[p4] p4 vulnerable to Command Injection due to improper input sanitization

The package p4 before 0.0.7 is vulnerable to Command Injection via the run() function due to improper input sanitization

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-25171
• https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149ca445fb
• https://security.snyk.io/vuln/SNYK-JS-P4-3167330
• https://github.com/natelong/p4/blob/master/p4.js#23L12
• https://github.com/natelong/p4/blob/master/p4.js%23L12
• https://github.com/advisories/GHSA-jfm8-hwhg-r6gg