Commit ca55d41
LTS-4003: bump form-data to patched releases (4.0.6, 2.5.6)
Fixes CRLF injection in form-data via unescaped multipart field names and filenames (GHSA-hmw2-7cc7-3qxx, CWE-93, CVSS 7.5).
form-data is a transitive dev-dependency; both vulnerable copies bumped within existing semver ranges: top-level 4.0.4 -> 4.0.6 and 2.5.5 -> 2.5.6 (under @types/request). Lockfile-only change; package.json untouched.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 3720a86 commit ca55d41
1 file changed
Lines changed: 66 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments