Vulnerability in go.mod dependency

[x1m3]

This project uses an old dependency of the library github.com/whyrusleeping/tar-utils v0.0.0-20180509141711-8c6c8ba81d5c

There is a security advice that encourages to upgrade to > 0.0.0-20201201191210-20a61371de5b

GHSA-jpf8-h7h7-3ppm

Thanks for your efforts.

[welcome]

Thank you for submitting your first issue to this repository! A maintainer will be here shortly to triage and review.
In the meantime, please double-check that you have provided all the necessary information to make this process easy! Any information that can help save additional round trips is useful! We currently aim to give initial feedback within two business days. If this does not happen, feel free to leave a comment.
Please keep an eye on how this issue will be labeled, as labels give an overview of priorities, assignments and additional actions requested by the maintainers:

• "Priority" labels will show how urgent this is for the team.
• "Status" labels will show if this is ready to be worked on, blocked, or in progress.
• "Need" labels will indicate if additional input or analysis is required.

Finally, remember to use https://discuss.ipfs.io if you just need general support.