Skip to content

fix(security): bump form-data to 4.0.6 to remediate CVE-2026-12143#65

Open
alexgomezlf wants to merge 7 commits into
mainfrom
alex/fix-form-data-cve-2026-12143
Open

fix(security): bump form-data to 4.0.6 to remediate CVE-2026-12143#65
alexgomezlf wants to merge 7 commits into
mainfrom
alex/fix-form-data-cve-2026-12143

Conversation

@alexgomezlf

Copy link
Copy Markdown
Contributor

No description provided.

alexgomezlf and others added 7 commits July 8, 2026 14:50
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
lf-api-client-core:       1.1.20 -> 1.1.21
lf-js-utils:               4.0.14 -> 4.0.15
lf-repository-api-v1:      1.1.11 -> 1.1.12
lf-api-js / repo-api-v2:   form-data reference updated within existing unreleased 1.2.0 entry

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
npm's @latest tag now resolves to npm 12, which requires Node >=22.22.2/24.15.0
and no longer supports Node 20. That broke the "Update npm" step on every
Node-20 job. No npm ci calls exist in this repo (pnpm-only), so there's no
need to pin npm to a fixed version like other repos do.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant