Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump multer dependency to 1.4.5-lts.1 #492

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump multer dependency to 1.4.5-lts.1 #492

wants to merge 1 commit into from

Conversation

zoeesilcock
Copy link

@zoeesilcock zoeesilcock commented Jun 15, 2022
edited
Loading

This is meant to deal with CVE-2022-24434 and should also fix #490.

PR Checklist

Verify that you did the following:

  • Opened an issue to track and discuss the problem you are trying to solve.
  • Submitted the changes using a new branch in your fork of this repo.
  • Added test for the changes and checked that code coverage didn't diminished if possible.
  • Docs were updated using jsdoc style comments when necessary.

Related issue

Issue: #490

Describe what you did

Bumped the multer dependency to version 1.4.5-lts.1 in order to solve the CVE-2022-24434 security warning and handle #490. The new version is technically a major bump since it changes the required NodeJS version from >= 0.10.0 to >= 6.0.0. That shouldn't be an issue since this package already requires >= 12. Please see the following issue on multer for more information.

Is this a breaking change?

  • Yes
  • No
  • Maybe

I don't think so, but it could affect users that have older versions of multer. NPM 8 will probably give the same error as in #490 if the user updates multer-gridfs-storage without updating multer also. This can happen automatically when using ^5.0.2 as the version for multer-gridfs-storage for example. Perhaps multer-gridfs-storage needs more than a patch version bump to avoid this?

@zoeesilcock
Bump multer dependency to 1.4.5-lts.1
3a444a0 
This is meant to deal with CVE-2022-24434 and should also fix devconcept#490.
@redimongo
Copy link

Please can someone approve this :)

@abitwise
Copy link

abitwise commented Sep 27, 2022
edited
Loading

Can this be merged please?

@sudipta9 sudipta9 mentioned this pull request Oct 5, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xsagar 0xsagar 0xsagar approved these changes

@sudipta9 sudipta9 sudipta9 approved these changes

@redimongo redimongo redimongo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Warning / Errors when using Multer latest version
5 participants
@zoeesilcock @redimongo @abitwise @sudipta9 @0xsagar