Bump actions/setup-go from 6.3.0 to 6.4.0 by dependabot[bot] · Pull Request #589 · some-natalie/kubernoodles

dependabot · 2026-03-30T16:48:04Z

Bumps actions/setup-go from 6.3.0 to 6.4.0.

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Add go-download-base-url input for custom Go distributions by @gdams in actions/setup-go#721

Dependency update

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-go#727

Documentation update

Rearrange README.md, add advanced-usage.md by @priyagupta108 in actions/setup-go#724

Fix Microsoft build of Go link by @gdams in actions/setup-go#734

New Contributors

@gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@4b73464...4a36011) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-30T16:49:28Z

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/fast-xml-parser/lib/fxp.cjs [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/index-fetch.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/http/websocket	supports web sockets	WebSocket
+LOW	net/http	Uses the HTTP protocol	http

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./types

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	Cookies cookies
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/http/websocket	supports web sockets	WebSocket
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/api-connect.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/api-stream.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	os/fd/write	writes to a file handle	res.write(chunk)

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./api-pipeline ./api-connect ./api-request ./api-upgrade ./api-stream

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/readable.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/pull/907 https://streams.spec.whatwg.org/ https://fetch.spec.whatwg.org/
+LOW	os/fd/read	reads from a file handle	stream.read()

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/util.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/connect.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.platform
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	host, protocol, port hostname, port
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+LOW	c2/tool_transfer/os	references a specific operating system	https:// Windows
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/http/2	Uses the HTTP/2 protocol	HTTP/2
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/node/issues/49344
+LOW	os/env/get	Retrieve environment variable values	env.UNDICI_NO_FG env.NODE_V

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/constants.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/cookies	access HTTP resources using cookies	Cookie HTTP
+MEDIUM	net/http/websocket	supports web sockets	WebSocket
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/http/accept_encoding	set HTTP response encoding format (example: gzip)	Accept-Encoding
+LOW	net/http/auth	makes HTTP requests with basic authentication	WWW-Authenticate
+LOW	net/http/proxy	use HTTP proxy that requires authentication	Proxy-Authorization
+LOW	net/http/request	makes HTTP requests	User-Agent Referer
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/docs/Web/HTTP/Headers

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/diagnostics.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/websocket	supports web sockets	WebSocket
+MEDIUM	net/ip/host_port	connects to an arbitrary host:port	host}${port
+MEDIUM	net/ip/icmp	Uses the ping tool to generate ICMP packets	ping received
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/errors.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/request.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	parseInt [i + 1]
+MEDIUM	fs/path/relative	references and possibly executes relative path	./diagnostics ./constants ./errors ./util
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/http	Uses the HTTP protocol	HTTP http

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/symbols.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	HTTP http

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/tree.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/util.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	( field-content / obs-fold ) ( SP / HTAB ) 38505/files 100-expect pull/38505 pull/46528 229-L241 parseInt pull/319 [i + 1] [n + 1] 21-7E
+MEDIUM	discover/system/platform	get system identification	process.versions
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants ./symbols ./errors ./tree
+MEDIUM	net/http/post	submits content to websites	HTTP POST http
+MEDIUM	net/ip/addr	mentions an 'IP address'	IP address
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname port
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/node-fetch/fetch-blob/blob/8ab587d34080de94140b54f0716 https://github.com/nodejs/node/blob/main/lib/_http_common.js https://developer.mozilla.org/en-US/docs/Web/API/URL/URL https://github.com/nodejs/node/pull/38505/files https://github.com/mcollina/undici/pull/319 https://github.com/nodejs/node/pull/46528 https://www.rfc-editor.org/rfc/rfc9110 https://tools.ietf.org/html/rfc7230
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/agent.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+MEDIUM	sus/intercept	References interception	interceptors

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/balanced-pool.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+MEDIUM	sus/intercept	References interception	interceptors

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/client-h1.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	issues/11495 issues/2046 issues/258 [len - 1] [len - 2] parseInt [n + 0] [n + 1]
+MEDIUM	exec/shell/pipe_sh	pipes to shell	[
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/http/post	submits content to websites	HTTP POST http
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/http/request	makes HTTP requests	HTTP/1.
+LOW	net/socket/send	send a message to a socket	socket send
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/emscripten-core/emscripten/issues/11495 https://github.com/mcollina/undici/issues/258 https://github.com/nodejs/undici/issues/2046 https://www.rfc-editor.org/rfc/rfc7230 https://tools.ietf.org/html/rfc7230 https://tools.ietf.org/html/rfc7231
+LOW	os/env/get	Retrieve environment variable values	env.JEST_WORKER_ID
+LOW	os/fd/read	reads from a file handle	socket.read()
+LOW	os/fd/write	writes to a file handle	socket.write(buffer) socket.write(chunk) writer.write(chunk) socket.write(body)

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/client-h2.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/http/cookies	access HTTP resources using cookies	Cookie HTTP
+MEDIUM	net/http/post	submits content to websites	HTTP POST http
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname}${port hostname, port
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/http/2	Uses the HTTP/2 protocol	HTTP/2
+LOW	net/socket/send	send a message to a socket	socket send
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues/2046 https://www.rfc-editor.org/rfc/rfc7230 https://tools.ietf.org/html/rfc7230 https://tools.ietf.org/html/rfc7231 https://tools.ietf.org/html/rfc7540
+LOW	os/fd/write	writes to a file handle	h2stream.write(buffer) h2stream.write(chunk) h2stream.write(body)

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/client.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/ip/addr	mentions an 'IP address'	IP address
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname port
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+MEDIUM	sus/exclamation	gets very excited	return !!
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	HTTP http

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/dispatcher-base.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/intercept	References interception	interceptors

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/dispatcher.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/intercept	References interception	interceptor1 interceptor2 interceptors

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/env-http-proxy-agent.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agentOpts
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	host: hostname, port
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/http/proxy	discover proxy address via environment	HTTPS_PROXY HTTP_PROXY
+LOW	net/url/parse	Handles URL strings	new URL
+LOW	os/env/get	Retrieve environment variable values	env.HTTPS_PROXY env.HTTP_PROXY env.NO_PROXY

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/pool-base.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/pool.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues/3895

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/proxy-agent.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/encoding/url	decodes URL components	decodeURIComponent
+MEDIUM	impact/remote_access/agent	references an 'agent'	agentFactory
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname port
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	credential/password	references a 'password'	password
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/http/proxy	use HTTP proxy that requires authentication	Proxy-Authorization
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/retry-agent.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/global.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./core
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/handler/redirect-handler.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://tools.ietf.org/html/rfc7231
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/interceptor/dns.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname port
+MEDIUM	sus/intercept	References interception	interceptorOpts
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/interceptor/response-error.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/llhttp/constants.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	fromCharCode (i + 0x20) RFC-2068 RFC-2326 RFC-5789 RFC-7540 80-FF
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	(String.fromCharCode(i + 0x2 (String.fromCharCode(i))
+MEDIUM	fs/path/relative	references and possibly executes relative path	./utils
+MEDIUM	net/http/post	submits content to websites	HTTP POST
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/llhttp/llhttp-wasm.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/embedded/base64_terms	Contains base64 CERTIFICATE	contains_base64::NFUlRJRklDQVRF
+LOW	data/encoding/base64	Supports base64 encoded strings	base64

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/llhttp/llhttp_simd-wasm.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/embedded/base64_terms	Contains base64 CERTIFICATE	contains_base64::DRVJUSUZJQ0FUR
+LOW	data/encoding/base64	Supports base64 encoded strings	base64

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-agent.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues/1447

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-client.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	sus/intercept	References interception	interceptor

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-interceptor.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/intercept	References interception	interceptor
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/blob/main/lib/web/fetch/index.js https://github.com/nodejs/undici/issues/1245
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-pool.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	sus/intercept	References interception	interceptor

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-symbols.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-utils.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/pending-interceptors-formatter.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	discover/system/platform	get system identification	process.versions
+LOW	os/fd/read	reads from a file handle	transform.read()

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cache/cache.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://w3c.github.io/ServiceWorker/
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cache/cachestorage.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	c2/discovery/ip_dns_resolver	contains Cloudflare DNS resolver IP	1.1.1.1
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://w3c.github.io/ServiceWorker/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cache/util.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/chromium/chromium/blob/694d20d134cb553d8d89e5500b91480 https://url.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/constants.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://wicg.github.io/cookie-store/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	Cookies cookies
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/denoland/deno_std/blob/63827b16330b82489a04614027c33b7

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/parse.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/util.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./index
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes- https://www.rfc-editor.org/rfc/rfc6265 https://www.rfc-editor.org/rfc/rfc7231

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/eventsource/eventsource-stream.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	issues/2630 parseInt U+0020 U+003
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues/2630

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/eventsource/eventsource.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agents
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://html.spec.whatwg.org/multipage/server-sent-events.html https://html.spec.whatwg.org/multipage/urls-and-fetching.html https://html.spec.whatwg.org/multipage/webappapis.html
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/eventsource/util.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues/2664

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/body.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/post	submits form content to websites	multipart/form-data; boundary=
+MEDIUM	net/url/encode	encodes URL, likely to pass GET variables	urlencode
+LOW	anti-behavior/random_behavior	uses a random number generator	randomInt
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/curl/curl/blob/3434c6b46e682452973972e8313613dfa58cd69 https://github.com/nodejs/node/blob/e46c680bf2b211bbd52cf959ca17ee98c7f65 https://github.com/form-data/form-data/issues/63 https://jimmy.warting.se/opensource https://fetch.spec.whatwg.org/ https://infra.spec.whatwg.org/
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/constants.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/post	submits content to websites	POST http
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://w3c.github.io/webappsec-referrer-policy/ https://github.com/nodejs/undici/issues/2021 https://fetch.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/data-url.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(mimeTypeLength + 1) (dataLength - 1) [^+/0-9A-Za-z] fromCharCode (byte - 48) 64-decode [i + 1] [i + 2] U+0020 U+0022 U+003 U+005 [j++]
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode.apply(n
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://mimesniff.spec.whatwg.org/ https://fetch.spec.whatwg.org/ https://infra.spec.whatwg.org/ https://url.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/dispatcher-weakref.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/node/issues/49344
+LOW	os/env/get	Retrieve environment variable values	env.NODE_V

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/file.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./symbols ./webidl ./util
+MEDIUM	impact/remote_access/agent	references an 'agent'	agents
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues/1629

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/formdata-parser.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/hex	many references to hexadecimal values	0x09 0x0A 0x0D 0x0a 0x0d 0x20 0x22 0x27 0x2D 0x2a 0x2d 0x30 0x39 0x3A 0x3a 0x3d 0x41 0x5A 0x5F 0x5a 0x5f 0x61 0x7A 0x7F 0x7a
+MEDIUM	fs/file/copy	copy files using cp	cp
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://andreubotella.github.io/multipart-form-data/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/formdata.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://html.spec.whatwg.org/multipage/form-control-infrastructure.html https://xhr.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/global.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/headers.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	cookies
+MEDIUM	net/http/cookies	access HTTP resources using cookies	Cookie HTTP
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/Ethan-Arrowood/undici-fetch https://github.com/nodejs/undici/pull/3159 https://fetch.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	cookies
+MEDIUM	impact/exploit/cve	Mentions a recent CVE	CVE-2022-32206
+MEDIUM	net/download/fetch	Invokes curl	curl
+MEDIUM	net/http/cookies	access HTTP resources using cookies	Cookie HTTP
+MEDIUM	net/http/post	submits content to websites	Content-Type HTTP POST http
+MEDIUM	net/http/websocket	supports web sockets	WebSocket
+MEDIUM	net/socket/listen	listen on a socket	accept socket
+LOW	credential/password	references a 'password'	password
+LOW	data/compression/gzip	works with gzip files	gzip
+LOW	data/compression/zlib	uses zlib	zlib
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/http/2	Uses the HTTP/2 protocol	HTTP/2
+LOW	net/http/accept_encoding	set HTTP response encoding format (example: gzip)	Accept-Encoding
+LOW	net/http/request	makes HTTP requests	httpRequest User-Agent HTTP/1. Referer
+LOW	net/socket/send	send a message to a socket	socket send
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encodin https://github.com/web-platform-tests/wpt/blob/7b0ebaccc62b566a1965396e5b https://github.com/Ethan-Arrowood/undici-fetch https://github.com/nodejs/undici/issues/1193. https://github.com/nodejs/undici/issues/1776 https://github.com/nodejs/undici/issues/2009 https://github.com/whatwg/fetch/issues/1285 https://github.com/whatwg/fetch/issues/1288 https://github.com/whatwg/fetch/issues/1293 https://www.rfc-editor.org/rfc/rfc9112.html https://github.com/nodejs/undici/pull/3093 https://w3c.github.io/resource-timing/ https://www.rfc-editor.org/rfc/rfc7231 https://fetch.spec.whatwg.org/
+LOW	net/url/parse	Handles URL strings	urllib

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/request.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	cookies
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/http/post	submits content to websites	Content-Type to the result of extracting Content-Type be null. Content-Type is non HTTP POST http
+MEDIUM	sus/exclamation	gets very excited	return !!
+LOW	credential/password	references a 'password'	password
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/http/request	makes HTTP requests	Referer
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_ https://w3c.github.io/webappsec-referrer-policy/ https://github.com/nodejs/undici/issues/1926. https://github.com/nodejs/node/issues/47748 https://github.com/nodejs/node/issues/49344 https://github.com/nodejs/undici/pull/1910 https://streams.spec.whatwg.org/ https://fetch.spec.whatwg.org/ https://dom.spec.whatwg.org/
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/response.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	return !!
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_ https://datatracker.ietf.org/doc/html/rfc7230 https://whatpr.org/fetch/1392.html https://fetch.spec.whatwg.org/
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/util.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	crypto/openssl	Uses OpenSSL	OpenSSL
+MEDIUM	exec/program	executes external program	exec(token) require
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname && A.port hosts, and port
+LOW	credential/password	references a 'password'	password
+LOW	data/compression/zlib	uses zlib	zlib
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/http/request	makes HTTP requests	httpRequest
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy https://github.com/chromium/chromium/blob/94.0.4604.1/third_party/blink/r https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfd https://w3c.github.io/webappsec-upgrade-insecure-requests/ https://w3c.github.io/webappsec-subresource-integrity/ https://html.spec.whatwg.org/multipage/origin.html https://w3c.github.io/webappsec-referrer-policy/ https://w3c.github.io/webappsec-fetch-metadata/ https://www.rfc-editor.org/rfc/rfc1738 https://www.rfc-editor.org/rfc/rfc5234 https://tools.ietf.org/html/rfc2616 https://tools.ietf.org/html/rfc7230 https://nodejs.org/api/crypto.html https://encoding.spec.whatwg.org/ https://streams.spec.whatwg.org/ https://webidl.spec.whatwg.org/ https://fetch.spec.whatwg.org/ https://infra.spec.whatwg.org/ https://w3c.github.io/hr-time/ https://www.w3.org/TR/CSP2/ https://tc39.es/ecma262/
+LOW	net/url/parse	Handles URL strings	new URL
+LOW	os/fd/read	reads from a file handle	reader.read()

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/webidl.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://webidl.spec.whatwg.org/ https://tc39.es/ecma262/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fileapi/encoding.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	c2/tool_transfer/os	references a specific operating system	https:// windows
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://encoding.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fileapi/filereader.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://w3c.github.io/FileAPI/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fileapi/progressevent.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://xhr.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fileapi/util.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://datatracker.ietf.org/doc/html/rfc2397 https://encoding.spec.whatwg.org/ https://w3c.github.io/FileAPI/ https://dom.spec.whatwg.org/
+LOW	os/fd/read	reads from a file handle	reader.read()
+LOW	os/fd/write	writes to a file handle	decoder.write(chunk)

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/connection.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/websocket	supports web sockets	establishWebSocketConnection closeWebSocketConnection WebSocketChannel WebSocketInit
+LOW	anti-behavior/random_behavior	uses a random number generator	randomBytes randomly
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/mozilla/gecko-dev/blob/ce78234f5e653a5d3916813ff990f05 https://github.com/nodejs/undici/blob/68c269c4144c446f3f1220951338daef4a6 https://datatracker.ietf.org/doc/html/rfc6455 https://websockets.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/constants.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/websocket	supports web sockets	258EAFA5-E914-47DA-95CA-C5AB0DC85B11
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://www.rfc-editor.org/rfc/rfc6455.html

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/events.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://html.spec.whatwg.org/multipage/webappapis.html https://html.spec.whatwg.org/multipage/comms.html https://websockets.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/frame.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./constants
+LOW	anti-behavior/random_behavior	uses a random number generator	randomFillSync

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/permessage-deflate.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./util
+LOW	data/compression/zlib	uses zlib	zlib
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	os/fd/write	writes to a file handle	inflate.write(chunk) inflate.write(tail)

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/receiver.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	c2/connect/ping_pong	sends PING/PONG packets, possibly to a C2	socket PING PONG
+MEDIUM	impact/remote_access/heartbeat	references a 'heartbeat'	unidirectional heartbeat
+MEDIUM	net/http/websocket	supports web sockets	closeWebSocketConnection
+LOW	net/socket/send	send a message to a socket	socket send
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/ https://source.chromium.org/chromium/chromium/src/ https://datatracker.ietf.org/doc/html/rfc6455

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/symbols.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/websocket	supports web sockets	kWebSocketURL:

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/util.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	c2/addr/url	contains hardcoded endpoint with a question mark	https://bugs.chromium.org/p/chromium/issues/detail?id=398407 require import
+MEDIUM	c2/connect/ping_pong	sends PING/PONG packets, possibly to a C2	socket PING PONG
+MEDIUM	discover/system/platform	get system identification	process.versions
+MEDIUM	net/http/websocket	supports web sockets	kWebSocketURL
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://bugs.chromium.org/p/chromium/issues/detail?id=398407 https://datatracker.ietf.org/doc/html/rfc2616 https://datatracker.ietf.org/doc/html/rfc6455 https://www.rfc-editor.org/rfc/rfc7692 https://websockets.spec.whatwg.org/ https://nodejs.org/api/intl.html https://dom.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/websocket/websocket.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/http/websocket	supports web sockets	establishWebSocketConnection closeWebSocketConnection WebSocketSendData WebSocketInit kWebSocketURL
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/socket/send	send a message to a socket	socket send
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/whatwg/websockets/issues/42 https://datatracker.ietf.org/doc/html/rfc6455 https://websockets.spec.whatwg.org/
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	cookies
+MEDIUM	fs/path/relative	references and possibly executes relative path	./coverage ./scripts ./types
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/http/request	makes HTTP requests	HTTP/1.
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues https://github.com/nodejs/undici.git https://github.com/ethan-arrowood https://github.com/KhafraDev https://github.com/szmarczak https://github.com/delvedor https://github.com/mcollina https://undici.nodejs.org https://github.com/dnlup https://github.com/ronag

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/scripts/strip-comments.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./undici-fetch
+LOW	fs/file/write	writes to file	writeFileSync

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/agent.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./pool
+MEDIUM	sus/intercept	References interception	interceptors

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/api.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/balanced-pool.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./pool

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/cache.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./fetch

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/client.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./connector
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/http/request	makes HTTP requests	HTTP/1.
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://tools.ietf.org/html/rfc7230

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/connector.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname port

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/content-type.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://mimesniff.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/cookies.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	Cookies
+MEDIUM	fs/path/relative	references and possibly executes relative path	./fetch

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/diagnostics-channel.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./connector
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname port

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/dispatcher.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./formdata ./readable ./errors ./header
+MEDIUM	net/http/post	submits content to websites	HTTP POST http
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://fetch.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/env-http-proxy-agent.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./agent
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+LOW	net/http	Uses the HTTP protocol	HTTP
+LOW	net/http/proxy	discover proxy address via environment	HTTPS_PROXY HTTP_PROXY

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/errors.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./client ./header
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/eventsource.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./websocket ./patch

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/fetch.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./formdata
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/Ethan-Arrowood/undici-fetch/blob/249269714db874351589d https://github.com/node-fetch/node-fetch/blob/914ce6be5ec67a8bab63d68510a https://www.npmjs.com/package/@fastify/busboy

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/file.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_ https://github.com/octet-stream/form-data/blob/2d0f0dc371517444ce1f22cdde https://developer.mozilla.org/en-US/docs/Web/API/ArrayBufferView https://developer.mozilla.org/en-US/docs/Web/API/Blob https://developer.mozilla.org/en-US/docs/Web/API/File

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/filereader.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./patch

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/formdata.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./fetch ./file
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iterati https://github.com/octet-stream/form-data/blob/2d0f0dc371517444ce1f22cdde https://developer.mozilla.org/en-US/docs/Web/API/FormDataEntryValue https://developer.mozilla.org/en-US/docs/Web/API/Blob https://developer.mozilla.org/en-US/docs/Web/API/File

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/global-dispatcher.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/handlers.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exfil/stealer/browser	may access cookies	cookies
+MEDIUM	fs/path/relative	references and possibly executes relative path	./mock-interceptor ./balanced-pool ./global-origin ./retry-handler ./content-type ./interceptors ./eventsource ./mock-client ./mock-errors ./proxy-agent ./retry-agent ./dispatcher ./filereader ./mock-agent ./connector ./mock-pool ./websocket ./formdata ./handlers ./cookies ./client ./errors ./agent ./cache ./fetch ./pool ./util ./api
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+MEDIUM	sus/intercept	References interception	interceptors
+LOW	net/http	Uses the HTTP protocol	http

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/interceptors.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./retry-handler ./dispatcher
+MEDIUM	sus/intercept	References interception	interceptor

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/mock-agent.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./mock-interceptor ./dispatcher ./agent
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	sus/intercept	References interception	intercepted interceptor
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/mock-client.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./mock-interceptor ./dispatcher ./mock-agent ./client
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	sus/intercept	References interception	interceptor

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/mock-errors.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./errors

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/mock-interceptor.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./header ./fetch
+MEDIUM	sus/intercept	References interception	interceptor

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/mock-pool.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./mock-interceptor ./dispatcher ./mock-agent ./pool
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	sus/intercept	References interception	interceptor

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/patch.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/nodejs/undici/issues/1740

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/pool-stats.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./pool

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/pool.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./pool-stats ./client
+MEDIUM	sus/intercept	References interception	interceptors

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/proxy-agent.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./connector ./header ./agent
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/readable.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://fetch.spec.whatwg.org/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/retry-agent.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./retry-handler ./dispatcher

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/retry-handler.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/webidl.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://webidl.spec.whatwg.org/ https://tc39.es/ecma262/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/types/websocket.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./fetch ./patch
+MEDIUM	net/http/websocket	supports web sockets	WebSocketEventMap WebSocketInit WebSocket:

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/fast-xml-builder/lib/builder.min.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib ./src

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/fast-xml-builder/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./lib ./src
+LOW	exec/plugin	references a 'plugin'	plugin
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/NaturalIntelligence/fast-xml-builder.git https://github.com/sponsors/NaturalIntelligence https://solothought.com

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code minor Minor semver labels Mar 30, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/setup-go from 6.3.0 to 6.4.0#589

Bump actions/setup-go from 6.3.0 to 6.4.0#589
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions/setup-go-6.4.0

dependabot bot commented on behalf of github Mar 30, 2026

Uh oh!

github-actions bot commented Mar 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 30, 2026

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

Uh oh!

github-actions bot commented Mar 30, 2026

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/fast-xml-parser/lib/fxp.cjs [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/index-fetch.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/index.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/api-connect.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/api-stream.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/readable.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/api/util.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/connect.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/constants.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/diagnostics.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/errors.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/request.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/symbols.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/tree.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/core/util.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/agent.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/balanced-pool.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/client-h1.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/client-h2.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/client.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/dispatcher-base.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/dispatcher.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/env-http-proxy-agent.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/pool-base.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/pool.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/proxy-agent.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/dispatcher/retry-agent.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/global.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/handler/redirect-handler.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/interceptor/dns.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/interceptor/response-error.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/llhttp/constants.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/llhttp/llhttp-wasm.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/llhttp/llhttp_simd-wasm.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-agent.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-client.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-interceptor.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-pool.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-symbols.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/mock-utils.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/mock/pending-interceptors-formatter.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cache/cache.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cache/cachestorage.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cache/util.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/constants.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/parse.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/cookies/util.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/eventsource/eventsource-stream.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/eventsource/eventsource.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/eventsource/util.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/body.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/constants.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/data-url.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/dispatcher-weakref.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/file.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/formdata-parser.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/formdata.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/global.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/headers.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/request.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/response.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/util.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fetch/webidl.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fileapi/encoding.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fileapi/filereader.js [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@actions/cache/node_modules/undici/lib/web/fileapi/progressevent.js [🔵 LOW]