[Security] Critical vulnerabilities that are getting injected directly by Heroku CLI

[MithunUmesh25]

What is the current behavior?
I am using the latest Heroku CLI (heroku/10.12.0 linux-x64), which we have baked into our Docker image; however, it is introducing certain P0 vulnerabilities. Below are the details of the affected packages.

Package name
pkg:npm/execa@0.10.0

pkg:npm/plist@3.0.6

What is the expected behavior?
Can you please remediate the security vulnerabilities in CLI?

[justinwilaby]

Hello @MithunUmesh25 - Thank you for opening this issue. We are nearing the last few days of our push to address security issues in the CLI and it's many plugins. Bear with us while we focus on this effort.

Cheers!