From a56186bbcb887668cd82592ae5092997da041517 Mon Sep 17 00:00:00 2001
From: Cameron Banowsky <46797044+anoncam@users.noreply.github.com>
Date: Fri, 27 Feb 2026 16:44:15 -0800
Subject: [PATCH] Potential fix for code scanning alert no. 19: Code injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/release-with-sbom.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-with-sbom.yml b/.github/workflows/release-with-sbom.yml
index 381afea..ad2e161 100644
--- a/.github/workflows/release-with-sbom.yml
+++ b/.github/workflows/release-with-sbom.yml
@@ -554,8 +554,10 @@ jobs:
         # No NODE_AUTH_TOKEN needed - using npm Trusted Publishers (OIDC)
 
       - name: Release complete
+        env:
+          RELEASE_VERSION: ${{ steps.version.outputs.version }}
         run: |
           echo "✅ Release process complete"
-          echo "Version: v${{ steps.version.outputs.version }}"
+          echo "Version: v$RELEASE_VERSION"
           echo "Release URL: ${{ steps.create_release.outputs.url }}"
           echo "SBOM and detailed release notes published to GitHub release"