mirror of
				https://github.com/actions/setup-go.git
				synced 2025-10-26 12:00:31 +00:00 
			
		
		
		
	Bump form-data to bring in fix for critical vulnerability (#618)
				
					
				
			The vulnerability:
    $ npm audit --audit-level=high
    # npm audit report
    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data
    1 critical severity vulnerability
    To address all issues, run:
      npm audit fix
This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.
It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.
Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
			
			
This commit is contained in:
		
							
								
								
									
										31
									
								
								.licenses/npm/function-bind.dep.yml
									
									
									
										generated
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								.licenses/npm/function-bind.dep.yml
									
									
									
										generated
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,31 @@ | ||||
| --- | ||||
| name: function-bind | ||||
| version: 1.1.2 | ||||
| type: npm | ||||
| summary: Implementation of Function.prototype.bind | ||||
| homepage: https://github.com/Raynos/function-bind | ||||
| license: mit | ||||
| licenses: | ||||
| - sources: LICENSE | ||||
|   text: |+ | ||||
|     Copyright (c) 2013 Raynos. | ||||
| 
 | ||||
|     Permission is hereby granted, free of charge, to any person obtaining a copy | ||||
|     of this software and associated documentation files (the "Software"), to deal | ||||
|     in the Software without restriction, including without limitation the rights | ||||
|     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||
|     copies of the Software, and to permit persons to whom the Software is | ||||
|     furnished to do so, subject to the following conditions: | ||||
| 
 | ||||
|     The above copyright notice and this permission notice shall be included in | ||||
|     all copies or substantial portions of the Software. | ||||
| 
 | ||||
|     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
|     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
|     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||
|     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
|     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||
|     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||||
|     THE SOFTWARE. | ||||
| 
 | ||||
| notices: [] | ||||
		Reference in New Issue
	
	Block a user
	 Matthew Hughes
					Matthew Hughes