Skip to content

Commit

Permalink
Update to tar@2.0.0.
Browse files Browse the repository at this point in the history 
From https://nodesecurity.io/advisories/57:

    The tar module earlier than version 2.0.0 allow for archives to
    contain symbolic links that will overwrite targets outside the
    expected path for extraction.

PR-URL: #797
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
@Emuentes @bnoordhuis
Emuentes authored and bnoordhuis committed Nov 4, 2015
1 parent 2ac7de0 commit f5d86eb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"request": "2",
"rimraf": "2",
"semver": "2.x || 3.x || 4 || 5",
"tar": "^1.0.0",
"tar": "^2.0.0",
"which": "1"
},
"engines": {
Expand Down

1 comment on commit f5d86eb

@Emuentes
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

Please sign in to comment.