breautek commented on code in PR #1778:
URL: https://github.com/apache/cordova-android/pull/1778#discussion_r1949362910
##########
lib/check_reqs.js:
##########
@@ -110,7 +110,7 @@ module.exports.get_gradle_wrapper = function () {
let program_dir;
// OK, This hack only works on Windows, not on Mac OS or Linux. We will
be deleting this eventually!
if (module.exports.isWindows()) {
- const result = execa.sync(path.join(__dirname, 'getASPath.bat'));
+ const result = execa.sync(path.join(__dirname, 'getASPath.bat'), {
spawn: true });
Review Comment:
```suggestion
// "spawn" option enabled for CVE-2024-27980 (Windows) Mitigation
// See
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2 for
more details
const result = execa.sync(path.join(__dirname, 'getASPath.bat'), {
spawn: true });
```
##########
lib/check_reqs.js:
##########
@@ -110,7 +110,7 @@ module.exports.get_gradle_wrapper = function () {
let program_dir;
// OK, This hack only works on Windows, not on Mac OS or Linux. We will
be deleting this eventually!
if (module.exports.isWindows()) {
- const result = execa.sync(path.join(__dirname, 'getASPath.bat'));
+ const result = execa.sync(path.join(__dirname, 'getASPath.bat'), {
spawn: true });
Review Comment:
Also, I can't find any `spawn` option documented in execa, is this suppose
to be `shell` ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
