Skip to content

Commit e75c3e8

Browse files
matthewhughes934matthewhughes934
authored
Bump form-data to bring in fix for critical vulnerability (#618)
The vulnerability: $ npm audit --audit-level=high # npm audit report form-data >=4.0.0 <4.0.4 || <2.5.4 Severity: critical form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4 fix available via `npm audit fix` node_modules/@azure/core-http/node_modules/form-data node_modules/@types/node-fetch/node_modules/form-data node_modules/form-data 1 critical severity vulnerability To address all issues, run: npm audit fix This change is the result of from running `npm audit fix` and then using[1] to update licenses via `licensed cache`. It doesn't look like `dependabot` previously raised any PRs for this dependency, so this bumps it from `4.0.0` to `4.0.4`, see the changelog[2] for details. Link: https://github.com/licensee/licensed [1] Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
1 parent 8e57b58 commit e75c3e8

20 files changed

+3104
-361
lines changed

.licenses/npm/call-bind-apply-helpers.dep.yml

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/dunder-proto.dep.yml

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/es-define-property.dep.yml

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/es-errors.dep.yml

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/es-object-atoms.dep.yml

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/es-set-tostringtag.dep.yml

Lines changed: 32 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/form-data-2.5.1.dep.yml renamed to .licenses/npm/form-data-2.5.5.dep.yml

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/form-data-4.0.0.dep.yml renamed to .licenses/npm/form-data-4.0.4.dep.yml

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/function-bind.dep.yml

Lines changed: 31 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.licenses/npm/get-intrinsic.dep.yml

Lines changed: 33 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)