From 68977ec0b5a446286668170dd72bdf59695f8cd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A7=80=E5=90=89?= <84045975+thc1006@users.noreply.github.com> Date: Sun, 12 Jul 2026 03:25:44 +0800 Subject: [PATCH] fix(ci): pin govulncheck-action to the v1.1.0 release (#32304) golang/govulncheck-action published v1.1.0 on 2026-07-10, tagging the master commit (032d455) the govulncheck step was already pinned to. Update the pin comment to # pin@v1.1.0 so it matches the repo's pin@ convention and Dependabot can track the action by semver again. The pinned SHA is unchanged; v1.1.0 points to that commit, so CI behavior is identical and only the trailing comment changes. Closes: #32301 Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com> --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 5e5111432..c7c9b3d53 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -30,6 +30,6 @@ jobs: go-version: '${{ env.GOLANG_VERSION }}' check-latest: true - name: govulncheck - uses: golang/govulncheck-action@032d45514ae346b1db93c04b0c90b841c370344f # pin@032d455 (from main 2026-07-06) + uses: golang/govulncheck-action@032d45514ae346b1db93c04b0c90b841c370344f # pin@v1.1.0 with: go-package: ./...