-
Notifications
You must be signed in to change notification settings - Fork 302
Expand file tree
/
Copy path.iyarc
More file actions
19 lines (17 loc) · 834 Bytes
/
.iyarc
File metadata and controls
19 lines (17 loc) · 834 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Excluded because:
# - Lerna requires tar v6, but no patched v6 exists (fix only in v7.5.3)
# - Forcing tar v7.5.3 breaks lerna's packDirectory API
# - This CVE affects archive EXTRACTION (unpacking malicious symlinks/hardlinks)
# - Lerna only uses tar for PACKING
GHSA-8qq5-rm4j-mr97
# Excluded because:
# - Transitive dependency through lerna and yeoman-generator, which currently pin tar to a
# < 7.5.4 range; We only use their tar integration for
# archive PACKING, not extraction,
GHSA-r6q2-hw4h-h46w
# Excluded because:
# - CVE-2026-24842: node-tar hardlink path traversal vulnerability
# - Transitive dependency through lerna and yeoman-generator, which pin tar to < 7.5.7
# - This CVE affects archive EXTRACTION (hardlink escape during unpacking)
# - Lerna only uses tar for PACKING, not extraction
GHSA-34x7-hfp2-rc4v