Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Bump tar from 6.1.0 to 6.1.2 #2474

Merged
merged 1 commit into from Aug 12, 2021
Merged

chore: Bump tar from 6.1.0 to 6.1.2 #2474

merged 1 commit into from Aug 12, 2021

Conversation

mayank99
Copy link
Contributor

@mayank99 mayank99 commented Aug 4, 2021
edited

Bumps minimum required version of tar from 6.1.0 to 6.1.2. Addresses GHSA-3jfq-g458-7qm9 and GHSA-r628-mhmh-qjhw

Closes #2473

Checklist
  • npm install && npm test passes
  • documentation is changed or added
  • commit message follows commit guidelines

@mayank99 mayank99 changed the title Bump tar from 6.1.0 to 6.1.2 chore: Bump tar from 6.1.0 to 6.1.2 Aug 4, 2021
@mayank99 mayank99 marked this pull request as ready for review August 11, 2021 19:24
@mayank99
Copy link
Contributor Author

@rvagg Publishing this PR. Please let me know if I missed something.

@rvagg rvagg merged commit ec15a3e into nodejs:master Aug 12, 2021
@rvagg
Copy link
Member

rvagg commented Aug 12, 2021

thanks @mayank99 we'll get this out in the coming release (soon)

@victoria100
Copy link

When are you planing to release this?

@rvagg
Copy link
Member

rvagg commented Aug 18, 2021

yep

@victoria100
Copy link

When?

daniellockyer added a commit to TryGhost/node-sqlite3 that referenced this pull request Apr 12, 2022
@daniellockyer
Updated node-gyp to v8.x
6721906 
refs #1493
refs nodejs/node-gyp#2474

- `node-gyp` 7.x has a minimum `tar` version of 6.0.2, which has a
  security vulnerability listed against it
- `node-gyp` 8.x updates the minimum to 6.1.2, which contains the fix
- `node-gyp` 8.x should still allow us to use Node 10, so we're good
  with Node compatibility
- it also seems to fix the `PYTHON` env variable being set, which helps
  fix the build for MacOS Monterey (coming in the next commit)
@daniellockyer daniellockyer mentioned this pull request Apr 12, 2022
Merged
daniellockyer added a commit to TryGhost/node-sqlite3 that referenced this pull request Apr 12, 2022
@daniellockyer
Updated node-gyp to v8.x
859b95b 
refs #1493
refs nodejs/node-gyp#2474

- `node-gyp` 7.x has a minimum `tar` version of 6.0.2, which has a
  security vulnerability listed against it
- `node-gyp` 8.x updates the minimum to 6.1.2, which contains the fix
- `node-gyp` 8.x should still allow us to use Node 10, so we're good
  with Node compatibility
- it also seems to fix the `PYTHON` env variable being set, which helps
  fix the build for MacOS Monterey (coming in the next commit)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security vulnerability: tar
3 participants
@mayank99 @rvagg @victoria100