github
/
setup-go
mirror of https://github.com/actions/setup-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
346 Commits 23 Branches 48 Tags 126 MiB
Commit Graph

28 Commits

Author SHA1 Message Date
Matthew Hughes e75c3e80bc
Bump `form-data` to bring in fix for critical vulnerability (#618) 
The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
 2025-08-13 12:02:46 -05:00
dependabot[bot] 7c0b336c9a
Bump typescript from 5.4.2 to 5.8.3 (#538) 
* Bump typescript from 5.4.2 to 5.7.3

Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.4.2 to 5.7.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.4.2...v5.7.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix low security alert

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-07-10 19:26:25 -05:00
dependabot[bot] 6f26dcc668
Bump undici from 5.28.5 to 5.29.0 (#594) 
* Bump undici from 5.28.5 to 5.29.0

Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix CI failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-07-08 10:07:25 -05:00
aparnajyothi-y 691cc3533f
upgrade actions/cache to 4.0.3 (#574) 2025-04-01 10:24:42 -05:00
dependabot[bot] 0aaccfd150
Bump undici from 5.28.4 to 5.28.5 (#541) 
* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-03-18 10:29:43 -05:00
aparnajyothi-y c4c1141886
upgrade actions/cache to 4.0.2 (#568) 2025-03-11 10:19:54 -05:00
Bassem Dghaidi f81f022188
Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (#531) 
* Use new cache service

* Add licensed output

* Review licenses & update types
 2025-01-15 14:06:31 -06:00
John Wesley Walker III 941977282c
Revise `isGhes` logic (#511) 
* Revise `isGhes` logic

* ran `npm run format`

* added unit test

* tweaked unit test

* ran `npm run format`
 2024-10-21 11:56:08 -05:00
dependabot[bot] 0a12ed9d6a
Bump braces from 3.0.2 to 3.0.3 (#487) 
* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.3 to 5.28.4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-06-27 13:16:26 -05:00
dependabot[bot] be1aa1186e
Bump undici from 5.28.2 to 5.28.3 (#465) 
* Bump undici from 5.28.2 to 5.28.3

Bumps [undici](https://github.com/nodejs/undici) from 5.28.2 to 5.28.3.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fixed check failures and update dependencies

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-03-21 15:04:22 -05:00
Dmitry Shibanov 0c52d547c9
Update dependencies for node20 (#445) 2023-12-05 17:50:42 +01:00
Dusan Trickovic 0bb97b1c5c Rebuild after updating Semver 2023-07-18 16:39:08 +02:00
Nikolai Laevskii fac708d667
Bump @actions/cache dependency to v3.2.1 (#374) 2023-05-08 11:42:39 +02:00
Dmitry Shibanov dd84a9531a
Update xml2js (#370) 2023-04-20 14:28:58 +02:00
Sergey Dolin c51a720768
Enable caching by default with default input (#332) 2023-03-10 16:25:35 +01:00
Ivan 7406d654ad
Add and configure ESLint and update configuration for Prettier (#341) 
* Turn on ESLint and update Prettier

* Update eslint config

* Update eslint config

* Update dependencies

* Update ESLint and Prettier configurations

* update package.json

* Update prettier command

* Update prettier config file

* Change CRLF to LF

* Update docs

* Update docs
 2023-03-08 10:45:16 +02:00
Evgenii Korolevskii 17106403fa
Allow to use only GOCACHE for cache (#305) 2022-12-19 11:22:17 +01:00
Jongwoo Han bb5ff97ab9
refactor: Use early return pattern to avoid nested conditions (#302) 2022-12-16 15:05:54 +01:00
Milos Pantic 38dbe75f81
Add stable and oldstable aliases (#300) 2022-12-12 10:58:49 +01:00
Francesco Renzi 514ae57904 Update @actions/core to 1.10.0 2022-10-06 12:08:35 +01:00
Evgenii Korolevskii c4e169859f prettier format 2022-09-08 15:11:06 +02:00
Evgenii Korolevskii db58e98a43 format 2022-09-08 14:53:17 +02:00
Evgenii Korolevskii 2905db4069 update build 2022-09-08 13:26:20 +02:00
Evgenii Korolevskii be45b2722d build 2022-09-08 12:29:13 +02:00
Vladimir Safonkin dd64cc9b01 Build dist 2022-07-01 09:28:20 +02:00
Vladimir Safonkin ed8da5df39 Build js 2022-06-28 14:18:12 +02:00
Vladimir Safonkin 6036aa2424 Add cache error handling 2022-06-14 10:57:37 +02:00
IvanZosimov b22fbbc292
Implementation of caching functionality for setup-go action (#228) 2022-05-25 12:07:29 +02:00