Update TAR dependency to 6.2.1 for Security Vulnerability

npm / pacote

npm fetcher

ISC License

355 stars 45 forks source link

Update TAR dependency to 6.2.1 for Security Vulnerability #348

Closed ChewuuHi closed 7 months ago

ChewuuHi commented 7 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current Behavior

The package 'tar' has a security vunerability, seehttps://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 or npm audit .pls kindly upgrade TAR dependency to secure version in pacote 15.2.X version.

Expected Behavior

tar dependency should be upgraded to 6.2.1 in pacote 15.2.X version.

Steps To Reproduce

No response

Environment

No response

wraithgar commented 7 months ago

$ npm view pacote dependencies.tar
^6.1.11

Folks installing the current version of pacote will be able to update to a secure version of tar without any changes to pacote itself.

MatheusCandidoo commented 4 days ago

I'm in a attempt to correct this vulnerability in node 16.20.0. I need a way to update the package tar in the bundle of npm. I have tried to update the package, but all my attempts to update tar or npm globally redirects to the prefix of %AppData%/npm. We have a way to update the tar package in the C:/Program Files/nodejs?