@conventional-changelog/git-client has Argument Injection vulnerability
While the scope is only limited to writing a file with input from the git log result, it still allows to specify and overwrite any arbitrary files on disk, such as .env or as far as critical system configuration at /etc if the application is running as privileged root user. It may be the library's design choice to expose a generic params object to allow any consuming users to specify …