build(deps): bump form-data from 2.5.1 to 2.5.5 #218

dependabot · 2025-07-21T23:17:33Z

Bumps form-data from 2.5.1 to 2.5.5.

Release notes

v2.5.2

Fixes

Buffer.from and Buffer.alloc require node 4+

npmignore temporary build files (#532)

move util.isArray to Array.isArray (#564)

Tests

migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v2.5.5 - 2025-07-18

Commits

[meta] actually ensure the readme backup isn’t published 10626c0

[Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] update linting config 8bf2492

[meta] add auto-changelog b5101ad

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122

[Fix] Switch to using crypto random for boundary values b88316c

[Fix] validate boundary type in setBoundary() method 131ae5e

[Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe

[Refactor] use hasown 97ac9c2

[meta] remove local commit hooks be99d4e

[Dev Deps] remove unused deps ddbc89b

[meta] fix scripts to use prepublishOnly e351a97

[Dev Deps] remove unused script 8f23366

[Dev Deps] add missing peer dep 02ff026

[meta] fix readme capitalization 2fd5f61

v2.5.3 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

[Refactor] use Object.prototype.hasOwnProperty.call 6e682d4

[Dev Deps] update @types/node, browserify, coveralls, eslint, formidable, in-publish, phantomjs-prebuilt, pkgfiles, pre-commit, request, tape, typescript 819f6b7

Only apps should have lockfiles b170ee2

[Deps] update combined-stream, mime-types 6b1ca1d

Bumped version 2.5.3 9457283

[Dev Deps] pin request which via tough-cookie ^2.4 depends on psl 9dbe192

v2.5.2 - 2024-10-10

... (truncated)

Commits

40de5a7 v2.5.5
026abe5 [Fix] use proper dependency
10626c0 [meta] actually ensure the readme backup isn’t published
efe6c26 v2.5.4
c97cfbe [Tests] Switch to newer v8 prediction library; enable node 24 testing
0e93122 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
b88316c [Fix] Switch to using crypto random for boundary values
b70869d [Fix] append: avoid a crash on nullish values
131ae5e [Fix] validate boundary type in setBoundary() method
8bf2492 [eslint] update linting config
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

crazy-max · 2025-11-05T13:53:46Z

@dependabot rebase

Bumps [form-data](https://github.com/form-data/form-data) from 2.5.1 to 2.5.5. - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/v2.5.5/CHANGELOG.md) - [Commits](form-data/form-data@v2.5.1...v2.5.5) --- updated-dependencies: - dependency-name: form-data dependency-version: 2.5.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. Release notes *Sourced from [docker/setup-qemu-action's releases](https://github.com/docker/setup-qemu-action/releases).* > v3.7.0 > ------ > > * Bump `@docker/actions-toolkit` from 0.56.0 to 0.67.0 in [docker/setup-qemu-action#217](https://redirect.github.com/docker/setup-qemu-action/pull/217) [docker/setup-qemu-action#230](https://redirect.github.com/docker/setup-qemu-action/pull/230) > * Bump brace-expansion from 1.1.11 to 1.1.12 in [docker/setup-qemu-action#220](https://redirect.github.com/docker/setup-qemu-action/pull/220) > * Bump form-data from 2.5.1 to 2.5.5 in [docker/setup-qemu-action#218](https://redirect.github.com/docker/setup-qemu-action/pull/218) > * Bump tmp from 0.2.3 to 0.2.4 in [docker/setup-qemu-action#221](https://redirect.github.com/docker/setup-qemu-action/pull/221) > * Bump undici from 5.28.4 to 5.29.0 in [docker/setup-qemu-action#219](https://redirect.github.com/docker/setup-qemu-action/pull/219) > > **Full Changelog**: <docker/setup-qemu-action@v3.6.0...v3.7.0> Commits * [`c7c5346`](docker/setup-qemu-action@c7c5346) Merge pull request [#230](https://redirect.github.com/docker/setup-qemu-action/issues/230) from docker/dependabot/npm\_and\_yarn/docker/actions-to... * [`3a517a1`](docker/setup-qemu-action@3a517a1) chore: update generated content * [`a5b45ed`](docker/setup-qemu-action@a5b45ed) build(deps): bump `@docker/actions-toolkit` from 0.62.1 to 0.67.0 * [`3a64278`](docker/setup-qemu-action@3a64278) Merge pull request [#220](https://redirect.github.com/docker/setup-qemu-action/issues/220) from docker/dependabot/npm\_and\_yarn/brace-expansion-1... * [`94906ba`](docker/setup-qemu-action@94906ba) chore: update generated content * [`4027abf`](docker/setup-qemu-action@4027abf) build(deps): bump brace-expansion from 1.1.11 to 1.1.12 * [`bee0aaa`](docker/setup-qemu-action@bee0aaa) Merge pull request [#221](https://redirect.github.com/docker/setup-qemu-action/issues/221) from docker/dependabot/npm\_and\_yarn/tmp-0.2.4 * [`0d7e257`](docker/setup-qemu-action@0d7e257) chore: update generated content * [`b869601`](docker/setup-qemu-action@b869601) build(deps): bump tmp from 0.2.3 to 0.2.4 * [`3a043ed`](docker/setup-qemu-action@3a043ed) Merge pull request [#219](https://redirect.github.com/docker/setup-qemu-action/issues/219) from docker/dependabot/npm\_and\_yarn/undici-5.29.0 * Additional commits viewable in [compare view](docker/setup-qemu-action@2910929...c7c5346) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=docker/setup-qemu-action&package-manager=github\_actions&previous-version=3.6.0&new-version=3.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps the github-actions group with 3 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action). Updates `docker/setup-qemu-action` from 3.6.0 to 3.7.0 Release notes *Sourced from [docker/setup-qemu-action's releases](https://github.com/docker/setup-qemu-action/releases).* > v3.7.0 > ------ > > * Bump `@docker/actions-toolkit` from 0.56.0 to 0.67.0 in [docker/setup-qemu-action#217](https://redirect.github.com/docker/setup-qemu-action/pull/217) [docker/setup-qemu-action#230](https://redirect.github.com/docker/setup-qemu-action/pull/230) > * Bump brace-expansion from 1.1.11 to 1.1.12 in [docker/setup-qemu-action#220](https://redirect.github.com/docker/setup-qemu-action/pull/220) > * Bump form-data from 2.5.1 to 2.5.5 in [docker/setup-qemu-action#218](https://redirect.github.com/docker/setup-qemu-action/pull/218) > * Bump tmp from 0.2.3 to 0.2.4 in [docker/setup-qemu-action#221](https://redirect.github.com/docker/setup-qemu-action/pull/221) > * Bump undici from 5.28.4 to 5.29.0 in [docker/setup-qemu-action#219](https://redirect.github.com/docker/setup-qemu-action/pull/219) > > **Full Changelog**: <docker/setup-qemu-action@v3.6.0...v3.7.0> Commits * [`c7c5346`](docker/setup-qemu-action@c7c5346) Merge pull request [#230](https://redirect.github.com/docker/setup-qemu-action/issues/230) from docker/dependabot/npm\_and\_yarn/docker/actions-to... * [`3a517a1`](docker/setup-qemu-action@3a517a1) chore: update generated content * [`a5b45ed`](docker/setup-qemu-action@a5b45ed) build(deps): bump `@docker/actions-toolkit` from 0.62.1 to 0.67.0 * [`3a64278`](docker/setup-qemu-action@3a64278) Merge pull request [#220](https://redirect.github.com/docker/setup-qemu-action/issues/220) from docker/dependabot/npm\_and\_yarn/brace-expansion-1... * [`94906ba`](docker/setup-qemu-action@94906ba) chore: update generated content * [`4027abf`](docker/setup-qemu-action@4027abf) build(deps): bump brace-expansion from 1.1.11 to 1.1.12 * [`bee0aaa`](docker/setup-qemu-action@bee0aaa) Merge pull request [#221](https://redirect.github.com/docker/setup-qemu-action/issues/221) from docker/dependabot/npm\_and\_yarn/tmp-0.2.4 * [`0d7e257`](docker/setup-qemu-action@0d7e257) chore: update generated content * [`b869601`](docker/setup-qemu-action@b869601) build(deps): bump tmp from 0.2.3 to 0.2.4 * [`3a043ed`](docker/setup-qemu-action@3a043ed) Merge pull request [#219](https://redirect.github.com/docker/setup-qemu-action/issues/219) from docker/dependabot/npm\_and\_yarn/undici-5.29.0 * Additional commits viewable in [compare view](docker/setup-qemu-action@2910929...c7c5346) Updates `softprops/action-gh-release` from 2.4.1 to 2.4.2 Release notes *Sourced from [softprops/action-gh-release's releases](https://github.com/softprops/action-gh-release/releases).* > v2.4.2 > ------ > > What's Changed > -------------- > > ### Exciting New Features 🎉 > > * feat: Ensure generated release notes cannot be over 125000 characters by [`@BeryJu`](https://github.com/BeryJu) in [softprops/action-gh-release#684](https://redirect.github.com/softprops/action-gh-release/pull/684) > > ### Other Changes 🔄 > > * dependency updates > > New Contributors > ---------------- > > * [`@BeryJu`](https://github.com/BeryJu) made their first contribution in [softprops/action-gh-release#684](https://redirect.github.com/softprops/action-gh-release/pull/684) > > **Full Changelog**: <softprops/action-gh-release@v2.4.1...v2.4.2> Changelog *Sourced from [softprops/action-gh-release's changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md).* > 2.4.2 > ----- > > What's Changed > -------------- > > ### Exciting New Features 🎉 > > * feat: Ensure generated release notes cannot be over 125000 characters by [`@BeryJu`](https://github.com/BeryJu) in [softprops/action-gh-release#684](https://redirect.github.com/softprops/action-gh-release/pull/684) > > ### Other Changes 🔄 > > * dependency updates > > 2.4.1 > ----- > > What's Changed > -------------- > > ### Other Changes 🔄 > > * fix(util): support brace expansion globs containing commas in parseInputFiles by [`@Copilot`](https://github.com/Copilot) in [softprops/action-gh-release#672](https://redirect.github.com/softprops/action-gh-release/pull/672) > * fix: gracefully fallback to body when body\_path cannot be read by [`@Copilot`](https://github.com/Copilot) in [softprops/action-gh-release#671](https://redirect.github.com/softprops/action-gh-release/pull/671) > > 2.4.0 > ----- > > What's Changed > -------------- > > ### Exciting New Features 🎉 > > * feat(action): respect working\_directory for files globs by [`@stephenway`](https://github.com/stephenway) in [softprops/action-gh-release#667](https://redirect.github.com/softprops/action-gh-release/pull/667) > > 2.3.4 > ----- > > What's Changed > -------------- > > ### Bug fixes 🐛 > > * fix(action): handle 422 already\_exists race condition by [`@stephenway`](https://github.com/stephenway) in [softprops/action-gh-release#665](https://redirect.github.com/softprops/action-gh-release/pull/665) > > ### Other Changes 🔄 > > * dependency updates > > 2.3.3 > ----- > > What's Changed > -------------- > > ### Exciting New Features 🎉 > > * feat: add input option `overwrite_files` by [`@asfernandes`](https://github.com/asfernandes) in [softprops/action-gh-release#343](https://redirect.github.com/softprops/action-gh-release/pull/343) > > ### Other Changes 🔄 ... (truncated) Commits * [`5be0e66`](softprops/action-gh-release@5be0e66) release 2.4.2 * [`af658b4`](softprops/action-gh-release@af658b4) feat: Ensure generated release notes cannot be over 125000 characters ([#684](https://redirect.github.com/softprops/action-gh-release/issues/684)) * [`237aacc`](softprops/action-gh-release@237aacc) chore: bump node to 24.11.0 * [`00362be`](softprops/action-gh-release@00362be) chore(deps): bump the npm group with 5 updates ([#687](https://redirect.github.com/softprops/action-gh-release/issues/687)) * [`0adea5a`](softprops/action-gh-release@0adea5a) chore(deps): bump the npm group with 3 updates ([#686](https://redirect.github.com/softprops/action-gh-release/issues/686)) * [`aa05f9d`](softprops/action-gh-release@aa05f9d) chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 in the github-action... * [`bbaccb3`](softprops/action-gh-release@bbaccb3) chore(deps): bump `@types/node` from 20.19.21 to 20.19.22 in the npm group ([#682](https://redirect.github.com/softprops/action-gh-release/issues/682)) * [`50fda3f`](softprops/action-gh-release@50fda3f) chore(deps): bump vite from 7.1.5 to 7.1.11 ([#681](https://redirect.github.com/softprops/action-gh-release/issues/681)) * [`5434409`](softprops/action-gh-release@5434409) chore(deps): bump `@types/node` from 20.19.19 to 20.19.21 in the npm group ([#679](https://redirect.github.com/softprops/action-gh-release/issues/679)) * See full diff in [compare view](softprops/action-gh-release@6da8fa9...5be0e66) Updates `updatecli/updatecli-action` from 2.94.0 to 2.95.0 Release notes *Sourced from [updatecli/updatecli-action's releases](https://github.com/updatecli/updatecli-action/releases).* > v2.95.0 🌈 > --------- > > Changes > ------- > > * deps: update updatecli version to v0.110.2 @[updateclibot[bot]](https://github.com/apps/updateclibot) ([#977](https://redirect.github.com/updatecli/updatecli-action/issues/977)) > * deps: update updatecli version to v0.110.1 @[updateclibot[bot]](https://github.com/apps/updateclibot) ([#976](https://redirect.github.com/updatecli/updatecli-action/issues/976)) > * deps: update updatecli version to v0.110.0 @[updateclibot[bot]](https://github.com/apps/updateclibot) ([#975](https://redirect.github.com/updatecli/updatecli-action/issues/975)) > * Bump "`@types/node`" package version @[updateclibot[bot]](https://github.com/apps/updateclibot) ([#973](https://redirect.github.com/updatecli/updatecli-action/issues/973)) > > Contributors > ------------ > > [`@olblak`](https://github.com/olblak), [`@updateclibot`](https://github.com/updateclibot)[bot] and [updateclibot[bot]](https://github.com/apps/updateclibot) Commits * [`9c04c99`](updatecli/updatecli-action@9c04c99) deps: update updatecli version to v0.110.2 ([#977](https://redirect.github.com/updatecli/updatecli-action/issues/977)) * [`f1c1efe`](updatecli/updatecli-action@f1c1efe) deps: update updatecli version to v0.110.1 ([#976](https://redirect.github.com/updatecli/updatecli-action/issues/976)) * [`deccdf0`](updatecli/updatecli-action@deccdf0) Update updatecli.yaml to v0.110.1 * [`8075ad1`](updatecli/updatecli-action@8075ad1) deps: update updatecli version to v0.110.0 ([#975](https://redirect.github.com/updatecli/updatecli-action/issues/975)) * [`ff76bdc`](updatecli/updatecli-action@ff76bdc) Bump "`@types/node`" package version ([#973](https://redirect.github.com/updatecli/updatecli-action/issues/973)) * See full diff in [compare view](updatecli/updatecli-action@719e359...9c04c99) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

dependabot bot added bot dependencies labels Jul 21, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/form-data-2.5.5 branch from cbe63c4 to 8e42949 Compare November 5, 2025 13:55

crazy-max approved these changes Nov 5, 2025

View reviewed changes

crazy-max merged commit 801c7ff into master Nov 5, 2025
17 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/form-data-2.5.5 branch November 5, 2025 13:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump form-data from 2.5.1 to 2.5.5 #218

build(deps): bump form-data from 2.5.1 to 2.5.5 #218

Uh oh!

dependabot bot commented on behalf of github Jul 21, 2025 •

edited

Loading

Uh oh!

crazy-max commented Nov 5, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

build(deps): bump form-data from 2.5.1 to 2.5.5 #218

build(deps): bump form-data from 2.5.1 to 2.5.5 #218

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.5.2

Fixes

Tests

v2.5.5 - 2025-07-18

Commits

v2.5.4 - 2025-07-17

Fixed

Commits

v2.5.3 - 2025-02-14

Merged

Fixed

Commits

v2.5.2 - 2024-10-10

Uh oh!

crazy-max commented Nov 5, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Jul 21, 2025 •

edited

Loading