From f828aa790016fee3aa667f7b44cf94bf0aa8c60d Mon Sep 17 00:00:00 2001
From: Yarkeev Denis <d.yarkeev@corp.mail.ru>
Date: Thu, 21 Apr 2022 22:42:41 +0300
Subject: [PATCH] fix potential vulnerability with git clone

---
 package.json | 7 ++++---
 src/index.ts | 8 +++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/package.json b/package.json
index 649ac3b..f864781 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "git-interface",
-	"version": "2.1.1",
+	"version": "2.1.2",
 	"description": "some interfaces for work with git repository",
 	"main": "dist/index",
 	"typings": "dist/index",
@@ -9,7 +9,7 @@
 		"build": "npm run clean && npm run ts",
 		"dev": "npm run clean &&  ./node_modules/.bin/tsc -w",
 		"ts": "./node_modules/.bin/tsc",
-		"prepublish": "npm run build"
+		"prepublishOnly": "npm run build && bump"
 	},
 	"repository": {
 		"type": "git",
@@ -35,6 +35,7 @@
 	"homepage": "https://github.com/yarkeev/git-interface",
 	"devDependencies": {
 		"@types/node": "^10.10.3",
-		"typescript": "^3.0.3"
+		"typescript": "^3.0.3",
+		"version-bump-prompt": "^6.1.0"
 	}
 }
diff --git a/src/index.ts b/src/index.ts
index 5236ced..7ca7b31 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -61,12 +61,10 @@ export class Git extends EventEmitter{
 	}
 
 	public clone(repository: string, dest: string, options?: { depth?: number}) {
-
 		const opt = options || { depth: Infinity }
+		const depthOption = opt.depth !== Infinity ? `--depth=${opt.depth}` : '';
 
-		const depthOption = opt.depth !== Infinity ? ` --depth=${opt.depth}` : '';
-
-		return this.gitExec(`clone ${repository} ${dest}${depthOption}`);
+		return this.gitExec(`clone ${depthOption} -- ${repository} ${dest}`);
 	}
 
 	public checkout(branchName: string) {
@@ -309,4 +307,4 @@ export class Git extends EventEmitter{
 		});
 	}
 
-}
\ No newline at end of file
+}