Skip to content

Update dependencies to get rid of form-data vulnerability #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marcdumais-work merged 1 commit into from
Aug 22, 2025
Merged

Update dependencies to get rid of form-data vulnerability #139

marcdumais-work merged 1 commit into from
Aug 22, 2025

Conversation

@marcdumais-work
Copy link
Contributor

@marcdumais-work marcdumais-work commented Aug 21, 2025

What it does

Minimal update to get rid of this critical severity vulnerability.

see:

https://github.com/dependency-insights/npm/form-data/4.0.0/security?query=org%3Aeclipse-cdt-cloud

How to test

Confirm that CI passes. Optionally perform a "yarn why form-data" and confirm that the version pulled is not vulnerable. The version expected with this PR is:
[email protected]

Follow-ups

N/A

Review checklist

  • As an author, I have thoroughly tested my changes and carefully followed the instructions in this template

@marcdumais-work marcdumais-work force-pushed the form-fetch-vulnerability branch from 0b865c9 to a325752 Compare August 21, 2025 19:15
@marcdumais-work marcdumais-work marked this pull request as draft August 21, 2025 19:37
@marcdumais-work marcdumais-work force-pushed the form-fetch-vulnerability branch from a325752 to f8530ed Compare August 21, 2025 19:49
@marcdumais-work marcdumais-work marked this pull request as ready for review August 21, 2025 19:51
@marcdumais-work
Copy link
Contributor Author

marcdumais-work commented Aug 21, 2025
edited
Loading

This PR originally updated the typescript version to the latest v5.x but this resulted in build issues. So, I have changed the version range to keep using the current version and opened this issue:

#140

@marcdumais-work marcdumais-work force-pushed the form-fetch-vulnerability branch from f8530ed to a15647e Compare August 21, 2025 20:20
@marcdumais-work marcdumais-work changed the title Update dependencies to get rid of form-fetch vulnerability Update dependencies to get rid of form-data vulnerability Aug 21, 2025
bhufmann
bhufmann approved these changes Aug 21, 2025
View reviewed changes
Copy link
Contributor

@bhufmann bhufmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

bhufmann
bhufmann approved these changes Aug 21, 2025
View reviewed changes
Copy link
Contributor

@bhufmann bhufmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@marcdumais-work
Copy link
Contributor Author

marcdumais-work commented Aug 22, 2025

One minor dev-dependency fails the license check - I will open an IP ticket after merging:

npm/npmjs/-/istanbul-reports/3.2.0, BSD-3-Clause

@marcdumais-work
Copy link
Contributor Author

marcdumais-work commented Aug 22, 2025

Thanks for the review!

@marcdumais-work marcdumais-work merged commit 03d11bc into master Aug 22, 2025
6 of 8 checks passed
@marcdumais-work marcdumais-work deleted the form-fetch-vulnerability branch August 22, 2025 13:00
@marcdumais-work
Copy link
Contributor Author

marcdumais-work commented Aug 22, 2025

One minor dev-dependency fails the license check - I will open an IP ticket after merging:

npm/npmjs/-/istanbul-reports/3.2.0, BSD-3-Clause

https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/22903

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bhufmann bhufmann bhufmann approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marcdumais-work @bhufmann