fix(deps): force form-data >=4.0.6 to fix unsafe boundary advisory

Resolves the form-data <4.0.6 advisory (predictable multipart
boundary). Transitive in both workspaces; pinned via pnpm overrides.
Dependabot alerts #247 (desktop) and #258 (frontend).
This commit is contained in:
kolaente 2026-06-16 08:30:33 +02:00
parent 652f61da50
commit 460e8f3ab1
No known key found for this signature in database
4 changed files with 25 additions and 13 deletions

View File

@ -78,7 +78,8 @@
"@tootallnate/once": "^3.0.1",
"picomatch": ">=4.0.4",
"tmp": ">=0.2.7",
"ip-address": ">=10.1.1"
"ip-address": ">=10.1.1",
"form-data": ">=4.0.6"
}
}
}

View File

@ -11,6 +11,7 @@ overrides:
picomatch: '>=4.0.4'
tmp: '>=0.2.7'
ip-address: '>=10.1.1'
form-data: '>=4.0.6'
importers:
@ -632,8 +633,8 @@ packages:
resolution: {integrity: sha512-Ld2g8rrAyMYFXBhEqMz8ZAHBi4J4uS1i/CxGMDnjyFWddMXLVcDp051DZfu+t7+ab7Wv6SMqpWmyFIj5UbfFvg==}
engines: {node: '>=14'}
form-data@4.0.5:
resolution: {integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==}
form-data@4.0.6:
resolution: {integrity: sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==}
engines: {node: '>= 6'}
forwarded@0.2.0:
@ -736,6 +737,10 @@ packages:
resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==}
engines: {node: '>= 0.4'}
hasown@2.0.4:
resolution: {integrity: sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==}
engines: {node: '>= 0.4'}
hosted-git-info@4.1.0:
resolution: {integrity: sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==}
engines: {node: '>=10'}
@ -1729,7 +1734,7 @@ snapshots:
ejs: 3.1.10
electron-builder-squirrel-windows: 24.13.3(dmg-builder@26.15.2)
electron-publish: 24.13.1
form-data: 4.0.5
form-data: 4.0.6
fs-extra: 10.1.0
hosted-git-info: 4.1.0
is-ci: 3.0.1
@ -2171,7 +2176,7 @@ snapshots:
builder-util: 26.15.0
builder-util-runtime: 9.7.0
chalk: 4.1.2
form-data: 4.0.5
form-data: 4.0.6
fs-extra: 10.1.0
lazy-val: 1.0.5
mime: 2.6.0
@ -2215,7 +2220,7 @@ snapshots:
es-errors: 1.3.0
get-intrinsic: 1.3.0
has-tostringtag: 1.0.2
hasown: 2.0.2
hasown: 2.0.4
es6-error@4.1.1:
optional: true
@ -2294,12 +2299,12 @@ snapshots:
cross-spawn: 7.0.6
signal-exit: 4.1.0
form-data@4.0.5:
form-data@4.0.6:
dependencies:
asynckit: 0.4.0
combined-stream: 1.0.8
es-set-tostringtag: 2.1.0
hasown: 2.0.2
hasown: 2.0.4
mime-types: 2.1.35
forwarded@0.2.0: {}
@ -2436,6 +2441,10 @@ snapshots:
dependencies:
function-bind: 1.1.2
hasown@2.0.4:
dependencies:
function-bind: 1.1.2
hosted-git-info@4.1.0:
dependencies:
lru-cache: 6.0.0

View File

@ -177,7 +177,8 @@
"ip-address": ">=10.1.1",
"postcss": ">=8.5.10",
"tmp": ">=0.2.7",
"esbuild": ">=0.28.1"
"esbuild": ">=0.28.1",
"form-data": ">=4.0.6"
}
}
}

View File

@ -14,6 +14,7 @@ overrides:
postcss: '>=8.5.10'
tmp: '>=0.2.7'
esbuild: '>=0.28.1'
form-data: '>=4.0.6'
importers:
@ -3942,8 +3943,8 @@ packages:
resolution: {integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==}
engines: {node: '>=14'}
form-data@4.0.5:
resolution: {integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==}
form-data@4.0.6:
resolution: {integrity: sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==}
engines: {node: '>= 6'}
fraction.js@5.3.4:
@ -9830,7 +9831,7 @@ snapshots:
axios@1.16.0:
dependencies:
follow-redirects: 1.16.0
form-data: 4.0.5
form-data: 4.0.6
proxy-from-env: 2.1.0
transitivePeerDependencies:
- debug
@ -10787,7 +10788,7 @@ snapshots:
cross-spawn: 7.0.6
signal-exit: 4.1.0
form-data@4.0.5:
form-data@4.0.6:
dependencies:
asynckit: 0.4.0
combined-stream: 1.0.8