Giters

serverless / serverless

⚡ Serverless Framework – Use AWS Lambda and other managed cloud services to build apps that auto-scale, cost nothing when idle, and boast radically low maintenance.

Home Page:https://serverless.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

dependency tar@6.1.5 is vulnerabilty

savez opened this issue · comments

commented

Issue description

Hi, in my project I use serverless@3.38.0.
I run yarn audit and I find this potential vulnerability in module TAR. It use in serverless@3.38.0

I can fix it?

Context

Screenshot 2024-04-11 at 15 41 38

commented

Bumping this issue.

Will there be a 3.x.x release that'll have a patched version of Tar? Or should we expect this vulnerability to be patched in serverless v4?