Bump actions/setup-go from 6.3.0 to 6.4.0#182
Conversation
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v6.3.0...v6.4.0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Code Review SummaryStatus: No Issues Found | Recommendation: Merge Files Reviewed (3 files)
|
🤖 Augment PR SummarySummary: Updates GitHub CI workflows to use 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| submodules: recursive | ||
|
|
||
| - uses: actions/setup-go@v6.3.0 | ||
| - uses: actions/setup-go@v6.4.0 |
There was a problem hiding this comment.
CI workflows can run with significant privileges; consider pinning actions/setup-go to a specific commit SHA (instead of the mutable v6.4.0 tag) to reduce supply-chain risk from tag retargeting.
Other locations where this applies: .github/workflows/acceptance-testing-e2e.yml:18, .github/workflows/acceptance-testing-e2e.yml:66, .github/workflows/unit-testing.yml:18
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
Bumps actions/setup-go from 6.3.0 to 6.4.0.
Release notes
Sourced from actions/setup-go's releases.
Commits
4a36011docs: fix Microsoft build of Go link (#734)8f19afcfeat: add go-download-base-url input for custom Go distributions (#721)27fdb26Bump minimatch from 3.1.2 to 3.1.5 (#727)def8c39Rearrange README.md, add advanced-usage.md (#724)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)