mirror of
https://github.com/actions/setup-go.git
synced 2026-02-25 18:04:57 +00:00
2 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Salman Chishti
|
ae252ee6fb
|
Bump @actions/cache to v5 (#695)
Some checks failed
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, macos-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, macos-latest-large) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, ubuntu-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.22.8, windows-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, macos-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, macos-latest-large) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, ubuntu-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-manifest (1.23.2, windows-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-dist (1.11.12, macos-latest-large) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-dist (1.11.12, ubuntu-latest) (push) Has been cancelled
Validate 'setup-go' / setup-versions-from-dist (1.11.12, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.20.14, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.21, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.22, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (arm64, 1.23, macos-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.20.14, macos-latest-large) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.20.14, ubuntu-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.20.14, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.21, macos-latest-large) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.21, ubuntu-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.21, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.22, macos-latest-large) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.22, ubuntu-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.22, windows-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.23, macos-latest-large) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.23, ubuntu-latest) (push) Has been cancelled
Validate 'setup-go' / architecture (x64, 1.23, windows-latest) (push) Has been cancelled
Validate Windows installation / Validate if symlink is created (push) Has been cancelled
Validate Windows installation / Validate if symlink is not created for default go (push) Has been cancelled
Validate Windows installation / Validate if hostedtoolcache works as expected (push) Has been cancelled
* Bump @actions/cache to version 5.0.0 in package.json and package-lock.json * Bump @actions/cache to v5 * prepease release 6.0.1 * Bump @actions/cache to v5.0.1 - Resolves punycode deprecation warning - Updates licensed cache metadata * upgrade actions/cache to 5.0.1 --------- Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> |
||
|
Matthew Hughes
|
e75c3e80bc
|
Bump form-data to bring in fix for critical vulnerability (#618)
The vulnerability:
$ npm audit --audit-level=high
# npm audit report
form-data >=4.0.0 <4.0.4 || <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix`
node_modules/@azure/core-http/node_modules/form-data
node_modules/@types/node-fetch/node_modules/form-data
node_modules/form-data
1 critical severity vulnerability
To address all issues, run:
npm audit fix
This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.
It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.
Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
|