koajs
chore: upgrade formidable
Upgrading formidable dependency to its latest version.
Checklist
- [x] I have ensured my pull request is not behind the main or master branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [ ] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes along with context if necessary.
New and updated dependencies detected. Learn more about Socket for GitHub ↗︎
| Packages | Version | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|---|
| formidable | 3.5.1 | None | +0 |
165 kB | grossacasacs |
| @types/formidable | 2.0.6...3.4.4 | None | +0/-0 |
19 kB | types |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey everyone, can we get this merge and a new release? Yarn audit just warned us that formidable has a critical vulnerability related to file uploads, so this would be much appreciated
Hey here. npm audit alarm us, that formidable has critical vulnerability . Can we merge it and create new release?
Hey y'all. When can we get this merged in? This is a fairly large blocker for a lot of projects
@othmane-elgoubi when can we expect this to be merged and released? Thanks!
The only saving grace to this seemingly dead project is that https://github.com/advisories/GHSA-8cp3-66vr-3r4c was withdrawn.