Comments (3)
According to https://nodejs.org/en/blog/release/v20.12.2
This is a security release.
[Notable Changes](https://nodejs.org/en/blog/release/v20.12.2#notable-changes)
CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
from serverless.
how to fix this?
from serverless.
Stack trace shows:
× Stack api-dev failed to deploy (12s)
Environment: win32, node 20.13.1, framework 3.38.0 (local), plugin 7.2.3, SDK 4.5.1
Credentials: Local, "default" profile
Docs: docs.serverless.com
Support: forum.serverless.com
Bugs: github.com/serverless/serverless/issues
Error:
Error: spawn EINVAL
at ChildProcess.spawn (node:internal/child_process:421:11)
at Object.spawn (node:child_process:761:9)
at childProcess.spawn (C:\REDACTED\api\node_modules\cli-progress-footer\lib\private\cli-progress-footer\disable-props.js:73:50)
at C:\REDACTED\api\node_modules\serverless-webpack\lib\utils.js:73:32
at Promise._execute (C:\REDACTED\api\node_modules\bluebird\js\release\debuggability.js:384:9)
at Promise._resolveFromExecutor (C:\REDACTED\api\node_modules\bluebird\js\release\promise.js:518:18)
at new Promise (C:\REDACTED\api\node_modules\bluebird\js\release\promise.js:103:10)
at Object.spawnProcess (C:\REDACTED\api\node_modules\serverless-webpack\lib\utils.js:72:10)
at NPM.install (C:\REDACTED\api\node_modules\serverless-webpack\lib\packagers\npm.js:143:18)
at C:\REDACTED\api\node_modules\serverless-webpack\lib\packExternalModules.js:404:20
at tryCatcher (C:\REDACTED\api\node_modules\bluebird\js\release\util.js:16:23)
at Promise._settlePromiseFromHandler (C:\REDACTED\api\node_modules\bluebird\js\release\promise.js:547:31)
at Promise._settlePromise (C:\REDACTED\api\node_modules\bluebird\js\release\promise.js:604:18)
at Promise._settlePromise0 (C:\REDACTED\api\node_modules\bluebird\js\release\promise.js:649:10)
at Promise._settlePromises (C:\REDACTED\api\node_modules\bluebird\js\release\promise.js:729:18)
at _drainQueueStep (C:\REDACTED\api\node_modules\bluebird\js\release\async.js:93:12)
at _drainQueue (C:\REDACTED\api\node_modules\bluebird\js\release\async.js:86:9)
at Async._drainQueues (C:\REDACTED\api\node_modules\bluebird\js\release\async.js:102:5)
at Async.drainQueues [as _onImmediate] (C:\REDACTED\api\node_modules\bluebird\js\release\async.js:15:14)
at process.processImmediate (node:internal/timers:478:21)
Seems to be an issue in serverless-webpack's dependency, cli-progress-footer
It's been discussed here: nodejs/node#52554
from serverless.
Related Issues (20)
- Serverless 4.x doesn't seem to update or work HOT 7
- sls deploy issue HOT 1
- Make inputTransformers and inputPath available when CfnRule target is event bus HOT 1
- No forceInclude equivalent in the new build.esbuild configuration HOT 8
- Invalid option in build call buildConcurrency HOT 3
- [v4] Parsing issue around build.esbuild.exclude and build.esbuild.external HOT 3
- Dev command does not work when custom IAM role set HOT 4
- AWS SSO doesn't seem to work with SERVERLESS_LICENSE_KEY HOT 5
- [windows][v4] serverless invoke local is failing to load handlers HOT 6
- Params top-level property is not loading when defined in a file HOT 3
- Detected unrecognized CLI options: "--d". HOT 1
- V4: serverless dev command does not work in eu-south-1 region. HOT 3
- V4: .env variables do not work in serverles.yml HOT 1
- V4: Default deploymentMethod 'direct' or 'changesets' HOT 3
- [v4] Unable to use basic cli functionality like help without aws credentials HOT 3
- Custom resource uses wrong datatype for version HOT 4
- existing:true S3 Bucket Still Tries to get deleted HOT 3
- `logs.restApi: true` fails to deploy HOT 10
- Serverless deploy not working HOT 1
- [Serverless V4] The "exclude" keyword doesn't work for esbuild HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless.