Payload is the open-source, fullstack Next.js framework, giving you instant backend superpowers. Get a full TypeScript backend and admin panel instantly. Use Payload as a headless CMS or for building powerful applications.
chore(deps): bump form-data, tar, wrangler, and @opennextjs/cloudflare dependencies (#15435)
### What Updates several dependencies to fix security vulnerabilities identified in `pnpm audit`. ### Why `pnpm audit` flagged critical and high severity vulnerabilities: - `form-data` <3.0.4: unsafe random function in boundary generation - `tar` <7.5.7: arbitrary file overwrite and path traversal issues - `wrangler` <4.59.1: OS command injection in `wrangler pages deploy` - `@opennextjs/cloudflare` 1.9.2: transitive dependency on vulnerable `qs` package ### How - Bumped `form-data` to 3.0.4 in root package.json - Bumped `tar` to ^7.5.7 in create-payload-app - Bumped `wrangler` to ~4.61.1 across root, test, and cloudflare-d1 template - Bumped `@opennextjs/cloudflare` to 1.16.1 in test package
P
Patrik committed
5875cd06ba4afe5434134b1798a8e25ab4eb3de7
Parent: 26ba779
Committed by GitHub <noreply@github.com>
on 1/30/2026, 4:03:02 PM