fix security vuln

Author: jkup

package.json

@@ -1,6 +1,6 @@
 {
   "name": "pullit",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "Display and pull branches from GitHub pull requests",
   "main": "src/index.js",
   "preferGlobal": true,
@@ -12,13 +12,7 @@
     "type": "git",
     "url": "git+https://github.com/jkup/pullit.git"
   },
-  "keywords": [
-    "github",
-    "pull",
-    "request",
-    "pr",
-    "cli"
-  ],
+  "keywords": ["github", "pull", "request", "pr", "cli"],
   "author": "Jon Kuperman",
   "license": "MIT",
   "bin": {
@@ -38,15 +32,9 @@
     "terminal-menu": "^2.1.1"
   },
   "jest": {
-    "collectCoverageFrom": [
-      "src/**/*.js"
-    ],
+    "collectCoverageFrom": ["src/**/*.js"],
     "testEnvironment": "node",
-    "modulePathIgnorePatterns": [
-      "__tests__/fixtures/"
-    ],
-    "testPathIgnorePatterns": [
-      "__tests__/fixtures/"
-    ]
+    "modulePathIgnorePatterns": ["__tests__/fixtures/"],
+    "testPathIgnorePatterns": ["__tests__/fixtures/"]
   }
-}
+}

src/index.js

@@ -1,9 +1,7 @@
-const GitHubApi = require('github');
-const Menu = require('terminal-menu');
-const {
-  execSync
-} = require('child_process');
-const parse = require('parse-github-repo-url');
+const GitHubApi = require("github");
+const Menu = require("terminal-menu");
+const { execFileSync } = require("child_process");
+const parse = require("parse-github-repo-url");
 
 class Pullit {
   constructor() {
@@ -12,8 +10,8 @@ class Pullit {
   }
 
   init() {
-    const url = execSync(`git config --get remote.origin.url`, {
-      encoding: 'utf8'
+    const url = execFileSync("git", ["config", "--get", "remote.origin.url"], {
+      encoding: "utf8"
     }).trim();
 
     return this.parsedGithubUrl(url);
@@ -34,12 +32,11 @@ class Pullit {
       })
       .then(res => {
         const branch = res.data.head.ref;
-        execSync(
-          `git fetch origin pull/${id}/head:${branch} && git checkout ${branch}`
-        );
+        execFileSync("git", ["fetch", "origin", `pull/${id}/head:${branch}`]);
+        execFileSync("git", ["checkout", branch]);
       })
       .catch(err => {
-        console.log('Error: Could not find the specified pull request.');
+        console.log("Error: Could not find the specified pull request.");
       });
   }
 
@@ -51,36 +48,42 @@ class Pullit {
   }
 
   display() {
-    this.fetchRequests().then(results => {
-      const menu = Menu({
-       width: process.stdout.columns - 4,
-        x: 0,
-        y: 2
-      });
-      menu.reset();
-      menu.write('Currently open pull requests:\n');
-      menu.write('-------------------------\n');
+    this.fetchRequests()
+      .then(results => {
+        const menu = Menu({
+          width: process.stdout.columns - 4,
+          x: 0,
+          y: 2
+        });
+        menu.reset();
+        menu.write("Currently open pull requests:\n");
+        menu.write("-------------------------\n");
 
-      results.data.forEach(element => {
-        menu.add(`${element.number} - ${element.title} - ${element.head.user.login}`);
-      });
+        results.data.forEach(element => {
+          menu.add(
+            `${element.number} - ${element.title} - ${element.head.user.login}`
+          );
+        });
 
-      menu.add(`Exit`);
+        menu.add(`Exit`);
 
-      menu.on('select', label => {
-        menu.close();
-        this.fetch(label.split(' ')[0]);
-      });
-      process.stdin.pipe(menu.createStream()).pipe(process.stdout);
+        menu.on("select", label => {
+          menu.close();
+          this.fetch(label.split(" ")[0]);
+        });
+        process.stdin.pipe(menu.createStream()).pipe(process.stdout);
 
-      process.stdin.setRawMode(true);
-      menu.on('close', () => {
-        process.stdin.setRawMode(false);
-        process.stdin.end();
+        process.stdin.setRawMode(true);
+        menu.on("close", () => {
+          process.stdin.setRawMode(false);
+          process.stdin.end();
+        });
+      })
+      .catch(err => {
+        console.log(
+          "Error: could not display pull requests. Please make sure this is a valid repository."
+        );
       });
-    }).catch(err => {
-      console.log('Error: could not display pull requests. Please make sure this is a valid repository.')
-    });
   }
 }