[rush] Medium - <CVE-2024-28863> -6.5 - Vulnerability in ‘tar6.1.15’
Opened this issue · 1 comments
davidabap commented
Summary
rush-lib is dependent on tar(~6.1.1)
There is a CVE link recommending an update. I also create a PR: #4644
Repro steps
Expected result:
Actual result:
Details
Standard questions
Please answer these questions to help us investigate your issue more quickly:
Question | Answer |
---|---|
@microsoft/rush globally installed version? |
5.120.2 |
rushVersion from rush.json? |
5.120.2 |
useWorkspaces from rush.json? |
Yes |
Operating system? | Mac |
Would you consider contributing a PR? | Yes |
Node.js version (node -v )? |
18.18.1 |
pwbriggs commented
@davidabap @iclanton since #4644 is merged, I think you can close this issue now. Thanks!