fix(utils): quote shell arguments to prevent malicious injection · code-pushup/cli@08a67cb

Triggered via pull request November 6, 2025 10:43

matejchalk

synchronize #1136

remove-shell-true

Status Failure

Total duration 2m 0s

Artifacts –

code-pushup.yml

on: pull_request

Run Code PushUp

1m 55s

Annotations

3 errors

Run Code PushUp

Process completed with exit code 1.

Run Code PushUp

(node:2339) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities. (Use `node --trace-deprecation ...` to show where the warning was created)

Run Code PushUp

[Code PushUp GitHub action] Failed: (node:2339) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities. (Use `node --trace-deprecation ...` to show where the warning was created)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(utils): quote shell arguments to prevent malicious injection #3100

Summary

fix(utils): quote shell arguments to prevent malicious injection #3100

Uh oh!

code-pushup.yml

Annotations