Skip to content

Commit 25728ab

Browse files
vrubezhnyvrubezhny
committed
Fix vulnerability in tar-fs <2.1.2
Tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File #80 Fixes: https://github.com/redhat-developer/vscode-openshift-tools/security/dependabot/80 Signed-off-by: Victor Rubezhny <vrubezhny@redhat.com>
1 parent d5c8950 commit 25728ab

File tree

2 files changed

+52
-223
lines changed

2 files changed

+52
-223
lines changed

package-lock.json

Lines changed: 50 additions & 222 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -197,8 +197,9 @@
197197
"overrides": {
198198
"cookie": "^1.0.2",
199199
"cross-spawn": "^7.0.6",
200+
"globals": "^16.0.0",
200201
"tough-cookie": "^5.1.2",
201-
"globals": "^16.0.0"
202+
"tar-fs": "^2.1.2"
202203
},
203204
"activationEvents": [
204205
"onView:openshiftProjectExplorer",

0 commit comments

Comments
 (0)