search

tensorflow / tfjs

A WebGL accelerated JavaScript library for training and deploying ML models.
https://js.tensorflow.org
Apache License 2.0
18.38k stars 1.92k forks source link

Update tar package version #8279

Closed gaikwadrahul8 closed 4 months ago

gaikwadrahul8 commented 4 months ago

Hi, Team

We've identified that the @tensorflow/tfjs-node package currently specifies a dependency on "tar": "^4.4.6". To address a known security vulnerability detailed in this GitHub security advisory: GHSA-f5x3-32g6-xq36, I've updated the tar dependency to a version "tar": "^6.2.1" to take care of this issue and I believe we'll have to release a patched version to npm. Thank you.

google-cla[bot] commented 4 months ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

gaikwadrahul8 commented 4 months ago

Hi, Team

I'm closing this PR because there was some issue about cla/google so I fixed and created new PR here https://github.com/tensorflow/tfjs/pull/8280. Thank you.