fix: Commit messages aren't fully shell escaped

amondnet · amondnet · commit 13b5b553bfc0 · 2022-06-27T11:16:16.000+09:00
`app` , "test", 'foo'

Signed-off-by: Minsu Lee &lt;amond@amond.net&gt;
diff --git a/dist/index.js b/dist/index.js
@@ -28333,6 +28333,8 @@ async function vercelDeploy(ref, commit) {
 
   const providedArgs = vercelArgs.split(/ +/);
 
+  const commitMessage = commit.replace("'", "'\\''");
+
   const args = [
     ...vercelArgs.split(/ +/),
     ...['-t', vercelToken],
@@ -28350,8 +28352,7 @@ async function vercelDeploy(ref, commit) {
     ...addVercelMetadata('githubCommitRepo', context.repo.repo, providedArgs),
     ...addVercelMetadata(
       'githubCommitMessage',
-      // eslint-disable-next-line prefer-template
-      '"' + commit + '"',
+      `'${commitMessage}'`,
       providedArgs,
     ),
     ...addVercelMetadata(
diff --git a/index.js b/index.js
@@ -117,6 +117,8 @@ async function vercelDeploy(ref, commit) {
 
   const providedArgs = vercelArgs.split(/ +/);
 
+  const commitMessage = commit.replace("'", "'\\''");
+
   const args = [
     ...vercelArgs.split(/ +/),
     ...['-t', vercelToken],
@@ -134,8 +136,7 @@ async function vercelDeploy(ref, commit) {
     ...addVercelMetadata('githubCommitRepo', context.repo.repo, providedArgs),
     ...addVercelMetadata(
       'githubCommitMessage',
-      // eslint-disable-next-line prefer-template
-      '"' + commit + '"',
+      `'${commitMessage}'`,
       providedArgs,
     ),
     ...addVercelMetadata(
