From 2d38d14703dd701b73bb1e958eccb79b0d02b0c9 Mon Sep 17 00:00:00 2001 From: Pieter Noordhuis Date: Thu, 25 Jan 2024 13:18:35 +0100 Subject: [PATCH] Use latest patch release of Go toolchain (#1152) ## Changes This was pinned to 1.21.0 and included a vulnerability as reported in #1150. The vulnerability does not affect the prior CLI releases as it requires a user to execute Go commands from within compromised module directories. Fixes #1150. --- .github/workflows/push.yml | 4 ++-- .github/workflows/release-snapshot.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index ae724b31..26f85982 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -33,7 +33,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: 1.21.0 + go-version: 1.21.x - name: Setup Python uses: actions/setup-python@v4 @@ -68,7 +68,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: 1.21.0 + go-version: 1.21.x # No need to download cached dependencies when running gofmt. cache: false diff --git a/.github/workflows/release-snapshot.yml b/.github/workflows/release-snapshot.yml index b9af537d..d092a669 100644 --- a/.github/workflows/release-snapshot.yml +++ b/.github/workflows/release-snapshot.yml @@ -21,7 +21,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: 1.21.0 + go-version: 1.21.x - name: Hide snapshot tag to outsmart GoReleaser run: git tag -d snapshot || true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0d7c859f..378fbbd6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: 1.21.0 + go-version: 1.21.x - name: Run GoReleaser id: releaser