Versions of shelljs prior to v0.8.5 are affected by a high rated security vulnerability. It's unlikely that anyone working with this repo has one of those older versions installed, but they are not automatically updated as long as they match the version range in package.json. This PR updates package.json to ensure that only shelljs ^0.8.5 is used.
Versions of shelljs prior to v0.8.5 are affected by a high rated security vulnerability. It's unlikely that anyone working with this repo has one of those older versions installed, but they are not automatically updated as long as they match the version range in package.json. This PR updates package.json to ensure that only shelljs ^0.8.5 is used.
NVD advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-0144