fix: CVE-2024-21538 by migrating to promisify-child-process

[matinzd]

Description

Detox is using a vulnerable package described in CVE-2024-21538.

• This pull request addresses the issue described here: CVE-2024-21538: dependency child-process-promise relies on a version of cross-spawn that is not secure #4657 and Transitive dependency on vulnerable version of cross-spawn #4640

In this pull request, I have migrated away from unmaintained child-promise-process to promisify-child-process to fix the transitive vulnerability on cross-spawn package.

---

For features/enhancements:

• I have added/updated the relevant references in the documentation files.

For API changes:

• I have made the necessary changes in the types index file.

[matinzd]

I haven't personally tested the changes yet, so let's rely on the CI/CD workflows to validate them.

[noomorph]

Kudos, @matinzd!

We'll check the PR on Monday, I'll start the review today.

[matinzd]

Thanks @noomorph! Can you maybe approve the workflow runs to see how it goes?

[noomorph]

@matinzd please revert xcode changes first. 🙏

[matinzd]

Done!

[matinzd]

I guess I need to fix some stuff. I will do it tomorrow.

[matinzd]

Made updates and resolved some test failures, though a few tests are still failing. Please feel free to push to my branch or advise on necessary changes.

[thomashohn]

It would be really nice to have this one fixed

[noomorph]

Well, the drop-in replacement does not fit as advertised. I need to find a bit more time to fix the remainder. 🤷‍♂️

[thomashohn]

Ok - that was also what I concluded when I had a look at it