From 25e191eb66a9de5652947f8846acbd3648e21ef4 Mon Sep 17 00:00:00 2001
From: Nicolas CARPi <3043706+NicolasCARPi@users.noreply.github.com>
Date: Wed, 9 Sep 2020 08:14:54 +0200
Subject: [PATCH] Fix buffer over-read vulnerability existing in bl < 4.0.3
 (#125)

See https://github.com/advisories/GHSA-pp7h-53gx-mx7r
Fix: CVE-2020-8244
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index d62c994..7c64e46 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
   "description": "tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.",
   "author": "Mathias Buus <mathiasbuus@gmail.com>",
   "dependencies": {
-    "bl": "^4.0.1",
+    "bl": "^4.0.3",
     "end-of-stream": "^1.4.1",
     "fs-constants": "^1.0.0",
     "inherits": "^2.0.3",