From 2d5dea5a3283eb4b51b4536d48dc2aeb056bb8e4 Mon Sep 17 00:00:00 2001
From: Pomax <pomax@nihongoresources.com>
Date: Sun, 12 Oct 2025 09:25:15 -0700
Subject: [PATCH] Fix CVE-2025-59343

https://github.com/advisories/GHSA-vj76-c3g6-qr5v was fixed in tar-fs v2.1.4, all projects relying on tar-fs v2 should pin this version as lowest allowed semver.
---
 package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 316b8c2..b709f9e 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "pump": "^3.0.0",
     "rc": "^1.2.7",
     "simple-get": "^4.0.0",
-    "tar-fs": "^2.0.0",
+    "tar-fs": "^2.1.4",
     "tunnel-agent": "^0.6.0"
   },
   "devDependencies": {
@@ -64,4 +64,4 @@
   "engines": {
     "node": ">=10"
   }
-}
\ No newline at end of file
+}