From 342a554bfc952ab699f1fced35f46732832de7d9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Feb 2026 22:08:56 +0000
Subject: [PATCH 1/2] Initial plan


From 1c83829713eb5356fb865a9f470ebfb1c33f9010 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Feb 2026 22:12:08 +0000
Subject: [PATCH 2/2] Validate VERSION format before writing to GITHUB_OUTPUT
 in monorepo-release workflow

Co-authored-by: pmalarme <686568+pmalarme@users.noreply.github.com>
---
 .github/workflows/monorepo-release.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/monorepo-release.yml b/.github/workflows/monorepo-release.yml
index 4290e18..615e869 100644
--- a/.github/workflows/monorepo-release.yml
+++ b/.github/workflows/monorepo-release.yml
@@ -39,6 +39,13 @@ jobs:
         run: |
           VERSION=$(grep -m1 '^version' pyproject.toml \
             | sed 's/version *= *"\(.*\)"/\1/')
+
+          # Validate format before writing to GITHUB_OUTPUT
+          if [[ ! "$VERSION" =~ ^[0-9a-zA-Z._-]+$ ]]; then
+            echo "::error::Unexpected version format: '${VERSION}'" >&2
+            exit 1
+          fi
+
           echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
           echo "tag=v${VERSION}" >> "$GITHUB_OUTPUT"
           echo "Monorepo version: ${VERSION}"