Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update package.json #797

Closed
wants to merge 1 commit into from
Closed

Update package.json #797

wants to merge 1 commit into from

Conversation

Emuentes
Copy link
Contributor

@Emuentes Emuentes commented Nov 4, 2015

NSP check is preventing me from deploying my latest because this module relies on a vulnerable version of tar.

https://nodesecurity.io/advisories/57

NSP check is preventing me from deploying my latest because this module relies on a vulnerable version of tar
https://nodesecurity.io/advisories/57
bnoordhuis pushed a commit that referenced this pull request Nov 4, 2015
From https://nodesecurity.io/advisories/57:

    The tar module earlier than version 2.0.0 allow for archives to
    contain symbolic links that will overwrite targets outside the
    expected path for extraction.

PR-URL: #797
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@bnoordhuis
Copy link
Member

Landed with a modified commit log in f5d86eb, thanks.

@bnoordhuis bnoordhuis closed this Nov 4, 2015
@Emuentes
Copy link
Contributor Author

Emuentes commented Nov 4, 2015

Awesome, thanks guys

@Emuentes Emuentes deleted the patch-1 branch November 4, 2015 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants