Skip to content

Commit 5dcef2f

Browse files
alexluck-siftalexluck-sift
authored
override form-data (from jsdom dependency) to address CVE-2025-7783 (#20)
* override form-data (from jsdom dependency) to address CVE-2025-7783 * add validate plugin step to avoid future failures on release
1 parent 6191002 commit 5dcef2f

3 files changed

Lines changed: 27 additions & 16 deletions

File tree

.github/workflows/ci.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,13 @@ jobs:
114114
-v $PWD/${{ steps.metadata.outputs.archive }}:/archive.zip \
115115
grafana/plugin-validator-cli -analyzer=metadatavalid /archive.zip
116116
117+
- name: Validate plugin
118+
run: |
119+
npx -y @grafana/plugin-validator@latest -sourceCodeUri file://./ $PLUGIN_ARCHIVE
120+
shell: bash
121+
env:
122+
PLUGIN_ARCHIVE: ${{ steps.metadata.outputs.archive }}
123+
117124
- name: Archive Build
118125
uses: actions/upload-artifact@v4
119126
with:

package-lock.json

Lines changed: 17 additions & 16 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,5 +95,8 @@
9595
"rxjs": "7.8.1",
9696
"tslib": "2.5.3"
9797
},
98+
"overrides": {
99+
"form-data": "^4.0.4"
100+
},
98101
"packageManager": "npm@9.8.0"
99102
}

0 commit comments

Comments
 (0)