Skip to content

fix: upgrade tar to >=7.5.11 (GHSA-9ppj-qmqm-q256)#7410

Merged
DennisOSRM merged 1 commit intomasterfrom
dluxen/upgrade_tar
Mar 13, 2026
Merged

fix: upgrade tar to >=7.5.11 (GHSA-9ppj-qmqm-q256)#7410
DennisOSRM merged 1 commit intomasterfrom
dluxen/upgrade_tar

Conversation

@DennisOSRM
Copy link
Copy Markdown
Collaborator

@DennisOSRM DennisOSRM commented Mar 13, 2026

tar <=7.5.10 has a high-severity traversal vulnerability via drive-relative linkpaths (GHSA-9ppj-qmqm-q256). Patched in 7.5.11.

pm warn config production Use `--omit=dev` instead.
# npm audit report

tar  <=7.5.10
Severity: high
node-tar Symlink Path Traversal via Drive-Relative Linkpath - https://github.com/advisories/GHSA-9ppj-qmqm-q256
fix available via `npm audit fix`
node_modules/tar

1 high severity vulnerability

To address all issues, run:
  npm audit fix

@DennisOSRM DennisOSRM merged commit 9c0583e into master Mar 13, 2026
23 checks passed
@DennisOSRM DennisOSRM deleted the dluxen/upgrade_tar branch March 13, 2026 08:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DennisOSRM