diff --git a/package.json b/package.json index 129f6841a3..7ab1adc3d4 100644 --- a/package.json +++ b/package.json @@ -63,7 +63,7 @@ "ignore-walk": "8.0.0", "js-yaml": "4.1.1", "postcss": "8.5.6", - "tar": "7.5.2", + "tar": "7.5.4", "terser": "5.44.1" }, "devDependencies": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1dc046d43f..6453ffd8ca 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -32,8 +32,8 @@ importers: specifier: 8.5.6 version: 8.5.6 tar: - specifier: 7.5.2 - version: 7.5.2 + specifier: 7.5.4 + version: 7.5.4 terser: specifier: 5.44.1 version: 5.44.1 @@ -10267,9 +10267,10 @@ packages: tar@6.2.1: resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} engines: {node: '>=10'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me - tar@7.5.2: - resolution: {integrity: sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==} + tar@7.5.4: + resolution: {integrity: sha512-AN04xbWGrSTDmVwlI4/GTlIIwMFk/XEv7uL8aa57zuvRy6s4hdBed+lVq2fAZ89XDa7Us3ANXcE3Tvqvja1kTA==} engines: {node: '>=18'} taskkill@5.0.0: @@ -20382,7 +20383,7 @@ snapshots: nopt: 9.0.0 proc-log: 6.1.0 semver: 7.7.3 - tar: 7.5.2 + tar: 7.5.4 tinyglobby: 0.2.15 which: 6.0.0 transitivePeerDependencies: @@ -22252,7 +22253,7 @@ snapshots: yallist: 4.0.0 optional: true - tar@7.5.2: + tar@7.5.4: dependencies: '@isaacs/fs-minipass': 4.0.1 chownr: 3.0.0 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index a9443da0b3..a934130179 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -36,3 +36,5 @@ minimumReleaseAge: 10080 # delay 7days to mitigate supply-chain attack minimumReleaseAgeExclude: - '@syuilo/aiscript' - systeminformation # 脆弱性対応。そのうち消すこと + # Renovate security update: tar@7.5.4 + - tar@7.5.4