Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch command injection vulnerability #65

Merged
merged 3 commits into from
Dec 17, 2020

Conversation

ron-checkmarx
Copy link
Contributor

I made the necessary changes to use execFile and execFileSync instead of exec and execSync and also added a test to avoid regression.

closes: #64

Copy link
Owner

@domharrington domharrington left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great to me, thanks so much for submitting! @hipstersmoothie you happy with this and can you publish if so?

@hipstersmoothie hipstersmoothie added the patch Increment the patch version when merged label Dec 17, 2020
@hipstersmoothie hipstersmoothie merged commit ba1bdee into domharrington:master Dec 17, 2020
@ron-checkmarx
Copy link
Contributor Author

@hipstersmoothie apologies for the multiple messages about this, but I will really appreciate you publishing the changes to npm.

@hipstersmoothie
Copy link
Collaborator

🚀 PR was released in v4.0.4 🚀

@hipstersmoothie
Copy link
Collaborator

Sorry CI was failing but got the release out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
patch Increment the patch version when merged released
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Command Injection Vulnerability
3 participants