github
/
setup-go
mirror of https://github.com/actions/setup-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
setup-go/dist
History
Matthew Hughes be381b31f7 Bump `form-data` to bring in fix for critical vulnerability 
The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
 		2025-07-30 20:42:02 +01:00
..
cache-save Bump `form-data` to bring in fix for critical vulnerability 2025-07-30 20:42:02 +01:00
setup Bump `form-data` to bring in fix for critical vulnerability 2025-07-30 20:42:02 +01:00