fix(deps): update dependency formidable to v3

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
formidable	dependencies	major	^2.0.1 -> ^3.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	GitHub Issue
Low	3.1	CVE-2025-46653	#-1

---

Release Notes

node-formidable/formidable (formidable)

v3.5.3

Compare Source

• security report by ZAST.AI help for some vulnerabilities addressing (primarily the random names generation)
• update failing tests
• update CI/CD workflows and actions;
• update CodeQL github action for security analysis
• update readme, links and badges
• update to use cuid2 (battle-tested @paralleldrive/cuid2 package) for better random names - should not be breaking anything since it's still 25 characters long, but a lot safer and faster.

v3.5.2

Compare Source

• fix: (#​982) make it easier to import hexoid with webpack

v3.5.1

Compare Source

• fix: (#​945) multipart parser fix: flush or fail always (don't hang)

v3.5.0

Compare Source

• feature: (#​944) Dual package: Can be imported as ES module and required as commonjs module

v3.4.0

Compare Source

• feature: (#​940) form.parse returns a promise if no callback is provided
• it resolves with an array [fields, files]

v3.3.2

Compare Source

• feature: (#​855) add options.createDirsFromUploads, see README for usage
• form.parse is an async function (ignore the promise)
• benchmarks: add e2e becnhmark with as many request as possible per second
  • npm run to display all the commands
• mark as latest on npm

v3.2.5

Compare Source

• fix: (#​881) fail earlier when maxFiles is exceeded

v3.2.4

Compare Source

• fix: (#​857) improve keep extension
• The code from before 3.2.4 already removed some characters from the file extension. But not always. So it was inconsistent.
• The new code cuts the file extension at the first invalid character (invalid in a file extension).
• The characters that are considered invalid inside a file extension are all except the . numbers and a-Z.
• This change only has an effect if filename option is not used and keepextension option is used

v3.2.3

Compare Source

• fix: (#​852) end event is emitted once

v3.2.1

Compare Source

• fix: do not let empty file on error (#​796)
• it was probably due to the fact that .destroy on a file stream does not always complete on time

v3.2.0

Compare Source

• feat: maxFileSize option is now per file (as the name suggests) (#​791)
• feat: add maxFiles option, default Infinity
• feat: add maxTotalFileSize, default is maxFileSize (for backwards compatibility)
• fix: minFileSize is per file
• fix: allowEmptyFiles fix in cases where one file is not empty
• fix: allowEmptyFiles false option by default
• fix: rename wrongly named error
• refactor: rename wrongly named maxFileSize into maxTotalFileSize

v3.1.5

Compare Source

• fix: PersistentFile.toString (#​796)

v3.1.4

Compare Source

• fix: add missing pluginFailed error (#​794)
• refactor: use explicit node imports (#​786)

---

• If you want to rebase/retry this PR, check this box