[Security] added --ignore-script flag to pnpm install and update
This prevents external dependencies from executing npm script hooks
like 'postinstall'. The flag works for the install and the update
command, even tough it is not documented for the latter.
See: https://pnpm.js.org/en/cli/install#ignore-scripts
260684
diff --git a/maven_rt_plugin_config-master/pom.xml b/maven_rt_plugin_config-master/pom.xml
index 379e5c7..eb8e094 100644
--- a/maven_rt_plugin_config-master/pom.xml
+++ b/maven_rt_plugin_config-master/pom.xml
@@ -653,6 +653,7 @@
<argument>${master_node_modules_dir}/pnpm/bin/pnpm.js</argument>
<argument>recursive</argument>
<argument>update</argument>
+ <argument>--ignore-scripts</argument>
</arguments>
</configuration>
</execution>