fix: use shescape to escape user-controlled input

ericcornelissen · ericcornelissen · commit f619ed64af99 · 2021-05-02T18:02:05.000+02:00
diff --git a/index.js b/index.js
@@ -1,9 +1,10 @@
 const core = require('@actions/core');
 const { exec } = require('child_process');
+const { quote } = require('shescape');
 
 try {
   const sha = core.getInput('sha') || process.env.GITHUB_SHA;
-  exec(`git log --format=%B -n 1 ${sha}`, (err, stdout, stderr) => {
+  exec(`git log --format=%B -n 1 ${quote(sha)}`, (err, stdout, stderr) => {
     if (err) {
       throw err;
     }
