Skip to content

Commit 6682284

Browse files
Link-Link-
authored
Merge pull request #1738 from actions/prepare-v5.0.4
Update dependencies & patch security vulnerabilities
2 parents 5656298 + e340396 commit 6682284

12 files changed

Lines changed: 1161 additions & 475 deletions

File tree

‎.licenses/npm/fast-xml-builder.dep.yml‎

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎.licenses/npm/fast-xml-parser.dep.yml‎

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎.licenses/npm/minimatch.dep.yml‎

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎.licenses/npm/path-expression-matcher.dep.yml‎

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎.licenses/npm/undici.dep.yml‎

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎RELEASES.md‎

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,12 @@
2525

2626
## Changelog
2727

28+
### 5.0.4
29+
30+
- Bump `minimatch` to v3.1.5 (fixes ReDoS via globstar patterns)
31+
- Bump `undici` to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
32+
- Bump `fast-xml-parser` to v5.5.6
33+
2834
### 5.0.3
2935

3036
- Bump `@actions/cache` to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)

0 commit comments

Comments
 (0)