Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade tar dependency to v7.x #54

Merged
merged 2 commits into from
Sep 4, 2024
Merged

Upgrade tar dependency to v7.x #54

merged 2 commits into from
Sep 4, 2024

Conversation

WtfJoke
Copy link
Contributor

@WtfJoke WtfJoke commented Sep 4, 2024
edited
Loading

Dropping support for node 6 and 8 (as tar v6 drops that support as well).
Addresses CVE-2024-28863

I did not notice any breaking changes in the api of tar (as it still works when tested it using our project).
The only breaking change library side is that you can not use it in node 6 and 8 anymore (but I dont think anybody is on that version anymore).

I've verified it works by running following commands:

  1. node examples/simple.js (I've added a simple setTimeout function which waits 2min before shutting it down, see here)
  2. aws dynamodb list-tables --endpoint-url http://localhost:8000

@WtfJoke
Upgrade tar dependency to v7.x
6c4a302 
Dropping support for node 6 and 8 (as tar v6 drops that support as well)
Addresses CVE-2024-28863
@WtfJoke WtfJoke mentioned this pull request Sep 4, 2024
Closed
rynop
rynop requested changes Sep 4, 2024
View reviewed changes
Copy link
Owner

@rynop rynop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after comment!

package.json Outdated Show resolved Hide resolved
@WtfJoke @rynop
Favor ~ over ^ for tar
3e389e0 
I'm not a fan of `^` as it can introduce breaking changes

Co-authored-by: Ryan Pendergast <[email protected]>
@WtfJoke
Copy link
Contributor Author

WtfJoke commented Sep 4, 2024

Thanks for your fast answer. Commited your suggested change with your comment! Looking forward to merge and release!

@rynop rynop merged commit f10f8c9 into rynop:master Sep 4, 2024
@rynop
Copy link
Owner

rynop commented Sep 4, 2024

Version 0.0.35 published: https://www.npmjs.com/package/dynamodb-local

thanks!

@WtfJoke
Copy link
Contributor Author

WtfJoke commented Sep 5, 2024

Thank you for the fast release <3

@WtfJoke WtfJoke deleted the upgradeTar branch September 5, 2024 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rynop rynop rynop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WtfJoke @rynop