The shell: true is not best practices for security, but it's the easiest workaround and I think it's fine in v1-only dev scripts where we were already using it.
How to Test
If using Windows, upgrade to Node 20.12.2 or newer and verify that the zowe-v1-lts branch is able to build successfully with these changes
What It Does
Fixes gulp build tasks that invoke
npm.cmd
on Windows (see failing build here)For details about why they broke in Node 20.12.2, see https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
The
shell: true
is not best practices for security, but it's the easiest workaround and I think it's fine in v1-only dev scripts where we were already using it.How to Test
If using Windows, upgrade to Node 20.12.2 or newer and verify that the zowe-v1-lts branch is able to build successfully with these changes
Review Checklist I certify that I have:
Additional Comments