Improper Privilege Management in shelljs

[mominrazashahid]

I am getting high vulnerabilities issue. with the latest package 3.35.0. Node Version: 16.18.0

shelljs  <0.8.5
Severity: high
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-4rq4-32rv-6wp6
fix available via `npm audit fix --force`
Will install node-virustotal@2.0.8, which is a breaking change
node_modules/shelljs
  node-virustotal  >=2.0.9
  Depends on vulnerable versions of shelljs
  node_modules/node-virustotal

---

When I installed node-virustotal@2.0.8 then again got the same issue.

tar  <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix --force`
Will install node-virustotal@2.5.0, which is outside the stated dependency range
node_modules/tar
  node-virustotal  0.4.7 - 3.18.0
  Depends on vulnerable versions of emailjs
  Depends on vulnerable versions of tar
  node_modules/node-virustotal

---

When I installed node-virustotal@2.5.0 then again got the same issue.

shelljs  <0.8.5
Severity: high
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-4rq4-32rv-6wp6
fix available via `npm audit fix --force`
Will install node-virustotal@2.0.8, which is a breaking change
node_modules/shelljs
  node-virustotal  >=0.5.4
  Depends on vulnerable versions of emailjs
  Depends on vulnerable versions of shelljs
  node_modules/node-virustotal