The tar package has a security advisory. This code has a dependency on the vulnerable version, with the fix only available in the following major version, so no semver-compatible fixed version is available. This will cause dependabot to complain about the transient dependency for any package that depends on typescript-cp.
However, from what I could tell, this repo does not use tar directly anywhere in the code. Removing the dependency should take care of this issue.
The tar package has a security advisory. This code has a dependency on the vulnerable version, with the fix only available in the following major version, so no semver-compatible fixed version is available. This will cause dependabot to complain about the transient dependency for any package that depends on typescript-cp.
However, from what I could tell, this repo does not use tar directly anywhere in the code. Removing the dependency should take care of this issue.