From 0238dd6dba3286bf5211e240d830edd7cc9f269b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Jul 2025 11:44:14 +0000
Subject: [PATCH 1/2] Bump form-data from 4.0.3 to 4.0.4

Bumps [form-data](https://github.com/form-data/form-data) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index dd541c3a..9752f0dd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -19,7 +19,7 @@
         "@octokit/plugin-retry": "^8.0.1",
         "@octokit/plugin-throttling": "^11.0.1",
         "ajv": "8.17.1",
-        "form-data": "^4.0.3",
+        "form-data": "^4.0.4",
         "jszip": "3.10.1",
         "semver": "^7.7.2",
         "uuid": "^11.1.0",
@@ -7335,9 +7335,10 @@
       }
     },
     "node_modules/form-data": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.3.tgz",
-      "integrity": "sha512-qsITQPfmvMOSAdeyZ+12I1c+CKSstAFAwu+97zrnWAbIr5u8wfsExUzCesVLC8NgHuRUqNN4Zy6UPWUTRGslcA==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+      "license": "MIT",
       "dependencies": {
         "asynckit": "^0.4.0",
         "combined-stream": "^1.0.8",
diff --git a/package.json b/package.json
index 2e1667c7..f92d81d9 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
     "@octokit/plugin-retry": "^8.0.1",
     "@octokit/plugin-throttling": "^11.0.1",
     "ajv": "8.17.1",
-    "form-data": "^4.0.3",
+    "form-data": "^4.0.4",
     "jszip": "3.10.1",
     "semver": "^7.7.2",
     "uuid": "^11.1.0",

From acdfaa526453b84031fa0c0bead7032a5e3ab592 Mon Sep 17 00:00:00 2001
From: MohamedMMahfouz <mohamedmmahfouz@github.com>
Date: Thu, 24 Jul 2025 10:12:53 +0200
Subject: [PATCH 2/2] Update dist/query.js

---
 dist/query.js | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/dist/query.js b/dist/query.js
index 66a7c892..1fac52f6 100644
--- a/dist/query.js
+++ b/dist/query.js
@@ -40879,6 +40879,7 @@ var require_form_data = __commonJS({
     var parseUrl2 = require("url").parse;
     var fs6 = require("fs");
     var Stream = require("stream").Stream;
+    var crypto = require("crypto");
     var mime = require_mime_types();
     var asynckit = require_asynckit();
     var setToStringTag = require_es_set_tostringtag();
@@ -41084,11 +41085,7 @@ var require_form_data = __commonJS({
       return Buffer.concat([dataBuffer, Buffer.from(this._lastBoundary())]);
     };
     FormData2.prototype._generateBoundary = function() {
-      var boundary = "--------------------------";
-      for (var i = 0; i < 24; i++) {
-        boundary += Math.floor(Math.random() * 10).toString(16);
-      }
-      this._boundary = boundary;
+      this._boundary = "--------------------------" + crypto.randomBytes(12).toString("hex");
     };
     FormData2.prototype.getLengthSync = function() {
       var knownLength = this._overheadLength + this._valueLength;