fix: exclude node-tar .iyarc CVE

kaustubhbitgo · kaustubhbitgo · commit 85dd5d3aa2b1 · 2026-01-30T13:05:58.000+05:30
Ticket: WP-0000
diff --git a/.iyarc b/.iyarc
@@ -11,3 +11,9 @@ GHSA-8qq5-rm4j-mr97
 #   archive PACKING, not extraction,
 GHSA-r6q2-hw4h-h46w
 
+# Excluded because:
+# - Transitive dependency through lerna and yeoman-generator requiring tar < 7.5.4
+# - This CVE affects tar's extraction process with specially crafted archives
+# - Our usage is limited to archive PACKING operations only, not extraction
+GHSA-34x7-hfp2-rc4v
+
