mirror of
				https://github.com/actions/setup-go.git
				synced 2025-10-26 03:50:32 +00:00 
			
		
		
		
	Bump form-data to bring in fix for critical vulnerability (#618)
				
					
				
			The vulnerability:
    $ npm audit --audit-level=high
    # npm audit report
    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data
    1 critical severity vulnerability
    To address all issues, run:
      npm audit fix
This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.
It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.
Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
			
			
This commit is contained in:
		
							
								
								
									
										33
									
								
								.licenses/npm/form-data-2.5.5.dep.yml
									
									
									
										generated
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								.licenses/npm/form-data-2.5.5.dep.yml
									
									
									
										generated
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,33 @@ | ||||
| --- | ||||
| name: form-data | ||||
| version: 2.5.5 | ||||
| type: npm | ||||
| summary: A library to create readable "multipart/form-data" streams. Can be used to | ||||
|   submit forms and file uploads to other web applications. | ||||
| homepage:  | ||||
| license: mit | ||||
| licenses: | ||||
| - sources: License | ||||
|   text: | | ||||
|     Copyright (c) 2012 Felix Geisendörfer (felix@debuggable.com) and contributors | ||||
| 
 | ||||
|      Permission is hereby granted, free of charge, to any person obtaining a copy | ||||
|      of this software and associated documentation files (the "Software"), to deal | ||||
|      in the Software without restriction, including without limitation the rights | ||||
|      to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||
|      copies of the Software, and to permit persons to whom the Software is | ||||
|      furnished to do so, subject to the following conditions: | ||||
| 
 | ||||
|      The above copyright notice and this permission notice shall be included in | ||||
|      all copies or substantial portions of the Software. | ||||
| 
 | ||||
|      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
|      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
|      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||
|      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
|      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||
|      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||||
|      THE SOFTWARE. | ||||
| - sources: README.md | ||||
|   text: Form-Data is released under the [MIT](License) license. | ||||
| notices: [] | ||||
		Reference in New Issue
	
	Block a user
	 Matthew Hughes
					Matthew Hughes