Closed fxamacker closed 6 months ago
Dependencies are not pinned in the CodeQL workflow.
Having unpinned dependencies can reduce the project's quality score computed by 3rd parties (e.g. OpenSSF Scorecard).
Pin dependencies in CodeQL workflow.
While at it, also bump version of Go from 1.19 to 1.20.
Issue To Be Solved
Dependencies are not pinned in the CodeQL workflow.
Having unpinned dependencies can reduce the project's quality score computed by 3rd parties (e.g. OpenSSF Scorecard).
Suggested Solution
Pin dependencies in CodeQL workflow.
While at it, also bump version of Go from 1.19 to 1.20.