fix(core): Disable Node.js custom inspection to address CVE-2023-37903 (#7125)

This seems like a better fix than #7122
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2023-09-07 10:25:59 +02:00 committed by GitHub
parent 01f875a94d
commit a223734a4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -32,6 +32,10 @@ if (![18, 20].includes(nodeVersionMajor)) {
// Prevent oclif from loading ts-node and typescript
process.env.OCLIF_TS_NODE = '0';
// Disable nodejs custom inspection across the app
const { inspect } = require('util');
inspect.defaultOptions.customInspect = false;
require('express-async-errors');
require('source-map-support').install();
require('reflect-metadata');