https://bugzilla.redhat.com/show_bug.cgi?id=2060615
--- Doc Text *updated* by Mauro Matteo Cascella mcascell@redhat.com --- A flaw was found in npm-lockfile. npm-lockfile v2 did not sanitize the `only` parameter before invoking sensitive command execution API with the input, leading to a command injection vulnerability.