From 262e19e881115878946820193ff0934dcb3e92e4 Mon Sep 17 00:00:00 2001
From: Danielv123 <danielv@danielv.no>
Date: Tue, 23 Apr 2024 22:21:39 +0200
Subject: [PATCH] Use shell:true when running non-user input .cmd files on
 windows

Required after CVE fix: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2/
Resolves #612
---
 packages/create/create.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/create/create.js b/packages/create/create.js
index 66e4084a..3126f0dc 100755
--- a/packages/create/create.js
+++ b/packages/create/create.js
@@ -108,7 +108,7 @@ async function safeOutputFile(file, data, options={}) {
 async function execFile(cmd, args) {
 	logger.verbose(`executing ${cmd} ${args.join(" ")}`);
 	return new Promise((resolve, reject) => {
-		let child = child_process.execFile(cmd, args, (err, stdout, stderr) => {
+		let child = child_process.execFile(cmd, args, { shell: true }, (err, stdout, stderr) => {
 			if (err) {
 				reject(err);
 			} else {