Fix to resolve the command injection vulnerability.

[keymandll]

No description provided.

[cristianstaicu]

Great pull request! I hope it gets accepted! ;)

[deiga]

@tj Any way you could get this merged and released? :)
It's not fun to just ignore security warnings https://nodesecurity.io/advisories/146

[tj]

I don't use node anymore, happy to add someone as maintainer.

[deiga]

@tj I'll volunteer to take the torch, even though I've not been a contributor to this project

[tj]

grr can't sign into npm haha, so annoying having a separate registry, should have you added in a min

[tj]

k there we go, added!

[ronkorving]

Please merge and release this :) We have security alerts going off in both retire and nsp modules.

[deiga]

@keymandll Did you test if this works? When running node tests.js I get an error with Spawn

[laserlemon]

@tj, @deiga 👋 Hello! I'm a GitHub staff member on the team responsible for sending security vulnerability alerts based on CVE reports. CVE-2017-16042 states that versions 1.10.0 and 1.10.1 of growl are vulnerable, although it seems as though this fix was merged prior to release of version 1.10.0. Could you please let me know the vulnerable/secure status of versions 1.10.0 and 1.10.1 with respect to this specific vulnerability?

Please reply as soon as possible. If we don't hear back within ~24 hours, we'll send alerts based on our best determination. Thank you!! ❤️

[deiga]

@laserlemon You observed correctly that from 1.10.0 onwards growl should not be vulnerable to CVE-2017-16042 anymore.
Why that report exists is beyond me, frankly.