actions/setup-go
1
0
Fork 0
mirror of https://github.com/actions/setup-go.git synced 2025-09-04 03:16:26 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
342 Commits 21 Branches 46 Tags
e75c3e80bcde46e322cd5845ae46582947c9becd
Commit Graph

1 Commits

Author SHA1 Message Date
Matthew Hughes
e75c3e80bc Bump form-data to bring in fix for critical vulnerability (#618)
Some checks failed
Validate 'setup-go' / setup-versions-from-manifest (1.20.14, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.21.10, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.21.10, macos-latest) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.21.10, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, macos-latest) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, macos-latest) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-dist (1.11.12, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / setup-versions-from-dist (1.11.12, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (arm64, 1.20.14, macos-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (arm64, 1.21, macos-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (arm64, 1.22, macos-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (arm64, 1.23, macos-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.20.14, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.20.14, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.21, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.21, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.22, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.22, windows-latest) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.23, macos-13) (push) Has been cancelled
Details
Validate 'setup-go' / architecture (x64, 1.23, windows-latest) (push) Has been cancelled
Details
Validate Windows installation / Validate if symlink is created (false, 1.20.1) (push) Has been cancelled
Details
Validate Windows installation / Validate if symlink is created (true, 1.20.1) (push) Has been cancelled
Details
Validate Windows installation / Find default go version (push) Has been cancelled
Details
Validate Windows installation / Validate if hostedtoolcache works as expected (false, 1.20.1) (push) Has been cancelled
Details
Validate Windows installation / Validate if symlink is not created for default go (false) (push) Has been cancelled
Details
Validate Windows installation / Validate if symlink is not created for default go (true) (push) Has been cancelled
Details 
The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
 2025-08-13 12:02:46 -05:00