From 6ab7dae251403540bf5694afc16f2bad8f167d56 Mon Sep 17 00:00:00 2001
From: "stepsecurity-app[bot]"
 <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date: Mon, 27 Apr 2026 21:23:28 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/setup-go/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/setup-go/action.yml b/.github/workflows/setup-go/action.yml
index 944f652..3a2a7ae 100644
--- a/.github/workflows/setup-go/action.yml
+++ b/.github/workflows/setup-go/action.yml
@@ -25,7 +25,7 @@ runs:
     # For libraries then we use the latest patch version of the minor go version.
     # This should not be used for services.
     - name: Split version code
-      uses: xom9ikk/split@10ba6c9f71c5953bc304e21781213e933b043891 #v1.1
+      uses: step-security/split-strings@d2212424ae73f4709b3a56faaf96ea42d189102f # v1.0.1
       id: split
       with:
         string: ${{ steps.go-version.outputs.go-mod-version }}