Fix unsafe system calls to use array form in pack_generator.rb

[justin808]

Summary

Update system calls in lib/react_on_rails/dev/pack_generator.rb to use the safer array form instead of string form.

Details

The current implementation uses string-based system calls which are less safe:

system "bundle exec rake react_on_rails:generate_packs > /dev/null 2>&1"
system "bundle exec rake react_on_rails:generate_packs"

These should be updated to use the array form for better security and cross-platform compatibility.

Related Branch

This fix was identified in the justin808/shakapacker-9.3.0 branch (commit 7f902cf).

Impact

• Security/safety improvement
• Better cross-platform compatibility
• Prevents potential shell injection issues

Files Changed

• lib/react_on_rails/dev/pack_generator.rb (2 lines changed)

Labels

• Easy
• Bug

[coderabbitai]

A summary of the changes CodeRabbit can apply:

• Update lib/react_on_rails/dev/pack_generator.rb to replace unsafe string-form system calls with array-form calls—changing system "bundle exec rake react_on_rails:generate_packs" to system("bundle","exec","rake","react_on_rails:generate_packs") and the silent call to system("bundle","exec","rake","react_on_rails:generate_packs", out: File::NULL, err: File::NULL) to prevent shell injection and portable, idiomatic output suppression.

• Update lib/react_on_rails/dev/pack_generator.rb to replace shell-string system calls with array-style system(...) invocations and explicit out/err File::NULL handling so rake tasks are executed without shell interpolation and silent mode suppresses output.

• ✅ Create PR with these edits
• 📋 Get copyable edits