valscion
commented
1 year ago Those NIST vulnerabilities link to a different tool, not opener that we use: https://github.com/domenic/opener
Even if a tool isn't updated for a while doesn't mean it's not maintained.
Issue description
The opener dependency is outdated and has a security vulnerability alert. It is a lib that has not been updated at least 2 years and possibly will not receive the fix for this problem. So I suggest that replacement to another lib be considered.
Technical info
NIST vulnerabilities: CVE-2021-27478 CVE-2021-27482 CVE-2021-27498 CVE-2021-27500