Skip to content

Bump golangci/golangci-lint-action from 8 to 9 #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from

Bump golangci/golangci-lint-action from 8 to 9

ee32d59
Select commit
Loading
Failed to load commit list.
Open

Bump golangci/golangci-lint-action from 8 to 9 #31

Bump golangci/golangci-lint-action from 8 to 9
ee32d59
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Code Policies succeeded Nov 10, 2025 in 0s

DryRun Security

Details

Code Policy Results

Policy GitHub Action Policy
Result Identified GitHub Actions Risks - [Line 16] Use of a third-party action: "golangci/golangci-lint-action@v9". While version-tagged, it is not pinned to a specific commit SHA. Tags are mutable, and third-party actions increase supply-chain risk. Consider pinning to a verified commit SHA. - [Line 18] The action input "version: latest" introduces a mutable dependency (the golangci-lint binary version). Using "latest" can pull unvetted updates or compromised releases, and undermines reproducibility. Prefer a specific, vetted version. - No use of run: commands, permissions changes, secrets exposure, or pull_request_target trigger are visible in this patch segment.
View more details on DryRunSecurity