From ddf7f82e65e5e57f0d5c499ed6f56234cb686eb3 Mon Sep 17 00:00:00 2001
From: Changaco <changaco@changaco.oy.lc>
Date: Fri, 10 Apr 2026 13:46:44 +0000
Subject: [PATCH 1/2] add missing `context` argument to `urlopen` call

---
 github_backup/github_backup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/github_backup/github_backup.py b/github_backup/github_backup.py
index ae4ef2e..6670d2d 100644
--- a/github_backup/github_backup.py
+++ b/github_backup/github_backup.py
@@ -1297,7 +1297,7 @@ def get_jwt_signed_url_via_markdown_api(url, token, repo_context):
         request.add_header("Content-Type", "application/json")
         request.add_header("Accept", "application/vnd.github+json")
 
-        html = urlopen(request, timeout=30).read().decode("utf-8")
+        html = urlopen(request, context=https_ctx, timeout=30).read().decode("utf-8")
 
         # Parse JWT-signed URL from HTML response
         # Format: <img src="https://private-user-images.githubusercontent.com/...?jwt=..." ...>

From 2f130ecd6692bf8bc6e51bade07b5f36e56181ff Mon Sep 17 00:00:00 2001
From: Changaco <changaco@changaco.oy.lc>
Date: Fri, 10 Apr 2026 13:54:13 +0000
Subject: [PATCH 2/2] remove bad invocation of the system shell

---
 github_backup/github_backup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/github_backup/github_backup.py b/github_backup/github_backup.py
index 6670d2d..80689b8 100644
--- a/github_backup/github_backup.py
+++ b/github_backup/github_backup.py
@@ -2980,7 +2980,7 @@ def fetch_repository(
     masked_remote_url = mask_password(remote_url)
 
     initialized = subprocess.call(
-        "git ls-remote " + remote_url, stdout=FNULL, stderr=FNULL, shell=True
+        ["git", "ls-remote", remote_url], stdout=FNULL, stderr=FNULL
     )
     if initialized == 128:
         if ".wiki.git" in remote_url: