Skip to content

refactor: Bump form-data#10508

Merged
mtrezza merged 1 commit into
alphafrom
dependabot/npm_and_yarn/multi-e9aa88d040
Jul 13, 2026
Merged

refactor: Bump form-data#10508
mtrezza merged 1 commit into
alphafrom
dependabot/npm_and_yarn/multi-e9aa88d040

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps form-data to 2.5.6 and updates ancestor dependency . These dependencies need to be updated together.

Updates form-data from 2.5.5 to 2.5.6

Changelog

Sourced from form-data's changelog.

v2.5.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames b620316
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape 12be578
  • [Dev Deps] update js-randomness-predictor 46cfd23
  • [Tests] use safe-buffer so the header-injection test runs on node < 4 633044a
  • [Deps] update hasown e3b96ee
Commits
  • c713349 v2.5.6
  • 46cfd23 [Dev Deps] update js-randomness-predictor
  • 633044a [Tests] use safe-buffer so the header-injection test runs on node < 4
  • e3b96ee [Deps] update hasown
  • 12be578 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape
  • b620316 [Fix] escape CR, LF, and " in field names and filenames
  • See full diff in compare view

Updates form-data from 4.0.5 to 4.0.6

Changelog

Sourced from form-data's changelog.

v2.5.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames b620316
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape 12be578
  • [Dev Deps] update js-randomness-predictor 46cfd23
  • [Tests] use safe-buffer so the header-injection test runs on node < 4 633044a
  • [Deps] update hasown e3b96ee
Commits
  • c713349 v2.5.6
  • 46cfd23 [Dev Deps] update js-randomness-predictor
  • 633044a [Tests] use safe-buffer so the header-injection test runs on node < 4
  • e3b96ee [Deps] update hasown
  • 12be578 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape
  • b620316 [Fix] escape CR, LF, and " in field names and filenames
  • See full diff in compare view

Summary by CodeRabbit

  • Chores
    • Updated development dependency versions for improved consistency and compatibility.
    • Refreshed locked package metadata to use newer form-data and hasown releases.

@dependabot dependabot Bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels Jun 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-e9aa88d040 branch 3 times, most recently from 8b6c5ef to 43db037 Compare June 19, 2026 23:15
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-e9aa88d040 branch from 43db037 to 1610ab4 Compare June 25, 2026 09:17
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-e9aa88d040 branch 8 times, most recently from 3c24815 to c311776 Compare July 13, 2026 02:34
Bumps [form-data](https://github.com/form-data/form-data) to 2.5.6 and updates ancestor dependency . These dependencies need to be updated together.


Updates `form-data` from 2.5.5 to 2.5.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v2.5.5...v2.5.6)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v2.5.5...v2.5.6)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 2.5.6
  dependency-type: indirect
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-e9aa88d040 branch from c311776 to 156e7f6 Compare July 13, 2026 03:24
@mtrezza

mtrezza commented Jul 13, 2026

Copy link
Copy Markdown
Member

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Updates form-data from 4.0.5 to 4.0.6, refreshes related lockfile metadata, updates nested form-data 2.x to 2.5.6, and locks hasown at 2.0.4.

Changes

Dependency version alignment

Layer / File(s) Summary
Dependency declarations and lockfile alignment
package.json, package-lock.json
The development dependency and corresponding lockfile entries update form-data, nested form-data, and hasown versions, integrity values, resolved URLs, and dependency ranges.

Estimated code review effort: 1 (Trivial) | ~3 minutes


Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

  • Ignore

❌ Failed checks (2 errors)

Check name Status Explanation Resolution
Description check ❌ Error The description explains the dependency bump, but it misses the required Issue, Approach, and Tasks sections from the template. Add the missing template sections: Issue, Approach, and Tasks with checkboxes, plus the standard Pull Request header text.
Engage In Review Feedback ❌ Error Only a single dependabot bump commit is present; I found no review-thread engagement or follow-up commit addressing feedback. If review feedback existed, reply in-thread and either implement it in a new commit or get the reviewer to retract it before resolving.
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the change and uses an allowed prefix with a capitalized action.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Security Check ✅ Passed Only dependency version bumps changed; no code patterns added. GitHub advisory for form-data was patched in 4.0.4/2.5.4, so 4.0.6/2.5.6 stay above it.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/multi-e9aa88d040

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@mtrezza mtrezza merged commit 504f919 into alpha Jul 13, 2026
23 checks passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/multi-e9aa88d040 branch July 13, 2026 10:05
@parseplatformorg

Copy link
Copy Markdown
Contributor

🎉 This change has been released in version 9.10.1-alpha.1

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code state:released-alpha Released as alpha version

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants