From bab5e8f207e38a7731a87f714fb660aaba75a6c6 Mon Sep 17 00:00:00 2001
From: zJ_ <19760191+zJuuu@users.noreply.github.com>
Date: Tue, 3 Jun 2025 13:31:38 +0200
Subject: [PATCH] fix: tar-fs can extract outside the specified dir with a
 specific tarball CVE-2025-48387

---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a5c61df..f59149d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4065,9 +4065,9 @@
       }
     },
     "node_modules/tar-fs": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz",
-      "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==",
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz",
+      "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==",
       "dependencies": {
         "chownr": "^1.1.1",
         "mkdirp-classic": "^0.5.2",