Skip to content

build(deps): bump tar from 6.2.1 to 7.5.7 via yarn resolution#6

Merged
Edvin N (nissessenap) merged 1 commit intomasterfrom
foobar
Feb 10, 2026
Merged

build(deps): bump tar from 6.2.1 to 7.5.7 via yarn resolution#6
Edvin N (nissessenap) merged 1 commit intomasterfrom
foobar

Conversation

@nissessenap
Copy link
Copy Markdown

@nissessenap Edvin N (nissessenap) commented Feb 10, 2026

node-gyp (transitive dep of @vercel/ncc) pins tar@^6.1.2, preventing dependabot from updating to the patched 7.x line. Add a yarn resolution to force tar>=7.5.7, fixing CVE hardlink path traversal vulnerabilities.

@nissessenap @claude
build(deps): bump tar from 6.2.1 to 7.5.7 via yarn resolution
3a12a95 
node-gyp (transitive dep of @vercel/ncc) pins tar@^6.1.2, preventing
dependabot from updating to the patched 7.x line. Add a yarn resolution
to force tar>=7.5.7, fixing CVE hardlink path traversal vulnerabilities.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@nissessenap Edvin N (nissessenap) merged commit 5d538ce into master Feb 10, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nissessenap