Skip to content

chore: Run yarn upgrade #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 29, 2025
Merged

chore: Run yarn upgrade #464

merged 1 commit into from
Jul 29, 2025

Conversation

avangelillo
Copy link
Contributor

@avangelillo avangelillo commented Jul 29, 2025
edited
Loading

What does this PR do?

Run yarn upgrade to get a new version of form-data, which dependabot gave us a security warning for versions >= 3.0.0 and < 3.0.4. The relevant section of this is in line 2505 of the yarn.lock file.

Motivation

Github security issue: https://github.com/DataDog/datadog-cdk-constructs/security/dependabot/107

Testing Guidelines

Running git diff origin/main gives us the diff

> git diff origin/main |grep "form-data"
 form-data@^3.0.0:
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-3.0.3.tgz#{Hash removed since github thinks its a secret}"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-3.0.4.tgz#{Hash removed since github thinks its a secret}"

Additional Notes

Types of Changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog

@avangelillo
Run yarn upgrade
65c4622 
Run yarn upgrade to get a new version of form-data, which dependabot
gave us a security warning for versions >= 3.0.0 and < 3.0.4.  Running

git diff origin/main gives us the diff

```
> git diff origin/main |grep "form-data"
 form-data@^3.0.0:
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-3.0.3.tgz#{Hash removed since github thinks its a secret}"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-3.0.4.tgz#{Hash removed since github thinks its a secret}"
```

Github security issue: https://github.com/DataDog/datadog-cdk-constructs/security/dependabot/107
avangelillo
avangelillo commented Jul 29, 2025
View reviewed changes
yarn.lock
version "3.0.3"
resolved "https://registry.yarnpkg.com/form-data/-/form-data-3.0.3.tgz#349c8f2c9d8f8f0c879ee0eb7cc0d300018d6b09"
integrity sha512-q5YBMeWy6E2Un0nMGWMgI65MAKtaylxfNJGJxpGh45YDciZB4epbWpaAfImil6CPAPTYB4sh0URQNDRIZG5F2w==
version "3.0.4"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the relevant line

@avangelillo avangelillo changed the title Run yarn upgrade chore: Run yarn upgrade Jul 29, 2025
@avangelillo avangelillo marked this pull request as ready for review July 29, 2025 18:28
@avangelillo avangelillo requested a review from a team as a code owner July 29, 2025 18:28
@avangelillo avangelillo requested a review from TalUsvyatsky July 29, 2025 18:28
@avangelillo avangelillo merged commit dc13fdc into main Jul 29, 2025
11 of 12 checks passed
@avangelillo avangelillo deleted the alex.angelillo/upgradeDependencies branch July 29, 2025 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TalUsvyatsky TalUsvyatsky TalUsvyatsky approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@avangelillo @TalUsvyatsky