diff --git a/lib/modules/manager/bundler/artifacts.ts b/lib/modules/manager/bundler/artifacts.ts
index 5b4f527a0aee51147d0d3247938c3e0b7669d7e9..60e17f6f4fea8ea24e09c7743348b90a2578776f 100644
--- a/lib/modules/manager/bundler/artifacts.ts
+++ b/lib/modules/manager/bundler/artifacts.ts
@@ -143,7 +143,7 @@ export async function updateArtifacts(
if (hostRule.resolvedHost?.includes('-')) {
// TODO: fix me, hostrules can missing all auth
const creds = getAuthenticationHeaderValue(hostRule);
- authCommands.push(`${hostRule.resolvedHost} ${creds}`);
+ authCommands.push(`${quote(hostRule.resolvedHost)} ${quote(creds)}`);
}
return authCommands;
},
diff --git a/lib/modules/manager/cargo/artifacts.ts b/lib/modules/manager/cargo/artifacts.ts
index 7fa9ced9db4f4b490b4cceb8d50d785fbeec1bce..1b64c679598de9c9982cf66fcdd45b38b965884c 100644
--- a/lib/modules/manager/cargo/artifacts.ts
+++ b/lib/modules/manager/cargo/artifacts.ts
@@ -53,8 +53,8 @@ async function cargoUpdatePrecise(
cmds.push(
`cargo update --config net.git-fetch-with-cli=true` +
` --manifest-path ${quote(manifestPath)}` +
- ` --package ${dep.packageName!}@${dep.lockedVersion}` +
- ` --precise ${dep.newVersion}`,
+ ` --package ${quote(`${dep.packageName}@${dep.lockedVersion}`)}` +
+ ` --precise ${quote(dep.newVersion!)}`,
);
}
diff --git a/lib/modules/manager/composer/artifacts.ts b/lib/modules/manager/composer/artifacts.ts
index 44cbfca896fa4d4cb8a6e00d857ec5743c2f3590..bf90aa7d7e685424f485c5560fa78a2377beb539 100644
--- a/lib/modules/manager/composer/artifacts.ts
+++ b/lib/modules/manager/composer/artifacts.ts
@@ -181,7 +181,9 @@ export async function updateArtifacts({
'update ' +
updatedDeps
.map((dep) =>
- dep.newVersion ? `${dep.depName}:${dep.newVersion}` : dep.depName,
+ dep.newVersion
+ ? quote(`${dep.depName}:${dep.newVersion}`)
+ : quote(dep.depName!),
)
.filter(is.string)
.map((dep) => quote(dep))
diff --git a/lib/modules/manager/hermit/artifacts.ts b/lib/modules/manager/hermit/artifacts.ts
index 052520ba53604c99671d93cf93061d8666a365da..3ea1d6424f0845ff08a43683808aab923702d3ae 100644
--- a/lib/modules/manager/hermit/artifacts.ts
+++ b/lib/modules/manager/hermit/artifacts.ts
@@ -1,3 +1,4 @@
+import { quote } from 'shlex';
import upath from 'upath';
import { logger } from '../../../logger';
import { exec } from '../../../util/exec';
@@ -210,7 +211,7 @@ async function updateHermitPackage(update: UpdateArtifact): Promise<void> {
};
const packagesToInstall = toInstall.join(' ');
- const fromPackages = from.join(' ');
+ const fromPackages = from.map(quote).join(' ');
const execCommands = `./hermit install ${packagesToInstall}`;
logger.debug(
diff --git a/lib/modules/manager/pep621/processors/pdm.ts b/lib/modules/manager/pep621/processors/pdm.ts
index d80ea729c816adc6d49a9b5a1b88e2da512e8de3..a8c461448ffe33aa535b4dd20d0b0267e4cd9d13 100644
--- a/lib/modules/manager/pep621/processors/pdm.ts
+++ b/lib/modules/manager/pep621/processors/pdm.ts
@@ -1,4 +1,5 @@
import is from '@sindresorhus/is';
+import { quote } from 'shlex';
import { TEMPORARY_ERROR } from '../../../../constants/error-messages';
import { logger } from '../../../../logger';
import { exec } from '../../../../util/exec';
@@ -139,7 +140,7 @@ function generateCMDs(updatedDeps: Upgrade[]): string[] {
const [group, name] = dep.depName!.split('/');
addPackageToCMDRecord(
packagesByCMD,
- `${pdmUpdateCMD} -G ${group}`,
+ `${pdmUpdateCMD} -G ${quote(group)}`,
name,
);
break;
@@ -148,7 +149,7 @@ function generateCMDs(updatedDeps: Upgrade[]): string[] {
const [group, name] = dep.depName!.split('/');
addPackageToCMDRecord(
packagesByCMD,
- `${pdmUpdateCMD} -dG ${group}`,
+ `${pdmUpdateCMD} -dG ${quote(group)}`,
name,
);
break;
@@ -160,7 +161,7 @@ function generateCMDs(updatedDeps: Upgrade[]): string[] {
}
for (const commandPrefix in packagesByCMD) {
- const packageList = packagesByCMD[commandPrefix].join(' ');
+ const packageList = packagesByCMD[commandPrefix].map(quote).join(' ');
const cmd = `${commandPrefix} ${packageList}`;
cmds.push(cmd);
}