Path Traversal in resolve-path

Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths.

Recommendation

Update to version 1.4.0 or later.