mirror of
				https://github.com/actions/setup-go.git
				synced 2025-10-26 03:50:32 +00:00 
			
		
		
		
	 e75c3e80bc
			
		
	
	e75c3e80bc
	
	
	
		
			
			The vulnerability:
    $ npm audit --audit-level=high
    # npm audit report
    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data
    1 critical severity vulnerability
    To address all issues, run:
      npm audit fix
This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.
It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.
Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
		
	
		
			
				
	
	
		
			35 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
		
			Generated
		
	
	
			
		
		
	
	
			35 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
		
			Generated
		
	
	
| ---
 | |
| name: safe-buffer
 | |
| version: 5.2.1
 | |
| type: npm
 | |
| summary: Safer Node.js Buffer API
 | |
| homepage: https://github.com/feross/safe-buffer
 | |
| license: mit
 | |
| licenses:
 | |
| - sources: LICENSE
 | |
|   text: |
 | |
|     The MIT License (MIT)
 | |
| 
 | |
|     Copyright (c) Feross Aboukhadijeh
 | |
| 
 | |
|     Permission is hereby granted, free of charge, to any person obtaining a copy
 | |
|     of this software and associated documentation files (the "Software"), to deal
 | |
|     in the Software without restriction, including without limitation the rights
 | |
|     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 | |
|     copies of the Software, and to permit persons to whom the Software is
 | |
|     furnished to do so, subject to the following conditions:
 | |
| 
 | |
|     The above copyright notice and this permission notice shall be included in
 | |
|     all copies or substantial portions of the Software.
 | |
| 
 | |
|     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 | |
|     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 | |
|     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 | |
|     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 | |
|     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 | |
|     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 | |
|     THE SOFTWARE.
 | |
| - sources: README.md
 | |
|   text: MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
 | |
| notices: []
 |