Skip to content

gha: bump actions/setup-go from 6.1.0 to 6.2.0 #841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jauderho merged 1 commit into from
Jan 13, 2026
Merged

gha: bump actions/setup-go from 6.1.0 to 6.2.0 #841

jauderho merged 1 commit into from
Jan 13, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 13, 2026
edited by ellipsis-dev bot
Loading

Bumps actions/setup-go from 6.1.0 to 6.2.0.

Release notes

Sourced from actions/setup-go's releases.

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

Full Changelog: actions/setup-go@v6...v6.2.0

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Important

Bump actions/setup-go from 6.1.0 to 6.2.0 in build.yml and release.yml.

  • Dependency Update:
    • Bump actions/setup-go from 6.1.0 to 6.2.0 in build.yml and release.yml.
  • Workflow Changes:
    • Update Go setup step in build.yml and release.yml to use the new version of actions/setup-go.

This description was created by Ellipsis for 2e52ef0. You can customize this summary. It will automatically update as commits are pushed.

@dependabot
gha: bump actions/setup-go from 6.1.0 to 6.2.0
2e52ef0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4dc6199...7a3fe6c)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jan 13, 2026
@semanticdiff-com
Copy link

semanticdiff-com bot commented Jan 13, 2026
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  .github/workflows/build.yml  0% smaller
  .github/workflows/release.yml  0% smaller

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 13, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

ellipsis-dev[bot]
ellipsis-dev bot reviewed Jan 13, 2026
View reviewed changes
Copy link

@ellipsis-dev ellipsis-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important

Looks good to me! 👍

Reviewed everything up to 2e52ef0 in 1 minute and 34 seconds. Click for details.
  • Reviewed 26 lines of code in 2 files
  • Skipped 0 files when reviewing.
  • Skipped posting 2 draft comments. View those below.
  • Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. .github/workflows/build.yml:68
  • Draft comment:
    The commit hash has been updated to 7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5, but the inline comment still states '# v2.1.5'. Consider updating this comment if the version label has changed, to avoid confusion.
  • Reason this comment was not posted:
    Comment was on unchanged code.
2. .github/workflows/release.yml:67
  • Draft comment:
    The 'Set up Go' step now uses commit 7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 but the comment still reads '# v2.1.5'. Update the comment if the intended version label has changed.
  • Reason this comment was not posted:
    Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 15% vs. threshold = 50% The comment is essentially asking "update the comment if the intended version label has changed" - this is speculative and asks the author to verify their intention. The rules explicitly state "Do NOT ask the PR author to confirm their intention, to explain, to double-check things, to ensure the behavior is intended" and "Do NOT make speculative comments". The comment doesn't definitively state that the version comment is wrong - it just suggests updating it "if" the version changed. Without knowing whether the new commit hash actually corresponds to a different version than v2.1.5, this is speculative. The PR author likely updated the commit hash for security/pinning reasons while staying on the same version, which is a common practice. It's possible that the commit hash does correspond to a different version and the comment is genuinely outdated. If the version comment is actually incorrect, that could be misleading for future maintainers. However, I don't have evidence that v2.1.5 is wrong for the new commit hash. Without definitive evidence that the version comment is incorrect, this comment is speculative and asks the author to verify/confirm their intention ("if the intended version label has changed"). This violates the rules against speculative comments and asking authors to confirm things. The comment should only be kept if there's strong evidence the version label is actually wrong. Delete this comment. It's speculative and asks the author to verify their intention rather than pointing out a definite issue. Without strong evidence that v2.1.5 is incorrect for the new commit hash, this violates the rules.

Workflow ID: wflow_XooIv3lCHw6I9CW0

You can customize Ellipsis by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.

@jauderho jauderho merged commit fa7fedd into main Jan 13, 2026
9 of 17 checks passed
@jauderho jauderho deleted the dependabot/github_actions/actions/setup-go-6.2.0 branch January 13, 2026 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jauderho