Security: Update tar-fs to fix path traversal vulnerability (CVE-2024-12905)

## Description
The tar-fs package has a high severity path traversal vulnerability (CVE-2024-12905) that could result in unauthorized file writes or overwrites outside the intended extraction directory.

## Details
- This vulnerability affects the project through transitive dependencies
- Dependabot has flagged this as alert #29 and #30
- The vulnerability is present in tar-fs versions < 2.1.2 (for version 2.x series)
- Current dependency tree contains vulnerable versions

## Proposed Solution
Add an override/resolution for tar-fs to ensure version 2.1.2 or higher is used throughout the dependency tree:



## References
- CVE-2024-12905
- GHSA-pq67-2wwv-3xjx
- https://github.com/advisories/GHSA-pq67-2wwv-3xjx


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Update tar-fs to fix path traversal vulnerability (CVE-2024-12905) #14

Description

Details

Proposed Solution

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: Update tar-fs to fix path traversal vulnerability (CVE-2024-12905) #14

Description

Description

Details

Proposed Solution

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions