Langflow is a powerful tool for building and deploying AI-powered agents and workflows.
fix(deps): pin tar-fs to >=2.1.4 to fix symlink following vulnerabiliā¦ (#12419)
fix(deps): pin tar-fs to >=2.1.4 to fix symlink following vulnerability (#12078) Adds override for tar-fs in package.json to ensure versions prior to 2.1.4 are never resolved. Addresses CVE in tar-fs <2.1.4 (PVR0686558) where symlink validation bypass was possible with a crafted tarball. Co-authored-by: Ram Gopal Srikar Katakam <[email protected]>
A
Adam-Aghili committed
1b3a656e0f8fe1af657b477628882d3473c8555e
Parent: af8da56
Committed by GitHub <[email protected]>
on 3/31/2026, 7:50:21 PM