Skip to content

Commit ca55d41

Browse files
prasadthxclaude
andcommitted
LTS-4003: bump form-data to patched releases (4.0.6, 2.5.6)
Fixes CRLF injection in form-data via unescaped multipart field names and filenames (GHSA-hmw2-7cc7-3qxx, CWE-93, CVSS 7.5). form-data is a transitive dev-dependency; both vulnerable copies bumped within existing semver ranges: top-level 4.0.4 -> 4.0.6 and 2.5.5 -> 2.5.6 (under @types/request). Lockfile-only change; package.json untouched. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 3720a86 commit ca55d41

1 file changed

Lines changed: 66 additions & 18 deletions

File tree

package-lock.json

Lines changed: 66 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)