Skip to content

[Snyk] Fix for 2 vulnerabilities#12

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-a7825feec878e292ae5b8ee6c7f472a1
Open

[Snyk] Fix for 2 vulnerabilities#12
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-a7825feec878e292ae5b8ee6c7f472a1

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Aug 5, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Recently disclosed, Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 Yes No Known Exploit
high severity 696/1000
Why? Recently disclosed, Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: tar The new version differs by 250 commits.
  • 0532554 3.2.3
  • 85d3a94 Remove paths from dirCache when no longer dirs
  • 9c393bb 3.2.2
  • 2a724c6 add publishConfig tag
  • 147e078 fix: strip absolute paths more comprehensively
  • 1dea1df v3.2.1
  • afb02ad pack: don't drop dots from dotfiles when prefixing
  • 6a86ec4 v3.2.0
  • cb297ca Add uid/gid options to extract and unpack
  • 38c265b add chownr as a dep
  • ef33670 v3.1.15
  • ea21ad6 unpack: Fix process.umask handling
  • 0594dcf v3.1.14
  • d8ecec7 mkdir: always chmod when umask won't allow mode
  • 97e7646 unpack: don't call process.getgid() unnecessarily
  • 95049b6 Include size in PAX extended header
  • 2176335 v3.1.13
  • c8ac45b Do not attempt to call getgid/getuid if not a function
  • 587a459 v3.1.12
  • 257d430 More extra event emitting to avoid 'premature close'
  • 474686b v3.1.11
  • a7af20d unpack: go ahead and emit 'end'
  • 9780dc1 v3.1.10
  • 9f8a12f Strip null bytes from extended path/linkpath entries

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot