Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source that can circumvent the trusted dependencies list. An attacker can cause unintended dependencies to be loaded by including malicious file:, link:, git:, or github: URLs to import packages whose names also exis...