A new security feature was introduced in NodeJS 18.20.x which is causing our build process to fail. We need to investigate whether a change needs to be made to Vortex's codebase or if this is a bug in Node.
Unfortunately we need to go through our codebase and add the shell: true property to all affected spawn calls. We have two potential solutions:
Go through the codebase manually and ensure we add the shell property (grindy task) - this will not affect 3rd party extensions and as a result any extensions that are not defining this property will potentially cease to work. (We need to review all 3rd party extensions to gauge the effect)
We can monkey patch the child_process.spawn function to ensure that the shell property is set when missing - this will affect 3rd party extensions and will ensure they're functioning (theoretically) and will simplify this task massively; BUT - monkey patching is evil and may create trouble in the long term.
A new security feature was introduced in NodeJS 18.20.x which is causing our build process to fail. We need to investigate whether a change needs to be made to Vortex's codebase or if this is a bug in Node.
https://github.com/node-red/node-red/pull/4652