Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Snyk published a high-severity issue in all versions of tar 7.5.7 and lower. The latest npm (v11.10.0) has package-lock set at version 7.5.7 for the tar dependency. Since my company blocks deploy with failing Snyk scans, now I can't deploy anything that has npm on it.
Expected Behavior
Update to tar 7.5.8 (or above) so my Snyk check passes.
Steps To Reproduce
No response
Environment
npm: v11.10.0
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Snyk published a high-severity issue in all versions of tar 7.5.7 and lower. The latest npm (v11.10.0) has package-lock set at version 7.5.7 for the
tardependency. Since my company blocks deploy with failing Snyk scans, now I can't deploy anything that has npm on it.Expected Behavior
Update to tar 7.5.8 (or above) so my Snyk check passes.
Steps To Reproduce
No response
Environment
npm: v11.10.0