v0.12.2

What's Changed

• Port a fix for CVE-2025-58183 by @mtrmac in #85

Full Changelog: v0.12.1...v0.12.2

v0.12.1

Apologies for the disruptions! 😽
This release reverts the (breaking) change of making our carried version of archive/tar private. (that was apparently a scream test of sorts 😬 )
And patches the other side of the CVE-2022-2879 for the tar.Writer.

Thanks @mtrmac for the quick iteration.

v0.12.0

Notably this release only makes the carried version of archive/tar now an internal library so that it's not importable outside of this project.

Reference: #79 , #80

v0.11.7

This release addresses CVE-2022-2879

Thanks to @tojoos and @bainsy88 for the report

v0.11.6

This release notably drops go1.17 (due to dependencies that no longer support 1.17), and adds testing for go1.21 and go1.22.

Additionally adds a new function for iterating over only the headers of a the metadata. Previously this would have required assembling the full tar stream with is expensive for such an operation. Thanks @mtrmac

and thanks @testwill for the typo fix.

v0.11.4

v0.11.3

This is a bit of bringing tar-split up-to-date, but also this will be the last release to support up to go1.16. Some of the deps to be updated now only support go1.18 (kindof go1.17) and above. Here's looking at you golang.org/x/sys/unix ... 🙄