fix shell injection vulnerability in subprocess call (#2786)

pytorch_lightning/trainer/training_io.py

@@ -226,11 +226,11 @@ def sig_handler(self, signum, frame):  # pragma: no-cover
 
             # find job id
             job_id = os.environ['SLURM_JOB_ID']
-            cmd = 'scontrol requeue {}'.format(job_id)
+            cmd = ['scontrol', 'requeue', job_id]
 
             # requeue job
             log.info(f'requeing job {job_id}...')
-            result = call(cmd, shell=True)
+            result = call(cmd)
 
             # print result text
             if result == 0: