[Bug]: CVE-2024-21538 jest-changed-files depends on ancient version of execa

[curtdept]

Version

29.7.0

Steps to reproduce

This started coming up in code detectors. It looks like execa wasn't modernized with the rest of the repo.

CVE-2024-21538
https://nvd.nist.gov/vuln/detail/CVE-2024-21538

Expected behavior

No CVE scan errors.

Actual behavior

CVE scan errors

Additional context

No response

Environment

System:
    OS: Linux 6.6 Ubuntu 22.04.5 LTS 22.04.5 LTS (Jammy Jellyfish)
    CPU: (12) x64 12th Gen Intel(R) Core(TM) i5-1245U
  Binaries:
    Node: 22.11.0 - ~/.nvm/versions/node/v22.11.0/bin/node
    Yarn: 1.22.22 - ~/.nvm/versions/node/v22.11.0/bin/yarn
    npm: 10.9.0 - ~/.nvm/versions/node/v22.11.0/bin/npm
    pnpm: 9.12.2 - ~/.nvm/versions/node/v22.11.0/bin/pnpm

[SimenB]

We might need to replace execa entirely. They moved to ESM only, which is still not viable for us, and that means we're stuck on an old version

[ibakirov]

Same for me and I think there will be more requests for this vulnerability :(