Skip to content

Commit 4e0c22b

Browse files
mridangmridang
committed
fix(deps): override tmp and tar-fs to patched versions
- Added override for `tmp` to ^0.2.4 - Forced `tar-fs` to 3.1.0 to address CVE-2025-59343 (symlink validation bypass) - Ensures Dependabot alerts are resolved by pinning safe versions
1 parent 83fc05b commit 4e0c22b

File tree

2 files changed

+2
-119
lines changed

2 files changed

+2
-119
lines changed

package-lock.json

Lines changed: 0 additions & 118 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@
6868
"oauth4webapi": "^3.6.0"
6969
},
7070
"overrides": {
71-
"tmp": "^0.2.4"
71+
"tmp": "^0.2.4",
72+
"tar-fs": "3.1.0"
7273
}
7374
}

0 commit comments

Comments
 (0)