Skip to content

build(deps): bump form-data from 4.0.5 to 4.0.6 in /frontend#211

Open
Tetramputechture wants to merge 1 commit into
mainfrom
deps/frontend-form-data-4.0.6
Open

build(deps): bump form-data from 4.0.5 to 4.0.6 in /frontend#211
Tetramputechture wants to merge 1 commit into
mainfrom
deps/frontend-form-data-4.0.6

Conversation

@Tetramputechture

Copy link
Copy Markdown

Resolves Dependabot alert OpenHands#567 (HIGH) — GHSA-hmw2-7cc7-3qxx: CRLF injection in form-data via unescaped multipart field names and filenames.

Change

  • form-data 4.0.5 → 4.0.6 (transitive dependency, lockfile only)
  • cascades hasown 2.0.2 → 2.0.4 to satisfy form-data 4.0.6's dependency range

No package.json change — form-data is a transitive dep. Lockfile edited surgically (no unrelated drift).

🤖 Generated with Claude Code

Resolves Dependabot alert OpenHands#567 (HIGH) GHSA-hmw2-7cc7-3qxx: CRLF injection
in form-data via unescaped multipart field names and filenames.

Transitive dependency; bumped in the lockfile only. Pulls hasown 2.0.2
-> 2.0.4 to satisfy form-data 4.0.6's dependency range.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant