cross-spawn vulnerability GHSA-3xgq-45jj-v275 #23
Description
bin-build uses an old version of execa (^0.7.0) which depends on an old version of cross-spawn (^5.0.1) which is vulnerable (see this link https://osv.dev/vulnerability/GHSA-3xgq-45jj-v275)
In order to fix the vulnerability issue it would be enough to bump execa to version ^2.1.0 which depends on cross-spawn ^7.0.0 (which includes the vulnerability patch in version 7.0.5)
@kevva would you be able to take a look at it and see if you can bump the package and release an update of bin-build?
Thank you