fix(utils): resolve command injection vulnerability in emptyFolder

Author: mhassan1

lib/utils.js

@@ -457,7 +457,11 @@ module.exports.isNotSet = function (obj) {
 };
 
 module.exports.emptyFolder = (directoryPath) => {
-  require('child_process').execSync(`rm -rf ${directoryPath}/*`);
+  // Do not throw on non-existent directory, since it may be created later
+  if (!fs.existsSync(directoryPath)) return;
+  for (const file of fs.readdirSync(directoryPath)) {
+    fs.rmSync(path.join(directoryPath, file), { recursive: true, force: true });
+  }
 };
 
 module.exports.printObjectProperties = (obj) => {