Br3nda
commented
5 years ago Failing at: watai tests/integration
Closed dependabot-preview[bot] closed 5 years ago
Br3nda
commented
5 years ago Failing at: watai tests/integration
dependabot-preview[bot]
commented
5 years ago Superseded by #220.
Bumps tar from 4.4.1 to 4.4.8. This update includes security fixes.
Vulnerabilities fixed
*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects tar** > A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. > > Affected versions: < 4.4.2Commits
- [`074c89b`](https://github.com/npm/node-tar/commit/074c89b1e639485468706af3c141a68ef8826728) 4.4.8 - [`c7bc240`](https://github.com/npm/node-tar/commit/c7bc2406eb23f624968271f9df3c917cae22e5c3) Fix hardlink extraction with strip. - [`0068764`](https://github.com/npm/node-tar/commit/0068764b53ed487300fd081922027767f4842e5e) Fix example typo - [`88d6071`](https://github.com/npm/node-tar/commit/88d6071c248042e29258f6f72c1b71721904cf22) 4.4.7 - [`41fce66`](https://github.com/npm/node-tar/commit/41fce66068cd532019be9ce8e1e3186361198466) Fix [#190](https://github-redirect.dependabot.com/npm/node-tar/issues/190): polyfill Buffer in lib/parse.js for node v4 <4.5 - [`ec2581a`](https://github.com/npm/node-tar/commit/ec2581af264c99c280ecfa7401c243b321cec2c1) clarify EOF error messages - [`6c95323`](https://github.com/npm/node-tar/commit/6c953230a12343490af7030e828cf9302f63b4d9) write-entry: handle shrinked file size than expected by lstat - [`34bdf6b`](https://github.com/npm/node-tar/commit/34bdf6b6b89091a3b0b4a8409b9c944dcce36f3b) travis: no windows. A known failing test is worse than no test. - [`dcab9b8`](https://github.com/npm/node-tar/commit/dcab9b8cc3cf4e82e96063d33dec8278670ab332) travis: add windows - [`4eb4e9b`](https://github.com/npm/node-tar/commit/4eb4e9b6c73977e2080c10a596cfd66b0d140265) travis: Add node 10, remove 4 - Additional commits viewable in [compare view](https://github.com/npm/node-tar/compare/v4.4.1...v4.4.8)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.