Skip to content

fix: patch form-data CRLF injection (CVE-2026-12143)#393

Merged
igoroctaviano merged 1 commit into
masterfrom
fix/form-data-cve-2026-12143
Jun 29, 2026
Merged

fix: patch form-data CRLF injection (CVE-2026-12143)#393
igoroctaviano merged 1 commit into
masterfrom
fix/form-data-cve-2026-12143

Conversation

@igoroctaviano

Copy link
Copy Markdown
Collaborator

Summary

  • Resolves Dependabot alerts #175 and #176 for transitive form-data CRLF injection (GHSA-hmw2-7cc7-3qxx / CVE-2026-12143).
  • Adds targeted pnpm overrides to bump jsdom>form-data to 3.0.5 and axios>form-data to 4.0.6, and refreshes pnpm-lock.yaml.

Test plan

Pin transitive form-data via pnpm overrides to resolve Dependabot alerts #175 and #176.
@deepsource-io

deepsource-io Bot commented Jun 29, 2026

Copy link
Copy Markdown

DeepSource Code Review

We reviewed changes in 3faa989...0140c07 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
JavaScript Jun 29, 2026 4:15p.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@igoroctaviano igoroctaviano merged commit efebe02 into master Jun 29, 2026
8 checks passed
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant