package: update tar to 2.x

strongloop / strong-pm

deployer for node applications

http://strong-pm.io

Other

1k stars 71 forks source link

package: update tar to 2.x #351

Closed sam-github closed 8 years ago

rmg commented 8 years ago

I'm a little surprised bumping a major version of such a dependency didn't break anything.

LGTM! :shipit:

sam-github commented 8 years ago

The major was bumped because they changed what they do with symlinks, there was a security problem. The API is the same (and we don't have symlinks in our npm packages), so it works the same from our point of view.