GHSA-f6mm-5fc7-3g3c: goreleaser shows environment by default
Since #4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build
output is non-empty, goreleaser leaks the environment.
References
Detect and mitigate GHSA-f6mm-5fc7-3g3c with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →