From 496998e23da2c30ad8b60df4eef1fbfa2482f195 Mon Sep 17 00:00:00 2001
From: Dinesh Patel <dinesh1.patel@btinternet.com>
Date: Fri, 15 Aug 2025 11:26:29 +0100
Subject: [PATCH] bumped to form-data 4.0.4

---
 package.json            |  3 ++-
 yarn-audit-known-issues |  2 --
 yarn.lock               | 25 ++++++-------------------
 3 files changed, 8 insertions(+), 22 deletions(-)

diff --git a/package.json b/package.json
index f2dfcd8ae..f501f6612 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "debug": "~2.6.3",
     "dont-sniff-mimetype": "^1.1.0",
     "express": "^5.0.0",
-    "form-data": "^2.1.4",
+    "form-data": "^4.0.4",
     "formidable": "^3.5.4",
     "handlebars": "^4.7.7",
     "http-proxy-middleware": "^0.20.0",
@@ -70,6 +70,7 @@
     "supertest": "^6.3.3"
   },
   "resolutions": {
+    "form-data": "^4.0.4",
     "js-yaml": "3.14.1",
     "lodash": "^4.17.21",
     "handlebars": "^4.7.7",
diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
index 34dda98bd..cf0161562 100644
--- a/yarn-audit-known-issues
+++ b/yarn-audit-known-issues
@@ -1,8 +1,6 @@
 {"value":"@babel/helpers","children":{"ID":1104001,"Issue":"Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups","URL":"https://github.com/advisories/GHSA-968p-4wvh-cqc8","Severity":"moderate","Vulnerable Versions":"<7.26.10","Tree Versions":["7.26.0"],"Dependents":["@babel/core@npm:7.26.0"]}}
 {"value":"brace-expansion","children":{"ID":1105443,"Issue":"brace-expansion Regular Expression Denial of Service vulnerability","URL":"https://github.com/advisories/GHSA-v6h2-p8h4-qcjw","Severity":"low","Vulnerable Versions":">=1.0.0 <=1.1.11","Tree Versions":["1.1.11"],"Dependents":["minimatch@npm:3.1.2"]}}
 {"value":"cross-spawn","children":{"ID":1104663,"Issue":"Regular Expression Denial of Service (ReDoS) in cross-spawn","URL":"https://github.com/advisories/GHSA-3xgq-45jj-v275","Severity":"high","Vulnerable Versions":"<6.0.6","Tree Versions":["6.0.5"],"Dependents":["cross-env@npm:5.2.1"]}}
-{"value":"form-data","children":{"ID":1106507,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.3"],"Dependents":["superagent@npm:10.2.2"]}}
-{"value":"form-data","children":{"ID":1106509,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":"<2.5.4","Tree Versions":["2.5.3"],"Dependents":["ccd-api-gateway-web@workspace:."]}}
 {"value":"glob","children":{"ID":"glob (deprecation)","Issue":"Glob versions prior to v9 are no longer supported","Severity":"moderate","Vulnerable Versions":"7.2.3","Tree Versions":["7.2.3"],"Dependents":["nyc@npm:15.1.0"]}}
 {"value":"http-proxy-middleware","children":{"ID":1100223,"Issue":"Denial of service in http-proxy-middleware","URL":"https://github.com/advisories/GHSA-c7qv-q95q-8v27","Severity":"high","Vulnerable Versions":"<2.0.7","Tree Versions":["0.20.0"],"Dependents":["ccd-api-gateway-web@workspace:."]}}
 {"value":"inflight","children":{"ID":"inflight (deprecation)","Issue":"This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.","Severity":"moderate","Vulnerable Versions":"1.0.6","Tree Versions":["1.0.6"],"Dependents":["glob@npm:7.2.3"]}}
diff --git a/yarn.lock b/yarn.lock
index 499b2c228..83b5a194e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1339,7 +1339,7 @@ __metadata:
     eslint-plugin-mocha: "npm:^6.1.1"
     express: "npm:^5.0.0"
     fetch-mock: "npm:^6.5.2"
-    form-data: "npm:^2.1.4"
+    form-data: "npm:^4.0.4"
     formidable: "npm:^3.5.4"
     git-message: "npm:^2.0.2"
     handlebars: "npm:^4.7.7"
@@ -2629,29 +2629,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"form-data@npm:^2.1.4":
-  version: 2.5.3
-  resolution: "form-data@npm:2.5.3"
-  dependencies:
-    asynckit: "npm:^0.4.0"
-    combined-stream: "npm:^1.0.8"
-    es-set-tostringtag: "npm:^2.1.0"
-    mime-types: "npm:^2.1.35"
-    safe-buffer: "npm:^5.2.1"
-  checksum: 10/c8fced6dcb97aa50d4101dd66431cbc932bfc62409dedf633c811cc2cb30abd5b0e4e24213aff86045b44a4de4178587781a9d3da7268df38e54f8b5b6acea89
-  languageName: node
-  linkType: hard
-
-"form-data@npm:^4.0.0":
-  version: 4.0.3
-  resolution: "form-data@npm:4.0.3"
+"form-data@npm:^4.0.4":
+  version: 4.0.4
+  resolution: "form-data@npm:4.0.4"
   dependencies:
     asynckit: "npm:^0.4.0"
     combined-stream: "npm:^1.0.8"
     es-set-tostringtag: "npm:^2.1.0"
     hasown: "npm:^2.0.2"
     mime-types: "npm:^2.1.12"
-  checksum: 10/22f6e55e6f32a5797a500ed7ca5aa9d690c4de6e1b3308f25f0d83a27d08d91a265ab59a190db2305b15144f8f07df08e8117bad6a93fc93de1baa838bfcc0b5
+  checksum: 10/a4b62e21932f48702bc468cc26fb276d186e6b07b557e3dd7cc455872bdbb82db7db066844a64ad3cf40eaf3a753c830538183570462d3649fdfd705601cbcfb
   languageName: node
   linkType: hard
 
@@ -4836,7 +4823,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.2.1":
+"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1":
   version: 5.2.1
   resolution: "safe-buffer@npm:5.2.1"
   checksum: 10/32872cd0ff68a3ddade7a7617b8f4c2ae8764d8b7d884c651b74457967a9e0e886267d3ecc781220629c44a865167b61c375d2da6c720c840ecd73f45d5d9451