[Pkg-javascript-devel] Bug#959786: Bug#959786: node-execa: Please remove dependency to node-cross-spawn
Xavier
yadd at debian.org
Tue May 5 15:24:03 BST 2020
Le 05/05/2020 à 13:36, yadd at debian.org a écrit :
> Package: node-execa
> Severity: important
> Control: block 958403 by -1
>
> node-cross-spawn reimplement builtin Node.js functions
> child_process.sync and child_process.spawnSync compatible with
> Windows.
>
> This package has also some security holes. Please patch code to
> replace `cross-spawn.spawn` by `child_process.sync`
Not so easy here, execa uses internal cross-spawn libraries to parse
arguments and uses childProcess.spawn to launch process
More information about the Pkg-javascript-devel
mailing list