Compare commits

...

11 Commits

Author SHA1 Message Date
Priya Gupta
83e99e7384 Upgrade actions/checkout to v5 and actions/setup-go to v6 in README.md 2025-09-02 21:54:12 +05:30
Aparna Jyothi
4cf7c0560d node update from the workflows 2025-09-02 21:53:45 +05:30
Aparna Jyothi
4fc21c0d5d npm run format 2025-08-20 10:26:44 +05:30
Aparna Jyothi
da434008b8 npm run format 2025-08-20 10:25:25 +05:30
Aparna Jyothi
565ba0f11a update node24 2025-08-19 17:55:57 +05:30
Aparna Jyothi
7ca6144633 package-lock.json update 2025-08-19 16:23:34 +05:30
Aparna Jyothi
af03c14274 check failure fix 2025-08-14 19:11:11 +05:30
Aparna Jyothi
c3e3067955 Merge remote-tracking branch 'origin/main' into node24-fix 2025-08-14 19:05:12 +05:30
Aparna Jyothi
d7ffe7f414 update package.json version 2025-08-14 18:58:44 +05:30
Aparna Jyothi
22d9ca5e06 upgrade @types/node 2025-08-14 18:56:26 +05:30
Matthew Hughes
e75c3e80bc Bump form-data to bring in fix for critical vulnerability (#618)
Some checks failed
Validate 'setup-go' / setup-versions-from-manifest (1.20.14, windows-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.21.10, macos-13) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.21.10, macos-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.21.10, windows-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, macos-13) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, macos-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, windows-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, macos-13) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, macos-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, windows-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-dist (1.11.12, macos-13) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-dist (1.11.12, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.20.14, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.21, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.22, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.23, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.20.14, macos-13) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.20.14, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.21, macos-13) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.21, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.22, macos-13) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.22, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.23, macos-13) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.23, windows-latest) (push) Has been cancelled
Validate Windows installation / Validate if symlink is created (false, 1.20.1) (push) Has been cancelled
Validate Windows installation / Validate if symlink is created (true, 1.20.1) (push) Has been cancelled
Validate Windows installation / Find default go version (push) Has been cancelled
Validate Windows installation / Validate if hostedtoolcache works as expected (false, 1.20.1) (push) Has been cancelled
Validate Windows installation / Validate if symlink is not created for default go (false) (push) Has been cancelled
Validate Windows installation / Validate if symlink is not created for default go (true) (push) Has been cancelled
The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
2025-08-13 12:02:46 -05:00
10 changed files with 47 additions and 44 deletions

View File

@@ -15,4 +15,4 @@ jobs:
name: Basic validation name: Basic validation
uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main
with: with:
node-version: '20' node-version: '24.x'

View File

@@ -16,4 +16,4 @@ jobs:
name: Check dist/ name: Check dist/
uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
with: with:
node-version: '20' node-version: '24.x'

View File

@@ -1,6 +1,6 @@
--- ---
name: "@types/node" name: "@types/node"
version: 20.11.28 version: 24.1.0
type: npm type: npm
summary: TypeScript definitions for node summary: TypeScript definitions for node
homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node

View File

@@ -29,4 +29,3 @@ licenses:
THE SOFTWARE. THE SOFTWARE.
notices: [] notices: []
...

View File

@@ -1,15 +1,17 @@
--- ---
name: undici-types name: undici-types
version: 5.26.5 version: 7.8.0
type: npm type: npm
summary: A stand-alone types package for Undici summary: A stand-alone types package for Undici
homepage: https://undici.nodejs.org homepage: https://undici.nodejs.org
license: mit license: mit
licenses: licenses:
- sources: Auto-generated MIT license text - sources: LICENSE
text: | text: |
MIT License MIT License
Copyright (c) Matteo Collina and Undici contributors
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights in the Software without restriction, including without limitation the rights

View File

@@ -50,8 +50,8 @@ Matching by [semver spec](https://github.com/npm/node-semver):
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: '^1.13.1' # The Go version to download (if necessary) and use. go-version: '^1.13.1' # The Go version to download (if necessary) and use.
- run: go version - run: go version
@@ -59,8 +59,8 @@ steps:
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: '>=1.17.0' go-version: '>=1.17.0'
- run: go version - run: go version
@@ -78,8 +78,8 @@ Matching an unstable pre-release:
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: '1.18.0-rc.1' # The Go version to download (if necessary) and use. go-version: '1.18.0-rc.1' # The Go version to download (if necessary) and use.
- run: go version - run: go version
@@ -87,8 +87,8 @@ steps:
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: '1.16.0-beta.1' # The Go version to download (if necessary) and use. go-version: '1.16.0-beta.1' # The Go version to download (if necessary) and use.
- run: go version - run: go version
@@ -102,8 +102,8 @@ See [action.yml](action.yml)
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: '1.16.1' # The Go version to download (if necessary) and use. go-version: '1.16.1' # The Go version to download (if necessary) and use.
- run: go run hello.go - run: go run hello.go
@@ -123,8 +123,8 @@ want the most up-to-date Go version to always be used.
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: '1.14' go-version: '1.14'
check-latest: true check-latest: true
@@ -144,8 +144,8 @@ set to `true`
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: 'stable' go-version: 'stable'
- run: go run hello.go - run: go run hello.go
@@ -153,8 +153,8 @@ steps:
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: 'oldstable' go-version: 'oldstable'
- run: go run hello.go - run: go run hello.go
@@ -176,8 +176,8 @@ If some problem that prevents success caching happens then the action issues the
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version: '1.17' go-version: '1.17'
check-latest: true check-latest: true
@@ -204,8 +204,8 @@ If both the `go-version` and the `go-version-file` inputs are provided then the
```yaml ```yaml
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- uses: actions/setup-go@v5 - uses: actions/setup-go@v6
with: with:
go-version-file: 'path/to/go.mod' go-version-file: 'path/to/go.mod'
- run: go version - run: go version
@@ -222,9 +222,9 @@ jobs:
go: [ '1.14', '1.13' ] go: [ '1.14', '1.13' ]
name: Go ${{ matrix.go }} sample name: Go ${{ matrix.go }} sample
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v5
- name: Setup go - name: Setup go
uses: actions/setup-go@v5 uses: actions/setup-go@v6
with: with:
go-version: ${{ matrix.go }} go-version: ${{ matrix.go }}
- run: go run hello.go - run: go run hello.go
@@ -252,7 +252,7 @@ If that fails as well the action will try to download versions directly from htt
If that fails as well you can get a higher rate limit with [generating a personal access token on github.com](https://github.com/settings/tokens/new) and passing it as the `token` input to the action: If that fails as well you can get a higher rate limit with [generating a personal access token on github.com](https://github.com/settings/tokens/new) and passing it as the `token` input to the action:
```yaml ```yaml
uses: actions/setup-go@v5 uses: actions/setup-go@v6
with: with:
token: ${{ secrets.GH_DOTCOM_TOKEN }} token: ${{ secrets.GH_DOTCOM_TOKEN }}
go-version: '1.18' go-version: '1.18'

22
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{ {
"name": "setup-go", "name": "setup-go",
"version": "5.0.0", "version": "6.0.0",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "setup-go", "name": "setup-go",
"version": "5.0.0", "version": "6.0.0",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/cache": "^4.0.3", "@actions/cache": "^4.0.3",
@@ -20,7 +20,7 @@
}, },
"devDependencies": { "devDependencies": {
"@types/jest": "^29.5.14", "@types/jest": "^29.5.14",
"@types/node": "^20.11.28", "@types/node": "^24.1.0",
"@types/semver": "^7.5.8", "@types/semver": "^7.5.8",
"@typescript-eslint/eslint-plugin": "^8.31.1", "@typescript-eslint/eslint-plugin": "^8.31.1",
"@typescript-eslint/parser": "^8.35.1", "@typescript-eslint/parser": "^8.35.1",
@@ -1602,11 +1602,12 @@
} }
}, },
"node_modules/@types/node": { "node_modules/@types/node": {
"version": "20.11.28", "version": "24.1.0",
"resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.28.tgz", "resolved": "https://registry.npmjs.org/@types/node/-/node-24.1.0.tgz",
"integrity": "sha512-M/GPWVS2wLkSkNHVeLkrF2fD5Lx5UC4PxA0uZcKc6QqbIQUJyW1jVjueJYi1z8n0I5PxYrtpnPnWglE+y9A0KA==", "integrity": "sha512-ut5FthK5moxFKH2T1CUOC6ctR67rQRvvHdFLCD2Ql6KXmMuCrjsSsRI9UsLCm9M18BMwClv4pn327UvB7eeO1w==",
"license": "MIT",
"dependencies": { "dependencies": {
"undici-types": "~5.26.4" "undici-types": "~7.8.0"
} }
}, },
"node_modules/@types/node-fetch": { "node_modules/@types/node-fetch": {
@@ -5976,9 +5977,10 @@
} }
}, },
"node_modules/undici-types": { "node_modules/undici-types": {
"version": "5.26.5", "version": "7.8.0",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.8.0.tgz",
"integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==" "integrity": "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw==",
"license": "MIT"
}, },
"node_modules/update-browserslist-db": { "node_modules/update-browserslist-db": {
"version": "1.0.13", "version": "1.0.13",

View File

@@ -1,6 +1,6 @@
{ {
"name": "setup-go", "name": "setup-go",
"version": "5.0.0", "version": "6.0.0",
"private": true, "private": true,
"description": "setup go action", "description": "setup go action",
"main": "lib/setup-go.js", "main": "lib/setup-go.js",
@@ -39,7 +39,7 @@
}, },
"devDependencies": { "devDependencies": {
"@types/jest": "^29.5.14", "@types/jest": "^29.5.14",
"@types/node": "^20.11.28", "@types/node": "^24.1.0",
"@types/semver": "^7.5.8", "@types/semver": "^7.5.8",
"@typescript-eslint/eslint-plugin": "^8.31.1", "@typescript-eslint/eslint-plugin": "^8.31.1",
"@typescript-eslint/parser": "^8.35.1", "@typescript-eslint/parser": "^8.35.1",