ci: bump golangci/golangci-lint-action from 6 to 9#648
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
bot
added
the
dependencies
There was a problem hiding this comment.
Pull request overview
This PR updates the golangci-lint-action from version 6 to version 9 in the GitHub Actions workflow, bringing in Node.js 24 runtime support and new features like module plugin system support.
Changes:
- Bump golangci/golangci-lint-action from v6 to v9
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/github_actions/golangci/golangci-lint-action-9
branch
2 times, most recently
from
0e93964 to
916646e
Compare
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/github_actions/golangci/golangci-lint-action-9
branch
from
916646e to
5680554
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
@dependabot rebase |
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
|
@dependabot recreate |
dependabot
bot
force-pushed
the
dependabot/github_actions/golangci/golangci-lint-action-9
branch
from
4c9af60 to
6496edd
Compare
|
why is it using commit hashes instead of version numbers? |
It protects from a supply chain attack by binding to a known good commit. |
|
@dependabot recreate |
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 9. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v6...v9) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/golangci/golangci-lint-action-9
branch
from
05a8240 to
935d926
Compare
Pin 3rd party actions to specific commit SHAs to mitigate supply chain attacks (CWE-829). If a bad actor compromises an action's repository, they cannot affect our workflows since we reference immutable commits. Actions pinned: - actions/setup-go@7a3fe6c (v6.2.0) - golangci/golangci-lint-action@1e7e51e (v9.0.0) Resolves code scanning alert #11
dlevy-msft-sql
force-pushed
the
dependabot/github_actions/golangci/golangci-lint-action-9
branch
from
a621d1d to
9fcdebb
Compare
dlevy-msft-sql
deleted the
dependabot/github_actions/golangci/golangci-lint-action-9
branch
Bumps golangci/golangci-lint-action from 6 to 9.
Release notes
Sourced from golangci/golangci-lint-action's releases.
... (truncated)
Commits
1e7e51ebuild(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group (#1324)5256ff0build(deps-dev): bump the dev-dependencies group with 3 updates (#1323)13fed6fchore: update workflows7afe8ffchore: update workflows5a92899chore: move samples into fixtures (#1321)aa6fad0feat: add version-file option (#1320)a6071aabuild(deps): bump actions/checkout from 5 to 6 (#1318)6e36c84build(deps-dev): bump the dev-dependencies group with 2 updates (#1317)e7fa5acfeat: automatic module directories (#1315)f3ae99fdocs: organize options (#1314)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)