Conversation
Dependency ReviewThe following issues were found:
Snapshot WarningsRe-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice. License Issuesgo.mod
OpenSSF ScorecardScorecard details
Scanned Files
|
|
Coverage Impact This PR will not change total coverage. 🚦 See full report on Qlty Cloud »🛟 Help
|
There was a problem hiding this comment.
Pull request overview
Updates GitHub Actions workflows to address security/code-scanning findings by tightening how third-party tooling is installed during CI checks.
Changes:
- Switches the TPIP workflow to install
go-licensesfrom the v2 module path. - Pins
pre-commitandcomment-parserto exact versions in the global workflow.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .github/workflows/tpip-check.yml | Updates the go-licenses installation source used for TPIP reporting/checks. |
| .github/workflows/global.yaml | Pins Python tooling versions used by the copyright notice check. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Fixes
Checklist