[Snyk] Security upgrade shelljs from 0.8.5 to 0.9.0

[schalla0791]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	508

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[dryrunsecurity]

This pull request introduces a potential security vulnerability related to command injection through the shelljs library, which could allow unauthorized shell command execution if user input is not properly sanitized.

Potential Command Injection in package.json

Vulnerability	Potential Command Injection
Description	The addition of shelljs introduces a potential for command injection if shell commands are executed with unsanitized user input. While no specific CVEs were found for version 0.9.0, the library's capability to execute shell commands presents an inherent security risk that requires careful code review.

k8s-custom-resource-demo/package.json

Lines 29 to 35 in 51103f6

	"helmet": "^6.0.1",
	"nodemon": "^2.0.21",
	"rimraf": "^4.4.0",
	"shelljs": "^0.9.0",
	"simple-git": "^3.17.0",
	"tar": "^6.1.13",
	"ts-node": "^10.9.1",

---

All finding details can be found in the DryRun Security Dashboard.