Skip to content

chore(deps): update dependency shelljs to v0.8.5 [security]#636

Open
renovate[bot] wants to merge 1 commit into
developfrom
renovate/npm-shelljs-vulnerability
Open

chore(deps): update dependency shelljs to v0.8.5 [security]#636
renovate[bot] wants to merge 1 commit into
developfrom
renovate/npm-shelljs-vulnerability

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented Mar 7, 2022
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
shelljs 0.8.40.8.5 age confidence

Improper Privilege Management in shelljs

GHSA-64g7-mvw6-v9qj

More information

Details

Impact

Output from the synchronous version of shell.exec() may be visible to other users on the same system. You may be affected if you execute shell.exec() in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec() as the root user.

Other shelljs functions (including the asynchronous version of shell.exec()) are not impacted.

Patches

Patched in shelljs 0.8.5

Workarounds

Recommended action is to upgrade to 0.8.5.

References

https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/

For more information

If you have any questions or comments about this advisory:

Severity

Medium

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Improper Privilege Management in shelljs

CVE-2022-0144 / GHSA-4rq4-32rv-6wp6

More information

Details

shelljs is vulnerable to Improper Privilege Management

Severity

  • CVSS Score: 7.1 / 10 (High)
  • Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

shelljs/shelljs (shelljs)

v0.8.5

Compare Source

Full Changelog

This was a small security fix for #​1058.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from 00c9f66 to 462b2e1 Compare June 18, 2022 15:32
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from 462b2e1 to 2f57b25 Compare August 10, 2025 13:26
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from 2f57b25 to f809179 Compare September 25, 2025 15:15
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from f809179 to 7eb16ea Compare December 3, 2025 19:27
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from 7eb16ea to fd9ad17 Compare January 19, 2026 19:25
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from fd9ad17 to 38d10b3 Compare February 12, 2026 16:53
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from 38d10b3 to 27650b8 Compare March 5, 2026 15:14
@renovate renovate Bot changed the title chore(deps): update dependency shelljs to v0.8.5 [security] chore(deps): update dependency shelljs to v0.8.5 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-shelljs-vulnerability branch March 27, 2026 02:11
@renovate renovate Bot changed the title chore(deps): update dependency shelljs to v0.8.5 [security] - autoclosed chore(deps): update dependency shelljs to v0.8.5 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from 27650b8 to ed9da4a Compare March 30, 2026 21:26
@renovate renovate Bot changed the title chore(deps): update dependency shelljs to v0.8.5 [security] chore(deps): update dependency shelljs to v0.8.5 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title chore(deps): update dependency shelljs to v0.8.5 [security] - autoclosed chore(deps): update dependency shelljs to v0.8.5 [security] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch 3 times, most recently from b57731b to 20ac34d Compare April 29, 2026 19:51
@renovate renovate Bot force-pushed the renovate/npm-shelljs-vulnerability branch from 20ac34d to cbb2365 Compare May 12, 2026 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants