bump: tar to fix CVE-2026-23950

NicolasCARPi · NicolasCARPi · commit 46289f626c5c · 2026-01-23T12:48:09.000+01:00
diff --git a/package.json b/package.json
@@ -54,7 +54,7 @@
   },
   "resolutions": {
     "brace-expansion": "2.0.2",
-    "tar": "7.5.3"
+    "tar": "^7.5.4"
   },
   "devDependencies": {
     "@parcel/core": "^2.16.3",
diff --git a/yarn.lock b/yarn.lock
@@ -4127,16 +4127,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tar@npm:7.5.3":
-  version: 7.5.3
-  resolution: "tar@npm:7.5.3"
+"tar@npm:^7.5.4":
+  version: 7.5.6
+  resolution: "tar@npm:7.5.6"
   dependencies:
     "@isaacs/fs-minipass": "npm:^4.0.0"
     chownr: "npm:^3.0.0"
     minipass: "npm:^7.1.2"
     minizlib: "npm:^3.1.0"
     yallist: "npm:^5.0.0"
-  checksum: 10c0/e5e3237bca325fbb33282d92d9807f4c8d81abaf71bf2627efdf93bd5610c146460c78fc7e9767d4ab5ae3c0b18af8197314c964f8cbd23b30b25bf4d42d7cb4
+  checksum: 10c0/08af3807035957650ad5f2a300c49ca4fe0566ac0ea5a23741a5b5103c6da42891a9eeaed39bc1fbcf21c5cac4dc846828a004727fb08b9d946322d3144d1fd2
   languageName: node
   linkType: hard
 
