Skip to content

chore(deps): pin dependencies #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): pin dependencies #201

wants to merge 1 commit into from

Conversation

@renovate-sh-app
Copy link

@renovate-sh-app renovate-sh-app bot commented Oct 23, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action pinDigest -> f43a0e5
actions/setup-go action pinDigest -> 19bb512
actions/setup-go action pinDigest -> be3c94b
goreleaser/goreleaser-action action pinDigest -> 5fdedb9

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.

@renovate-sh-app
chore(deps): pin dependencies
65b23a8 
Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 23, 2025
View reviewed changes
.github/workflows/release.yml
fetch-depth: 0
- run: git fetch --force --tags
- uses: actions/setup-go@v4
- uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639 # v4

Check failure

Code scanning / zizmor

runtime artifacts potentially vulnerable to a cache poisoning attack Error

runtime artifacts potentially vulnerable to a cache poisoning attack
@github-actions
Copy link

github-actions bot commented Oct 23, 2025

😢 zizmor failed with exit code 14.

Expand for full output 
error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/release.yml:16:9
   |
 3 | / on:
 4 | |   push:
 5 | |     tags:
 6 | |       - 'v[0-9]+.[0-9]+.[0-9]+'
   | |_______________________________- generally used when publishing artifacts generated at runtime
...
16 |         - uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639 # v4
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low
   = note: this finding has an auto-fix

9 findings (4 ignored, 4 suppressed, 1 fixable): 0 informational, 0 low, 0 medium, 1 high

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants