From b1fba6faa1735aef83c25351e62df9a1d95111cd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 22 Mar 2024 14:35:05 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TAR-6476909 --- package.json | 2 +- yarn.lock | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 79241f4d..b2f689ca 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "hpagent": "^1.2.0", "mime-types": "^2.1.35", "proxy-from-env": "^1.1.0", - "tar": "^6.2.0", + "tar": "^6.2.1", "tslib": "^2.6.2", "yeoman-environment": "^3.9.1", "yeoman-generator": "^5.6.1" diff --git a/yarn.lock b/yarn.lock index b65c5e58..9feca934 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6785,7 +6785,7 @@ table@^6.0.9: string-width "^4.2.3" strip-ansi "^6.0.1" -tar@^6.0.2, tar@^6.1.0, tar@^6.1.11, tar@^6.1.2, tar@^6.2.0: +tar@^6.0.2, tar@^6.1.0, tar@^6.1.11, tar@^6.1.2: version "6.2.0" resolved "https://registry.yarnpkg.com/tar/-/tar-6.2.0.tgz#b14ce49a79cb1cd23bc9b016302dea5474493f73" integrity sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ== @@ -6797,6 +6797,18 @@ tar@^6.0.2, tar@^6.1.0, tar@^6.1.11, tar@^6.1.2, tar@^6.2.0: mkdirp "^1.0.3" yallist "^4.0.0" +tar@^6.2.1: + version "6.2.1" + resolved "https://registry.yarnpkg.com/tar/-/tar-6.2.1.tgz#717549c541bc3c2af15751bea94b1dd068d4b03a" + integrity sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A== + dependencies: + chownr "^2.0.0" + fs-minipass "^2.0.0" + minipass "^5.0.0" + minizlib "^2.1.1" + mkdirp "^1.0.3" + yallist "^4.0.0" + test-exclude@^6.0.0: version "6.0.0" resolved "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz"