Skip to content

Fix vulnerabilities 2025-8-11#2

Merged
nickwinder merged 2 commits intomainfrom
nick/fix-vulnerabilities-2025-08-11
Aug 12, 2025
Merged

Fix vulnerabilities 2025-8-11#2
nickwinder merged 2 commits intomainfrom
nick/fix-vulnerabilities-2025-08-11

Conversation

@nickwinder
Copy link
Copy Markdown
Collaborator

@nickwinder nickwinder commented Aug 10, 2025

Bump packages

@eslint/plugin-kit  <0.3.4
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser - https://github.com/advisories/GHSA-xffm-g5w8-qvg7
fix available via `npm audit fix`
node_modules/@eslint/plugin-kit

form-data  4.0.0 - 4.0.3
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix`
node_modules/form-data

@nickwinder nickwinder self-assigned this Aug 10, 2025
@nickwinder nickwinder requested a review from HungKNguyen August 11, 2025 00:06
HungKNguyen
HungKNguyen approved these changes Aug 12, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@HungKNguyen HungKNguyen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks. One thing I might consider is updating the form-data dependency in package.json to 4.0.4 as well

@nickwinder nickwinder merged commit 09cee3e into main Aug 12, 2025
12 checks passed
@nickwinder nickwinder deleted the nick/fix-vulnerabilities-2025-08-11 branch August 12, 2025 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HungKNguyen HungKNguyen HungKNguyen approved these changes

Assignees

@nickwinder nickwinder

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nickwinder @HungKNguyen