Open
Description
Describe the bug
Currently there is an indirect dependency on github.com/whilp/git-urls which comes from https://github.com/argoproj/notifications-engine. The notification-engine repo is updated but a new tag hasn't been released.
Fix: argoproj/notifications-engine@f485671
whilp/git-urls repo has a vuln and the repo is inactive -> whilp/git-urls#28
Additional context
There is no direct problem as such more of a security concern on using something that is vulnerable and has been fixed already.
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
Activity