CCD-6639 :: Fix CVE-2025-7783

package.json

@@ -31,7 +31,7 @@
     "debug": "~2.6.3",
     "dont-sniff-mimetype": "^1.1.0",
     "express": "^5.0.0",
-    "form-data": "^2.1.4",
+    "form-data": "^4.0.4",
     "formidable": "^3.5.4",
     "handlebars": "^4.7.7",
     "http-proxy-middleware": "^0.20.0",
@@ -70,6 +70,7 @@
     "supertest": "^6.3.3"
   },
   "resolutions": {
+    "form-data": "^4.0.4",
     "js-yaml": "3.14.1",
     "lodash": "^4.17.21",
     "handlebars": "^4.7.7",

yarn-audit-known-issues

@@ -1,8 +1,6 @@
 {"value":"@babel/helpers","children":{"ID":1104001,"Issue":"Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups","URL":"https://github.com/advisories/GHSA-968p-4wvh-cqc8","Severity":"moderate","Vulnerable Versions":"<7.26.10","Tree Versions":["7.26.0"],"Dependents":["@babel/core@npm:7.26.0"]}}
 {"value":"brace-expansion","children":{"ID":1105443,"Issue":"brace-expansion Regular Expression Denial of Service vulnerability","URL":"https://github.com/advisories/GHSA-v6h2-p8h4-qcjw","Severity":"low","Vulnerable Versions":">=1.0.0 <=1.1.11","Tree Versions":["1.1.11"],"Dependents":["minimatch@npm:3.1.2"]}}
 {"value":"cross-spawn","children":{"ID":1104663,"Issue":"Regular Expression Denial of Service (ReDoS) in cross-spawn","URL":"https://github.com/advisories/GHSA-3xgq-45jj-v275","Severity":"high","Vulnerable Versions":"<6.0.6","Tree Versions":["6.0.5"],"Dependents":["cross-env@npm:5.2.1"]}}
-{"value":"form-data","children":{"ID":1106507,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":">=4.0.0 <4.0.4","Tree Versions":["4.0.3"],"Dependents":["superagent@npm:10.2.2"]}}
-{"value":"form-data","children":{"ID":1106509,"Issue":"form-data uses unsafe random function in form-data for choosing boundary","URL":"https://github.com/advisories/GHSA-fjxv-7rqg-78g4","Severity":"critical","Vulnerable Versions":"<2.5.4","Tree Versions":["2.5.3"],"Dependents":["ccd-api-gateway-web@workspace:."]}}
 {"value":"glob","children":{"ID":"glob (deprecation)","Issue":"Glob versions prior to v9 are no longer supported","Severity":"moderate","Vulnerable Versions":"7.2.3","Tree Versions":["7.2.3"],"Dependents":["nyc@npm:15.1.0"]}}
 {"value":"http-proxy-middleware","children":{"ID":1100223,"Issue":"Denial of service in http-proxy-middleware","URL":"https://github.com/advisories/GHSA-c7qv-q95q-8v27","Severity":"high","Vulnerable Versions":"<2.0.7","Tree Versions":["0.20.0"],"Dependents":["ccd-api-gateway-web@workspace:."]}}
 {"value":"inflight","children":{"ID":"inflight (deprecation)","Issue":"This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.","Severity":"moderate","Vulnerable Versions":"1.0.6","Tree Versions":["1.0.6"],"Dependents":["glob@npm:7.2.3"]}}

yarn.lock

@@ -1339,7 +1339,7 @@ __metadata:
     eslint-plugin-mocha: "npm:^6.1.1"
     express: "npm:^5.0.0"
     fetch-mock: "npm:^6.5.2"
-    form-data: "npm:^2.1.4"
+    form-data: "npm:^4.0.4"
     formidable: "npm:^3.5.4"
     git-message: "npm:^2.0.2"
     handlebars: "npm:^4.7.7"
@@ -2629,29 +2629,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"form-data@npm:^2.1.4":
-  version: 2.5.3
-  resolution: "form-data@npm:2.5.3"
-  dependencies:
-    asynckit: "npm:^0.4.0"
-    combined-stream: "npm:^1.0.8"
-    es-set-tostringtag: "npm:^2.1.0"
-    mime-types: "npm:^2.1.35"
-    safe-buffer: "npm:^5.2.1"
-  checksum: 10/c8fced6dcb97aa50d4101dd66431cbc932bfc62409dedf633c811cc2cb30abd5b0e4e24213aff86045b44a4de4178587781a9d3da7268df38e54f8b5b6acea89
-  languageName: node
-  linkType: hard
-
-"form-data@npm:^4.0.0":
-  version: 4.0.3
-  resolution: "form-data@npm:4.0.3"
+"form-data@npm:^4.0.4":
+  version: 4.0.4
+  resolution: "form-data@npm:4.0.4"
   dependencies:
     asynckit: "npm:^0.4.0"
     combined-stream: "npm:^1.0.8"
     es-set-tostringtag: "npm:^2.1.0"
     hasown: "npm:^2.0.2"
     mime-types: "npm:^2.1.12"
-  checksum: 10/22f6e55e6f32a5797a500ed7ca5aa9d690c4de6e1b3308f25f0d83a27d08d91a265ab59a190db2305b15144f8f07df08e8117bad6a93fc93de1baa838bfcc0b5
+  checksum: 10/a4b62e21932f48702bc468cc26fb276d186e6b07b557e3dd7cc455872bdbb82db7db066844a64ad3cf40eaf3a753c830538183570462d3649fdfd705601cbcfb
   languageName: node
   linkType: hard
 
@@ -4836,7 +4823,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.2.1":
+"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1":
   version: 5.2.1
   resolution: "safe-buffer@npm:5.2.1"
   checksum: 10/32872cd0ff68a3ddade7a7617b8f4c2ae8764d8b7d884c651b74457967a9e0e886267d3ecc781220629c44a865167b61c375d2da6c720c840ecd73f45d5d9451