Use latest patch release of Go toolchain (#1152)

## Changes

This was pinned to 1.21.0 and included a vulnerability as reported in
#1150. The vulnerability does not affect the prior CLI releases as it
requires a user to execute Go commands from within compromised module
directories.

Fixes #1150.
This commit is contained in:
Pieter Noordhuis 2024-01-25 13:18:35 +01:00 committed by GitHub
parent 1fb15331c5
commit 2d38d14703
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 4 additions and 4 deletions

View File

@ -33,7 +33,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: 1.21.0
go-version: 1.21.x
- name: Setup Python
uses: actions/setup-python@v4
@ -68,7 +68,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: 1.21.0
go-version: 1.21.x
# No need to download cached dependencies when running gofmt.
cache: false

View File

@ -21,7 +21,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: 1.21.0
go-version: 1.21.x
- name: Hide snapshot tag to outsmart GoReleaser
run: git tag -d snapshot || true

View File

@ -22,7 +22,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: 1.21.0
go-version: 1.21.x
- name: Run GoReleaser
id: releaser