Skip to content

chore(deps): Upgrade superagent to v10.2.X #1445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

chore(deps): Upgrade superagent to v10.2.X #1445

wants to merge 2 commits into from

Conversation

abshierjoel
Copy link

@abshierjoel abshierjoel commented Jun 26, 2024
edited
Loading

Changes

Superagent has a patch for a publicly announced vulnerability now available in version 10.2.X. This PR updates the superagent dependency to the latest version.

warning auth0-js > [email protected]: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net

References

Please include relevant links supporting this change such as a:

  • support ticket
  • community post
  • StackOverflow post
  • support forum thread

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds unit test coverage
  • This change adds integration test coverage

Checklist

@abshierjoel abshierjoel requested a review from a team as a code owner June 26, 2024 21:04
@abshierjoel abshierjoel mentioned this pull request Jun 26, 2024
Merged
5 tasks
@arpit-jn arpit-jn requested a review from a team as a code owner June 17, 2025 10:45
@ankita10119
Copy link
Contributor

ankita10119 commented Sep 10, 2025
edited
Loading

@abshierjoel

We're holding off on merging this PR as it upgrades superagent only to v9.x, which still depends on a vulnerable version of form-data.

We're planning an upgrade to [email protected], which includes form-data@^4.0.4, the first patched version fixing the vulnerability (CVE-2025-7783).

If you're able to update this PR to target [email protected] (or later), we’ll consider it for merging.

Otherwise, once we proceed with our internal upgrade to [email protected], we’ll likely close this PR.

Thank you for your contribution and understanding!

@abshierjoel
Copy link
Author

@ankita10119 happy to take another look at it and get this PR up to date 👍

@abshierjoel abshierjoel force-pushed the chore/upgrade-superagent-v9 branch from a398ff6 to 3eb0e3b Compare September 24, 2025 16:04
@abshierjoel abshierjoel changed the title chore(deps): Upgrade superagent to v9.X chore(deps): Upgrade superagent to v10.2.X Sep 24, 2025
@abshierjoel
Copy link
Author

@ankita10119 no breaking changes from superagent v9 to v10, so I upgraded the package and rebased on the latest master.

@amitsingh05667
Copy link
Contributor

amitsingh05667 commented Sep 25, 2025
edited
Loading

@abshierjoel Addressed the vulnerability fixed by this PR in a different PR that has already been merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@abshierjoel @ankita10119 @amitsingh05667