Skip to content
This repository was archived by the owner on Mar 3, 2026. It is now read-only.

chore(deps): update dependency form data to v4.0.4#2621

Merged
ddelgrosso1 merged 6 commits intomainfrom
fix-form-data-vuln
Aug 14, 2025
Merged

chore(deps): update dependency form data to v4.0.4#2621
ddelgrosso1 merged 6 commits intomainfrom
fix-form-data-vuln

Conversation

@thiyaguk09
Copy link
Contributor

@thiyaguk09 thiyaguk09 commented Jul 28, 2025
edited by ddelgrosso1
Loading

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes

@product-auto-label product-auto-label bot added size: xs Pull request size is extra small. api: storage Issues related to the googleapis/nodejs-storage API. labels Jul 28, 2025
@thiyaguk09 thiyaguk09 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 28, 2025
@thiyaguk09 thiyaguk09 changed the title fix: form data vulnerability issue chore(deps): update dependency form data to v4.0.4 Jul 28, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 28, 2025
@ddelgrosso1 ddelgrosso1 added the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 29, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 29, 2025
@thiyaguk09 thiyaguk09 marked this pull request as ready for review July 31, 2025 06:42
@thiyaguk09 thiyaguk09 requested a review from a team July 31, 2025 06:42
@thiyaguk09 thiyaguk09 requested a review from a team as a code owner July 31, 2025 06:42
@ddelgrosso1
Copy link
Contributor

ddelgrosso1 commented Aug 6, 2025

I don't believe this will entirely solve the issue. There are dependencies such as retry-request and teeny-request that are including the bad version of form-data.

@thiyaguk09
Copy link
Contributor Author

thiyaguk09 commented Aug 7, 2025

I don't believe this will entirely solve the issue. There are dependencies such as retry-request and teeny-request that are including the bad version of form-data.

Yes, you are right, but my understanding was that we plan to fix retry-request and tiny-request during the node-18 migration, not this time. Please correct me if I’m wrong.

@ddelgrosso1
Copy link
Contributor

ddelgrosso1 commented Aug 7, 2025

@thiyaguk09 that is correct. The node18 revision should eliminate the usage of teeny-request / retry-request. I just didn't want to lose site that this PR will not entirely resolve the issue.

@thiyaguk09
Copy link
Contributor Author

thiyaguk09 commented Aug 11, 2025

Would it be alright to merge and close this issue, and then open a new one for teeny-request or retry-request with gaxios? Or is there anything else needed here?

@ddelgrosso1
Copy link
Contributor

ddelgrosso1 commented Aug 11, 2025

I'll merge this but I don't think we should close the issue as this doesn't fully resolve it.

@ddelgrosso1 ddelgrosso1 added the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 11, 2025
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 11, 2025
@ddelgrosso1 ddelgrosso1 removed their assignment Aug 14, 2025
@ddelgrosso1 ddelgrosso1 merged commit 288e81e into main Aug 14, 2025
20 of 21 checks passed
@ddelgrosso1 ddelgrosso1 deleted the fix-form-data-vuln branch August 14, 2025 19:11
@enzoferey enzoferey mentioned this pull request Aug 18, 2025
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@BenWhitehead BenWhitehead BenWhitehead approved these changes

@ddelgrosso1 ddelgrosso1 ddelgrosso1 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

api: storage Issues related to the googleapis/nodejs-storage API. size: xs Pull request size is extra small.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thiyaguk09 @ddelgrosso1 @BenWhitehead @yoshi-kokoro