++++++++++++++++++++++---------------- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/desktop/package.json b/desktop/package.json index 7c7533f36..e47450b5f 100644 --- a/desktop/package.json +++ b/desktop/package.json @@ -65,7 +65,7 @@ ], "overrides": { "minimatch": "^10.2.3", - "tar": "^7.5.10", + "tar": "^7.5.11", "@tootallnate/once": "^3.0.1" } } diff --git a/desktop/pnpm-lock.yaml b/desktop/pnpm-lock.yaml index 03f53144c..aff895791 100644 --- a/desktop/pnpm-lock.yaml +++ b/desktop/pnpm-lock.yaml @@ -6,7 +6,7 @@ settings: overrides: minimatch: ^10.2.3 - tar: ^7.5.10 + tar: ^7.5.11 '@tootallnate/once': ^3.0.1 importers: @@ -1040,6 +1040,10 @@ packages: resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} engines: {node: '>=16 || 14 >=14.17'} + minipass@7.1.3: + resolution: {integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==} + engines: {node: '>=16 || 14 >=14.17'} + minizlib@3.1.0: resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} engines: {node: '>= 18'} @@ -1263,8 +1267,8 @@ packages: resolution: {integrity: sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==} engines: {node: '>=11.0.0'} - sax@1.5.0: - resolution: {integrity: sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==} + sax@1.6.0: + resolution: {integrity: sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==} engines: {node: '>=11.0.0'} semver-compare@1.0.0: @@ -1405,8 +1409,8 @@ packages: resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==} engines: {node: '>=6'} - tar@7.5.10: - resolution: {integrity: sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw==} + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} engines: {node: '>=18'} temp-file@3.4.0: @@ -1647,7 +1651,7 @@ snapshots: ora: 5.4.1 read-binary-file-arch: 1.0.6 semver: 7.7.4 - tar: 7.5.10 + tar: 7.5.11 yargs: 17.7.2 transitivePeerDependencies: - supports-color @@ -1687,7 +1691,7 @@ snapshots: '@isaacs/fs-minipass@4.0.1': dependencies: - minipass: 7.1.2 + minipass: 7.1.3 '@malept/cross-spawn-promise@1.1.1': dependencies: @@ -1847,7 +1851,7 @@ snapshots: read-config-file: 6.3.2 sanitize-filename: 1.6.3 semver: 7.7.4 - tar: 7.5.10 + tar: 7.5.11 temp-file: 3.4.0 transitivePeerDependencies: - supports-color @@ -1888,7 +1892,7 @@ snapshots: proper-lockfile: 4.1.2 resedit: 1.7.2 semver: 7.7.4 - tar: 7.5.10 + tar: 7.5.11 temp-file: 3.4.0 tiny-async-pool: 1.3.0 which: 5.0.0 @@ -1998,7 +2002,7 @@ snapshots: builder-util-runtime@9.2.4: dependencies: debug: 4.4.3 - sax: 1.5.0 + sax: 1.6.0 transitivePeerDependencies: - supports-color @@ -2065,7 +2069,7 @@ snapshots: minipass-pipeline: 1.2.4 p-map: 7.0.4 ssri: 12.0.0 - tar: 7.5.10 + tar: 7.5.11 unique-filename: 4.0.0 cacheable-lookup@5.0.4: {} @@ -2876,9 +2880,11 @@ snapshots: minipass@7.1.2: {} + minipass@7.1.3: {} + minizlib@3.1.0: dependencies: - minipass: 7.1.2 + minipass: 7.1.3 ms@2.1.3: {} @@ -2904,7 +2910,7 @@ snapshots: nopt: 8.1.0 proc-log: 5.0.0 semver: 7.7.4 - tar: 7.5.10 + tar: 7.5.11 tinyglobby: 0.2.15 which: 5.0.0 transitivePeerDependencies: @@ -3114,7 +3120,7 @@ snapshots: sax@1.4.4: {} - sax@1.5.0: {} + sax@1.6.0: {} semver-compare@1.0.0: optional: true @@ -3285,11 +3291,11 @@ snapshots: inherits: 2.0.4 readable-stream: 3.6.2 - tar@7.5.10: + tar@7.5.11: dependencies: '@isaacs/fs-minipass': 4.0.1 chownr: 3.0.0 - minipass: 7.1.2 + minipass: 7.1.3 minizlib: 3.1.0 yallist: 5.0.0