What Node versions, OSs and CPU architectures are you building for?
node18
Describe the Bug
Since Node v18.20.2, CVE-2024-27980 (April 10, 2024) prevents the running of .cmd and .bat by default. It seems that pkg runs either a .cmd or .bat on Windows.
What version of pkg are you using?
5.11.5
What version of Node.js are you using?
v18.20.2
What operating system are you using?
Windows
What CPU architecture are you using?
x86_64
What Node versions, OSs and CPU architectures are you building for?
node18
Describe the Bug
Since Node v18.20.2, CVE-2024-27980 (April 10, 2024) prevents the running of
.cmdand.batby default. It seems thatpkgruns either a.cmdor.baton Windows.Workarounds:
{ shell: true }tospawn/spawnSync--security-revert=CVE-2024-27980(not advised)Expected Behavior
pkgworks on Windows as it did in v18.20.1.To Reproduce
pkg