chore: exclude tar CVE GHSA-r6q2-hw4h-h46w in .iyarc

abhijit0943 · abhijit0943 · commit 1872bb18eca7 · 2026-01-21T20:31:58.000+05:30
Exclude the tar vulnerability instead of bumping version because: - Lerna requires tar v6, but fix only exists in v7.5.4+ - Forcing tar v7.x breaks lerna publishing - This is a race condition in tar's path reservation system Ticket: SC-5030
diff --git a/.iyarc b/.iyarc
@@ -4,4 +4,4 @@
 # - This CVE affects archive EXTRACTION (unpacking malicious symlinks/hardlinks)
 # - Lerna only uses tar for PACKING
 GHSA-8qq5-rm4j-mr97
-
+GHSA-r6q2-hw4h-h46w
