Security Bug in merge-recurrsive

[willemneal]

Github analyzed my package-lock.json and found a vulnerability for a dependency of this project:
https://github.com/OpenSourceDemocracy/orbit-fs/network/alert/package-lock.json/merge-recursive/open

Not sure how much this library depends on this package and thought I'd pass along the info.

[mkg20001]

This is not a big deal since it only affects the options argument passed to the server, which is only controllable by someone launching the server (therefore control of that indicates control of the shell, too)