[Snyk] Security upgrade tar from 6.1.6 to 6.1.9

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tar

The new version differs by 12 commits.

• 4f1f4a2 6.1.9
• 875a37e fix: prevent path escape using drive-relative paths
• b6162c7 fix: reserve paths properly for unicode, windows
• 3aaf19b fix: prune dirCache properly for unicode, windows
• 6a9c51d 6.1.8
• dfc5923 fix: skip extract if linkpath is stripped entirely
• 575a511 fix: reserve paths case-insensitively
• d61628c 6.1.7
• 9e018cf tests: run (and pass) on windows
• c2a0948 fix: refactoring to pass tests on Windows
• d0ce670 update deps
• 5360266 fix: normalize paths on Windows systems

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[coveralls]

Coverage remained the same at 98.178% when pulling ed562e1 on snyk-fix-c971399a05b302614347e536665de62e into 63ce7fd on main.