According to nodesecurity.io there is a medium rated vulnerability in sync-exec that isn't patched. According to the advisory you should update the lowest version of node supported to 0.12.0 and use the native functionality instead of sync-exec.