We've identified that the @tensorflow/tfjs-node package currently specifies a dependency on "tar": "^4.4.6". To address a known security vulnerability detailed in this GitHub security advisory: GHSA-f5x3-32g6-xq36, I've updated the tar dependency to a version "tar": "^6.2.1" to take care of this issue and I believe we'll have to release a patched version to npm. Thank you.
Hi, Team
We've identified that the @tensorflow/tfjs-node package currently specifies a dependency on
"tar": "^4.4.6"
. To address a known security vulnerability detailed in this GitHub security advisory: GHSA-f5x3-32g6-xq36, I've updated the tar dependency to a version"tar": "^6.2.1"
to take care of this issue and I believe we'll have to release a patched version to npm. Thank you.