Skip to content

Bump form-data, fabric and react-scripts in /client#156

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/client/multi-7f6cf8da3f
Open

Bump form-data, fabric and react-scripts in /client#156
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/client/multi-7f6cf8da3f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps form-data to 3.0.5 and updates ancestor dependencies form-data, fabric and react-scripts. These dependencies need to be updated together.

Updates form-data from 2.3.3 to 3.0.5

Release notes

Sourced from form-data's releases.

v3.0.2

Fixes

  • npmignore temporary build files (#532)
  • move util.isArray to Array.isArray (#564)

Tests

  • migrate from travis to GHA

v3.0.1

  • feat: add setBoundary method 55d90ce
  • Merge pull request #451 from arku/patch-1 d702625
  • Fix typo: ads -> adds 714ac8b

form-data/form-data@v3.0.0...v3.0.1

v2.5.2

Fixes

  • Buffer.from and Buffer.alloc require node 4+
  • npmignore temporary build files (#532)
  • move util.isArray to Array.isArray (#564)

Tests

  • migrate from travis to GHA

Dev Improvements

  • Fixed error in the documentations as indicated in #439
  • Added remaining combined-stream options to typedef
  • Bumped rimraf to 2.7.1 (dev-dep)
  • Added constructor options to TypeScript defs
  • Fixed error in callback signatures

Added Types

  • Added TS types
  • Improved documentation

Added getBuffer method

Updated test builds to support node10 and 12.

Changelog

Sourced from form-data's changelog.

v3.0.5 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames 8777e67
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape 27c61a5
  • [Deps] update hasown 6a8a1c6

v3.0.4 - 2025-07-16

Fixed

Commits

  • [eslint] update linting config f5e7eb0
  • [meta] add auto-changelog d2eb290
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 e8c574c
  • [Fix] Switch to using crypto random for boundary values c6ced61
  • [Refactor] use hasown 1a78b5d
  • [Fix] validate boundary type in setBoundary() method 70bbaa0
  • [Tests] add tests to check the behavior of getBoundary with non-strings b22a64e
  • [meta] actually ensure the readme backup isn’t published 0150851
  • [meta] remove local commit hooks fc42bb9
  • [Dev Deps] remove unused deps a14d09e
  • [meta] fix scripts to use prepublishOnly 11d9f73
  • [meta] fix readme capitalization fc38b48

v3.0.3 - 2025-02-14

Merged

Fixed

Commits

  • [Refactor] use Object.prototype.hasOwnProperty.call 7fecefe
  • [Dev Deps] update @types/node, browserify, coveralls, cross-spawn, eslint, formidable, in-publish, pkgfiles, pre-commit, puppeteer, request, tape, typescript 8261fcb
  • Only apps should have lockfiles b82f590
  • [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl e5df7f2
  • [Deps] update mime-types 5a5bafe

v3.0.2 - 2024-10-10

Merged

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates fabric from 3.6.3 to 7.4.0

Release notes

Sourced from fabric's releases.

Version 7.4.0

Security notice

FIxes CVE-2026-44311

What's Changed

New Contributors

Full Changelog: fabricjs/fabric.js@v731...v740

Version 7.3.1

What's Changed

Same as 7.3.0 but fixed publishing issues

Full Changelog: fabricjs/fabric.js@v730...v731

Version 7.3.0

In this release we changed from Rollup to Rolldown, this also changed the minifier. If you notice some bug with your built app please report it.

New Contributors

... (truncated)

Changelog

Sourced from fabric's changelog.

[7.4.0]

  • feat(): Support viewport rotation in getZoom, dimensions, and control coords #10977
  • fix(): Fix typecheck from security advisory merge #10973
  • fix(svg): sanitize unsafe css during SVG export CVE-2026-44311 and CWE-79, CWE-116
  • chore(deps-dev): bump rolldown from 1.0.0-rc.12 to 1.0.0-rc.16 #10966
  • chore(deps-dev): bump postcss from 8.5.8 to 8.5.12 #10972
  • chore(deps-dev): bump es-toolkit from 1.45.1 to 1.46.0 #10971
  • chore(deps-dev): bump the vitest group with 4 updates #10968
  • ci(dependabot): group vite-related npm updates #10967
  • chore(deps-dev): bump oxfmt from 0.42.0 to 0.45.0 #10964
  • chore(): fix non functional typos #10949
  • chore(): update major eslint to 10 #10956
  • ci(): Fix for publishing action #10962

[7.3.1]

  • ci(): fix the package version #10961
  • ci(): inline npm publish workflow and add manual dispatch #10960
  • ci(): Change permission model and declaration to help with OSSF scorecard. #10959
  • docs(): Revise security vulnerability reporting process #10955
  • ci(): pin workflow dependencies for scorecard hardening #10954
  • ci(): tighten workflow permissions for scorecard hardening #10953
  • feat(): Update cron schedule for scorecard workflow #10952

[7.3.0]

  • Version 7.3.0 #10951
  • fix(cropping): keep ghost scaling controls anchored on flipped images #10943
  • chore(deps): bump canvas from 3.2.2 to 3.2.3 #10940
  • chore(deps-dev): bump serialize-javascript from 7.0.4 to 7.0.5 in the npm_and_yarn group across 1 directory #10936
  • refactor(tests): Migrate to official vitest API for custom snapshot matchers #10937
  • refactor(test): fix dead assertions in Shadow.spec.ts #10932
  • chore(): update typescript to 6 #10935
  • chore(deps): update devDependencies to latest versions #10929
  • chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in the npm_and_yarn group across 1 directory #10928
  • chore(deps): bump canvas from 3.2.1 to 3.2.2 #10926
  • refactor(tests): consolidate rectangle creation using makeRect #10923
  • test(e2e): stabilize drag and drop event snapshots #10918
  • ci(): harden privileged workflow_run actions #10922
  • ci(): fix SonarCloud PR changed-lines coverage #10921
  • refactor(tests): remove coverage merge step #10913
  • chore(): remove leftover babel dep #10914
  • chore(deps-dev): bump inquirer from 12.10.0 to 13.3.2 #10909
  • chore(deps): bump canvas from 3.2.0 to 3.2.1 #10906
  • chore(deps-dev): bump es-toolkit from 1.40.0 to 1.45.1 #10907
  • refactor(tests): remove coverage collection from playwright #10912
  • ci(): fix sonarqube lcov path after artifact download #10910
  • ci(): Try to enable sonarqube cloud for coverage reporting #10903
  • docs(agents): add repo AGENTS guide and PR skill #10900

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for fabric since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates react-scripts from 3.4.1 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.3 to 3.4.4

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.4

or

yarn add --exact react-scripts@3.4.4

3.4.3 (2020-08-12)

v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.2 to 3.4.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.3

or

yarn add --exact react-scripts@3.4.3

3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump form-data, fabric and react-scripts in /client
3deae27 
Bumps [form-data](https://github.com/form-data/form-data) to 3.0.5 and updates ancestor dependencies [form-data](https://github.com/form-data/form-data), [fabric](https://github.com/fabricjs/fabric.js) and [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts). These dependencies need to be updated together.


Updates `form-data` from 2.3.3 to 3.0.5
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](https://github.com/form-data/form-data/commits/v3.0.5)

Updates `fabric` from 3.6.3 to 7.4.0
- [Release notes](https://github.com/fabricjs/fabric.js/releases)
- [Changelog](https://github.com/fabricjs/fabric.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fabricjs/fabric.js/commits)

Updates `react-scripts` from 3.4.1 to 5.0.1
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/react/create-react-app/blob/main/CHANGELOG-3.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 3.0.5
  dependency-type: indirect
- dependency-name: fabric
  dependency-version: 7.4.0
  dependency-type: direct:production
- dependency-name: react-scripts
  dependency-version: 5.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 18, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 18, 2026
This was referenced Jun 18, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrdanding mrdanding Awaiting requested review from mrdanding mrdanding is a code owner

@pl98 pl98 Awaiting requested review from pl98 pl98 is a code owner

@tomatocat tomatocat Awaiting requested review from tomatocat tomatocat is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants