Snyk vulnerability DB reporting command injection vulnerability in ShellJS

### Node version (or tell us if you're using electron or some other framework):
8.0.0
### ShellJS version (the most recent version/Github branch you see the bug on):
0.7.8
### Operating system:
Linux
### Description of the bug:
Snyk reports high severity vulnerability in shelljs
### Example ShellJS command to reproduce the error:
In a repository with ShellJS as a dependency:
```javascript
username> snyk test

✗ High severity vulnerability found on shelljs@0.7.8
- desc: Command Injection
- info: https://snyk.io/vuln/npm:shelljs:20140723
- from: xxx@0.1.0 > shelljs@0.7.8
Fix: None available. Consider removing this dependency.
```
This is related to issues [143](https://github.com/shelljs/shelljs/issues/143), [495](https://github.com/shelljs/shelljs/issues/495), and PR [524](https://github.com/shelljs/shelljs/pull/524). Wasn't sure if the project was aware that ShellJS will break builds using vulnerability scanning in their CI workflow.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Snyk vulnerability DB reporting command injection vulnerability in ShellJS #810

Node version (or tell us if you're using electron or some other framework):

ShellJS version (the most recent version/Github branch you see the bug on):

Operating system:

Description of the bug:

Example ShellJS command to reproduce the error:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Snyk vulnerability DB reporting command injection vulnerability in ShellJS #810

Description

Node version (or tell us if you're using electron or some other framework):

ShellJS version (the most recent version/Github branch you see the bug on):

Operating system:

Description of the bug:

Example ShellJS command to reproduce the error:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions