spawn git clone

to prevent injecting a command
kellyselden · Jan 6, 2020 · 106d61d · 106d61d
1 parent bfcc903
commit 106d61d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/index.js b/src/index.js
@@ -18,6 +18,7 @@ const resolveConflicts = require('./resolve-conflicts');
 const commitAndTag = require('./commit-and-tag');
 const gitRemoveAll = require('./git-remove-all');
 const createCustomRemote = require('./create-custom-remote');
+const { runWithSpawn } = require('./run');
 
 const { isGitClean } = gitStatus;
 const { gitConfigInit } = gitInit;
@@ -222,7 +223,7 @@ module.exports = async function gitDiffApply({
     _tmpDir = await tmpDir();
     tmpWorkingDir = _tmpDir;
 
-    await utils.run(`git clone ${remoteUrl} ${_tmpDir}`);
+    await runWithSpawn('git', ['clone', remoteUrl, _tmpDir]);
 
     // needed because we are going to be committing in here
     await gitConfigInit({ cwd: _tmpDir });