Skip to content

Force to use of form-data ^4.0.4 #6144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 22, 2025
Merged

Force to use of form-data ^4.0.4 #6144

merged 1 commit into from
Jul 22, 2025

Conversation

uurien
Copy link
Collaborator

@uurien uurien commented Jul 22, 2025
edited
Loading

What does this PR do?

Update transitive dependency form-data to use the newest version

Motivation

Advisory fix: GHSA-fjxv-7rqg-78g4

Plugin Checklist

Additional Notes

@github-actions GitHub Actions
Copy link

Overall package size

Self size: 9.69 MB
Deduped: 109.27 MB
No deduping: 109.65 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.7.0 | 35.02 MB | 35.02 MB | | @datadog/native-appsec | 10.0.1 | 20.3 MB | 20.3 MB | | @datadog/native-iast-taint-tracking | 4.0.0 | 11.72 MB | 11.73 MB | | @datadog/pprof | 5.9.0 | 9.77 MB | 10.14 MB | | @opentelemetry/core | 1.30.1 | 908.66 kB | 7.16 MB | | protobufjs | 7.5.3 | 2.95 MB | 5.6 MB | | @datadog/wasm-js-rewriter | 4.0.1 | 2.85 MB | 3.58 MB | | @datadog/native-metrics | 3.1.1 | 1.02 MB | 1.43 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | jsonpath-plus | 10.3.0 | 617.18 kB | 1.08 MB | | import-in-the-middle | 1.14.2 | 122.36 kB | 850.93 kB | | lru-cache | 10.4.3 | 804.3 kB | 804.3 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.1 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 7.0.5 | 63.38 kB | 63.38 kB | | istanbul-lib-coverage | 3.2.2 | 34.37 kB | 34.37 kB | | rfdc | 1.4.1 | 27.15 kB | 27.15 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | dc-polyfill | 0.1.9 | 25.11 kB | 25.11 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | shell-quote | 1.8.3 | 23.74 kB | 23.74 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | mutexify | 1.4.0 | 5.71 kB | 8.74 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.4 | 3.96 kB | 3.96 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@codecov Codecov
Copy link

codecov bot commented Jul 22, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.80%. Comparing base (4f6f9f2) to head (e0e8dbf).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6144   +/-   ##
=======================================
  Coverage   82.80%   82.80%           
=======================================
  Files         476      476           
  Lines       19658    19658           
=======================================
  Hits        16278    16278           
  Misses       3380     3380

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pr-commenter
Copy link

pr-commenter bot commented Jul 22, 2025

Benchmarks

Benchmark execution time: 2025-07-22 08:07:20

Comparing candidate commit e0e8dbf in PR branch ugaitz/updating-form-data with baseline commit 4f6f9f2 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 1274 metrics, 49 unstable metrics.

@uurien uurien marked this pull request as ready for review July 22, 2025 08:15
@uurien uurien requested a review from a team as a code owner July 22, 2025 08:15
@uurien uurien enabled auto-merge (squash) July 22, 2025 08:17
@watson
Copy link
Collaborator

watson commented Jul 22, 2025

Duplicate of #6142

@watson watson marked this as a duplicate of #6142 Jul 22, 2025
@uurien uurien merged commit 982d5ad into master Jul 22, 2025
774 of 776 checks passed
@uurien uurien deleted the ugaitz/updating-form-data branch July 22, 2025 08:23
@watson
Copy link
Collaborator

watson commented Jul 22, 2025

For future reference, never use the resolutions field for these kind of upgrades. This dependency could just have been updated like normal in the yarn.lock file.

@watson watson mentioned this pull request Jul 22, 2025
Merged
ghost pushed a commit that referenced this pull request Jul 22, 2025
@uurien @rochdev
Use form-data ^4.0.4 (#6144)
e040a0b 
Fix advisory: GHSA-fjxv-7rqg-78g4
@ghost ghost mentioned this pull request Jul 22, 2025
Merged
watson pushed a commit that referenced this pull request Jul 24, 2025
@uurien @watson
Use form-data ^4.0.4 (#6144)
03e08cb 
Fix advisory: GHSA-fjxv-7rqg-78g4
tlhunter pushed a commit that referenced this pull request Aug 22, 2025
@uurien @tlhunter
Use form-data ^4.0.4 (#6144)
9ac6610 
Fix advisory: GHSA-fjxv-7rqg-78g4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IlyasShabi IlyasShabi IlyasShabi approved these changes

Assignees
No one assigned
Labels
semver-patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@uurien @watson @IlyasShabi