[1.3][CVE-2024-28863] Bump tar from to

Issue Resolve: CVE-2024-28863 Signed-off-by: Anan Zhuang <[email protected]>
ananzh · Aug 16, 2024 · 33b8c1f · 33b8c1f
1 parent 26d95c2
commit 33b8c1f
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/yarn.lock b/yarn.lock
@@ -20351,13 +20351,13 @@ tar-stream@^2.1.4:
     readable-stream "^3.1.1"
 
 [email protected], tar@^6.0.1, tar@^6.0.2, tar@^6.1.11:
-  version "6.1.11"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.11.tgz#6760a38f003afa1b2ffd0ffe9e9abbd0eab3d621"
-  integrity sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==
+  version "6.2.1"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-6.2.1.tgz#717549c541bc3c2af15751bea94b1dd068d4b03a"
+  integrity sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==
   dependencies:
     chownr "^2.0.0"
     fs-minipass "^2.0.0"
-    minipass "^3.0.0"
+    minipass "^5.0.0"
     minizlib "^2.1.1"
     mkdirp "^1.0.3"
     yallist "^4.0.0"