[Snyk] Upgrade execa from 7.2.0 to 9.3.1

[gr00nd]

Snyk has created this PR to upgrade execa from 7.2.0 to 9.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released on a month ago.

Release notes

Package name: execa

• 9.3.1 - 2024-08-14
  

  Thanks @ holic and @ jimhigson for your contributions!

  Bugs

  • Do not crash when using a custom Node.js binary without ICU support. (#1144)

  Bugs (types)

  • Fix type of the env option. It was currently failing for Remix or Next.js users. (by @ holic) (#1141)

  Documentation

  • Fix typo in "Inputs" documentation. (by @ jimhigson) (#1145)
  • Document how to terminate hanging subprocesses. (#1140)
  • Document how to add custom logging. (#1131)
• 9.3.0 - 2024-06-21
  

  Features

  • The verbose option can now be a function to customize logging. (#1130)
• 9.2.0 - 2024-06-06
  

  This release includes a new set of methods to exchange messages between the current process and a Node.js subprocess, also known as "IPC". This allows passing and returning almost any message type to/from a Node.js subprocess. Also, debugging IPC is now much easier.

  Moreover, a new gracefulCancel option has also been added to terminate a subprocess gracefully.

  For a deeper dive-in, please check and share the release post!

  Thanks @ iiroj for your contribution, @ SimonSiefke and @ adymorz for reporting the bugs fixed in this release, and @ karlhorky for improving the documentation!

  Deprecations

  • Passing 'ipc' to the stdio option has been deprecated. It will be removed in the next major release. Instead, the ipc: true option should be used. (#1056)

  - await execa('npm', ['run', 'build'], {stdio: ['pipe', 'pipe', 'pipe', 'ipc']});
  + await execa('npm', ['run', 'build'], {ipc: true});

  • The execaCommand() method has been deprecated. It will be removed in the next major release. If most cases, the template string syntax should be used instead.
  - import {execaCommand} from 'execa';
  + import {execa} from 'execa';

  - await execaCommand('npm run build');
  + await execanpm run build;

  const taskName = 'build';
  - await execaCommand(npm run ${taskName});
  + await execanpm run ${taskName};

  const commandArguments = ['run', 'task with space'];
  await execanpm ${commandArguments};

  If the file and/or multiple arguments are supplied as a single string, parseCommandString(command) can split that string into an array. More info. (#1054)

  - import {execaCommand} from 'execa';
  + import {execa, parseCommandString} from 'execa';

  const commandString = 'npm run task';
  - await execaCommand(commandString);
  + const commandArray = parseCommandString(commandString); // ['npm', 'run', 'task']
  + await execa${commandArray};

  // Or alternatively:
  const [file, ...commandArguments] = commandArray;
  await execa(file, commandArguments);

  Features

  • Add gracefulCancel option and getCancelSignal() method to terminate a subprocess gracefully. error.isGracefullyCanceled was also added. (#1109)
  • Add error.isForcefullyTerminated. It is true when the subprocess was terminated by the forceKillAfterDelay option. (#1111)
  • New methods to simplify exchanging messages between the current process and the subprocess. More info. (#1059, #1061, #1076, #1077, #1079, #1082, #1083, #1086, #1087, #1088, #1089, #1090, #1091, #1092, #1094, #1095, #1098, #1104, #1107)
    • The current process sends messages with subprocess.sendMessage(message) and receives them with subprocess.getOneMessage(). subprocess.getEachMessage() listens to multiple messages.
    • The subprocess uses sendMessage(message), getOneMessage() and getEachMessage() instead. Those are the same methods, but imported directly from the 'execa' module.
  • The ipcInput option sends an IPC message from the current process to the subprocess as it starts. This enables passing almost any input type to a Node.js subprocess. (#1068)
  • The result.ipcOutput array contains all the IPC messages sent by the subprocess to the current process. This enables returning almost any output type from a Node.js subprocess. (#1067, #1071, #1075)
  • The error message now contains every IPC message sent by the subprocess. (#1067)
  • The verbose: 'full' option now logs every IPC message sent by the subprocess, for debugging. More info here and there. (#1063)

  Types

  • Add ExecaMethod, ExecaNodeMethod and ExecaScriptMethod, ExecaSyncMethod and ExecaScriptSyncMethod types. (#1066)
  • Export the Message type, for IPC. (#1059)
  • Fix type of forceKillAfterDelay: true option. (#1116)

  Bug fixes

  • Fix passing a {file} to both the stdin and the stdout or stderr options. (#1058)
  • Fix multiple minor problems with the cancelSignal option. (#1108)
  • Fix accidental publishing of Vim backup files. (#1074)
  • Fix engines.node field in package.json. Supported Node.js version is ^18.19.0 or >=20.5.0. (by @ iiroj) (#1101)
• 9.1.0 - 2024-05-13
  

  Features (types)

  • Export TemplateExpression type. (#1049)
• 9.0.2 - 2024-05-10
  

  Bug fixes (types)

  • Do not require using --lib dom for TypeScript users (#1043, #1044)
  • Fix type of the reject option (#1046)
• 9.0.1 - 2024-05-09
  

  Bug fixes (types)

  • Fix types not being importable (#1033) 3bdab60
  • Fix complexity bug with types (#1037) 6cc519b
  • Fix complexity bug with types (#1035) fee011d
• 9.0.0 - 2024-05-08
  

  This major release brings many important features including:

  • Split the output into lines, or progressively iterate over them.
  • Transform or filter the input/output using simple functions.
  • Print the output to the terminal while still retrieving it programmatically.
  • Redirect the input/output from/to a file.
  • Advanced piping between multiple subprocesses.
  • Improved verbose mode, for debugging.
  • More detailed errors, including when terminating subprocesses.
  • Enhanced template string syntax.
  • Global/shared options.
  • Web streams and Transform streams support.
  • Convert the subprocess to a stream.
  • New documentation with many examples.

  Please check the release post for a high-level overview! For the full list of breaking changes, features and bug fixes, please read below.

  Thanks @ younggglcy, @ koshic, @ am0o0 and @ codesmith-emmy for your help!

  ---

  One of the maintainers @ ehmicky is looking for a remote full-time position. Specialized in Node.js back-ends and CLIs, he led Netlify Build, Plugins and Configuration for 2.5 years. Feel free to contact him on his website or on LinkedIn!

  ---

  Breaking changes (not types)

  • Dropped support for Node.js version <18.19.0 and 20.0.0 - 20.4.0. (834e372)

  • When the encoding option is 'buffer', the output (result.stdout, result.stderr, result.all) is now an Uint8Array instead of a Buffer. For more information, see this blog post. (by @ younggglcy) (#586)

  const {stdout} = await execa('node', ['file.js'], {encoding: 'buffer'});
  console.log(stdout); // This is now an Uint8Array

  • Renamed some of the allowed values for the encoding option. (#586, #928)
  - await execa('node', ['file.js'], {encoding: null});
  + await execa('node', ['file.js'], {encoding: 'buffer'});

- await execa('node', ['file.js'], {encoding: 'utf-8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});

- await execa('node', ['file.js'], {encoding: 'UTF8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});

- await execa('node', ['file.js'], {encoding: 'utf-16le'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'ucs2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'ucs-2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'binary'});
+ await execa('node', ['file.js'], {encoding: 'latin1'});

• Passing a file path to subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() has been removed. Instead, a {file: './path'} object should be passed to the stdout or stderr option. (#752)

- await execa('node', ['file.js']).pipeStdout('output.txt');
+ await execa('node', ['file.js'], {stdout: {file: 'output.txt'}});

- await execa('node', ['file.js']).pipeStderr('output.txt');
+ await execa('node', ['file.js'], {stderr: {file: 'output.txt'}});

- await execa('node', ['file.js']).pipeAll('output.txt');
+ await execa('node', ['file.js'], {
+ stdout: {file: 'output.txt'},
+ stderr: {file: 'output.txt'},
+});

• Passing a writable stream to subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() has been removed. Instead, the stream should be passed to the stdout or stderr option. If the stream does not have a file descriptor, ['pipe', stream] should be passed instead. (#752)

- await execa('node', ['file.js']).pipeStdout(stream);
+ await execa('node', ['file.js'], {stdout: ['pipe', stream]});

- await execa('node', ['file.js']).pipeStderr(stream);
+ await execa('node', ['file.js'], {stderr: ['pipe', stream]});

- await execa('node', ['file.js']).pipeAll(stream);
+ await execa('node', ['file.js'], {
+ stdout: ['pipe', stream],
+ stderr: ['pipe', stream],
+});

• The subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() methods have been renamed to subprocess.pipe(). The command and its arguments can be passed to subprocess.pipe() directly, without calling execa() a second time. The from piping option can specify 'stdout' (the default value), 'stderr' or 'all'. (#757)

- await execa('node', ['file.js']).pipeStdout(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js']);

- await execa('node', ['file.js']).pipeStderr(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'stderr'});

- await execa('node', ['file.js']).pipeAll(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'all'});

• Renamed the signal option to cancelSignal. (#880)

- await execa('node', ['file.js'], {signal: abortController.signal});
+ await execa('node', ['file.js'], {cancelSignal: abortController.signal});

• Renamed error.killed to error.isTerminated. (#625)

try {
	await execa('node', ['file.js']);
} catch (error) {
- if (error.killed) {
+ if (error.isTerminated) {
		// ...
	}
}

• subprocess.cancel() has been removed. Please use either subprocess.kill() or the cancelSignal option instead. (#711)

- subprocess.cancel();
+ subprocess.kill();

• Renamed the forceKillAfterTimeout option to forceKillAfterDelay. Also, it is now passed to execa() instead of subprocess.kill(). (#714, #723)

- const subprocess = execa('node', ['file.js']);
- subprocess.kill('SIGTERM', {forceKillAfterTimeout: 1000});
+ const subprocess = execa('node', ['file.js'], {forceKillAfterDelay: 1000});
+ subprocess.kill('SIGTERM');

• The verbose option is now a string enum instead of a boolean. false has been renamed to 'none' and true has been renamed to 'short'. (#884)

- await execa('node', ['file.js'], {verbose: false});
+ await execa('node', ['file.js'], {verbose: 'none'});

- await execa('node', ['file.js'], {verbose: true});
+ await execa('node', ['file.js'], {verbose: 'short'});

• The execPath option has been renamed to nodePath. It is now a noop unless the node option is true. Also, it now works even if the preferLocal option is false. (#812, #815)

- await execa('node', ['file.js'], {execPath: './path/to/node'});
+ await execa('node', ['file.js'], {nodePath: './path/to/node'});

• The default value for the serialization option is now 'advanced' instead of 'json'. In particular, when calling subprocess.send(object) with an object that contains functions or symbols, those were previously silently removed. Now this will throw an exception. (#905)

- subprocess.send({example: true, getExample() {}});
+ subprocess.send({example: true});

• If subprocess.stdout, subprocess.stderr or subprocess.all is manually piped, the .pipe() call must now happen as soon as subprocess is created. Otherwise, the output at the beginning of the subprocess might be missing. (#658, #747)

const subprocess = execa('node', ['file.js']);
- setTimeout(() => {
	subprocess.stdout.pipe(process.stdout);
- }, 0);

• Signals passed to subprocess.kill() and to the killSignal option cannot be lowercase anymore. (#1025)

- const subprocess = execa('node', ['file.js'], {killSignal: 'sigterm'});
+ const subprocess = execa('node', ['file.js'], {killSignal: 'SIGTERM'});

- subprocess.kill('sigterm');
+ subprocess.kill('SIGTERM');

Features

Execution

• Use the template string syntax with any method (including execa()), as opposed to only $. Conversely, $ can now use the regular array syntax. (