npm›obsidian›CVE-2021-381489.8 CRITICALImproper Authorization in Handler for Custom URL SchemeObsidian does not require user confirmation for non-http/https URLs.