Fix buffer over-read vulnerability existing in bl < 4.0.3 (#125)

See https://github.com/advisories/GHSA-pp7h-53gx-mx7r
Fix: CVE-2020-8244
This commit is contained in:
Nicolas CARPi 2020-09-09 08:14:54 +02:00 committed by GitHub
parent b44f5937f9
commit 25e191eb66
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -4,7 +4,7 @@
"description": "tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.", "description": "tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.",
"author": "Mathias Buus <mathiasbuus@gmail.com>", "author": "Mathias Buus <mathiasbuus@gmail.com>",
"dependencies": { "dependencies": {
"bl": "^4.0.1", "bl": "^4.0.3",
"end-of-stream": "^1.4.1", "end-of-stream": "^1.4.1",
"fs-constants": "^1.0.0", "fs-constants": "^1.0.0",
"inherits": "^2.0.3", "inherits": "^2.0.3",