chore: update node-tar to address vulnerability (#7516)

This commit is contained in:
Laurin Quast 2026-01-20 12:45:36 +01:00 committed by GitHub
parent 5e7a658220
commit 3484d4e97b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 49 additions and 27 deletions

View file

@ -120,6 +120,7 @@
"overrides.tar-fs": "https://github.com/graphql-hive/console/security/dependabot/290",
"overrides.nodemailer@^6.0.0": "supertokens-node override for vulnerable version",
"overrides.@types/nodemailer>@aws-sdk/client-sesv2": "@types/nodemailer depends on some AWS stuff that causes the 3.x.x version to stick around. We don't need that dependency. (https://github.com/graphql-hive/console/security/dependabot/436)",
"overrides.tar@6.x.x": "address https://github.com/graphql-hive/console/security/dependabot/443",
"overrides": {
"esbuild": "0.25.9",
"csstype": "3.1.2",
@ -135,7 +136,8 @@
"tailwindcss": "3.4.17",
"estree-util-value-to-estree": "^3.3.3",
"nodemailer@^6.0.0": "^7.0.11",
"@types/nodemailer>@aws-sdk/client-sesv2": "-"
"@types/nodemailer>@aws-sdk/client-sesv2": "-",
"tar@6.x.x": "^7.5.3"
},
"patchedDependencies": {
"mjml-core@4.14.0": "patches/mjml-core@4.14.0.patch",

View file

@ -20,6 +20,7 @@ overrides:
estree-util-value-to-estree: ^3.3.3
nodemailer@^6.0.0: ^7.0.11
'@types/nodemailer>@aws-sdk/client-sesv2': '-'
tar@6.x.x: ^7.5.3
patchedDependencies:
'@apollo/federation@0.38.1':
@ -5788,6 +5789,10 @@ packages:
resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
engines: {node: '>=12'}
'@isaacs/fs-minipass@4.0.1':
resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==}
engines: {node: '>=18.0.0'}
'@isaacs/string-locale-compare@1.1.0':
resolution: {integrity: sha512-SQ7Kzhh9+D+ZW9MA0zkYv3VXhIDNx+LzM6EJ+/65I3QY+enU6Itte7E5XX7EWrqLW2FN4n06GWzBnPoC3th2aQ==}
@ -11041,9 +11046,9 @@ packages:
chownr@1.1.4:
resolution: {integrity: sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==}
chownr@2.0.0:
resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==}
engines: {node: '>=10'}
chownr@3.0.0:
resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==}
engines: {node: '>=18'}
ci-info@3.8.0:
resolution: {integrity: sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==}
@ -12766,10 +12771,6 @@ packages:
resolution: {integrity: sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==}
engines: {node: '>=10'}
fs-minipass@2.1.0:
resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==}
engines: {node: '>= 8'}
fs-minipass@3.0.0:
resolution: {integrity: sha512-EUojgQaSPy6sxcqcZgQv6TVF6jiKvurji3AxhAivs/Ep4O1UpS8TusaxpybfFHZ2skRhLqzk6WR8nqNYIMMDeA==}
engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0}
@ -15001,10 +15002,18 @@ packages:
resolution: {integrity: sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==}
engines: {node: '>=16 || 14 >=14.17'}
minipass@7.1.2:
resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
engines: {node: '>=16 || 14 >=14.17'}
minizlib@2.1.2:
resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==}
engines: {node: '>= 8'}
minizlib@3.1.0:
resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==}
engines: {node: '>= 18'}
mj-context-menu@0.6.1:
resolution: {integrity: sha512-7NO5s6n10TIV96d4g2uDpG7ZDpIhMh0QNfGdJw/W47JswFcosz457wqz/b5sAKvl12sxINGFCn80NZHKwxQEXA==}
@ -17678,9 +17687,9 @@ packages:
resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==}
engines: {node: '>=6'}
tar@6.2.1:
resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==}
engines: {node: '>=10'}
tar@7.5.4:
resolution: {integrity: sha512-AN04xbWGrSTDmVwlI4/GTlIIwMFk/XEv7uL8aa57zuvRy6s4hdBed+lVq2fAZ89XDa7Us3ANXcE3Tvqvja1kTA==}
engines: {node: '>=18'}
tdigest@0.1.2:
resolution: {integrity: sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==}
@ -18726,6 +18735,10 @@ packages:
yallist@4.0.0:
resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
yallist@5.0.0:
resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==}
engines: {node: '>=18'}
yaml-eslint-parser@1.2.2:
resolution: {integrity: sha512-pEwzfsKbTrB8G3xc/sN7aw1v6A6c/pKxLAkjclnAyo5g5qOh6eL9WGu0o3cSDQZKrTNk4KL4lQSwZW+nBkANEg==}
engines: {node: ^14.17.0 || >=16.0.0}
@ -25808,6 +25821,10 @@ snapshots:
wrap-ansi: 8.1.0
wrap-ansi-cjs: wrap-ansi@7.0.0
'@isaacs/fs-minipass@4.0.1':
dependencies:
minipass: 7.1.2
'@isaacs/string-locale-compare@1.1.0': {}
'@jest/schemas@29.6.3':
@ -32516,7 +32533,7 @@ snapshots:
p-map: 4.0.0
promise-inflight: 1.0.1
ssri: 10.0.5
tar: 6.2.1
tar: 7.5.4
unique-filename: 3.0.0
transitivePeerDependencies:
- bluebird
@ -32533,7 +32550,7 @@ snapshots:
minipass-pipeline: 1.2.4
p-map: 4.0.0
ssri: 10.0.5
tar: 6.2.1
tar: 7.5.4
unique-filename: 3.0.0
cache-control-parser@2.0.6: {}
@ -32776,7 +32793,7 @@ snapshots:
chownr@1.1.4: {}
chownr@2.0.0: {}
chownr@3.0.0: {}
ci-info@3.8.0: {}
@ -34804,10 +34821,6 @@ snapshots:
jsonfile: 6.1.0
universalify: 2.0.0
fs-minipass@2.1.0:
dependencies:
minipass: 3.3.4
fs-minipass@3.0.0:
dependencies:
minipass: 4.2.4
@ -37679,11 +37692,17 @@ snapshots:
minipass@7.0.4: {}
minipass@7.1.2: {}
minizlib@2.1.2:
dependencies:
minipass: 3.3.4
yallist: 4.0.0
minizlib@3.1.0:
dependencies:
minipass: 7.1.2
mj-context-menu@0.6.1: {}
mjml-accordion@4.14.0(encoding@0.1.13):
@ -38229,7 +38248,7 @@ snapshots:
nopt: 7.2.0
proc-log: 3.0.0
semver: 7.7.2
tar: 6.2.1
tar: 7.5.4
which: 4.0.0
transitivePeerDependencies:
- supports-color
@ -38635,7 +38654,7 @@ snapshots:
read-package-json-fast: 3.0.2
sigstore: 2.2.2
ssri: 10.0.5
tar: 6.2.1
tar: 7.5.4
transitivePeerDependencies:
- bluebird
- supports-color
@ -40977,14 +40996,13 @@ snapshots:
inherits: 2.0.4
readable-stream: 3.6.0
tar@6.2.1:
tar@7.5.4:
dependencies:
chownr: 2.0.0
fs-minipass: 2.1.0
minipass: 5.0.0
minizlib: 2.1.2
mkdirp: 1.0.4
yallist: 4.0.0
'@isaacs/fs-minipass': 4.0.1
chownr: 3.0.0
minipass: 7.1.2
minizlib: 3.1.0
yallist: 5.0.0
tdigest@0.1.2:
dependencies:
@ -42173,6 +42191,8 @@ snapshots:
yallist@4.0.0: {}
yallist@5.0.0: {}
yaml-eslint-parser@1.2.2:
dependencies:
eslint-visitor-keys: 3.4.3