Plannigan

**Name of the Vulnerable Software and Affected Versions** hyper-bump-it versions prior to 0.5.1 **Description** The issue arises from `hyper-bump-it` reading a file glob pattern from the configuration file and combining it with the project root directory to construct a full glob pattern. This pattern is used to find files that should be edited, but it does not check if the matched files are contained within the project root directory. As a result, changes could be written to files outside of the project. The default behavior of `hyper-bump-it` is to display planned changes and prompt the user for confirmation before editing any files. However, the configuration file provides a field that can be used to cause files to be edited without displaying the prompt. **Recommendations** For versions prior to 0.5.1, upgrade to version 0.5.1 or later to resolve the issue. As a temporary workaround, execute `hyper-bump-it` with the `--interactive` command line argument to ensure that all planned changes are displayed and the user is prompted for confirmation before editing any files, even if the configuration file contains `show confirm prompt=true`.