Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch command injection vulnerability #65

Merged
merged 3 commits into from Dec 17, 2020

Conversation

@ron-checkmarx
Copy link
Contributor

@ron-checkmarx ron-checkmarx commented Dec 17, 2020

I made the necessary changes to use execFile and execFileSync instead of exec and execSync and also added a test to avoid regression.

closes: #64

Copy link
Owner

@domharrington domharrington left a comment

This looks great to me, thanks so much for submitting! @hipstersmoothie you happy with this and can you publish if so?

Loading

@hipstersmoothie hipstersmoothie merged commit ba1bdee into domharrington:master Dec 17, 2020
@ron-checkmarx
Copy link
Contributor Author

@ron-checkmarx ron-checkmarx commented Jan 5, 2021

@hipstersmoothie apologies for the multiple messages about this, but I will really appreciate you publishing the changes to npm.

Loading

@hipstersmoothie
Copy link
Collaborator

@hipstersmoothie hipstersmoothie commented Jan 5, 2021

🚀 PR was released in v4.0.4 🚀

Loading

@hipstersmoothie
Copy link
Collaborator

@hipstersmoothie hipstersmoothie commented Jan 5, 2021

Sorry CI was failing but got the release out!

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

3 participants