Open gjasny opened 4 years ago
@kevva any eta on being able to update the version of tar-stream dependency and publish the fix to npmjs?
There was a bl 1.2.3 package published. That should match the used semver.
ah great yep that solves the immediate issue.
Hello,
could you please raise the
tar-stream
dependency to latest2.x
version to get rid of the vulnerable bl package (CVE-2020-8244).Please also release a new version.
Thanks, Gregor