derrickaw opened a new pull request, #38942: URL: https://github.com/apache/beam/pull/38942
Potential fix for [https://github.com/apache/beam/security/code-scanning/1](https://github.com/apache/beam/security/code-scanning/1) Use strict parsing + sanitization before writing to `$GITHUB_ENV`: - Read only the first `sdk_version=` line from `gradle.properties`. - Extract the value safely. - Reject values containing CR/LF (prevents env-file line injection). - Optionally validate expected version format to keep behavior aligned with intended semantics. - Write using `printf` to avoid shell echo quirks. Change only `.github/workflows/beam_Publish_Beam_SDK_Snapshots.yml` in the `Find Beam Version` step (lines around 90–92). No import/dependency changes are needed. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
