From 7028d9b47f32e0a7ee8557b77990d6d6eb963b07 Mon Sep 17 00:00:00 2001
From: Florian Greinacher <florian@greinacher.de>
Date: Fri, 3 May 2024 11:31:15 +0200
Subject: [PATCH] ci(update): prevent possible code injection

---
 .github/workflows/update.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 28c8498aa..22e6c148f 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -41,10 +41,14 @@ jobs:
           git config --global user.email ${{ secrets.GIT_EMAIL }}
         
       - name: Update examples
-        run: yarn update:examples ${{ github.event.inputs.version }}
+        env:
+          NEW_VERSION: ${{ github.event.inputs.version }}      
+        run: yarn update:examples $NEW_VERSION
         
       - name: Update builders
-        run: yarn update:packages ${{ github.event.inputs.version }}
+        env:
+          NEW_VERSION: ${{ github.event.inputs.version }}     
+        run: yarn update:packages $NEW_VERSION
       
       - name: Install updated dependencies
         run: yarn