[DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities for builder > 26.0.3

[Sfinx]

node:4183061) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
    at normalizeSpawnArguments (node:child_process:616:15)
    at spawn (node:child_process:755:13)
    at execFile (node:child_process:346:17)
    at /home/xyz/app/node_modules/builder-util/src/util.ts:99:13
    at new Promise (<anonymous>)
    at exec (/home/xyz/app/node_modules/builder-util/src/util.ts:98:10)
    at NpmNodeModulesCollector.getDependenciesTree (/home/xyz/app/node_modules/app-builder-lib/src/node-module-collector/nodeModulesCollector.ts:44:36)
    at NpmNodeModulesCollector.getNodeModules (/home/xyz/app/node_modules/app-builder-lib/src/node-module-collector/nodeModulesCollector.ts:16:21)

[mmaietta]

Fairly positive that this needs shell: true in order to properly collect the node_module dependency tree, but I'll take a deeper look to see if there's alternatives... https://github.com/electron-userland/electron-builder/blob/2d014a86050eee16e4092cfce40a1a6e9c9ee474/packages/app-builder-lib/src/node-module-collector/nodeModulesCollector.ts#L40-L43

[github-actions[bot]]

This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment, or this will be closed in 30 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 30 days with no activity.