Skip to content

Commit

Permalink
Merge pull request #5887 from NomicFoundation/more-init-fixes
Browse files Browse the repository at this point in the history 
Prevent a shell injection in `--init`
  • Loading branch information
@alcuadrado
alcuadrado authored Oct 29, 2024
2 parents 0e36a8c + f5e58e5 commit 2c8ca38
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 3 deletions.
2 changes: 1 addition & 1 deletion pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion v-next/hardhat/src/internal/cli/init/init.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -378,7 +378,8 @@ export async function installProjectDependencies(

await spawn(command[0], command.slice(1), {
cwd: workspace,
shell: true,
// We don't want the arguments to be treated as shell expressions
shell: false,
stdio: "inherit",
});

Expand Down
2 changes: 1 addition & 1 deletion v-next/hardhat/templates/mocha-ethers/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"@ignored/hardhat-vnext-network-helpers": "workspace:^3.0.0-next.3",
"@types/chai": "^4.2.0",
"@types/chai-as-promised": "^8.0.1",
"@types/mocha": ">=9.1.0",
"@types/mocha": "^10.0.0",
"chai": "^4.4.1",
"chai-as-promised": "^8.0.0",
"forge-std": "foundry-rs/forge-std#v1.9.4",
Expand Down

0 comments on commit 2c8ca38

Please sign in to comment.