From a27c8d2a59c926bd988377ff2a2201b25a1c5cae Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Fri, 24 Jul 2020 23:46:03 +0530
Subject: [PATCH 1/3] added the shell-escape module

---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 485491e..4eacde6 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,8 @@
     "execa": "^0.6.1",
     "fs-extra": "^3.0.1",
     "is-git-repository": "^1.1.1",
-    "path-is-absolute": "^1.0.1"
+    "path-is-absolute": "^1.0.1",
+    "shell-escape": "^0.2.0"
   },
   "devDependencies": {
     "ava": "^0.18.2",

From 5621f7e723200c2f5fa3fe431a7e9b949731d9e8 Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Sat, 25 Jul 2020 00:36:14 +0530
Subject: [PATCH 2/3] fixed the code execution

---
 index.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/index.js b/index.js
index e3c0d0f..914540d 100644
--- a/index.js
+++ b/index.js
@@ -3,9 +3,18 @@ import isGit from 'is-git-repository';
 import { platform } from 'os';
 import makepath from 'path';
 import pathIsAbsolute from 'path-is-absolute';
+import shellescape from 'shell-escape';
 
 const cwd = process.cwd();
 
+// Escape bad arguments
+var escapeShell = function(cmd) {
+  if(cmd !== undefined){
+    var arg = cmd.split(" ");
+    return shellescape(arg);
+  }
+}
+
 const taggedGitCommits = ({ path, lookBehind, local, remote } = {}) => {
   let getCommits;
 
@@ -15,6 +24,12 @@ const taggedGitCommits = ({ path, lookBehind, local, remote } = {}) => {
   const thisLocal = local === undefined ? true : local;
   const thisRemote = remote || 'origin';
   const taggedCommits = [];
+  
+  // escaping bad shell args
+  thisPath = escapeShell(thisPath);
+  thisLookBehind = escapeShell(thisLookBehind);
+  thisLocal = escapeShell(thisLocal);
+  thisRemote = escapeShell(thisRemote);
 
   if (!isGit(thisPath)) {
     return [];

From 2548041eeb2c32a1830918b9f54f8c471a7dc389 Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Sat, 25 Jul 2020 13:47:42 +0530
Subject: [PATCH 3/3] updated the fix.

---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 914540d..00c27bf 100644
--- a/index.js
+++ b/index.js
@@ -10,7 +10,7 @@ const cwd = process.cwd();
 // Escape bad arguments
 var escapeShell = function(cmd) {
   if(cmd !== undefined){
-    var arg = cmd.split(" ");
+    var arg = cmd.toString().split(" ");
     return shellescape(arg);
   }
 }