IDCs
commented
2 weeks ago Unfortunately we need to go through our codebase and add the shell: true property to all affected spawn calls. We have two potential solutions:
- Go through the codebase manually and ensure we add the shell property (grindy task) - this will not affect 3rd party extensions and as a result any extensions that are not defining this property will potentially cease to work. (We need to review all 3rd party extensions to gauge the effect)
- We can monkey patch the child_process.spawn function to ensure that the shell property is set when missing - this will affect 3rd party extensions and will ensure they're functioning (theoretically) and will simplify this task massively; BUT - monkey patching is evil and may create trouble in the long term.
A new security feature was introduced in NodeJS 18.20.x which is causing our build process to fail. We need to investigate whether a change needs to be made to Vortex's codebase or if this is a bug in Node.
https://github.com/node-red/node-red/pull/4652