Skip to content

Fix CVE-2026-31802: bump bundled tar to 6.2.1#23

Open
diskshima wants to merge 1 commit into
masterfrom
fix-tar-cve-2026-31802
Open

Fix CVE-2026-31802: bump bundled tar to 6.2.1#23
diskshima wants to merge 1 commit into
masterfrom
fix-tar-cve-2026-31802

Conversation

@diskshima

Copy link
Copy Markdown
Owner

Update bundled tar dependency (within fsevents) from 4.4.8 to 6.2.1 to
address the node-tar Symlink Path Traversal via Drive-Relative Linkpath
vulnerability (CVE-2026-31802).

Update bundled tar dependency to address CVE-2026-31802. Upgrade Node.js and dependencies to support Node 24.
@diskshima diskshima force-pushed the fix-tar-cve-2026-31802 branch from efece31 to 04dc333 Compare March 30, 2026 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant