From e46c10c26bcdd335cbd14c759fa33a401897a55b Mon Sep 17 00:00:00 2001
From: GaganBhakhar <54155074+GaganBhakhar@users.noreply.github.com>
Date: Fri, 1 Aug 2025 16:00:49 +0530
Subject: [PATCH] =?UTF-8?q?fix:=20upgrade=20form-data=20dependency=20to=20?=
 =?UTF-8?q?=E2=89=A5=E2=80=AF4.0.4=20to=20resolve=20CVE=E2=80=912025?=
 =?UTF-8?q?=E2=80=917783?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The version 4.0.0 is vulnerable to CVE‑2025‑7783 due to use of insufficiently random boundary values (HTTP Parameter Pollution risk via predictable Math.random()). This was disclosed July 18 2025 and rated critical (CVSS 9.4) :contentReference[oaicite:1]{index=1}.

This change bumps form‑data to 4.0.4 (or later), which includes the upstream fix via commit 3d1723080e6577a66f17f163ecd345a21d8d0fd0 :contentReference[oaicite:2]{index=2}. Also updates dependent packages (e.g. AppAuth‑JS) to ensure no resolution falls back to vulnerable versions.

Fixes CVE‑2025‑7783 in form‑data v4 series.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5d1e5dc..05ff890 100644
--- a/package.json
+++ b/package.json
@@ -66,7 +66,7 @@
     "@types/jquery": "^3.5.29",
     "base64-js": "^1.5.1",
     "follow-redirects": "^1.15.6",
-    "form-data": "^4.0.0",
+    "form-data": "^4.0.4",
     "opener": "^1.5.2"
   }
 }