)]}'
{
  "commit": "032d45514ae346b1db93c04b0c90b841c370344f",
  "tree": "4c86f4f9236039c017ad065c0829962a2c37f887",
  "parents": [
    "3fa7bd9cee2cfdf3499a8803b226e43de7b7cdb4"
  ],
  "author": {
    "name": "Roland Shoemaker",
    "email": "roland@golang.org",
    "time": "Mon Jul 06 14:30:25 2026 -0700"
  },
  "committer": {
    "name": "Gopher Robot",
    "email": "gobot@golang.org",
    "time": "Tue Jul 07 08:37:04 2026 -0700"
  },
  "message": "action.yml: use step-level env vars instead of direct vars in commands\n\nIt seems unlikely that users would configure this action in a way to\nallow injection of malicious content into the commands we run, but\nbetter to be safe here, since GitHub Actions are a footgun with a hair\ntrigger.\n\nChange-Id: I8d137a1f98f832c8d22506b309f20644fc74e4ec\nReviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/797300\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Neal Patel \u003cneal@golang.org\u003e\nTryBot-Bypass: Roland Shoemaker \u003croland@golang.org\u003e\nAuto-Submit: Roland Shoemaker \u003croland@golang.org\u003e\nCommit-Queue: Roland Shoemaker \u003croland@golang.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "7a33d71f18de00b8ea336f5699f99c1ddf7d04af",
      "old_mode": 33188,
      "old_path": "action.yml",
      "new_id": "6fe7e2c491bde72aa7a4d3b6775d15b7f1c8753f",
      "new_mode": 33188,
      "new_path": "action.yml"
    }
  ]
}
