Update Opener 1.5.1 to Opener 1.5.2

[earmia]

Is your feature request related to a problem? Please describe.
Opener 1.5.1 is vulnerable to code injection attacks
domenic/opener#34

Describe the solution you'd like
Update Opener 1.5.1 to Opener 1.5.2

Describe alternatives you've considered
Please describe alternative solutions or features you have considered.

[benjamingr]

The only place I see opener in the Node codebase is NPM and that's already 1.5.2 I believe?

Mind pointing me to what you mean?

[earmia]

Hi @benjamingr, in a private instance of Sonatype the scan shows that it's located at node-v14.15.1-win-x64.zip/node-v14.15.1-win-x64/node_modules/npm/node_modules/opener/lib

It's for Node LTS 14.15.1
https://github.com/nodejs/node/blob/v14.x/deps/npm/node_modules/opener/package.json

My apologies, I didn't mention that.

[richardlau]

Doesn't look like the most recent npm 6 release (#36450) contains the updated version of opener.
cc @nodejs/npm

[MylesBorins]

pinged the team to discuss

[earmia]

pinged the team to discuss

Hi @MylesBorins any updates ?

14.15.2 was released and it has opener 1.5.1, do you know when this request can be progressed ?

[MylesBorins]

@armiasaied we are working on getting an npm 6 release out ASAP and I'll get that backported to all appropriate release lines and discuss with the release team about a timeline to include it. Hopefully we can get this out relateively quickly in the new year

[targos]

The fix landed and will be in the next releases of v14/v12/v10

[earmia]

Thank you All ☺️