Skip to content

Commit 59d69e4

Browse files
Copilotmanast
andcommitted
Initial analysis of tar-fs vulnerability issue
Co-authored-by: manast <95200+manast@users.noreply.github.com>
1 parent 722b0e6 commit 59d69e4

2 files changed

Lines changed: 2 additions & 68 deletions

File tree

package-lock.json

Lines changed: 2 additions & 38 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

yarn.lock

Lines changed: 0 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -563,11 +563,6 @@
563563
"@jridgewell/resolve-uri" "^3.1.0"
564564
"@jridgewell/sourcemap-codec" "^1.4.14"
565565

566-
"@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.3":
567-
version "3.0.3"
568-
resolved "https://registry.npmjs.org/@msgpackr-extract/msgpackr-extract-darwin-arm64/-/msgpackr-extract-darwin-arm64-3.0.3.tgz"
569-
integrity sha512-QZHtlVgbAdy2zAqNA9Gu1UpIuI8Xvsd1v8ic6B2pZmeFnFcMWiPLfWXh7TVw4eGEZ/C9TH281KwhVoeQUKbyjw==
570-
571566
"@nodelib/fs.scandir@2.1.5":
572567
version "2.1.5"
573568
resolved "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz"
@@ -1054,8 +1049,6 @@
10541049

10551050
"@tufjs/models@3.0.1":
10561051
version "3.0.1"
1057-
resolved "https://registry.npmjs.org/@tufjs/models/-/models-3.0.1.tgz"
1058-
integrity sha512-UUYHISyhCU3ZgN8yaear3cGATHb3SMuKHsQ/nVbHXcmnBf+LzQ/cQfhNG+rfaSHgqGKNEm2cOCLVLELStUQ1JA==
10591052
dependencies:
10601053
"@tufjs/canonical-json" "2.0.0"
10611054
minimatch "^9.0.5"
@@ -2250,8 +2243,6 @@ fs-extra@^11.0.0:
22502243

22512244
fs-minipass@^2.0.0:
22522245
version "2.1.0"
2253-
resolved "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz"
2254-
integrity sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==
22552246
dependencies:
22562247
minipass "^3.0.0"
22572248

@@ -2267,11 +2258,6 @@ fs.realpath@^1.0.0:
22672258
resolved "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"
22682259
integrity sha1-FQStJSMVjKpA20onh8sBQRmU6k8=
22692260

2270-
fsevents@^2.3.2:
2271-
version "2.3.3"
2272-
resolved "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz"
2273-
integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==
2274-
22752261
function-bind@^1.1.1:
22762262
version "1.1.1"
22772263
resolved "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz"
@@ -2764,8 +2750,6 @@ isexe@^2.0.0:
27642750

27652751
isexe@^3.1.1:
27662752
version "3.1.1"
2767-
resolved "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz"
2768-
integrity sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==
27692753

27702754
issue-parser@^7.0.0:
27712755
version "7.0.1"
@@ -3659,8 +3643,6 @@ minipass-sized@^1.0.3:
36593643

36603644
minipass@^3.0.0:
36613645
version "3.3.6"
3662-
resolved "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz"
3663-
integrity sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==
36643646
dependencies:
36653647
yallist "^4.0.0"
36663648

@@ -3671,8 +3653,6 @@ minipass@^3.0.0:
36713653

36723654
minipass@^5.0.0:
36733655
version "5.0.0"
3674-
resolved "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz"
3675-
integrity sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==
36763656

36773657
minizlib@^2.1.1:
36783658
version "2.1.2"
@@ -3750,8 +3730,6 @@ natural-compare@^1.4.0:
37503730

37513731
negotiator@^1.0.0:
37523732
version "1.0.0"
3753-
resolved "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz"
3754-
integrity sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==
37553733

37563734
neo-async@^2.6.2:
37573735
version "2.6.2"
@@ -4167,8 +4145,6 @@ pacote@^19.0.0, pacote@^19.0.1:
41674145

41684146
pacote@^20.0.0:
41694147
version "20.0.0"
4170-
resolved "https://registry.npmjs.org/pacote/-/pacote-20.0.0.tgz"
4171-
integrity sha512-pRjC5UFwZCgx9kUFDVM9YEahv4guZ1nSLqwmWiLUnDbGsjs+U5w7z6Uc8HNR1a6x8qnu5y9xtGE6D1uAuYz+0A==
41724148
dependencies:
41734149
"@npmcli/git" "^6.0.0"
41744150
"@npmcli/installed-package-contents" "^3.0.0"
@@ -4922,17 +4898,13 @@ string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
49224898

49234899
string-width@^5.0.1:
49244900
version "5.1.2"
4925-
resolved "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz"
4926-
integrity sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==
49274901
dependencies:
49284902
eastasianwidth "^0.2.0"
49294903
emoji-regex "^9.2.2"
49304904
strip-ansi "^7.0.1"
49314905

49324906
string-width@^5.1.2:
49334907
version "5.1.2"
4934-
resolved "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz"
4935-
integrity sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==
49364908
dependencies:
49374909
eastasianwidth "^0.2.0"
49384910
emoji-regex "^9.2.2"
@@ -5071,8 +5043,6 @@ tar@^6.1.11, tar@^6.2.1:
50715043

50725044
tar@^7.4.3:
50735045
version "7.4.3"
5074-
resolved "https://registry.npmjs.org/tar/-/tar-7.4.3.tgz"
5075-
integrity sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==
50765046
dependencies:
50775047
"@isaacs/fs-minipass" "^4.0.0"
50785048
chownr "^3.0.0"

0 commit comments

Comments
 (0)