Skip to content

fix: update tar-fs to 3.0.9 to resolve security vulnerability #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
teodorciuraru merged 1 commit into from
Aug 15, 2025
Merged

fix: update tar-fs to 3.0.9 to resolve security vulnerability #75

teodorciuraru merged 1 commit into from
Aug 15, 2025

Conversation

@teodorciuraru
Copy link
Contributor

@teodorciuraru teodorciuraru commented Aug 14, 2025

Summary

• Updates tar-fs resolution from 3.0.8 to 3.0.9 to fix CVE-2025-48387
• Fixes high severity vulnerability that allows extraction outside specified directory
• All builds and tests pass with the updated dependency

Test plan

  • Build passes locally (npm run build)
  • All tests pass locally (yarn test)
  • Verified tar-fs is now at version 3.0.9
  • No breaking changes detected

🤖 Generated with Claude Code

@teodorciuraru @claude
fix: update tar-fs to 3.0.9 to resolve security vulnerability
d57a13e 
Updates tar-fs from 3.0.8 to 3.0.9 to fix CVE-2025-48387, a high severity
vulnerability that allows extraction outside the specified directory.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@teodorciuraru teodorciuraru requested a review from Copilot August 14, 2025 15:57
@teodorciuraru teodorciuraru self-assigned this Aug 14, 2025
@teodorciuraru teodorciuraru added the dependencies Pull requests that update a dependency file label Aug 14, 2025
Copilot AI reviewed Aug 14, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Updates the tar-fs dependency resolution from version 3.0.8 to 3.0.9 to address a high severity security vulnerability (CVE-2025-48387) that could allow file extraction outside the intended directory.

  • Updates tar-fs version in package.json resolutions
  • Addresses security vulnerability CVE-2025-48387
  • Maintains compatibility with existing codebase

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@teodorciuraru teodorciuraru merged commit be5433a into master Aug 15, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nickrobinson nickrobinson nickrobinson approved these changes

@pvditto pvditto Awaiting requested review from pvditto

Assignees

@teodorciuraru teodorciuraru

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@teodorciuraru @nickrobinson