From b4a4e6504b3bc6fefb097c7a97d47b72e2bf6a73 Mon Sep 17 00:00:00 2001
From: SuZhou-Joe <suzhou@amazon.com>
Date: Thu, 30 Jan 2025 19:56:46 +0800
Subject: [PATCH] [CVE-2024-21538] Bump cross-spawn to 7.0.5 (#1683)

Signed-off-by: SuZhou-Joe <suzhou@amazon.com>
(cherry picked from commit af7d4e68b25f3f5226cb1ee0dd5b90acb227338f)
---
 package-lock.json | 16 ++++++++--------
 package.json      |  3 ++-
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 981087d2b..7ef884012 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -839,9 +839,9 @@
       "dev": true
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dev": true,
       "dependencies": {
         "path-key": "^3.1.0",
@@ -4641,9 +4641,9 @@
       "dev": true
     },
     "cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dev": true,
       "requires": {
         "path-key": "^3.1.0",
@@ -4935,7 +4935,7 @@
         "@humanwhocodes/config-array": "^0.5.0",
         "ajv": "^6.10.0",
         "chalk": "^4.0.0",
-        "cross-spawn": "^7.0.2",
+        "cross-spawn": "^7.0.5",
         "debug": "^4.0.1",
         "doctrine": "^3.0.0",
         "enquirer": "^2.3.5",
@@ -5238,7 +5238,7 @@
       "integrity": "sha512-j5W0//W7f8UxAn8hXVnwG8tLwdiUy4FJLcSupCg6maBYZDpyBvTApK7KyuI4bKj8KOh1r2YH+6ucuYtJv1bTZA==",
       "dev": true,
       "requires": {
-        "cross-spawn": "^7.0.0",
+        "cross-spawn": "^7.0.5",
         "get-stream": "^5.0.0",
         "human-signals": "^1.1.1",
         "is-stream": "^2.0.0",
diff --git a/package.json b/package.json
index 097041894..f3f986e2f 100644
--- a/package.json
+++ b/package.json
@@ -69,6 +69,7 @@
   },
   "overrides": {
     "tough-cookie": "^4.1.3",
-    "optionator": "^0.9.3"
+    "optionator": "^0.9.3",
+    "cross-spawn": "^7.0.5"
   }
 }