github
/
setup-go
mirror of https://github.com/actions/setup-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
342 Commits 18 Branches 46 Tags 101 MiB
Commit Graph

30 Commits

Author SHA1 Message Date
Matthew Hughes be381b31f7 Bump `form-data` to bring in fix for critical vulnerability 
The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
 2025-07-30 20:42:02 +01:00
dependabot[bot] 7c0b336c9a
Bump typescript from 5.4.2 to 5.8.3 (#538) 
* Bump typescript from 5.4.2 to 5.7.3

Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.4.2 to 5.7.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.4.2...v5.7.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix low security alert

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-07-10 19:26:25 -05:00
dependabot[bot] 6f26dcc668
Bump undici from 5.28.5 to 5.29.0 (#594) 
* Bump undici from 5.28.5 to 5.29.0

Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix CI failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-07-08 10:07:25 -05:00
dependabot[bot] fa96338abe
Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#591) 
* Bump @actions/tool-cache from 2.0.1 to 2.0.2

Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache)

---
updated-dependencies:
- dependency-name: "@actions/tool-cache"
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-06-18 17:01:53 -05:00
dependabot[bot] bb65d8857b
Bump ts-jest from 29.1.2 to 29.3.2 (#582) 
* Bump ts-jest from 29.1.2 to 29.3.2

Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.1.2 to 29.3.2.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.2...v29.3.2)

---
updated-dependencies:
- dependency-name: ts-jest
  dependency-version: 29.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-04-30 10:37:00 -05:00
dependabot[bot] 7f17e836c0
Bump @actions/glob from 0.4.0 to 0.5.0 (#573) 
* Bump @actions/glob from 0.4.0 to 0.5.0

Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob)

---
updated-dependencies:
- dependency-name: "@actions/glob"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-04-29 12:31:28 -05:00
aparnajyothi-y 691cc3533f
upgrade actions/cache to 4.0.3 (#574) 2025-04-01 10:24:42 -05:00
dependabot[bot] 0aaccfd150
Bump undici from 5.28.4 to 5.28.5 (#541) 
* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-03-18 10:29:43 -05:00
aparnajyothi-y c4c1141886
upgrade actions/cache to 4.0.2 (#568) 2025-03-11 10:19:54 -05:00
dependabot[bot] 1d82324e53
Bump semver from 7.6.0 to 7.6.3 (#535) 
* Bump semver from 7.6.0 to 7.6.3

Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.6.0...v7.6.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist and license failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-01-21 15:45:59 -06:00
Bassem Dghaidi f81f022188
Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (#531) 
* Use new cache service

* Add licensed output

* Review licenses & update types
 2025-01-15 14:06:31 -06:00
dependabot[bot] 0a12ed9d6a
Bump braces from 3.0.2 to 3.0.3 (#487) 
* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.3 to 5.28.4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-06-27 13:16:26 -05:00
dependabot[bot] be1aa1186e
Bump undici from 5.28.2 to 5.28.3 (#465) 
* Bump undici from 5.28.2 to 5.28.3

Bumps [undici](https://github.com/nodejs/undici) from 5.28.2 to 5.28.3.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fixed check failures and update dependencies

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-03-21 15:04:22 -05:00
Dmitry Shibanov 0c52d547c9
Update dependencies for node20 (#445) 2023-12-05 17:50:42 +01:00
Dusan Trickovic b1c343484c Fix licensing for Semver 6.3.1 2023-07-18 16:46:59 +02:00
dependabot[bot] db8764c1e2
Bump tough-cookie and @azure/ms-rest-js (#392) 2023-07-17 11:40:59 +02:00
Nikolai Laevskii fac708d667
Bump @actions/cache dependency to v3.2.1 (#374) 2023-05-08 11:42:39 +02:00
Dmitry Shibanov dd84a9531a
Update xml2js (#370) 2023-04-20 14:28:58 +02:00
Francesco Renzi 514ae57904 Update @actions/core to 1.10.0 2022-10-06 12:08:35 +01:00
Vladimir Safonkin 75be648571 Fix license 2022-06-28 14:58:31 +02:00
Vladimir Safonkin bb9cf42688 Fix license 2022-06-28 14:46:16 +02:00
Vladimir Safonkin 97919d33f5 Fix license 2022-06-28 14:41:15 +02:00
Vladimir Safonkin df0583a96c Fix license 2022-06-28 14:38:18 +02:00
Vladimir Safonkin 5ea2b37572 Fix license 2022-06-28 14:33:43 +02:00
Vladimir Safonkin e52a7c55ca Update license 2022-06-28 14:26:59 +02:00
IvanZosimov b22fbbc292
Implementation of caching functionality for setup-go action (#228) 2022-05-25 12:07:29 +02:00
Dmitry Shibanov bfdd3570ce
Implement "check-latest" flag to check if pre-cached version is latest one (#186) 2022-02-09 14:59:04 +03:00
Thomas Boop 37335c7bb2
Swap to Environment Files (#76) 
* Swap to env files
 2020-10-01 10:45:00 -04:00
Thomas Boop 4047b11da0 Manually review dependencies 2020-08-11 20:55:26 -04:00
Thomas Boop 23a9878ae4 Add Licensed workflow and configuration files 2020-08-11 20:55:11 -04:00