[Security] for npm vulnerable dependencies reported in npm audit

Hi, for latest npm (either 6.9.0 or 6.9.1-next.0) vulnerable version of dependencies npm-lifecycle and node-gyp were reported in npm audit. Could you please npm audit fix your package and publish to npm?

npm audit output follows:
High Arbitrary File Overwrite

Package tar

Patched in >=4.4.2

Dependency of npm

Path npm > node-gyp > tar

More info https://nodesecurity.io/advisories/803

High Arbitrary File Overwrite

Package tar

Patched in >=4.4.2

Dependency of npm

Path npm > npm-lifecycle > node-gyp > tar

More info https://nodesecurity.io/advisories/803

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.