fix(core): Upgrade convict to address CVE-2023-0163 (#5729)

fix(core): upgrade convict to address CVE-2023-0163 also, do not allow passing any cli arguments to config.
2023-03-21 09:47:50 +01:00
parent 33d9784319
commit 564bc03d3f
3 changed files with 13 additions and 11 deletions
--- a/packages/cli/src/config/index.ts
+++ b/packages/cli/src/config/index.ts
@@ -24,7 +24,7 @@ if (inE2ETests) {
 	dotenv.config();
 }

-const config = convict(schema);
+const config = convict(schema, { args: [] });

 if (inE2ETests) {
 	config.set('enterprise.features.sharing', true);