GHSA-j9wj-m24m-7jj6: willitmerge has a Command Injection vulnerability

willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version `willitmerge@0.2.1`. Resources: * Project's GitHub source code: https://github.com/shama/willitmerge/ * Project's npm package: https://www.npmjs.com/package/willitmerge ## Background on exploitation Reporting a Command Injection vulnerability in `willitmerge` npm package. A security vulnerability manifests in this package due to the use of insecure child process execution API (`exec`) to which it concateanes user input, whether provided to the comm…