Skip to content

chore(deps): update golang docker tag to v1.26#211

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/golang-1.x
Open

chore(deps): update golang docker tag to v1.26#211
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/golang-1.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
golang container minor 1.221.26

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 4, 2026

Copy link
Copy Markdown

🤖 Finished Review · ❌ Failure · Started 1:31 AM UTC · Completed 1:37 AM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-review

Copy link
Copy Markdown

Review

Findings

High

  • [protected-path] .github/workflows/slack-message.yml — This PR modifies a file under the .github/ protected path without a linked issue justifying the change. While the change is a mechanical dependency update by Renovate, human approval is always required for protected-path changes. No linked issue was found to authorize modifications to governance/infrastructure files.
    Remediation: Link an issue authorizing the modification of .github/ files, or obtain explicit human maintainer approval.

Medium

  • [version-consistency] .github/workflows/slack-message.yml:21 — The container image is updated to golang:1.26, but the setup-go action on line 21 still specifies go-version: '1.22'. This version mismatch means the workflow may build with Go 1.22 (installed by setup-go) instead of Go 1.26 (provided by the container), defeating the purpose of this dependency update.
    Remediation: Update go-version on line 21 from '1.22' to '1.26' to match the container image, or remove the setup-go step entirely since the golang container already provides the desired Go version.

Low

  • [GHA workflow command injection] .github/workflows/slack-message.yml:25 — Pre-existing issue (not introduced by this PR): the output of curl -s ${{ secrets.URL }} is written to $GITHUB_ENV without delimiter-based syntax. If the response body contains newlines, it could inject additional environment variables. The URL is a repository secret controlled by maintainers, limiting the attack surface.
    Remediation: Use delimiter-based GITHUB_ENV syntax for multi-line safety.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants