Le 05/05/2020 à 13:36, y...@debian.org a écrit : > Package: node-execa > Severity: important > Control: block 958403 by -1 > > node-cross-spawn reimplement builtin Node.js functions > child_process.sync and child_process.spawnSync compatible with > Windows. > > This package has also some security holes. Please patch code to > replace `cross-spawn.spawn` by `child_process.sync`
Not so easy here, execa uses internal cross-spawn libraries to parse arguments and uses childProcess.spawn to launch process