fix: validate GitHub API response is an array before parsing releases (#13)

Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com>

Author: yordis

.github/workflows/autobump.yml

@@ -70,9 +70,18 @@ jobs:
       - name: Get latest upstream version
         id: upstream
         run: |
-          TAG=$(curl -sL \
+          RESPONSE=$(curl -fsSL \
             -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-            "https://api.github.com/repos/${{ matrix.upstream_repo }}/releases?per_page=100" \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            "https://api.github.com/repos/${{ matrix.upstream_repo }}/releases?per_page=100")
+
+          if ! echo "$RESPONSE" | jq -e 'type == "array"' > /dev/null 2>&1; then
+            echo "::error::GitHub API did not return an array for ${{ matrix.upstream_repo }}/releases. Response: $(echo "$RESPONSE" | jq -c .)"
+            exit 1
+          fi
+
+          TAG=$(echo "$RESPONSE" \
             | jq -r --arg prefix "${{ matrix.tag_prefix }}" \
               '[.[] | select(.tag_name | startswith($prefix) and (contains("/") | not))] | first | .tag_name | ltrimstr($prefix)')
           echo "version=$TAG" >> $GITHUB_OUTPUT