Upgrade to version decompress - 4.2.1, decompress-tar

Question

Upgrade to version decompress - 4.2.1, decompress-tar

Closed this issue 2 months ago · 2 comments

Hi,

Security scan on the @cloudbeds/webpack-module-federation-types-plugin identified vulnerability in a dependent package: decompress-tar 4.1.1. The vulnerability is regarding Path Traversal via Network attack vector, as documented in https://cwe.mitre.org/data/definitions/22.html.

Hoping it is possible for the team to upgrade to decompress-tar 4.2.1 as this package is highly useful but currently flagging too many critical vulnerabilities.

Cheers

Answer 1 · 2024-10-13T16:48:48.000Z

Hey @guywardrop, I've bumped dependencies to latest versions

Answer 2 · 2024-10-14T08:24:09.000Z

Hi Steven, Much appreciated! Cheers, Guy From: Steven Pribilinskiy ***@***.***> Sent: Sunday, October 13, 2024 5:49 PM To: cloudbeds/webpack-module-federation-types-plugin ***@***.***> Cc: Wardrop, Guy SITILTD-PTIY/TAI ***@***.***>; Mention ***@***.***> Subject: Re: [cloudbeds/webpack-module-federation-types-plugin] Upgrade to version decompress - 4.2.1, decompress-tar (Issue #43) Think Secure. This email is from an external source. Hey @guywardrop<https://github.com/guywardrop>, I've bumped dependencies to latest versions - Reply to this email directly, view it on GitHub<#43 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A3ZIU3N6NVU2D3NSQXP6AALZ3KQALAVCNFSM6AAAAABK647IKGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBZGA2DONBRHE>. You are receiving this because you were mentioned.Message ID: ***@***.***>