fix(deps): update tar override to 7.5.11 to fix symlink path traversal

Updates pnpm override for tar to resolve GHSA-9ppj-qmqm-q256.
This commit is contained in:
kolaente 2026-03-17 09:45:29 +01:00
parent e20af6df40
commit dc581fdcbe
2 changed files with 23 additions and 17 deletions

View File

@ -65,7 +65,7 @@
],
"overrides": {
"minimatch": "^10.2.3",
"tar": "^7.5.10",
"tar": "^7.5.11",
"@tootallnate/once": "^3.0.1"
}
}

View File

@ -6,7 +6,7 @@ settings:
overrides:
minimatch: ^10.2.3
tar: ^7.5.10
tar: ^7.5.11
'@tootallnate/once': ^3.0.1
importers:
@ -1040,6 +1040,10 @@ packages:
resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
engines: {node: '>=16 || 14 >=14.17'}
minipass@7.1.3:
resolution: {integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==}
engines: {node: '>=16 || 14 >=14.17'}
minizlib@3.1.0:
resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==}
engines: {node: '>= 18'}
@ -1263,8 +1267,8 @@ packages:
resolution: {integrity: sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==}
engines: {node: '>=11.0.0'}
sax@1.5.0:
resolution: {integrity: sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==}
sax@1.6.0:
resolution: {integrity: sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==}
engines: {node: '>=11.0.0'}
semver-compare@1.0.0:
@ -1405,8 +1409,8 @@ packages:
resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==}
engines: {node: '>=6'}
tar@7.5.10:
resolution: {integrity: sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw==}
tar@7.5.11:
resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==}
engines: {node: '>=18'}
temp-file@3.4.0:
@ -1647,7 +1651,7 @@ snapshots:
ora: 5.4.1
read-binary-file-arch: 1.0.6
semver: 7.7.4
tar: 7.5.10
tar: 7.5.11
yargs: 17.7.2
transitivePeerDependencies:
- supports-color
@ -1687,7 +1691,7 @@ snapshots:
'@isaacs/fs-minipass@4.0.1':
dependencies:
minipass: 7.1.2
minipass: 7.1.3
'@malept/cross-spawn-promise@1.1.1':
dependencies:
@ -1847,7 +1851,7 @@ snapshots:
read-config-file: 6.3.2
sanitize-filename: 1.6.3
semver: 7.7.4
tar: 7.5.10
tar: 7.5.11
temp-file: 3.4.0
transitivePeerDependencies:
- supports-color
@ -1888,7 +1892,7 @@ snapshots:
proper-lockfile: 4.1.2
resedit: 1.7.2
semver: 7.7.4
tar: 7.5.10
tar: 7.5.11
temp-file: 3.4.0
tiny-async-pool: 1.3.0
which: 5.0.0
@ -1998,7 +2002,7 @@ snapshots:
builder-util-runtime@9.2.4:
dependencies:
debug: 4.4.3
sax: 1.5.0
sax: 1.6.0
transitivePeerDependencies:
- supports-color
@ -2065,7 +2069,7 @@ snapshots:
minipass-pipeline: 1.2.4
p-map: 7.0.4
ssri: 12.0.0
tar: 7.5.10
tar: 7.5.11
unique-filename: 4.0.0
cacheable-lookup@5.0.4: {}
@ -2876,9 +2880,11 @@ snapshots:
minipass@7.1.2: {}
minipass@7.1.3: {}
minizlib@3.1.0:
dependencies:
minipass: 7.1.2
minipass: 7.1.3
ms@2.1.3: {}
@ -2904,7 +2910,7 @@ snapshots:
nopt: 8.1.0
proc-log: 5.0.0
semver: 7.7.4
tar: 7.5.10
tar: 7.5.11
tinyglobby: 0.2.15
which: 5.0.0
transitivePeerDependencies:
@ -3114,7 +3120,7 @@ snapshots:
sax@1.4.4: {}
sax@1.5.0: {}
sax@1.6.0: {}
semver-compare@1.0.0:
optional: true
@ -3285,11 +3291,11 @@ snapshots:
inherits: 2.0.4
readable-stream: 3.6.2
tar@7.5.10:
tar@7.5.11:
dependencies:
'@isaacs/fs-minipass': 4.0.1
chownr: 3.0.0
minipass: 7.1.2
minipass: 7.1.3
minizlib: 3.1.0
yallist: 5.0.0