Security vulnerability in tar dependency of v0.17.3 #1665
Description
What is the output of running npx envinfo --binaries --languages --system --utilities?
System:
OS: macOS Mojave 10.14.4
CPU: (4) x64 Intel(R) Core(TM) i5-6267U CPU @ 2.90GHz
Memory: 89.64 MB / 16.00 GB
Shell: 3.2.57 - /bin/bash
Binaries:
Node: 10.15.3 - ~/.nvm/versions/node/v10.15.3/bin/node
Yarn: 1.15.2 - /usr/local/bin/yarn
npm: 6.4.1 - ~/.nvm/versions/node/v10.15.3/bin/npm
Utilities:
Make: 3.81 - /usr/bin/make
GCC: 10.14. - /usr/bin/gcc
Git: 2.17.1 - /usr/local/bin/git
Languages:
Bash: 3.2.57 - /bin/bash
Perl: 5.18.2 - /usr/bin/perl
PHP: 7.1.23 - /usr/bin/php
Python: 2.7.10 - /usr/bin/python
Ruby: 2.4.2p198 - /Users/ivasilov/.rbenv/shims/ruby
What are the steps to reproduce?
Install v0.17.3 and run npm audit or yarn audit.
The audit shows a security vulnerability in tar version.
What is the expected behaviour?
No security vulnerabilities.
Are you able to provide a sample image that helps explain the problem?
I've made a fix in this branch. If we could merge it to your repo and you could publish it as 0.17.4, that would be great.