From 57fecded90cec1a3c9115a59241007c7b55e4759 Mon Sep 17 00:00:00 2001
From: KhulnaSoft bot <technosulaiman@gmail.com>
Date: Tue, 4 Feb 2025 13:21:00 +0000
Subject: [PATCH 1/3] update

---
 crates/turborepo-lib/build.rs | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/crates/turborepo-lib/build.rs b/crates/turborepo-lib/build.rs
index eef97707179f7..5ef4a31a6eae3 100644
--- a/crates/turborepo-lib/build.rs
+++ b/crates/turborepo-lib/build.rs
@@ -1,11 +1,8 @@
 fn main() -> Result<(), Box<dyn std::error::Error>> {
-    let tonic_build_result = tonic_build::configure()
-        .build_server(true)
-        .file_descriptor_set_path("src/daemon/file_descriptor_set.bin")
-        .compile(
-            &["./src/daemon/proto/turbod.proto"],
-            &["./src/daemon/proto"],
-        );
+    tonic_build::configure()
+        .protoc_arg("--experimental_allow_proto3_optional")
+        .compile(&["src/daemon/proto/turbod.proto"], &["src/daemon/proto"])?;
+
     let capnpc_result = capnpc::CompilerCommand::new()
         .file("./src/hash/proto.capnp")
         .default_parent_module(vec!["hash".to_string()])
@@ -13,17 +10,12 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let invocation = std::env::var("RUSTC_WRAPPER").unwrap_or_default();
     if invocation.ends_with("rust-analyzer") {
-        if tonic_build_result.is_err() {
-            println!("cargo:warning=tonic_build failed, but continuing with rust-analyzer");
-        }
-
         if capnpc_result.is_err() {
             println!("cargo:warning=capnpc failed, but continuing with rust-analyzer");
         }
 
         return Ok(());
     } else {
-        tonic_build_result.expect("tonic_build command");
         capnpc_result.expect("schema compiler command");
     }
 

From 991a6316561f64bcaac5d5747738a82754325c49 Mon Sep 17 00:00:00 2001
From: KhulnaSoft bot <technosulaiman@gmail.com>
Date: Tue, 4 Feb 2025 13:24:07 +0000
Subject: [PATCH 2/3] update

---
 .github/workflows/turborepo-top-issues.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/turborepo-top-issues.yml b/.github/workflows/turborepo-top-issues.yml
index d9337f8786019..df6d0d2c2232d 100644
--- a/.github/workflows/turborepo-top-issues.yml
+++ b/.github/workflows/turborepo-top-issues.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   run:
-    # if: github.repository_owner == 'vercel'
+    # if: github.repository_owner == 'khulnasoft'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

From 31abb52d9e825c1875b397bb7612875320a38b71 Mon Sep 17 00:00:00 2001
From: KhulnaSoft bot <43526132+khulnasoft-bot@users.noreply.github.com>
Date: Tue, 4 Feb 2025 19:29:40 +0600
Subject: [PATCH 3/3] Potential fix for code scanning alert no. 2: Shell
 command built from environment values (#7)

Signed-off-by: KhulnaSoft bot <43526132+khulnasoft-bot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 packages/prysk/index.mjs | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/packages/prysk/index.mjs b/packages/prysk/index.mjs
index 984420c1b63ac..6cf7ef730bd32 100755
--- a/packages/prysk/index.mjs
+++ b/packages/prysk/index.mjs
@@ -1,4 +1,4 @@
-import { execSync } from "child_process";
+import { execFileSync } from "child_process";
 import path from "node:path";
 
 // TODO: make this customizable?
@@ -12,13 +12,13 @@ process.env.NO_UPDATE_NOTIFIER = 1;
 const isWindows = process.platform === "win32";
 
 // Make virtualenv
-execSync(`python3 -m venv ${VENV_NAME}`);
+execFileSync("python3", ["-m", "venv", VENV_NAME]);
 
 // Upgrade pip
-execSync(`${getVenvBin("python3")} -m pip install --quiet --upgrade pip`);
+execFileSync(getVenvBin("python3"), ["-m", "pip", "install", "--quiet", "--upgrade", "pip"]);
 
 // Install prysk
-execSync(`${getVenvBin("pip")} install "prysk==0.15.2"`);
+execFileSync(getVenvBin("pip"), ["install", "prysk==0.15.2"]);
 
 // Which tests do we want to run?
 const testArg = process.argv[3] ? process.argv[3] : process.argv[2];
@@ -34,11 +34,12 @@ const flags = [
   isWindows ? "--dos2unix" : "",
 ].join(" ");
 
-const cmd = [getVenvBin("prysk"), flags, tests].join(" ");
-console.log(`Running ${cmd}`);
+const cmd = getVenvBin("prysk");
+const args = [...flags.split(" "), tests];
+console.log(`Running ${cmd} ${args.join(" ")}`);
 
 try {
-  execSync(cmd, { stdio: "inherit", env: process.env });
+  execFileSync(cmd, args, { stdio: "inherit", env: process.env });
 } catch (e) {
   // Swallow the node error stack trace. stdio: inherit should
   // already have the test failures printed. We don't need the Node.js