fix: Prevent JavaScript injection in fontFamily configuration #45

	name: Release Please

	permissions: {}

	defaults:
	run:
	shell: bash

	on:
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: false

	jobs:
	release-please:
	timeout-minutes: 10
	runs-on: ubuntu-latest
	permissions:
	contents: write # for create a release
	pull-requests: write # for open a pull request
	issues: write # for create labels
	outputs:
	should-release: ${{ steps.release-please.outputs.release_created }}
	steps:
	- uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0
	id: release-please
	with:
	release-type: simple
	token: ${{ github.token }}

	release:
	needs: release-please
	if: ${{ needs.release-please.outputs.should-release == 'true' }}
	timeout-minutes: 10
	permissions:
	contents: write
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	fetch-depth: 0
	- uses: ./.github/actions/setup
	- run: goreleaser release --clean
	env:
	GITHUB_TOKEN: ${{ github.token }}
	TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}

Provide feedback