Vulnerability of URL-PARSE dependency
Mendistern opened this issue · comments
This is a dependency vulnerability report:
Github dependabot notified me that this package uses a vulnerable release for URL-parse.
Please check the compatibility with minimum version 1.5.0.
Thanks
Alert:
Dependabot cannot update url-parse to a non-vulnerable version
The latest possible version that can be installed is 1.4.7 because of the following conflicting dependency:
sitemap-generator@8.5.1 requires url-parse@1.4.7
The earliest fixed version is 1.5.0.
Hey, it is fixed by auto bot here : #111
Is this lib still maintained ?