Fixing Command Injection vulnerability

showzeb110 · showzeb110 · commit 54d671d09199 · 2025-06-05T16:52:48.000-04:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -35,7 +35,9 @@ jobs:
         
       - name: Update version if specified
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != ''
-        run: npm version ${{ github.event.inputs.version }} --no-git-tag-version
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+        run: npm version "$VERSION" --no-git-tag-version
         
       - name: Publish to NPM
         run: npm publish --access public
