From 194e8892d4fcf0b1c57e3affe817cb5403c75d22 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Mon, 11 May 2020 18:04:51 +0200
Subject: [PATCH] fix(bundler): quote CLI args

---
 lib/manager/bundler/artifacts.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/manager/bundler/artifacts.ts b/lib/manager/bundler/artifacts.ts
index 87e3c9b5e9..4fec0c0f75 100644
--- a/lib/manager/bundler/artifacts.ts
+++ b/lib/manager/bundler/artifacts.ts
@@ -1,3 +1,4 @@
+import { quote } from 'shlex';
 import { BUNDLER_INVALID_CREDENTIALS } from '../../constants/error-messages';
 import { logger } from '../../logger';
 import { platform } from '../../platform';
@@ -97,7 +98,7 @@ export async function updateArtifacts(
     if (config.isLockFileMaintenance) {
       cmd = 'bundle lock';
     } else {
-      cmd = `bundle lock --update ${updatedDeps.join(' ')}`;
+      cmd = `bundle lock --update ${updatedDeps.map(quote).join(' ')}`;
     }
 
     let bundlerVersion = '';
@@ -105,7 +106,7 @@ export async function updateArtifacts(
     if (bundler) {
       if (isValid(bundler)) {
         logger.debug({ bundlerVersion: bundler }, 'Found bundler version');
-        bundlerVersion = ` -v ${bundler}`;
+        bundlerVersion = ` -v ${quote(bundler)}`;
       } else {
         logger.warn({ bundlerVersion: bundler }, 'Invalid bundler version');
       }
-- 
GitLab