Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove depends on vulnerable versions of busboy #10

Conversation

ostec-marten
Copy link
Contributor

@dominhhai @nervgh @christopherL91 Please apply request.

It fixes a security issue when running npm audit.

Example see here:

3 high severity vulnerabilities

    node_modules/koa-busboy
    Depends on vulnerable versions of busboy
    koa-busboy  *
  node_modules/busboy
  Depends on vulnerable versions of dicer
  busboy  <=0.3.1
node_modules/dicer
No fix available
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
Severity: high
dicer  *

The fix uses a newer version of busboy and make some changes to fix breaking changes see mscdex/busboy#266

Best regards.

- No more constructor
- Truncated flags, encoding, and mime type information have been consolidated
into a single object passed to the event handlers
See: mscdex/busboy#266
...like busboy package
@dominhhai dominhhai merged commit 52979d1 into dominhhai:master Aug 9, 2022
@ostec-marten
Copy link
Contributor Author

Hi @dominhhai

Thanks for merging.

Please publish new version to npm.

If you not agree to new version 1.6. please change to 1.3. or 1.2.x and pubish to npm.

Only with npm publish package user get info that a new version is available.

bye, marten

@ostec-marten
Copy link
Contributor Author

ostec-marten commented Aug 16, 2022

@nervgh @christopherL91 @dominhhai

Please publish new version to npm to get package health again

Screenshot 2022-08-16 at 12 59 21

see https://snyk.io/advisor/npm-package/koa-busboy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants