Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(deps): Upgrade superagent to v9.X #1445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

chore(deps): Upgrade superagent to v9.X #1445

wants to merge 2 commits into from

Conversation

abshierjoel
Copy link

Changes

Superagent has a patch for a publicly announced vulnerability now available in version 9.X. This PR updates the superagent dependency to the latest version.

warning auth0-js > [email protected]: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net

References

Please include relevant links supporting this change such as a:

  • support ticket
  • community post
  • StackOverflow post
  • support forum thread

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds unit test coverage
  • This change adds integration test coverage

Checklist

@abshierjoel abshierjoel requested a review from a team as a code owner June 26, 2024 21:04
@abshierjoel abshierjoel mentioned this pull request Jun 26, 2024
Merged
5 tasks
@arpit-jn arpit-jn requested a review from a team as a code owner June 17, 2025 10:45
@ankita10119
Copy link
Contributor

ankita10119 commented Sep 10, 2025
edited
Loading

@abshierjoel

We're holding off on merging this PR as it upgrades superagent only to v9.x, which still depends on a vulnerable version of form-data.

We're planning an upgrade to [email protected], which includes form-data@^4.0.4, the first patched version fixing the vulnerability (CVE-2025-7783).

If you're able to update this PR to target [email protected] (or later), we’ll consider it for merging.

Otherwise, once we proceed with our internal upgrade to [email protected], we’ll likely close this PR.

Thank you for your contribution and understanding!

@abshierjoel
Copy link
Author

@ankita10119 happy to take another look at it and get this PR up to date 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@abshierjoel @ankita10119 @arpit-jn