From 08411bec3c18133f84921488d5af8aa327f5aec4 Mon Sep 17 00:00:00 2001
From: Alejandro Romero <alromh87@gmail.com>
Date: Mon, 12 Oct 2020 14:45:02 +0000
Subject: [PATCH 1/2] Fix Arbitary Code Execution

---
 lib/index.js | 3 +--
 package.json | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/index.js b/lib/index.js
index 9b7bf4a..4c00936 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -13,7 +13,6 @@ var Ul = require("ul")
   , ChildProcess = require("child_process")
   , Deffy = require("deffy")
   , Typpy = require("typpy")
-  , Exec = ChildProcess.exec
   , Spawn = ChildProcess.spawn
   , IterateObject = require("iterate-object")
   ;
@@ -528,7 +527,7 @@ GitStats.prototype.ansiCalendar = function (options, callback) {
  */
 GitStats.prototype.authors = function (options, callback) {
     var repo = new Gry(options.repo);
-    repo.exec(`shortlog -s -n --all --since "${options.start.toString()}" --until "${options.end.toString()}"`, function (err, stdout) {
+    repo.exec(['shortlog', '-s', '-n', '--all', '--since', options.start.toString(), '--until', options.end.toString()], function (err, stdout) {
         if (err) { return callback(err); }
         var lines = stdout.split("\n");
         var pieData = stdout.split("\n").map(function (c) {
diff --git a/package.json b/package.json
index a2a7e1b..3b394a5 100644
--- a/package.json
+++ b/package.json
@@ -39,7 +39,7 @@
     "cli-pie": "^2.0.0",
     "deffy": "^2.2.2",
     "gitlog-parser": "0.0.4",
-    "gry": "^5.0.4",
+    "gry": "^6.0.0",
     "is-there": "^4.0.0",
     "iterate-object": "^1.1.0",
     "moment": "^2.9.0",

From f192589c5c26f6a002ed92c706caeb5617a52523 Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Mon, 12 Oct 2020 18:18:23 +0300
Subject: [PATCH 2/2] Update to Gry 6.1.0

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 3b394a5..4550b40 100644
--- a/package.json
+++ b/package.json
@@ -39,7 +39,7 @@
     "cli-pie": "^2.0.0",
     "deffy": "^2.2.2",
     "gitlog-parser": "0.0.4",
-    "gry": "^6.0.0",
+    "gry": "^6.1.0",
     "is-there": "^4.0.0",
     "iterate-object": "^1.1.0",
     "moment": "^2.9.0",