Calls to spawn that include '.cmd' or '.bat' on windows should include '{shell: true}' argument

[phaze-ZA]

• [x] I have searched for similar issues

This is due to the recent security patch released by node.js: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2

---

Steps to Reproduce

• Be on nodejs > 20.12.1
• Be on windows
• run npm-check-updates
• notice EINVAL error

Current Behavior

EINVAL error is thrown

Expected Behavior

Command is executed

[raineorshine]

Hi, thanks for reporting.

If there is a Windows user that would like to test a fix and open a PR that would be helpful.

[phaze-ZA]

Will set something up locally and do a thingy