chore(deps): Bump tar from 6.1.11 to 6.2.1#262
Merged
amannn merged 1 commit intoApr 24, 2024
Conversation
Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.11 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Owner
|
Thank you! |
|
🎉 This PR is included in version 5.5.2 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
FlipEnergy
added a commit
to gorgias/action-semantic-pull-request
that referenced
this pull request
Aug 29, 2024
* feat: Add outputs for `type`, `scope` and `subject` (amannn#261 by @bcaurel) * Update validatePrTitle.js * Update README.md * Update README.md --------- Co-authored-by: Jan Amann <jan@amann.work> * chore: Release 5.5.0 [skip ci] * fix: Bump ip from 2.0.0 to 2.0.1 (amannn#263 by @EelcoLos) Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1. - [Commits](indutny/node-ip@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Release 5.5.1 [skip ci] * fix: Bump tar from 6.1.11 to 6.2.1 (amannn#262 by @EelcoLos) Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.11 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Release 5.5.2 [skip ci] * chore: Update major tag (amannn#268 by @gustavkj) * chore(deps): Bump braces from 3.0.2 to 3.0.3 (amannn#269 by @EelcoLos) * fix: Bump `braces` dependency (amannn#269. by @EelcoLos) * chore: Release 5.5.3 [skip ci] * docs: Mention `reopened` trigger in README (amannn#272 by @garysassano) * feat(ops): Update readme to reflect how gorgians should use --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Brandon Caurel <brandon.caurel@doctolib.com> Co-authored-by: Jan Amann <jan@amann.work> Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net> Co-authored-by: Eelco Los <5102501+EelcoLos@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gustav Utterheim <gustav@utterheim.com> Co-authored-by: Jan Amann <jan@amann.me> Co-authored-by: Gary Sassano <10464497+garysassano@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is a request to fix the "Denial of service while parsing a tar file due to lack of folders count validation"
This Dependabot Moderate issue is also visible at GHSA-f5x3-32g6-xq36
these are displayed in : CWE-400
PR on forked branch: Brink-Software#28
below is cited from Dependabot:
Bumps tar from 6.1.11 to 6.2.1.
Release notes
Sourced from tar's releases.
Changelog
Sourced from tar's changelog.
... (truncated)
Commits
bef7b1e6.2.1fe8cd57prevent extraction in excessively deep subfoldersfe7ebfdremove security.md5bc9d406.2.0fe1ef5echangelog 6.2e483220get rid of npm lint stuff689928aci that works outside of npm orgdb6f539file inference improvements for .tbr and .tgz336fa8frefactor: dry and other pr commentseeba222chore: lint fixes