Bump andrewslotin/go-proxy-pull-action from 1.3.0 to 1.4.0

[dependabot]

Bumps andrewslotin/go-proxy-pull-action from 1.3.0 to 1.4.0.

Release notes

Sourced from andrewslotin/go-proxy-pull-action's releases.

v1.4.0

What's Changed

• Update Dockerfile to Go 1.25 by @​wolf31o2 in andrewslotin/go-proxy-pull-action#13

Full Changelog: andrewslotin/go-proxy-pull-action@v1.3.0...v1.4.0

Commits

• e5aea3b Merge pull request #13 from wolf31o2/fix/go-1.25
• eee4b5d Update Dockerfile to Go 1.25
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[senzingdevops]

Automated: approving this pull request because it includes a minor update

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: Version bump of andrewslotin/go-proxy-pull-action from v1.3.0 to v1.4.0 in .github/workflows/go-proxy-pull.yaml.

---

Code Quality

• ✅ Style guide — Single-line change in a YAML workflow file; no style violations.
• ✅ No commented-out code — None present.
• ✅ Meaningful variable names — N/A for this change.
• ✅ DRY principle — N/A for this change.
• ✅ Defects — No logic errors; straightforward dependency version bump.
• ✅ CLAUDE.md — No issues; project config is appropriately general.

Testing

• ✅ Unit/integration tests — N/A; this is a CI workflow dependency update, not application code.
• ✅ Edge cases / coverage — N/A.

Documentation

• ✅ README — No update needed for a CI action bump.
• ✅ CHANGELOG.md — Not required for a dependency bump in a workflow file; acceptable to omit.
• ✅ Inline comments — N/A.
• ✅ Markdown formatting — N/A.

Security

• ✅ No hardcoded credentials — None present.
• ✅ No sensitive data — N/A.
• ⚠️ Action pinning — The action is referenced by a mutable tag (v1.4.0) rather than a pinned commit SHA. This is a minor supply-chain risk: if the tag is force-pushed, the workflow would silently run different code. Consider pinning to a full commit SHA (e.g., andrewslotin/go-proxy-pull-action@<sha>) for stronger security guarantees. This is a low-severity finding and common practice varies by team policy.
• ✅ No license files (.lic / AQAAAD strings) — None present.

---

Verdict: Approve. The change is a routine dependency bump with no functional risk. The action tag pinning note above is a minor observation — address it if your security policy requires SHA pinning for third-party actions.

Automated code review analyzing defects and coding standards

[github-actions]

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter