Closed sparten11740 closed 7 months ago
Further hardens add in case some future code changes make it possible for an attacker to pass shell: true to spawnSync. Also updates our spawnSync to prevent consumers from passing in shell: true
add
shell: true
Captured from https://github.com/ExodusMovement/lerna-release-action/pull/40#discussion_r1523536060
Further hardens
addin case some future code changes make it possible for an attacker to passshell: trueto spawnSync. Also updates our spawnSync to prevent consumers from passing inshell: trueCaptured from https://github.com/ExodusMovement/lerna-release-action/pull/40#discussion_r1523536060