From 08922f4fba8cd8ba1ed655092bcbd1976df4675b Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Mon, 11 May 2020 18:17:56 +0200
Subject: [PATCH] fix: quote remaining artifacts
---
lib/manager/cargo/artifacts.ts | 5 ++++-
lib/manager/cocoapods/artifacts.ts | 3 ++-
lib/manager/composer/artifacts.ts | 4 +++-
lib/manager/mix/artifacts.ts | 3 ++-
lib/manager/npm/post-update/lerna.ts | 3 ++-
5 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/lib/manager/cargo/artifacts.ts b/lib/manager/cargo/artifacts.ts
index 6a6643166b..c94ff14e40 100644
--- a/lib/manager/cargo/artifacts.ts
+++ b/lib/manager/cargo/artifacts.ts
@@ -1,3 +1,4 @@
+import { quote } from 'shlex';
import { logger } from '../../logger';
import { ExecOptions, exec } from '../../util/exec';
import {
@@ -31,7 +32,9 @@ export async function updateArtifacts({
const dep = updatedDeps[i];
// Update dependency `${dep}` in Cargo.lock file corresponding to Cargo.toml file located
// at ${localPackageFileName} path
- let cmd = `cargo update --manifest-path ${packageFileName} --package ${dep}`;
+ let cmd = `cargo update --manifest-path ${quote(
+ packageFileName
+ )} --package ${quote(dep)}`;
const execOptions: ExecOptions = {
docker: {
image: 'renovate/rust',
diff --git a/lib/manager/cocoapods/artifacts.ts b/lib/manager/cocoapods/artifacts.ts
index 5e4d804b8a..78879f7da9 100644
--- a/lib/manager/cocoapods/artifacts.ts
+++ b/lib/manager/cocoapods/artifacts.ts
@@ -1,3 +1,4 @@
+import { quote } from 'shlex';
import { dirname, join } from 'upath';
import { logger } from '../../logger';
import { platform } from '../../platform';
@@ -18,7 +19,7 @@ function getPluginCommands(content: string): string[] {
const match = pluginRegex.exec(line);
if (match) {
const { plugin } = match.groups;
- result.add(`gem install ${plugin}`);
+ result.add(`gem install ${quote(plugin)}`);
}
});
return [...result];
diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts
index 6ec2b5be53..097dccfc08 100644
--- a/lib/manager/composer/artifacts.ts
+++ b/lib/manager/composer/artifacts.ts
@@ -1,6 +1,7 @@
import URL from 'url';
import is from '@sindresorhus/is';
import fs from 'fs-extra';
+import { quote } from 'shlex';
import upath from 'upath';
import { SYSTEM_INSUFFICIENT_DISK_SPACE } from '../../constants/error-messages';
import {
@@ -115,7 +116,8 @@ export async function updateArtifacts({
args = 'install';
} else {
args =
- ('update ' + updatedDeps.join(' ')).trim() + ' --with-dependencies';
+ ('update ' + updatedDeps.map(quote).join(' ')).trim() +
+ ' --with-dependencies';
}
if (config.composerIgnorePlatformReqs) {
args += ' --ignore-platform-reqs';
diff --git a/lib/manager/mix/artifacts.ts b/lib/manager/mix/artifacts.ts
index e6a3e1f39d..610d471f09 100644
--- a/lib/manager/mix/artifacts.ts
+++ b/lib/manager/mix/artifacts.ts
@@ -1,4 +1,5 @@
import fs from 'fs-extra';
+import { quote } from 'shlex';
import upath from 'upath';
import { logger } from '../../logger';
import { platform } from '../../platform';
@@ -61,7 +62,7 @@ export async function updateArtifacts({
/* istanbul ignore next */
try {
- const command = [...cmdParts, ...updatedDeps].join(' ');
+ const command = [...cmdParts, ...updatedDeps.map(quote)].join(' ');
await exec(command, { cwd });
} catch (err) {
logger.warn(
diff --git a/lib/manager/npm/post-update/lerna.ts b/lib/manager/npm/post-update/lerna.ts
index 799cb482a4..ef5cd9bd4a 100644
--- a/lib/manager/npm/post-update/lerna.ts
+++ b/lib/manager/npm/post-update/lerna.ts
@@ -1,3 +1,4 @@
+import { quote } from 'shlex';
import { logger } from '../../../logger';
import { platform } from '../../../platform';
import { exec } from '../../../util/exec';
@@ -54,7 +55,7 @@ export async function generateLockFiles(
// volumes.push([homeNpmrc, `/home/ubuntu/.npmrc`]);
// }
cmd.push(`${lernaClient} install ${params}`);
- cmd.push(`npx lerna@${lernaVersion} bootstrap --no-ci -- ${params}`);
+ cmd.push(`npx lerna@${quote(lernaVersion)} bootstrap --no-ci -- ${params}`);
await exec(cmd, {
cwd,
env,
--
GitLab