actions
/
setup-go
mirror of https://github.com/actions/setup-go.git
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
347 Commits
23 Branches
48 Tags
218 MiB
main
dependabot/npm_and_yarn/typescript-eslint/parser-8.46.2
dependabot/npm_and_yarn/types/node-24.9.1
dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.46.2
dependabot/npm_and_yarn/multi-1deb01d5f2
dependabot/npm_and_yarn/eslint-config-prettier-10.1.8
dependabot/npm_and_yarn/nock-14.0.10
dependabot/github_actions/actions/publish-action-0.4.0
node24-fix
node24
test-macos-x64-runner
releases/v5
restore-v4-release
add-publish-immutable-actions
restore-v3-release
thboop/node16update
releases/v1
master
goenv
matcher
binpath
v2-proxy
ethomson/update_description
v1
v2-beta
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v3
v3.0.0
v3.1.0
v3.2.0
v3.2.1
v3.3.0
v3.3.1
v3.4.0
v3.5.0
v3.6.0
v3.6.1
v4
v4.0.0
v4.0.1
v4.1.0
v4.2.0
v4.2.1
v5
v5.0.0
v5.0.1
v5.0.2
v5.1.0
v5.2.0
v5.3.0
v5.4.0
v5.5.0
v6
v6.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7bc60db215'
${ noResults }
Commit Graph

1 Commits (7bc60db215a8b16959b0b5cccfdc95950d697b25)

Author SHA1 Message Date
Matthew Hughes e75c3e80bc
Bump `form-data` to bring in fix for critical vulnerability (#618) 
The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
 3 months ago