tar (node-tar) < 7.5.7 has a security vulnerability

[brendon]

I use @tensorflow/tfjs-node in a project and it calls for a vulnerable version of tar:

tfjs/tfjs-node/package.json

Line 71 in 0fc04d9

"tar": "^6.2.1"

Would it be possible to release a new version with an updated dependency?

CVE-2026-24842

[avmohansai]

Hi @brendon , I am able to reproduce the same and this is a known issue of tar.

I am escalating this issue to eng team.
Thank you.

[brendon]

Thanks @avmohansai :)