(release-1.11): Update go.mod dependencies [SECURITY] #439
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io> | |
# | |
# SPDX-License-Identifier: CC0-1.0 | |
name: Backport | |
on: | |
# NOTE(negz): This is a risky target, but we run this action only when and if | |
# a PR is closed, then filter down to specifically merged PRs. We also don't | |
# invoke any scripts, etc from within the repo. I believe the fact that we'll | |
# be able to review PRs before this runs makes this fairly safe. | |
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
pull_request_target: | |
types: [closed] | |
# See also backport-trigger.yml for the /backport triggered variant of this workflow. | |
jobs: | |
open-pr: | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.merged | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Open Backport PR | |
uses: zeebe-io/backport-action@be567af183754f6a5d831ae90f648954763f17f5 # v3.1.0 |