Le 05/05/2020 à 13:36, [email protected] a écrit : > Package: node-execa > Severity: important > Control: block 958403 by -1 > > node-cross-spawn reimplement builtin Node.js functions > child_process.sync and child_process.spawnSync compatible with > Windows. > > This package has also some security holes. Please patch code to > replace `cross-spawn.spawn` by `child_process.sync`
Not so easy here, execa uses internal cross-spawn libraries to parse arguments and uses childProcess.spawn to launch process -- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
