Skip to content

Update package.json#797

Closed
Emuentes wants to merge 1 commit intonodejs:masterfrom
Emuentes:patch-1
Closed

Update package.json#797
Emuentes wants to merge 1 commit intonodejs:masterfrom
Emuentes:patch-1

Conversation

@Emuentes
Copy link
Copy Markdown
Contributor

@Emuentes Emuentes commented Nov 4, 2015

NSP check is preventing me from deploying my latest because this module relies on a vulnerable version of tar.

https://nodesecurity.io/advisories/57

@Emuentes
Update package.json
bb96880 
NSP check is preventing me from deploying my latest because this module relies on a vulnerable version of tar
https://nodesecurity.io/advisories/57
bnoordhuis pushed a commit that referenced this pull request Nov 4, 2015
@Emuentes @bnoordhuis
Update to [email protected].
f5d86eb 
From https://nodesecurity.io/advisories/57:

    The tar module earlier than version 2.0.0 allow for archives to
    contain symbolic links that will overwrite targets outside the
    expected path for extraction.

PR-URL: #797
Reviewed-By: Ben Noordhuis <[email protected]>
@bnoordhuis
Copy link
Copy Markdown
Member

bnoordhuis commented Nov 4, 2015

Landed with a modified commit log in f5d86eb, thanks.

@bnoordhuis bnoordhuis closed this Nov 4, 2015
@Emuentes
Copy link
Copy Markdown
Contributor Author

Emuentes commented Nov 4, 2015

Awesome, thanks guys

@Emuentes Emuentes deleted the patch-1 branch November 4, 2015 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Emuentes @bnoordhuis