Vulnerability of URL-PARSE dependency

lgraubner / sitemap-generator

Easily create XML sitemaps for your website.

MIT License

406 stars 129 forks source link

Vulnerability of URL-PARSE dependency #98

Open Mendistern opened 3 years ago

Mendistern commented 3 years ago

This is a dependency vulnerability report:

Github dependabot notified me that this package uses a vulnerable release for URL-parse. Please check the compatibility with minimum version 1.5.0.

Thanks

Alert:

 Dependabot cannot update url-parse to a non-vulnerable version
The latest possible version that can be installed is 1.4.7 because of the following conflicting dependency:

sitemap-generator@8.5.1 requires url-parse@1.4.7
The earliest fixed version is 1.5.0.

Aymeriic commented 2 years ago

Hey, it is fixed by auto bot here : https://github.com/lgraubner/sitemap-generator/pull/111

Is this lib still maintained ?