fix(lib): fixed command injection vulnerability according to Issue #60

[keymandll]

After discussing the command injection issue with cristianstaicu I have fixed the code.
To summarize the changes:

• Eliminated the use of the quote() functions. The args array is now handled by the shell-escape lib.
• Updated the packages.json and added shell-escape as dependency
• Fixed version number inconsistency between growl.js and packages.json, also incremented by 0.0.1
• Updated history file to reflect the relevant changes.

[evilpacket]

@keymandll any chance we can get this merged and 1.9.3 shipped to address the vuln?

[marcysutton]

We'll have to remove this module if this isn't fixed, as the vulnerability is failing our builds now. Just so you know people are depending on it!

[nabajit-cpu]

Where can I find the patch file ?

[ad-zsolt-imre]

All. It's been a while I opened this PR. If it did not get merged and the updates published since, unfortunately there's nothing I can do. I'm not a maintainer of this project.

I'd recommend either removing this package from your dependencies or forking it and applying the changes (See "Files changed" tab of the PR) submitted and using your fork.