Upgrade tar to address security vulnerability
#713
Conversation
iAmmar7
changed the title
tar to address security vulnerabilitytar to address security vulnerability
|
Please insert the line |
| @@ -24,6 +24,7 @@ install: | |||
| - IF /I "%PLATFORM%" == "x64" CALL "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 | |||
| - IF /I "%PLATFORM%" == "x86" CALL "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 | |||
| - npm ci | |||
| - npm run update-crosswalk | |||
There was a problem hiding this comment.
Great! Now set lines 5 thru 7 of appveyor.yml to
- nodejs_version: 18
- nodejs_version: 20
- nodejs_version: 22to match https://nodejs.org/en/about/previous-releases#release-schedule and your tests should be green. ✅
There was a problem hiding this comment.
The tests would be green because of the newer Node versions, but are you sure I should remove the older versions from the tests?
There was a problem hiding this comment.
Well, it did not pass for Node 20 and 21.
There was a problem hiding this comment.
looks like there's an explanation for that here: https://github.com/mapbox/node-pre-gyp/pull/712/files#diff-92ab9a36df5d8e9f7076f2fdec59492d1ac2d9cf27ea046767a7fc4d542ef3dcR11
|
I'm out of my depth here, but just to say we're seeing pressure to also update our packages because of the above tar dependancy. |
|
@bensquire I would recommend dropping |
|
Thanks @cclauss. Will look at what I need to tear out in turn :) |
| - nodejs_version: 14 | ||
| - nodejs_version: 18 | ||
| - nodejs_version: 20 | ||
| - nodejs_version: 21 |
There was a problem hiding this comment.
node 22 is out now
| - nodejs_version: 21 | |
| - nodejs_version: 22 |
|
Git conflicts -- Please rebase. |
Upgrade the
tardependency to the latest v7.0.1 to address the following security issue:GHSA-f5x3-32g6-xq36