From 24c6fbc2155674914e8acfce7b971586c6e0fa62 Mon Sep 17 00:00:00 2001
From: Roman Nikitenko <rnikiten@redhat.com>
Date: Tue, 11 Nov 2025 13:23:40 +0200
Subject: [PATCH] Fix CVE in form-data

Signed-off-by: Roman Nikitenko <rnikiten@redhat.com>
---
 .../che-github-authentication/package-lock.json          | 9 ++++++---
 code/extensions/che-github-authentication/package.json   | 3 +++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/code/extensions/che-github-authentication/package-lock.json b/code/extensions/che-github-authentication/package-lock.json
index c157cd90b68..eadb132a1ac 100644
--- a/code/extensions/che-github-authentication/package-lock.json
+++ b/code/extensions/che-github-authentication/package-lock.json
@@ -377,12 +377,15 @@
       }
     },
     "node_modules/@types/node-fetch/node_modules/form-data": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz",
-      "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+      "license": "MIT",
       "dependencies": {
         "asynckit": "^0.4.0",
         "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
         "mime-types": "^2.1.12"
       },
       "engines": {
diff --git a/code/extensions/che-github-authentication/package.json b/code/extensions/che-github-authentication/package.json
index 72e57039dd0..6fe7bb73c3d 100644
--- a/code/extensions/che-github-authentication/package.json
+++ b/code/extensions/che-github-authentication/package.json
@@ -71,6 +71,9 @@
     "jsonpath-plus": "10.1.0",
     "request": {
       "form-data": "2.5.5"
+    },
+    "@types/node-fetch": {
+      "form-data": "4.0.4"
     }
   },
   "repository": {