fix(deps): update dependency shell-quote to v1.7.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
shell-quote	1.6.1 -> 1.7.3

GitHub Vulnerability Alerts

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.

---

Release Notes

ljharb/shell-quote (shell-quote)

v1.7.3

Compare Source

• Fix a security issue where the regex for windows drive letters allowed some shell meta-characters
  to escape the quoting rules. (CVE-2021-42740)

v1.7.2

Compare Source

• Fix a regression introduced in 1.6.3. This reverts the Windows path quoting fix. (144e1c2)

v1.7.1

Compare Source

• Fix $ being removed when not part of an environment variable name. (@​Adman in #​32)

v1.7.0

Compare Source

• Add support for parsing >> and >& redirection operators. (@​forivall in #​16)
• Add support for parsing <( process substitution operator. (@​cuonglm in #​15)

v1.6.3

Compare Source

• Fix Windows path quoting problems. (@​dy in #​34)

v1.6.2

Compare Source

Merged

• Use native JSON and Array methods #21

Commits

• fix whitespace 72fb5a8
• Disable package-lock.json d450577

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

installing v2 tool pnpm v7.3.0
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.

added 1 package in 3s
linking tool pnpm v7.3.0
7.3.0
Scope: all 11 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
Progress: resolved 28, reused 0, downloaded 9, added 0
Progress: resolved 47, reused 0, downloaded 30, added 0
Progress: resolved 56, reused 0, downloaded 38, added 0
Progress: resolved 62, reused 0, downloaded 47, added 0
.                                        |  WARN  deprecated @types/[email protected]
Progress: resolved 67, reused 0, downloaded 52, added 0
Progress: resolved 76, reused 0, downloaded 64, added 0
Progress: resolved 83, reused 0, downloaded 72, added 0
Progress: resolved 87, reused 0, downloaded 77, added 0
Progress: resolved 91, reused 0, downloaded 82, added 0
Progress: resolved 96, reused 0, downloaded 85, added 0
Progress: resolved 100, reused 0, downloaded 89, added 0
Progress: resolved 104, reused 0, downloaded 94, added 0
Progress: resolved 112, reused 0, downloaded 104, added 0
Progress: resolved 130, reused 0, downloaded 124, added 0
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
Progress: resolved 143, reused 0, downloaded 135, added 0
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
Progress: resolved 158, reused 0, downloaded 148, added 0
Progress: resolved 167, reused 0, downloaded 159, added 0
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
Progress: resolved 175, reused 0, downloaded 165, added 0
Progress: resolved 182, reused 0, downloaded 171, added 0
Progress: resolved 197, reused 0, downloaded 183, added 0
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
Progress: resolved 220, reused 0, downloaded 206, added 0
Progress: resolved 253, reused 0, downloaded 235, added 0
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
Progress: resolved 281, reused 0, downloaded 269, added 0
Progress: resolved 306, reused 0, downloaded 292, added 0
Progress: resolved 346, reused 0, downloaded 331, added 0
Progress: resolved 367, reused 0, downloaded 362, added 0
Progress: resolved 369, reused 0, downloaded 366, added 0
Progress: resolved 370, reused 0, downloaded 367, added 0
nuclide/nuclide-node-transpiler          |  WARN  deprecated [email protected]
Progress: resolved 371, reused 0, downloaded 368, added 0
Progress: resolved 376, reused 0, downloaded 369, added 0
Progress: resolved 398, reused 0, downloaded 378, added 0
Progress: resolved 421, reused 0, downloaded 406, added 0
Progress: resolved 448, reused 0, downloaded 431, added 0
Progress: resolved 466, reused 0, downloaded 450, added 0
Progress: resolved 505, reused 0, downloaded 487, added 0
Progress: resolved 536, reused 0, downloaded 520, added 0
Progress: resolved 560, reused 0, downloaded 545, added 0
Progress: resolved 582, reused 0, downloaded 568, added 0
Progress: resolved 599, reused 0, downloaded 584, added 0
Progress: resolved 629, reused 0, downloaded 615, added 0
Progress: resolved 661, reused 0, downloaded 646, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 692, reused 0, downloaded 680, added 0
Progress: resolved 694, reused 0, downloaded 682, added 0
Progress: resolved 702, reused 0, downloaded 691, added 0
Progress: resolved 706, reused 0, downloaded 693, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 711, reused 0, downloaded 699, added 0
Progress: resolved 721, reused 0, downloaded 710, added 0
Progress: resolved 730, reused 0, downloaded 721, added 0
Progress: resolved 739, reused 0, downloaded 728, added 0
Progress: resolved 751, reused 0, downloaded 740, added 0
Progress: resolved 768, reused 0, downloaded 758, added 0
Progress: resolved 783, reused 0, downloaded 770, added 0
Progress: resolved 801, reused 0, downloaded 787, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 813, reused 0, downloaded 802, added 0
Progress: resolved 841, reused 0, downloaded 830, added 0
Progress: resolved 874, reused 0, downloaded 862, added 0
Progress: resolved 892, reused 0, downloaded 881, added 0
Progress: resolved 936, reused 0, downloaded 923, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 982, reused 0, downloaded 970, added 0
Progress: resolved 1017, reused 0, downloaded 1007, added 0
Progress: resolved 1031, reused 0, downloaded 1018, added 0
Progress: resolved 1062, reused 0, downloaded 1050, added 0
Progress: resolved 1096, reused 0, downloaded 1081, added 0
Progress: resolved 1130, reused 0, downloaded 1117, added 0
Progress: resolved 1154, reused 0, downloaded 1139, added 0
Progress: resolved 1171, reused 0, downloaded 1156, added 0
Progress: resolved 1191, reused 0, downloaded 1181, added 0
Progress: resolved 1221, reused 0, downloaded 1204, added 0
Progress: resolved 1255, reused 0, downloaded 1238, added 0
Progress: resolved 1296, reused 0, downloaded 1281, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 1332, reused 0, downloaded 1315, added 0
.                                        |  WARN  deprecated [email protected]
.                                        |  WARN  deprecated [email protected]
Progress: resolved 1370, reused 0, downloaded 1356, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 1395, reused 0, downloaded 1382, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 1422, reused 0, downloaded 1403, added 0
Progress: resolved 1472, reused 0, downloaded 1456, added 0
Progress: resolved 1498, reused 0, downloaded 1482, added 0
Progress: resolved 1521, reused 0, downloaded 1509, added 0
Progress: resolved 1535, reused 0, downloaded 1526, added 0
Progress: resolved 1536, reused 0, downloaded 1530, added 0
Progress: resolved 1539, reused 0, downloaded 1533, added 0
Progress: resolved 1539, reused 0, downloaded 1534, added 0
Progress: resolved 1539, reused 0, downloaded 1535, added 0
 ERR_PNPM_PEER_DEP_ISSUES  Unmet peer dependencies

.
├─┬ @jest-runner/nuclide-e2e
│ └── ✕ missing peer electron@"*"
├─┬ eslint-config-atomic
│ └─┬ eslint-plugin-coffee
│   ├─┬ eslint-config-airbnb
│   │ └── ✕ missing peer eslint-plugin-react-hooks@"^4 || ^3 || ^2.3.0 || ^1.7.0"
│   └─┬ eslint-plugin-react-native
│     └── ✕ unmet peer eslint@"^3.17.0 || ^4 || ^5 || ^6": found 7.28.0 in eslint-config-atomic
└─┬ rollup-plugin-atomic
  ├─┬ rollup-plugin-assemblyscript
  │ └── ✕ missing peer as-bind@"*"
  └─┬ rollup-plugin-coffee-script
    └── ✕ unmet peer [email protected]: found 1.12.7
Peer dependencies that should be installed:
  as-bind@"*"
  electron@"*"
  eslint-plugin-react-hooks@"^4 || ^3 || ^2.3.0 || ^1.7.0"

nuclide/nuclide-commons-ui
└─┬ react-virtualized
  ├── ✕ unmet peer react@"^15.3.0 || ^16.0.0-alpha": found 17.0.1
  └── ✕ unmet peer react-dom@"^15.3.0 || ^16.0.0-alpha": found 17.0.1

hint: If you want peer dependencies to be automatically installed, add "auto-install-peers=true" to an .npmrc file at the root of your project.
hint: If you don't want pnpm to fail on peer dependency issues, add "strict-peer-dependencies=false" to an .npmrc file at the root of your project.

Progress: resolved 1539, reused 0, downloaded 1536, added 0, done