tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

I found this old-ish issue which I suspect should be closed: https://github.com/commitizen/cz-cli/issues/883

But even the latest version of commitizen contains the following issue:

```sh
# npm audit report

tmp  <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
```

Caused by:

```sh
&#9500;&#9472;&#9516; commitizen@4.3.1
&#9474; &#9492;&#9472;&#9516; inquirer@8.2.5
&#9474;   &#9492;&#9472;&#9516; external-editor@3.1.0
&#9474;     &#9492;&#9472;&#9472; tmp@0.0.33
```

This issue is still not fixed as of now, even in the latest `inquirer` version. But once this issue is resolved, the `inquire` package should be updated: https://github.com/SBoudrias/Inquirer.js/issues/1802

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter #1007

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

tmp allows arbitrary temporary file / directory write via symbolic link dir parameter #1007

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter #1007