💡 Summary
We should improve the security of the Python code used in the bump-version script.
Motivation and context
In a downstream pull request Copilot was assigned to review and raised the following comments related to user input and the inline Python code used in the script:
cisagov/skeleton-aws-lambda-python#35 (comment)
cisagov/skeleton-aws-lambda-python#35 (comment)
If we were to automate usage of this script in GitHub Actions or leverage an LLM for automation it would be better to ensure the script has appropriate guard rails.
Implementation notes
Copilot's suggestions should be vettted for quality and fit.
Acceptance criteria
💡 Summary
We should improve the security of the Python code used in the
bump-versionscript.Motivation and context
In a downstream pull request Copilot was assigned to review and raised the following comments related to user input and the inline Python code used in the script:
cisagov/skeleton-aws-lambda-python#35 (comment)
cisagov/skeleton-aws-lambda-python#35 (comment)
If we were to automate usage of this script in GitHub Actions or leverage an LLM for automation it would be better to ensure the script has appropriate guard rails.
Implementation notes
Copilot's suggestions should be vettted for quality and fit.
Acceptance criteria
bump-versionscript better protects against malicious user input