NPM Advisory - BL - Remote Memory Exposure

mafintosh / tar-stream

tar-stream is a streaming tar parser and generator.

MIT License

400 stars 93 forks source link

NPM Advisory - BL - Remote Memory Exposure #126

Closed mririgoyen closed 3 years ago

mririgoyen commented 3 years ago

The version of bl that is included in tar-stream (4.0.1) is affected by https://npmjs.com/advisories/1555. bl has released 4.0.3 which fixes this.

An update of bl to the latest would be appreciated to resolve this security vulnerability.

mririgoyen commented 3 years ago

Looks like a PR already exists for this request: https://github.com/mafintosh/tar-stream/pull/125

mafintosh commented 3 years ago

Hi, 4.0.3 is already covered by the package.json