Fix vulnerabilities 2025-8-11 #2

nickwinder · 2025-08-10T23:54:48Z

Bump packages

@eslint/plugin-kit  <0.3.4
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser - https://github.com/advisories/GHSA-xffm-g5w8-qvg7
fix available via `npm audit fix`
node_modules/@eslint/plugin-kit

form-data  4.0.0 - 4.0.3
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix`
node_modules/form-data

HungKNguyen

LGTM, thanks. One thing I might consider is updating the form-data dependency in package.json to 4.0.4 as well

Update dependencies in package-lock.json

11a6d8c

nickwinder self-assigned this Aug 10, 2025

nickwinder requested a review from HungKNguyen August 11, 2025 00:06

HungKNguyen approved these changes Aug 12, 2025

View reviewed changes

Update form-data to ^4.0.4 in dependencies

fcff86a

nickwinder merged commit 09cee3e into main Aug 12, 2025
12 checks passed

nickwinder deleted the nick/fix-vulnerabilities-2025-08-11 branch August 12, 2025 07:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix vulnerabilities 2025-8-11 #2

Fix vulnerabilities 2025-8-11 #2

Uh oh!

nickwinder commented Aug 10, 2025

Uh oh!

HungKNguyen left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Fix vulnerabilities 2025-8-11 #2

Fix vulnerabilities 2025-8-11 #2

Uh oh!

Conversation

nickwinder commented Aug 10, 2025

Uh oh!

HungKNguyen left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants