Skip to content

fix: Use environment variable for Node.js version in echo command#70

Merged
Mrtenz merged 1 commit into
mainfrom
mrtenz/fix-node-version-echo
Jun 9, 2026
Merged

fix: Use environment variable for Node.js version in echo command#70
Mrtenz merged 1 commit into
mainfrom
mrtenz/fix-node-version-echo

Conversation

@Mrtenz

@Mrtenz Mrtenz commented Jun 9, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Member

The "Print Node.js version" step interpolates the node version directly into the shell command via ${{ ... }}, which is a GitHub Actions expression injection anti-pattern.

This changes it to pass the value through an env variable instead, which is the recommended safe approach.

Note

Low Risk
Logging-only change with no behavior or security surface beyond avoiding expression injection in one echo step.

Overview
The Print Node.js version step no longer embeds ${{ steps.setup-node.outputs.node-version }} in the run script. It sets NODE_VERSION in env and echoes $NODE_VERSION in bash, matching GitHub’s guidance to avoid expression injection in shell steps.

Logged output is unchanged; only how the version is passed into the shell differs.

Reviewed by Cursor Bugbot for commit 741aae0. Bugbot is set up for automated code reviews on this repo. Configure here.

@Mrtenz Mrtenz marked this pull request as ready for review June 9, 2026 08:15
@Mrtenz Mrtenz requested a review from a team as a code owner June 9, 2026 08:15
@Mrtenz Mrtenz merged commit f1ef8ba into main Jun 9, 2026
35 checks passed
@Mrtenz Mrtenz deleted the mrtenz/fix-node-version-echo branch June 9, 2026 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cryptodev-2s cryptodev-2s cryptodev-2s approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mrtenz @cryptodev-2s