Fixed
- Prevent command injection through arguments passed to getPath - the parameters of the getPath were not properly sanitized due to usage of execSync command, which allowed threat actor to pass undesired commands. Replaced the usage of execSync with spawnSync
- Move CI to GitHub Actions and add some integration tests
- Resolve dependabot detected vulnerabilities
NOTE: There's no breaking change in the API, but as the package now uses spawnSync instead of execSync, there might be a difference in the results of calling getPath method. So I've decided to bump the major version