Use latest patch release of Go toolchain (#1152)

## Changes

This was pinned to 1.21.0 and included a vulnerability as reported in
#1150. The vulnerability does not affect the prior CLI releases as it
requires a user to execute Go commands from within compromised module
directories.

Fixes #1150.
This commit is contained in:
Pieter Noordhuis 2024-01-25 13:18:35 +01:00 committed by GitHub
parent 1fb15331c5
commit 2d38d14703
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 4 additions and 4 deletions

View File

@ -33,7 +33,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: 1.21.0 go-version: 1.21.x
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v4 uses: actions/setup-python@v4
@ -68,7 +68,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: 1.21.0 go-version: 1.21.x
# No need to download cached dependencies when running gofmt. # No need to download cached dependencies when running gofmt.
cache: false cache: false

View File

@ -21,7 +21,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: 1.21.0 go-version: 1.21.x
- name: Hide snapshot tag to outsmart GoReleaser - name: Hide snapshot tag to outsmart GoReleaser
run: git tag -d snapshot || true run: git tag -d snapshot || true

View File

@ -22,7 +22,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: 1.21.0 go-version: 1.21.x
- name: Run GoReleaser - name: Run GoReleaser
id: releaser id: releaser