security: update multer to 1.4.5-lts.1 #69

Merged

norm merged 2 commits from fix/multer-security into main 2022-08-18 17:39:34 +00:00

Conversation 1 Commits 2 Files changed 3 +19 -46

norm commented 2022-08-18 05:41:05 +00:00

Owner

Copy link

This version of multer contains a fix for
CVE-2022-24434 which affects a transitive dependency.

This affects all versions of package dicer. A malicious attacker can
send a modified form to server, and crash the nodejs service. An
attacker could sent the payload again and again so that the service
continuously crashes.

Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-24434

This version of multer contains a fix for CVE-2022-24434 which affects a transitive dependency. > This affects all versions of package dicer. A malicious attacker can > send a modified form to server, and crash the nodejs service. An > attacker could sent the payload again and again so that the service > continuously crashes. Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-24434

norm added 1 commit 2022-08-18 05:41:06 +00:00

security: update multer to 1.4.5-lts.1 ... f30e02dc73

This version of multer contains a fix for
CVE-2022-24434 which affects a transitive dependency.

> This affects all versions of package dicer. A malicious attacker can
> send a modified form to server, and crash the nodejs service. An
> attacker could sent the payload again and again so that the service
> continuously crashes.

Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-24434

norm added 1 commit 2022-08-18 05:57:43 +00:00

Update changelog to reflect multer update c11fbc7a86

Johann150 approved these changes 2022-08-18 12:50:45 +00:00

Johann150 left a comment

Owner

Copy link

If this is a (rather small) safety critical change, why is this a PR instead of committed directly? If it still works, merge it. 😁

If this is a (rather small) safety critical change, why is this a PR instead of committed directly? If it still works, merge it. 😁

norm commented 2022-08-18 17:39:25 +00:00

Author

Owner

Copy link

yeah good point

yeah good point

norm merged commit 27c56a4dcc into main 2022-08-18 17:39:34 +00:00

norm referenced this pull request from a commit 2022-08-18 17:39:34 +00:00

Merge pull request 'security: update multer to 1.4.5-lts.1' (#69) from fix/multer-security into main

norm deleted branch fix/multer-security 2022-08-18 23:17:51 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Johann150

Labels

Clear labels   

feature

task that proposes new feature(s)

  

fix

task to fix behavioral problems in the FoundKey codebase

  

upkeep

task that should make FoundKey smaller and more maintainable

No labels

feature

fix

upkeep

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: FoundKeyGang/FoundKey#69

No description provided.