CVE-2023-42282 reported for dependency module simple-git v3.22.0 #764
Description
Hi,
simple-git v3.22.0 is reported as vulnerable i.e., The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic
Please could you confirm if simple-git can be updated to v3.23.0 or v3.28.0 (i.e., used by sfdx-git-delta) to resolve CVE-2023-42282?
If this is not possible, please could you suggest safe alternative to override the transitive dependency of simple-git package after vlocity been installed.
Thanks in advance