Skip to content

Bump form-data and superagent in /web#30

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/web/multi-bdcd1e6fce
Open

Bump form-data and superagent in /web#30
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/web/multi-bdcd1e6fce

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown

Bumps form-data to 4.0.6 and updates ancestor dependency superagent. These dependencies need to be updated together.

Updates form-data from 1.0.0-rc3 to 4.0.6

Changelog

Sourced from form-data's changelog.

v4.0.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames 8dff42c
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape f31d21e
  • [Deps] update hasown, mime-types 92ae0eb
  • [Dev Deps] update js-randomness-predictor 67b0f65

v4.0.5 - 2025-11-17

Commits

  • [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
  • [Dev Deps] update @ljharb/eslint-config, eslint 5822467
  • [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

  • [meta] add auto-changelog 811f682
  • [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
  • [Fix] Switch to using crypto random for boundary values 3d17230
  • [Tests] fix linting errors 5e34080
  • [meta] actually ensure the readme backup isn’t published 316c82b
  • [Dev Deps] update @ljharb/eslint-config 58c25d7
  • [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

Commits

  • [eslint] use a shared config 426ba9a
  • [eslint] fix some spacing issues 2094191
  • [Refactor] use hasown 81ab41b
  • [Fix] validate boundary type in setBoundary() method 8d8e469
  • [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
  • [Dev Deps] remove unused deps 870e4e6
  • [meta] remove local commit hooks e6e83cc
  • [Dev Deps] update eslint 4066fd6
  • [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

... (truncated)

Commits
  • 64190db v4.0.6
  • 92ae0eb [Deps] update hasown, mime-types
  • f31d21e [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape
  • 8dff42c [Fix] escape CR, LF, and " in field names and filenames
  • 67b0f65 [Dev Deps] update js-randomness-predictor
  • 68ff7dd v4.0.5
  • 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
  • 76d0dee [Fix] set Symbol.toStringTag in the proper place
  • 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
  • 41996f5 v4.0.4
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.


Updates superagent from 1.8.5 to 10.3.0

Release notes

Sourced from superagent's releases.

v10.3.0

  • fix: fixed package lock 5db8232
  • fix: fixed package lock b80038d
  • fix: add back zuul, fix mocha, xo, rimraf versions 829893c
  • fix: fixed deps 426c2bf
  • fix: fixed deps a55a6d6
  • fix: added back node v18 to tests c93aa19
  • chore: fix deps 5cd3751
  • Merge pull request #1842 from hlovdal/dep_updates 68308c8
  • Merge pull request #1839 from codders/feat/add-proxy-for-client-agent a488d25
  • chore: remove end-of-life nodejs versions and add active lts 170ef07
  • chore(deps): update eslint-plugin-compat package 3ce73dd
  • chore(deps): update tinify package a9a48a3
  • chore(deps): update xo package 5677b73
  • chore(deps): update rimraf package 7cda38c
  • chore(deps): update mocha package 608b4ef
  • chore(deps): update qs package 81719c9
  • chore(deps): remove zuul 7d8618b
  • chore(deps): update body-parser package e07aaaa
  • chore(deps): npm audit fix b4b2275
  • Merge pull request #1837 from inseong01/translate-docs-ko cec2606
  • feat(client): add proxy object for request.agent for compatibility 44e68b1
  • docs: translate documents to ko_KR 624ab8c

forwardemail/superagent@v10.2.3...v10.3.0

v10.2.3

  • chore: bump deps 9a2d236

forwardemail/superagent@v10.2.2...v10.2.3

v10.2.2

  • fix: fixed ci 5c2b13d
  • fix: fixed README badge 28167d1
  • fix: drop node v14 from ci 2ed5ac6
  • Revert "fix: fixed ci" 583939f
  • Revert "fix: remove husky folder" 17e059b
  • fix: remove husky folder 1633f64
  • fix: fixed ci 6409480
  • fix: added package lock 57d6b35
  • feat: fix formidable v3 compatibility with PassThrough bridge for multipart parsing c40db6d
  • fix: fixed package version fe58239

forwardemail/superagent@list...v10.2.2

... (truncated)

Changelog

Sourced from superagent's changelog.

This HISTORY log is deprecated

Please see GitHub releases page for the current changelog.

4.1.0 (2018-12-26)

  • .connect() IP/DNS override option (Kornel)
  • .trustLocalhost() option for allowing broken HTTPS on localhost
  • .abort() used with promises rejects the promise.

4.0.0 (2018-11-17)

Breaking changes

  • Node.js v4 has reached it's end of life, so we no longer support it. It's v6+ or later. We recommend Node.js 10.
  • We now use ES6 in the browser code, too.
    • If you're using Browserify or Webpack to package code for Internet Explorer, you will also have to use Babel.
    • The pre-built node_modules/superagent.js is still ES5-compatible.
  • .end(…) returns undefined instead of the request. If you need the request object after calling .end() (and you probably don't), save it in a variable and call request.end(…). Consider not using .end() at all, and migrating to promises by calling .then() instead.
  • In Node, responses with unknown MIME type are buffered by default. To get old behavior, if you use custom unbuffered parsers, add .buffer(false) to requests or set superagent.buffer[yourMimeType] = false.
  • Invalid uses of .pipe() throw.

Minor changes

  • Throw if req.abort().end() is called
  • Throw if using unsupported mix of send and field
  • Reject .end() promise on all error events (Kornel Lesiński)
  • Set https.servername from the Host header (Kornel Lesiński)
  • Leave backticks unencoded in query strings where possible (Ethan Resnick)
  • Update node-mime to 2.x (Alexey Kucherenko)
  • Allow default buffer settings based on response-type (shrey)
  • response.buffered is more accurate.

3.8.3 (2018-04-29)

  • Add flags for 201 & 422 responses (Nikhil Fadnis)
  • Emit progress event while uploading Node Buffer via send method (Sergey Akhalkov)
  • Fixed setting correct cookies for redirects (Damien Clark)
  • Replace .catch with ['catch'] for IE9 Support (Miguel Stevens)

3.8.2 (2017-12-09)

  • Fixed handling of exceptions thrown from callbacks
  • Stricter matching of +json MIME types.

3.8.1 (2017-11-08)

  • Clear authorization header on cross-domain redirect

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by titanism, a new releaser for superagent since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [form-data](https://github.com/form-data/form-data) to 4.0.6 and updates ancestor dependency [superagent](https://github.com/ladjs/superagent). These dependencies need to be updated together.


Updates `form-data` from 1.0.0-rc3 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v1.0.0-rc3...v4.0.6)

Updates `superagent` from 1.8.5 to 10.3.0
- [Release notes](https://github.com/ladjs/superagent/releases)
- [Changelog](https://github.com/forwardemail/superagent/blob/master/HISTORY.md)
- [Commits](https://github.com/ladjs/superagent/commits/v10.3.0)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
- dependency-name: superagent
  dependency-version: 10.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants