chore(deps): update dependency execa to v9

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
execa	^8.0.1 -> ^9.1.0

---

Release Notes

sindresorhus/execa (execa)

v9.1.0

Compare Source

Features (types)

• Export TemplateExpression type. (#​1049)

v9.0.2

Compare Source

Types (bug fixes)

• Do not require using --lib dom for TypeScript users (#​1043, #​1044)
• Fix type of the reject option (#​1046)

v9.0.1

Compare Source

Types (bug fixes)

• Fix types not being importable (#​1033) 3bdab60
• Fix complexity bug with types (#​1037) 6cc519b
• Fix complexity bug with types (#​1035) fee011d

v9.0.0

Compare Source

This major release brings many important features including:

• Split the output into lines, or progressively iterate over them.
• Transform or filter the input/output using simple functions.
• Print the output to the terminal while still retrieving it programmatically.
• Redirect the input/output from/to a file.
• Advanced piping between multiple subprocesses.
• Improved verbose mode, for debugging.
• More detailed errors, including when terminating subprocesses.
• Enhanced template string syntax.
• Global/shared options.
• Web streams and Transform streams support.
• Convert the subprocess to a stream.
• New documentation with many examples.

Please check the release post for a high-level overview! For the full list of breaking changes, features and bug fixes, please read below.

Thanks @​younggglcy, @​koshic, @​am0o0 and @​codesmith-emmy for your help!

---

One of the maintainers @​ehmicky is looking for a remote full-time position. Specialized in Node.js back-ends and CLIs, he led Netlify Build, Plugins and Configuration for 2.5 years. Feel free to contact him on his website or on LinkedIn!

---

Breaking changes

• Minimal supported Node.js version is now 18.19.0. (834e372)

• When the encoding option is 'buffer', the output (result.stdout, result.stderr, result.all) is now an Uint8Array instead of a Buffer. For more information, see this blog post. (by @​younggglcy) (#​586)

const {stdout} = await execa('node', ['file.js'], {encoding: 'buffer'});
console.log(stdout); // This is now an Uint8Array

• Renamed some of the allowed values for the encoding option. (#​586, #​928)

- await execa('node', ['file.js'], {encoding: null});
+ await execa('node', ['file.js'], {encoding: 'buffer'});

- await execa('node', ['file.js'], {encoding: 'utf-8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});

- await execa('node', ['file.js'], {encoding: 'UTF8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});

- await execa('node', ['file.js'], {encoding: 'utf-16le'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'ucs2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'ucs-2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'binary'});
+ await execa('node', ['file.js'], {encoding: 'latin1'});

• Passing a file path to subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() has been removed. Instead, a {file: './path'} object should be passed to the stdout or stderr option. (#​752)

- await execa('node', ['file.js']).pipeStdout('output.txt');
+ await execa('node', ['file.js'], {stdout: {file: 'output.txt'}});

- await execa('node', ['file.js']).pipeStderr('output.txt');
+ await execa('node', ['file.js'], {stderr: {file: 'output.txt'}});

- await execa('node', ['file.js']).pipeAll('output.txt');
+ await execa('node', ['file.js'], {
+	stdout: {file: 'output.txt'},
+	stderr: {file: 'output.txt'},
+});

• Passing a writable stream to subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() has been removed. Instead, the stream should be passed to the stdout or stderr option. If the stream does not have a file descriptor, ['pipe', stream] should be passed instead. (#​752)

- await execa('node', ['file.js']).pipeStdout(stream);
+ await execa('node', ['file.js'], {stdout: ['pipe', stream]});

- await execa('node', ['file.js']).pipeStderr(stream);
+ await execa('node', ['file.js'], {stderr: ['pipe', stream]});

- await execa('node', ['file.js']).pipeAll(stream);
+ await execa('node', ['file.js'], {
+	stdout: ['pipe', stream],
+	stderr: ['pipe', stream],
+});

• The subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() methods have been renamed to subprocess.pipe(). The command and its arguments can be passed to subprocess.pipe() directly, without calling execa() a second time. The from piping option can specify 'stdout' (the default value), 'stderr' or 'all'. (#​757)

- await execa('node', ['file.js']).pipeStdout(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js']);

- await execa('node', ['file.js']).pipeStderr(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'stderr'});

- await execa('node', ['file.js']).pipeAll(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'all'});

• Renamed the signal option to cancelSignal. (#​880)

- await execa('node', ['file.js'], {signal: abortController.signal});
+ await execa('node', ['file.js'], {cancelSignal: abortController.signal});

• Renamed error.killed to error.isTerminated. (#​625)

try {
	await execa('node', ['file.js']);
} catch (error) {
- if (error.killed) {
+ if (error.isTerminated) {
		// ...
	}
}

• subprocess.cancel() has been removed. Please use either subprocess.kill() or the cancelSignal option instead. (#​711)

- subprocess.cancel();
+ subprocess.kill();

• Renamed the forceKillAfterTimeout option to forceKillAfterDelay. Also, it is now passed to execa() instead of subprocess.kill(). (#​714, #​723)

- const subprocess = execa('node', ['file.js']);
- subprocess.kill('SIGTERM', {forceKillAfterTimeout: 1000});
+ const subprocess = execa('node', ['file.js'], {forceKillAfterDelay: 1000});
+ subprocess.kill('SIGTERM');

• The verbose option is now a string enum instead of a boolean. false has been renamed to 'none' and true has been renamed to 'short'. (#​884)

- await execa('node', ['file.js'], {verbose: false});
+ await execa('node', ['file.js'], {verbose: 'none'});

- await execa('node', ['file.js'], {verbose: true});
+ await execa('node', ['file.js'], {verbose: 'short'});

• The execPath option has been renamed to nodePath. It is now a noop unless the node option is true. Also, it now works even if the preferLocal option is false. (#​812, #​815)

- await execa('node', ['file.js'], {execPath: './path/to/node'});
+ await execa('node', ['file.js'], {nodePath: './path/to/node'});

• The default value for the serialization option is now 'advanced' instead of 'json'. In particular, when calling subprocess.send(object) with an object that contains functions or symbols, those were previously silently removed. Now this will throw an exception. (#​905)

- subprocess.send({example: true, getExample() {}});
+ subprocess.send({example: true});

• If subprocess.stdout, subprocess.stderr or subprocess.all is manually piped, the .pipe() call must now happen as soon as subprocess is created. Otherwise, the output at the beginning of the subprocess might be missing. (#​658, #​747)

const subprocess = execa('node', ['file.js']);
- setTimeout(() => {
	subprocess.stdout.pipe(process.stdout);
- }, 0);

• Signals passed to subprocess.kill() and to the killSignal option cannot be lowercase anymore. (#​1025)

- const subprocess = execa('node', ['file.js'], {killSignal: 'sigterm'});
+ const subprocess = execa('node', ['file.js'], {killSignal: 'SIGTERM'});

- subprocess.kill('sigterm');
+ subprocess.kill('SIGTERM');

Features

Execution

• Use the template string syntax with any method (including execa()), as opposed to only $. Conversely, $ can now use the regular array syntax. (#​933)
• A command's template string can span multiple lines. (#​843)
• Share options between multiple calls, or set global options, by using execa(options). (#​933, #​965)
• Pass a file URL (as opposed to a file path string) to execa(), execaNode(), the inputFile option, the nodePath option or the shell option. (#​630, #​631, #​632, #​635)

Text lines

• Split the output into text lines by using the lines option. (#​741, #​929, #​931, #​948, #​951, #​957)
• Subprocess is now an async iterable, iterating over the output lines while the subprocess is running. (#​923)

Piping multiple subprocesses

• Simpler syntax: pass the command directly to subprocess.pipe() without calling execa(). A template string can also be used. (#​840, #​859, #​864)
• Wait for both subprocesses to complete. Error handling has been improved too. (#​757, #​778, #​834, #​854)
• Retrieve the result of each subprocess (not only the last one) by using result.pipedFrom and error.pipedFrom. (#​834)
• Pipe 1 or many subprocesses to 1 or many subprocesses. (#​834)
• Pipe subprocesses using other file descriptors than stdin/stdout/stderr by using the from and to piping options. (#​757, #​834, #​903, #​920)
• Cancel piping subprocesses by using the unpipeSignal piping option. (#​834, #​852)

Input/output

• Pass an array with multiple values to the stdin, stdout and stderr options. For example, stdout: ['inherit', 'pipe'] prints the output to the terminal while still returning it as result.stdout. (#​643, #​765, #​941, #​954)
• Redirect the input/output from/to a file by passing a {file: './path'} object or a file URL to the stdin, stdout or stderr option. (#​610, #​614, #​621, #​671, #​1004)
• Transform or filter the input/output by passing a generator function to the stdin, stdout or stderr option. (#​693, #​697, #​698, #​699, #​709, #​736, #​737, #​739, #​740, #​746, #​748, #​755, #​756, #​780, #​783, #​867, #​915, #​916, #​917, #​919, #​924, #​926, #​945, #​969)
• Provide some binary input by passing an Uint8Array to the input or stdin option. (834e372, #​670, #​1029)
• Provide some progressive input by passing a sync/async iterable to the stdin option. (#​604, #​944)
• Provide multiple inputs by combining the stdin, input and inputFile options. (#​666)
• Return other file descriptors than result.stdout and result.stderr by using result.stdio. (#​676)
• Specify different values for stdout and stderr with the following options: verbose, lines, stripFinalNewline, maxBuffer, buffer. (#​966, #​970, #​971, #​972, #​973, #​974)

Streams

• Redirect the input/output from/to a web stream by passing a ReadableStream or WritableStream to the stdin, stdout or stderr option. (#​615, #​619, #​645)
• Transform or filter the input/output by passing a Duplex, Node.js Transform or web TransformStream to the stdin, stdout or stderr option. (#​937, #​938)
• Convert the subprocess to a stream by using subprocess.readable(), subprocess.writable() or subprocess.duplex(). (#​912, #​922, #​958)

Verbose mode

• Print the subprocess' completion, duration and errors with the verbose: 'short' or verbose: 'full' option. (#​887, #​890)
• Print the subprocess' output with the verbose: 'full' option. (#​884, #​950, #​962, #​990)
• Prettier formatting and colors with the verbose option. (#​883, #​893, #​894)

Debugging

• Retrieve the subprocess' duration by using result.durationMs and error.durationMs. (#​896)
• Retrieve the subprocess' current directory by using result.cwd. Previously only error.cwd was available. Also, result.cwd and error.cwd are now normalized to absolute file paths. (#​803)
• Printing result.escapedCommand in a terminal is now safe. (#​875)

Errors

• The ExecaError and ExecaSyncError classes are now exported. (#​911)
• Find the subprocess failure's root cause by using error.cause. (#​911)
• Know whether the subprocess failed due to the maxBuffer option by using error.isMaxBuffer. (#​963)
• Improved error.message: error.stdout and error.stderr are now interleaved if the all option is true. Additional file descriptors are now printed too. Also, the formatting has been improved. (#​676, #​705, #​991, #​992)
• Control characters in error.message are now escaped, so they don't result in visual bugs when printed in a terminal. (#​879)
• Improved stack trace when an error event is emitted on subprocess.stdout or subprocess.stderr. (#​814)

Termination

• Specify an error message or stack trace when terminating a subprocess by passing an error instance to subprocess.kill(). (#​811, #​836, #​1023)
• The forceKillAfterDelay and killSignal options now apply to terminations due not only to subprocess.kill() but also to the cancelSignal, timeout, maxBuffer and cleanup options. (#​714, #​728)

Node.js files

• Use the nodePath and nodeOptions options with any method, as opposed to only execaNode(), by passing the node: true option. (#​804, #​812, #​815)
• When using execaNode() or the node: true option, the current Node.js version is now inherited deeply. If the subprocess spawns other subprocesses, they will all use the same Node.js version. (#​812, #​815, #​1011)

Synchronous execution

• Use the all and buffer: false options with execaSync(), as opposed to only execa(). (#​953, #​956)
• Added the $.s alias for $.sync. (#​594)

Inter-process communication

• Use the ipc: true option, as opposed to the more verbose stdio: ['pipe', 'pipe', 'pipe', 'ipc'] option. (#​794)

Input validation

• Improved the validation of the input, timeout, cwd, detached, cancelSignal and encoding options. (#​668, #​715, #​803, #​928, #​940)
• Improved the validation of the arguments passed to execa() and the other exported methods. (#​838, #​873, #​899)
• Improved the validation of signals passed to subprocess.kill() and to the killSignal option. (#​1025)

Bug fixes

• Fixed passing undefined values as options. This now uses the option's default value. (#​712)
• Fixed the process crashing when the inputFile option points to a missing file. (#​609)
• Fixed the process crashing when the buffer option is false and subprocess.stdout errors. (#​729)
• Fixed the process crashing when passing 'overlapped' to the stdout or stderr option with execaSync(). (#​949)
• Fixed the process crashing when multiple 'error' events are emitted on the subprocess. (#​790)
• Fixed the reject: false option not being used when the subprocess fails to spawn. (#​734)
• Fixed some inaccuracies with error.isTerminated. (#​625, #​719)
  • It is now true when the subprocess fails due to the timeout option.
  • It is now true when calling process.kill(subprocess.pid), except on Windows.
  • It is now false when using non-terminating signals such as subprocess.kill(0).
• Fixed missing error.signal and error.signalDescription when the subprocess is terminated by the cancelSignal option. (#​724)
• Fixed a situation where the error returned by an execa() call might be modified by another execa() call. (#​796, #​806, #​911)
• Fixed the verbose option printing the command in the wrong order. (#​600)
• Fixed using both the maxBuffer and encoding options. For example, when using encoding: 'hex', maxBuffer will now be measured in hexadecimal characters. Also, error.stdout, error.stderr and error.all were previously not applying the maxBuffer option. (#​652, #​696)
• Fixed the maxBuffer option not truncating result.stdout and result.stderr when using execaSync(). (#​960)
• Fixed empty output when using the buffer: true option (its default value) and iterating over subprocess.stdout or subprocess.stderr. (#​908)
• Fixed subprocess.all stream incorrectly being in object mode. (#​717)
• Ensured subprocess.stdout and subprocess.stderr are properly flushed when the subprocess fails. (#​647)
• Fixed a race condition leading to random behavior with the timeout option. (#​727)

Types (breaking changes)

• Renamed CommonOptions type to Options (for execa()) and SyncOptions (for execaSync()). (#​678, #​682)

import type {Options} from 'execa';

- const options: CommonOptions = {timeout: 1000};
+ const options: Options = {timeout: 1000};

• Renamed NodeOptions type to Options. (#​804)

import type {Options} from 'execa';

- const options: NodeOptions = {nodeOptions: ['--no-warnings']};
+ const options: Options = {nodeOptions: ['--no-warnings']};

• Renamed KillOptions type to Options. (#​714)

import type {Options} from 'execa';

- const options: KillOptions = {forceKillAfterTimeout: 1000};
+ const options: Options = {forceKillAfterDelay: 1000};

• Removed generic parameters from the Options and SyncOptions types. (#​681)

import type {Options} from 'execa';

- const options: Options<'utf8'> = {encoding: 'utf8'};
+ const options: Options = {encoding: 'utf8'};

• Renamed ExecaChildProcess type to ResultPromise. This is the type of execa()'s return value, which is both a Promise<Result> and a Subprocess. (#​897, #​1007, #​1009)

import type {ResultPromise, Result} from 'execa';

- const promiseOrSubprocess: ExecaChildProcess = execa('node', ['file.js']);
+ const promiseOrSubprocess: ResultPromise = execa('node', ['file.js']);
const result: Result = await promiseOrSubprocess;
promiseOrSubprocess.kill();

• Renamed ExecaChildPromise type to Subprocess. This is the type of the subprocess instance. (#​897, #​1007, #​1009)

import type {Subprocess} from 'execa';

- const subprocess: ExecaChildPromise = execa('node', ['file.js']);
+ const subprocess: Subprocess = execa('node', ['file.js']);
subprocess.kill();

• Renamed ExecaReturnBase, ExecaReturnValue and ExecaSyncReturnValue type to Result (for execa()) and SyncResult (for execaSync()). (#​897, #​1009)

import type {Result, SyncResult} from 'execa';

- const result: ExecaReturnBase = await execa('node', ['file.js']);
+ const result: Result = await execa('node', ['file.js']);

- const result: ExecaReturnValue = await execa('node', ['file.js']);
+ const result: Result = await execa('node', ['file.js']);

- const result: ExecaSyncReturnValue = execaSync('node', ['file.js']);
+ const result: SyncResult = execaSync('node', ['file.js']);

• Renamed the type of the stdin option from StdioOption to StdinOption (for execa()) and StdinSyncOption (for execaSync()). (#​942, #​1008, #​1012)

import {execa, type StdinOption} from 'execa';

- const stdin: StdioOption = 'inherit';
+ const stdin: StdinOption = 'inherit';
await execa('node', ['file.js'], {stdin});

• Renamed the type of the stdout and stderr options from StdioOption to StdoutStderrOption (for execa()) and StdoutStderrSyncOption (for execaSync()). (#​942, #​1008, #​1012)

import {execa, type StdoutStderrOption} from 'execa';

- const stdout: StdioOption = 'inherit';
+ const stdout: StdoutStderrOption = 'inherit';
- const stderr: StdioOption = 'inherit';
+ const stderr: StdoutStderrOption = 'inherit';
await execa('node', ['file.js'], {stdout, stderr});

• Renamed the type of the stdio option from StdioOption[] to Options['stdio'] (for execa()) and SyncOptions['stdio'] (for execaSync()). (#​942, #​1008)

import {execa, type Options} from 'execa';

- const stdio: readonly StdioOption[] = ['inherit', 'pipe', 'pipe'] as const;
+ const stdio: Options['stdio'] = ['inherit', 'pipe', 'pipe'] as const;
await execa('node', ['file.js'], {stdio});

• The optional generic parameter passed to the Result, SyncResult, ExecaError, ExecaSyncError, ResultPromise and Subprocess types is now an Options type. (#​681)

import type {Result} from 'execa';

- const result: ExecaReturnValue<Buffer> = await execa('node', ['file.js'], {encoding: 'buffer'});
+ const result: Result<{encoding: 'buffer'}> = await execa('node', ['file.js'], {encoding: 'buffer'});
// Or even better, since it is inferred:
+ const result: Result = await execa('node', ['file.js'], {encoding: 'buffer'});

Types (improvements)

• Stricter types for the stdin, stdout, stderr and stdio options. (#​634, #​943, #​952)
• Stricter types for result.stdout, result.stderr, result.all, subprocess.stdout, subprocess.stderr and subprocess.all. (#​681, #​684, #​687, #​689, #​833)
• Stricter types for the synchronous methods like execaSync(). (#​678, #​939)
• Stricter types for the reject option. (#​688)
• Stricter types for error.signal and the killSignal option. (#​1025)
• Fixed the type of error.exitCode, since that field is sometimes undefined. (#​680)
• Refactored and improved the types. (by @​koshic) (#​583)

Documentation

• Added user guides to let you explore each feature with many examples. (#​989, #​996, #​1015, #​1022, #​1026)
• Improved the documentation and fixed inaccuracies. (#​626, #​637, #​640, #​641, #​644, #​669, #​680, #​710, #​759, #​800, #​801, #​802, #​860, #​870, #​876, #​888, #​907, #​921, #​935, #​967, #​968, #​994, #​998, #​999, #​1000, #​1003, #​1005, #​1006, #​1010)
• Fixed the examples for the Script interface. (by @​am0o0) (#​575)
• Corrected some English grammar mistakes. (by @​codesmith-emmy) (#​731)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[cloudflare-pages]

Deploying unplugin-vue-router with    Cloudflare Pages

Latest commit:	9a0f0b8
Status:	✅  Deploy successful!
Preview URL:	https://25511d5a.unplugin-vue-router.pages.dev
Branch Preview URL:	https://renovate-execa-9-x.unplugin-vue-router.pages.dev

View logs

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	environment Transitive: filesystem, shell	+17	503 kB	ehmicky

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/[email protected]	Install script: postinstall Source: node install.js	package.json pnpm-lock.yaml
Install scripts	npm/[email protected]	Install script: postinstall Source: node install.js	package.json playground/package.json pnpm-lock.yaml
Install scripts	npm/[email protected]	Install script: postinstall Source: node scripts/postinstall	package.json pnpm-lock.yaml

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.86%. Comparing base (91e7e49) to head (9a0f0b8).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #381   +/-   ##
=======================================
  Coverage   74.86%   74.86%           
=======================================
  Files          33       33           
  Lines        5554     5554           
  Branches      546      546           
=======================================
  Hits         4158     4158           
  Misses       1387     1387           
  Partials        9        9           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.