can CVE-2020-12265 be closed with decompress-4.2.1?

[waltbest2]

how to prove decompress-4.2.1 is not vulnerable?

[heidemn-faro]

We also got this finding from Mend.
@kevva or @trptcolin or @sindresorhus can you provide some information about this? Thanks :-)

• Proposed fix in this repo which was declined: fixed path traversal issue #12
  "I think the fix belongs in the main project https://github.com/kevva/decompress
  This issue doesn’t just affect tarfiles, but archives in general (including zip, where the zip-slip vulnerability gets its name). So
  similar fixes would be needed to decompress-unzip, etc. - or the check could be centralized."
• Related fix in "decompress": https://github.com/kevva/decompress/releases/tag/v4.2.1
• Related issue: Snyk vulnerability found in version 4.1.1 #17