critical vulnerability in form-data #61
Description
npm audit reveals a critical security vulnerability in form-data:
# npm audit report
form-data <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix --force`
Will install @getbrevo/brevo@1.0.1, which is a breaking change
node_modules/form-data
node_modules/request/node_modules/form-data
request *
Depends on vulnerable versions of form-data
Depends on vulnerable versions of tough-cookie
node_modules/request
@getbrevo/brevo >=2.0.0-beta.2
Depends on vulnerable versions of request
node_modules/@getbrevo/brevo
The request package that is used by brevo has also been deprecated since 2020: https://github.com/request/request