fix(core): Correct process.version in expression sandbox (#26550)

Co-authored-by: manusjs <manusjs@users.noreply.github.com>
2026-05-12 16:10:30 +02:00 · 2026-03-24 16:00:31 +00:00 · 2026-03-24 16:00:31 +00:00 · fc0f0712d8
commit fc0f0712d8
parent 9775f96f15
2 changed files with 8 additions and 1 deletions
--- a/packages/workflow/src/expression.ts
+++ b/packages/workflow/src/expression.ts
@ -474,7 +474,7 @@ export class Expression {
 						pid: process.pid,
 						ppid: process.ppid,
 						release: process.release,
-						version: process.pid,
+						version: process.version,
 						versions: process.versions,
 					}
 				: {};
--- a/packages/workflow/test/expression.test.ts
+++ b/packages/workflow/test/expression.test.ts
@ -165,6 +165,13 @@ describe('Expression', () => {
 			expect(evaluate('={{Symbol(1).toString()}}')).toEqual(Symbol(1).toString());
 		});

+		it('should expose correct process properties in sandbox', () => {
+			expect(evaluate('={{process.version}}')).toMatch(/^v\d+\.\d+\.\d+/);
+			expect(evaluate('={{typeof process.pid}}')).toBe('number');
+			expect(evaluate('={{process.version}}')).not.toBe(process.pid);
+			expect(evaluate('={{process.version}}')).toBe(process.version);
+		});
+
 		it('should not able to do arbitrary code execution', () => {
 			const testFn = vi.fn();
 			Object.assign(global, { testFn });