On Windows, the current working directory is searched for a matching executable before the rest of the user's path.
This causes a potential issue where running git appraise from within a directory that has an executable file matching the command git will cause that (untrusted) file to be invoked instead of the expected git executable when git-appraise attempts to shell out to git.
This change prevents that by using the new execabs package instead of os/exec. With this change, that scenario would cause git appraise to report an error rather than invoking the wrong git binary.
On Windows, the current working directory is searched for a matching executable before the rest of the user's path.
This causes a potential issue where running
git appraisefrom within a directory that has an executable file matching the commandgitwill cause that (untrusted) file to be invoked instead of the expectedgitexecutable whengit-appraiseattempts to shell out togit.This change prevents that by using the new
execabspackage instead ofos/exec. With this change, that scenario would causegit appraiseto report an error rather than invoking the wronggitbinary.More background on the related issue here