Skip to content

[Snyk] Upgrade form-data from 4.0.0 to 4.0.4 #421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade form-data from 4.0.0 to 4.0.4 #421

wants to merge 1 commit into from

Conversation

@nerdy-tech-com-gitub
Copy link
Owner

@nerdy-tech-com-gitub nerdy-tech-com-gitub commented Oct 22, 2025

snyk-top-banner

Snyk has created this PR to upgrade form-data from 4.0.0 to 4.0.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.

  • The recommended version was released 3 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELHELPERS-9397697		 140 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 140 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 140 Proof of Concept
critical severity Predictable Value Range from Previous Values
SNYK-JS-FORMDATA-10841150		 140 Proof of Concept
medium severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 140 No Known Exploit
Release notes
Package name: form-data
  • 4.0.4 - 2025-07-17
  • 4.0.3 - 2025-06-05

    v4.0.3 - 2025-06-05

    Fixed

    • [Fix] append: avoid a crash on nullish values #577

    Commits

    • [eslint] use a shared config 426ba9a
    • [eslint] fix some spacing issues 2094191
    • [Refactor] use hasown 81ab41b
    • [Fix] validate boundary type in setBoundary() method 8d8e469
    • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
    • [Dev Deps] remove unused deps 870e4e6
    • [meta] remove local commit hooks e6e83cc
    • [Dev Deps] update eslint 4066fd6
    • [meta] fix scripts to use prepublishOnly c4bbb13
  • 4.0.2 - 2025-02-14

    v4.0.2 - 2025-02-14

    Merged

    • [Fix] set Symbol.toStringTag when available #573
    • [Fix] set Symbol.toStringTag when available #573
    • fix (npmignore): ignore temporary build files #532
    • fix (npmignore): ignore temporary build files #532

    Fixed

    • [Fix] set Symbol.toStringTag when available (#573) #396
    • [Fix] set Symbol.toStringTag when available (#573) #396
    • [Fix] set Symbol.toStringTag when available #396

    Commits

    • Merge tags v2.5.3 and v3.0.3 92613b9
    • [Tests] migrate from travis to GHA 806eda7
    • [Tests] migrate from travis to GHA 8fdb3bc
    • [Refactor] use Object.prototype.hasOwnProperty.call 7fecefe
    • [Refactor] use Object.prototype.hasOwnProperty.call 6e682d4
    • [Refactor] use Object.prototype.hasOwnProperty.call df3c1e6
    • [Dev Deps] update @ types/node, browserify, coveralls, cross-spawn, eslint, formidable, in-publish, pkgfiles, pre-commit, puppeteer, request, tape, typescript 8261fcb
    • [Dev Deps] update @ types/node, browserify, coveralls, cross-spawn, eslint, formidable, in-publish, pkgfiles, pre-commit, puppeteer, request, tape, typescript fb66cb7
    • [Dev Deps] update @ types/node, browserify, coveralls, eslint, formidable, in-publish, phantomjs-prebuilt, pkgfiles, pre-commit, request, tape, typescript 819f6b7
    • [eslint] clean up ignores 3217b3d
    • [eslint] clean up ignores 3a9d480
    • [Fix] Buffer.from and Buffer.alloc require node 4+ c499f76
    • Only apps should have lockfiles b82f590
    • Only apps should have lockfiles b170ee2
    • [Deps] update combined-stream, mime-types 6b1ca1d
    • [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl e5df7f2
    • [Deps] update mime-types 5a5bafe
    • Bumped version 2.5.3 9457283
    • [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl 9dbe192
    • Merge tags v2.5.2 and v3.0.2 d53265d
    • Bumped version 2.5.2 7020dd4
    • [Dev Deps] downgrade cross-spawn 3fc1a9b
    • fix: move util.isArray to Array.isArray (#564) edb555a
    • fix: move util.isArray to Array.isArray (#564) 10418d1
  • 4.0.1 - 2024-10-10

    Fixes

    • npmignore temporary build files (#532)
    • move util.isArray to Array.isArray (#564)

    Tests

    • migrate from travis to GHA
  • 4.0.0 - 2021-02-15
    • Merge pull request #382 from wxt2005/custom-stream 8968e01
    • Fix typo e705c0a
    • Merge branch 'master' of github.com:form-data/form-data into custom-stream b7b7dee
    • Update README for custom stream behavior 6dd8624
    • Handle custom stream a3e191d

    v3.0.1...v4.0.0

from form-data GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade form-data from 4.0.0 to 4.0.4
ea9ecc9 
Snyk has created this PR to upgrade form-data from 4.0.0 to 4.0.4.

See this package in npm:
form-data

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/c1e00438-ee6a-430b-8e0c-673cfa5db529?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nerdy-tech-com-gitub @snyk-bot