From 3fd414b290caebf872c2430ae85ae6de8cc637f1 Mon Sep 17 00:00:00 2001 From: Kevin Barabash Date: Tue, 21 Feb 2023 15:24:14 -0500 Subject: [PATCH] Use execFileSync instead of execSync in gen-flow-types.ts (#537) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary: This addressed https://github.com/Khan/wonder-stuff/security/code-scanning/7 ## Test Plan: - let CI do its thing Author: kevinbarabash Reviewers: jeresig Required Reviewers: Approved By: jeresig Checks: ✅ codecov/project, ✅ Test (macos-latest, 16.x), ✅ CodeQL, ✅ Lint, typecheck, and coverage check (ubuntu-latest, 16.x), ✅ gerald, ✅ Prime node_modules cache for primary configuration (ubuntu-latest, 16.x), ⏭ dependabot, ✅ Analyze (javascript) Pull Request URL: https://github.com/Khan/wonder-stuff/pull/537 --- .changeset/smooth-wombats-protect.md | 2 ++ build-scripts/gen-flow-types.ts | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 .changeset/smooth-wombats-protect.md diff --git a/.changeset/smooth-wombats-protect.md b/.changeset/smooth-wombats-protect.md new file mode 100644 index 00000000..a845151c --- /dev/null +++ b/.changeset/smooth-wombats-protect.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/build-scripts/gen-flow-types.ts b/build-scripts/gen-flow-types.ts index 40b808ec..3f0a5345 100644 --- a/build-scripts/gen-flow-types.ts +++ b/build-scripts/gen-flow-types.ts @@ -1,4 +1,4 @@ -import {execSync} from "child_process"; +import {execFileSync} from "child_process"; import * as path from "path"; import * as fglob from "fast-glob"; @@ -9,10 +9,10 @@ const files = fglob.sync("packages/wonder-stuff-*/dist/**/*.d.ts", { for (const inFile of files) { const outFile = inFile.replace(".d.ts", ".js.flow"); - const command = `yarn flowgen ${inFile} -o ${outFile} --add-flow-header`; + const args = ["flowgen", inFile, "-o", outFile, "--add-flow-header"]; try { - execSync(command, {cwd: rootDir}); + execFileSync("yarn", args, {cwd: rootDir}); console.log(`✅ wrote: ${outFile}`); } catch (e) { console.log(`❌ error processing: ${inFile}: ${e}`);