Closed deepak1556 closed 5 days ago
@deepak1556 can you elaborate on this?
simple scan of your extension's source code
e.g. what was searched for and what was found?
Search was for presence of child_process
module import along with presence of any .bat
or .cmd
commands. Given this was a search on the bundled extension it could have been from one of your dependencies as well. Best way to confirm would be to test the extension against our latest insiders.
We tested and didn't see any issues. Thanks for the heads up.
Hello from the VS Code team 👋
In our next release v1.92, we will update to Electron 30 which includes Node.js 20.14.0. This Node version contains a breaking change, in response to a CVE, which may affect you if you execute
.bat
or.cmd
files on Windows. Based on a simple scan of your extension's source code, you may be impacted by this change. The stable VS Code that contains this update will be released in early August.Action: please try out your extension on this month's VS Code Insiders on Windows. If you are affected by this change, you will encounter an
EINVAL
error when you try to spawn a bat/cmd file.Node.js has added a section on batch file spawning to their documentation. To fix any issues:
child_process.spawn
to execute a batch file on Windowsshell: true
orshell: process.platform === 'win32'
to the options objectPlease let us know if you run into issues or if you need clarification.
Happy coding!