[SIRT] Upgrading form-data and dependents (Depends on Node upgrade)

[wjrosa]

Fixes https://github.com/woocommerce/woocommerce-gateway-stripe/security/dependabot/128

Changes proposed in this Pull Request:

To address the critical security issue related to form-data (CWE-330), I am upgrading it directly as well as jest and @wordpress/scripts, which depend on it. That's a dev-dependency (used only during building), so it is not that critical for us.

Testing instructions

Code review. Check if the tests are still passing. Attempt to build the frontend files with npm run build:webpack. Perform some basic smoke-testing on the frontend.

---

• Covered with tests (or have a good reason not to test in description ☝️)
• Tested on mobile (or does not apply)

Changelog entry

• This Pull Request does not require a changelog entry. (Comment required below)

Changelog Entry Comment

Comment

Post merge

• Added testing instructions to the Release Testing Instructions wiki page (or does not apply)
• Added the needs docs label (or does not apply)
• Included this PR in the Release Thread scope (or does not apply)

[annemirasol]

I'm still seeing form-data 3.0.0 (and older versions) in package-lock.json.

[github-actions]

📈 PHP Unit Code Coverage Report

Package	Line Rate	Health
includes/admin/class-wc-stripe-admin-notices.php	68%	➖
includes/admin/class-wc-stripe-subscription-detached-bulk-action.php	88%	✔
includes/class-wc-stripe-webhook-handler.php	37%	❌
includes/class-wc-stripe.php	31%	❌
includes/compat/class-wc-stripe-subscriptions-helper.php	88%	✔
includes/payment-methods/class-wc-stripe-express-checkout-custom-fields.php	70%	➖
Summary	46% (7746 / 16976)	❌

[wjrosa]

@annemirasol The remaing form-data insecure version is a dependency of @wordpress/scripts. The version here is the latest we can support without upgrading Node. I tried to create a new version for @wordpress/scripts as well, but the wporg npmjs credentials are not working. I am afraid we will have to block this PR until we upgrade Node.