Hi
upstream has the fix:
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0
while debian has the fix:
https://salsa.debian.org/js-team/node-form-data/-/commit/cee782f6ff789f389e6ce2f34ae9549d291e85be
These fixes are different. The CVE fix in debian does not have a 50
character boundary anymore, but a 62 character boundary now.
This causes autopkgtest failure in node-superagent:
https://ci.debian.net/packages/n/node-superagent/testing/amd64/62420387/,
the payload size asserts now fail. This does not allow node-form-data to
migrate.
Please use the upstream's fix for this CVE instead of
crypto.randomUUID() to preserve boundary length and not break other
packages.
Regards
Pragyansh
