From 3e91f3253b31f1974fae8aa7a66bcf4065600d1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Ovejero?= Date: Thu, 5 Jun 2025 12:25:32 +0200 Subject: [PATCH] refactor(core): Upgrade `tar-fs` to address CVE-2025-48387 (#16052) --- package.json | 2 +- pnpm-lock.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 26a8ada712..74b488829b 100644 --- a/package.json +++ b/package.json @@ -85,7 +85,7 @@ "esbuild": "^0.24.0", "pug": "^3.0.3", "semver": "^7.5.4", - "tar-fs": "2.1.2", + "tar-fs": "2.1.3", "tslib": "^2.6.2", "tsconfig-paths": "^4.2.0", "typescript": "^5.8.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 31d8ecda54..6a01983b25 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -174,7 +174,7 @@ overrides: esbuild: ^0.24.0 pug: ^3.0.3 semver: ^7.5.4 - tar-fs: 2.1.2 + tar-fs: 2.1.3 tslib: ^2.6.2 tsconfig-paths: ^4.2.0 typescript: ^5.8.2 @@ -13274,8 +13274,8 @@ packages: resolution: {integrity: sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==} engines: {node: '>=6'} - tar-fs@2.1.2: - resolution: {integrity: sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==} + tar-fs@2.1.3: + resolution: {integrity: sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==} tar-stream@2.2.0: resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==} @@ -26483,7 +26483,7 @@ snapshots: pump: 3.0.0 rc: 1.2.8 simple-get: 4.0.1 - tar-fs: 2.1.2 + tar-fs: 2.1.3 tunnel-agent: 0.6.0 prelude-ls@1.1.2: {} @@ -27951,7 +27951,7 @@ snapshots: tapable@2.2.1: {} - tar-fs@2.1.2: + tar-fs@2.1.3: dependencies: chownr: 1.1.4 mkdirp-classic: 0.5.3