npm run format

The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]

.licenses/npm/@types/node.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@types/node"
-version: 20.11.28
+version: 24.1.0
 type: npm
 summary: TypeScript definitions for node
 homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node

.licenses/npm/form-data-2.5.5.dep.yml

@@ -4,7 +4,7 @@ version: 2.5.5
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: License

.licenses/npm/form-data-4.0.4.dep.yml

@@ -4,7 +4,7 @@ version: 4.0.4
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: License

.licenses/npm/function-bind.dep.yml

@@ -29,4 +29,3 @@ licenses:
     THE SOFTWARE.
 
 notices: []
-...

.licenses/npm/undici-types.dep.yml

@@ -1,15 +1,17 @@
 ---
 name: undici-types
-version: 5.26.5
+version: 7.8.0
 type: npm
 summary: A stand-alone types package for Undici
 homepage: https://undici.nodejs.org
 license: mit
 licenses:
-- sources: Auto-generated MIT license text
+- sources: LICENSE
   text: |
     MIT License
 
+    Copyright (c) Matteo Collina and Undici contributors
+
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
     in the Software without restriction, including without limitation the rights

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "setup-go",
-  "version": "5.0.0",
+  "version": "6.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "setup-go",
-      "version": "5.0.0",
+      "version": "6.0.0",
       "license": "MIT",
       "dependencies": {
         "@actions/cache": "^4.0.3",
@@ -20,7 +20,7 @@
       },
       "devDependencies": {
         "@types/jest": "^29.5.14",
-        "@types/node": "^20.11.28",
+        "@types/node": "^24.1.0",
         "@types/semver": "^7.5.8",
         "@typescript-eslint/eslint-plugin": "^8.31.1",
         "@typescript-eslint/parser": "^8.35.1",
@@ -1602,11 +1602,12 @@
       }
     },
     "node_modules/@types/node": {
-      "version": "20.11.28",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.28.tgz",
-      "integrity": "sha512-M/GPWVS2wLkSkNHVeLkrF2fD5Lx5UC4PxA0uZcKc6QqbIQUJyW1jVjueJYi1z8n0I5PxYrtpnPnWglE+y9A0KA==",
+      "version": "24.1.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.1.0.tgz",
+      "integrity": "sha512-ut5FthK5moxFKH2T1CUOC6ctR67rQRvvHdFLCD2Ql6KXmMuCrjsSsRI9UsLCm9M18BMwClv4pn327UvB7eeO1w==",
+      "license": "MIT",
       "dependencies": {
-        "undici-types": "~5.26.4"
+        "undici-types": "~7.8.0"
       }
     },
     "node_modules/@types/node-fetch": {
@@ -5976,9 +5977,10 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "5.26.5",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
-      "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA=="
+      "version": "7.8.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.8.0.tgz",
+      "integrity": "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw==",
+      "license": "MIT"
     },
     "node_modules/update-browserslist-db": {
       "version": "1.0.13",

package.json

@@ -1,10 +1,10 @@
 {
   "name": "setup-go",
-  "version": "5.0.0",
+  "version": "6.0.0",
   "private": true,
   "description": "setup go action",
   "main": "lib/setup-go.js",
-   "engines": {
+  "engines": {
     "node": ">=24.0.0"
   },
   "scripts": {
@@ -39,7 +39,7 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.14",
-    "@types/node": "^20.11.28",
+    "@types/node": "^24.1.0",
     "@types/semver": "^7.5.8",
     "@typescript-eslint/eslint-plugin": "^8.31.1",
     "@typescript-eslint/parser": "^8.35.1",