Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump busboy up to solve DoS vulnerability #1096

Closed
wants to merge 1 commit into from

Conversation

mrded
Copy link

@mrded mrded commented May 20, 2022

Hello,

Snyk is reporting a vulnerability in this repo, that is coming from the Dicer library:

Issues with no direct upgrade or patch:
  ✗ Denial of Service (DoS) [High Severity][https://snyk.io/vuln/SNYK-JS-DICER-2311764] in dicer@0.2.5
    introduced by multer@1.4.4 > busboy@0.2.14 > dicer@0.2.5
  No upgrade or patch available

This change removes dicer from multer's transitive dependency list.

@mrded
Copy link
Author

mrded commented May 20, 2022

As expected, updating busboy 0.2.11 -> 1.0.0 breaks the tests, and need the code update.

@erano067
Copy link

Hey, I opened a pr for that that handle the breaking changes
I have another issues with busboy version. #1092

This change removes dicer from multer's transitive dependency list.
https://security.snyk.io/vuln/SNYK-JS-DICER-2311764
@mrded
Copy link
Author

mrded commented May 23, 2022

Closing due to a better solution available: #1097

@mrded mrded closed this May 23, 2022
@mrded mrded deleted the patch-1 branch May 23, 2022 09:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants