Merge pull request #20 from VantaInc/showzeb/VM-4639

showzeb110 · web-flow · commit 14b4f619440e · 2025-06-05T17:17:55.000-04:00
Fixing Command Injection vulnerability
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -35,7 +35,9 @@ jobs:
         
       - name: Update version if specified
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != ''
-        run: npm version ${{ github.event.inputs.version }} --no-git-tag-version
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+        run: npm version "$VERSION" --no-git-tag-version
         
       - name: Publish to NPM
         run: npm publish --access public
