Skip to content

deps: Bump tar-fs to 3.0.9 on 1.61.1 (#15719) #15805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 11, 2025
Merged

deps: Bump tar-fs to 3.0.9 on 1.61.1 (#15719) #15805

merged 1 commit into from
Jun 11, 2025

Conversation

rschnekenbu
Copy link
Contributor

What it does

tar-fs 3.0.9 fixes CVE-2025-48387
(https://security.snyk.io/vuln/SNYK-JS-TARFS-10293725

This security fix backport was pushed on master (#15719).

This Pull Request targets the community release 1.61.1, which is currently based on 3.0.8 version.

How to test

Build and start Browser and Electron example.
Try to download folders from explorer in browser example (specific usage of tar-fs for archiving a folder, see https://github.com/eclipse-theia/theia/blob/remi/backport-tarfs-3.0.9-on-1.61.1/packages/filesystem/src/node/download/directory-archiver.ts#L28).
Other tools part shall work as usual.

Follow-ups

Breaking changes

  • This PR introduces breaking changes and requires careful review. If yes, the breaking changes section in the changelog has been updated.

Attribution

Review checklist

Reminder for reviewers

@Torbjorn-Svensson @rschnekenbu
deps: Bump tar-fs to 3.0.9 (#15719)
cba2243 
tar-fs 3.0.9 fixes CVE-2025-48387
(https://security.snyk.io/vuln/SNYK-JS-TARFS-10293725

Contributed by STMicroelectronics

Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
@github-project-automation github-project-automation bot moved this to Waiting on reviewers in PR Backlog Jun 10, 2025
@rschnekenbu rschnekenbu requested a review from tsmaeder June 10, 2025 14:56
@rschnekenbu rschnekenbu mentioned this pull request Jun 10, 2025
Closed
9 tasks
@rschnekenbu rschnekenbu changed the title deps: Bump tar-fs to 3.0.9 (#15719) deps: Bump tar-fs to 3.0.9 on 1.61.1 (#15719) Jun 10, 2025
@github-project-automation github-project-automation bot moved this from Waiting on reviewers to Needs merge in PR Backlog Jun 10, 2025
@rschnekenbu rschnekenbu merged commit dd140fa into release/1.61.x Jun 11, 2025
1 check passed
@github-project-automation github-project-automation bot moved this from Needs merge to Done in PR Backlog Jun 11, 2025
@rschnekenbu rschnekenbu deleted the remi/backport-tarfs-3.0.9-on-1.61.1 branch June 11, 2025 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsmaeder tsmaeder tsmaeder approved these changes

Assignees
No one assigned
Labels
None yet
Projects
PR Backlog
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rschnekenbu @tsmaeder @Torbjorn-Svensson