Skip to content

[MGMT-661] CVE-2025-7783#111

Merged
vkurup merged 3 commits into
masterfrom
MGMT-661-CVE-2025-7783
Jun 9, 2026
Merged

[MGMT-661] CVE-2025-7783#111
vkurup merged 3 commits into
masterfrom
MGMT-661-CVE-2025-7783

Conversation

@vkurup

@vkurup vkurup commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

form-data has a vulnerability in version 4.0.1, which is fixed in 4.0.4. This is not critical as it's only in a dev dependency, but it's easy enough to fix by regenerating the lockfile without needing to bump other versions.

This PR only needs to be merged, not released, as there are no other changes to the actual published spec.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the npm lockfile to remediate CVE-2025-7783 by pulling in a patched form-data version used transitively (via dev tooling), aligning the repository’s dev dependency tree with the fixed package release.

Changes:

  • Updates form-data in package-lock.json from 4.0.1 to 4.0.5 (and adds new transitive deps introduced by that version).
  • Bumps the package version in package.json from 1.0.20 to 1.0.26.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Bumps the package version (currently conflicts with PR intent of “merge only, no release”).
package-lock.json Regenerates lockfile to pull in patched form-data and related transitive dependencies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

Comment thread package.json
@vkurup
vkurup requested a review from a team June 9, 2026 14:57
@vkurup
vkurup merged commit fb73a25 into master Jun 9, 2026
1 check passed
@vkurup
vkurup deleted the MGMT-661-CVE-2025-7783 branch June 9, 2026 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants