forked from FoundKeyGang/FoundKey
Merge pull request 'security: update multer to 1.4.5-lts.1' (#69) from fix/multer-security into main
Reviewed-on: FoundKeyGang/FoundKey#69
This commit is contained in:
commit
27c56a4dcc
3 changed files with 19 additions and 46 deletions
|
@ -24,6 +24,9 @@ For older Misskey versions, see [CHANGELOG-OLD.md](./CHANGELOG-OLD.md).
|
||||||
### Fixed
|
### Fixed
|
||||||
- Server: Blocking remote accounts
|
- Server: Blocking remote accounts
|
||||||
|
|
||||||
|
### Security
|
||||||
|
- Server: Update `multer` dependency to resolve [CVE-2022-24434](https://nvd.nist.gov/vuln/detail/CVE-2022-24434)
|
||||||
|
|
||||||
## 13.0.0-preview1 - 2022-08-05
|
## 13.0.0-preview1 - 2022-08-05
|
||||||
### Added
|
### Added
|
||||||
- Server: Replies can now be fetched recursively.
|
- Server: Replies can now be fetched recursively.
|
||||||
|
|
|
@ -69,7 +69,7 @@
|
||||||
"mime-types": "2.1.35",
|
"mime-types": "2.1.35",
|
||||||
"misskey-js": "0.0.14",
|
"misskey-js": "0.0.14",
|
||||||
"mocha": "10.0.0",
|
"mocha": "10.0.0",
|
||||||
"multer": "1.4.4",
|
"multer": "1.4.5-lts.1",
|
||||||
"nested-property": "4.0.0",
|
"nested-property": "4.0.0",
|
||||||
"node-fetch": "3.2.6",
|
"node-fetch": "3.2.6",
|
||||||
"nodemailer": "6.7.6",
|
"nodemailer": "6.7.6",
|
||||||
|
|
|
@ -1486,13 +1486,12 @@ bull@4.8.4:
|
||||||
semver "^7.3.2"
|
semver "^7.3.2"
|
||||||
uuid "^8.3.0"
|
uuid "^8.3.0"
|
||||||
|
|
||||||
busboy@^0.2.11:
|
busboy@^1.0.0:
|
||||||
version "0.2.14"
|
version "1.6.0"
|
||||||
resolved "https://registry.yarnpkg.com/busboy/-/busboy-0.2.14.tgz#6c2a622efcf47c57bbbe1e2a9c37ad36c7925453"
|
resolved "https://registry.yarnpkg.com/busboy/-/busboy-1.6.0.tgz#966ea36a9502e43cdb9146962523b92f531f6893"
|
||||||
integrity sha1-bCpiLvz0fFe7vh4qnDetNseSVFM=
|
integrity sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==
|
||||||
dependencies:
|
dependencies:
|
||||||
dicer "0.2.5"
|
streamsearch "^1.1.0"
|
||||||
readable-stream "1.1.x"
|
|
||||||
|
|
||||||
bytes@3.1.0, bytes@^3.1.0:
|
bytes@3.1.0, bytes@^3.1.0:
|
||||||
version "3.1.0"
|
version "3.1.0"
|
||||||
|
@ -2237,14 +2236,6 @@ detect-libc@^2.0.0:
|
||||||
resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-2.0.0.tgz#c528bc09bc6d1aa30149228240917c225448f204"
|
resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-2.0.0.tgz#c528bc09bc6d1aa30149228240917c225448f204"
|
||||||
integrity sha512-S55LzUl8HUav8l9E2PBTlC5PAJrHK7tkM+XXFGD+fbsbkTzhCpG6K05LxJcUOEWzMa4v6ptcMZ9s3fOdJDu0Zw==
|
integrity sha512-S55LzUl8HUav8l9E2PBTlC5PAJrHK7tkM+XXFGD+fbsbkTzhCpG6K05LxJcUOEWzMa4v6ptcMZ9s3fOdJDu0Zw==
|
||||||
|
|
||||||
dicer@0.2.5:
|
|
||||||
version "0.2.5"
|
|
||||||
resolved "https://registry.yarnpkg.com/dicer/-/dicer-0.2.5.tgz#5996c086bb33218c812c090bddc09cd12facb70f"
|
|
||||||
integrity sha1-WZbAhrszIYyBLAkL3cCc0S+stw8=
|
|
||||||
dependencies:
|
|
||||||
readable-stream "1.1.x"
|
|
||||||
streamsearch "0.1.2"
|
|
||||||
|
|
||||||
diff@5.0.0:
|
diff@5.0.0:
|
||||||
version "5.0.0"
|
version "5.0.0"
|
||||||
resolved "https://registry.yarnpkg.com/diff/-/diff-5.0.0.tgz#7ed6ad76d859d030787ec35855f5b1daf31d852b"
|
resolved "https://registry.yarnpkg.com/diff/-/diff-5.0.0.tgz#7ed6ad76d859d030787ec35855f5b1daf31d852b"
|
||||||
|
@ -3552,7 +3543,7 @@ inflight@^1.0.4:
|
||||||
once "^1.3.0"
|
once "^1.3.0"
|
||||||
wrappy "1"
|
wrappy "1"
|
||||||
|
|
||||||
inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.0, inherits@~2.0.1, inherits@~2.0.3:
|
inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.0, inherits@~2.0.3:
|
||||||
version "2.0.4"
|
version "2.0.4"
|
||||||
resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
|
resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
|
||||||
integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
|
integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
|
||||||
|
@ -3861,11 +3852,6 @@ is-whitespace@^0.3.0:
|
||||||
resolved "https://registry.yarnpkg.com/is-whitespace/-/is-whitespace-0.3.0.tgz#1639ecb1be036aec69a54cbb401cfbed7114ab7f"
|
resolved "https://registry.yarnpkg.com/is-whitespace/-/is-whitespace-0.3.0.tgz#1639ecb1be036aec69a54cbb401cfbed7114ab7f"
|
||||||
integrity sha1-Fjnssb4DauxppUy7QBz77XEUq38=
|
integrity sha1-Fjnssb4DauxppUy7QBz77XEUq38=
|
||||||
|
|
||||||
isarray@0.0.1:
|
|
||||||
version "0.0.1"
|
|
||||||
resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf"
|
|
||||||
integrity sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=
|
|
||||||
|
|
||||||
isarray@^1.0.0, isarray@~1.0.0:
|
isarray@^1.0.0, isarray@~1.0.0:
|
||||||
version "1.0.0"
|
version "1.0.0"
|
||||||
resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
|
resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
|
||||||
|
@ -4765,17 +4751,16 @@ msgpackr@^1.5.2:
|
||||||
optionalDependencies:
|
optionalDependencies:
|
||||||
msgpackr-extract "^1.0.14"
|
msgpackr-extract "^1.0.14"
|
||||||
|
|
||||||
multer@1.4.4:
|
multer@1.4.5-lts.1:
|
||||||
version "1.4.4"
|
version "1.4.5-lts.1"
|
||||||
resolved "https://registry.yarnpkg.com/multer/-/multer-1.4.4.tgz#e2bc6cac0df57a8832b858d7418ccaa8ebaf7d8c"
|
resolved "https://registry.yarnpkg.com/multer/-/multer-1.4.5-lts.1.tgz#803e24ad1984f58edffbc79f56e305aec5cfd1ac"
|
||||||
integrity sha512-2wY2+xD4udX612aMqMcB8Ws2Voq6NIUPEtD1be6m411T4uDH/VtL9i//xvcyFlTVfRdaBsk7hV5tgrGQqhuBiw==
|
integrity sha512-ywPWvcDMeH+z9gQq5qYHCCy+ethsk4goepZ45GLD63fOu0YcNecQxi64nDs3qluZB+murG3/D4dJ7+dGctcCQQ==
|
||||||
dependencies:
|
dependencies:
|
||||||
append-field "^1.0.0"
|
append-field "^1.0.0"
|
||||||
busboy "^0.2.11"
|
busboy "^1.0.0"
|
||||||
concat-stream "^1.5.2"
|
concat-stream "^1.5.2"
|
||||||
mkdirp "^0.5.4"
|
mkdirp "^0.5.4"
|
||||||
object-assign "^4.1.1"
|
object-assign "^4.1.1"
|
||||||
on-finished "^2.3.0"
|
|
||||||
type-is "^1.6.4"
|
type-is "^1.6.4"
|
||||||
xtend "^4.0.0"
|
xtend "^4.0.0"
|
||||||
|
|
||||||
|
@ -5771,16 +5756,6 @@ re2@1.17.7:
|
||||||
nan "^2.16.0"
|
nan "^2.16.0"
|
||||||
node-gyp "^9.0.0"
|
node-gyp "^9.0.0"
|
||||||
|
|
||||||
readable-stream@1.1.x:
|
|
||||||
version "1.1.14"
|
|
||||||
resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.1.14.tgz#7cf4c54ef648e3813084c636dd2079e166c081d9"
|
|
||||||
integrity sha1-fPTFTvZI44EwhMY23SB54WbAgdk=
|
|
||||||
dependencies:
|
|
||||||
core-util-is "~1.0.0"
|
|
||||||
inherits "~2.0.1"
|
|
||||||
isarray "0.0.1"
|
|
||||||
string_decoder "~0.10.x"
|
|
||||||
|
|
||||||
readable-stream@^2.0.0, readable-stream@^2.0.2, readable-stream@^2.0.5, readable-stream@^2.0.6, readable-stream@^2.2.2, readable-stream@~2.3.6:
|
readable-stream@^2.0.0, readable-stream@^2.0.2, readable-stream@^2.0.5, readable-stream@^2.0.6, readable-stream@^2.2.2, readable-stream@~2.3.6:
|
||||||
version "2.3.7"
|
version "2.3.7"
|
||||||
resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.7.tgz#1eca1cf711aef814c04f62252a36a62f6cb23b57"
|
resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.7.tgz#1eca1cf711aef814c04f62252a36a62f6cb23b57"
|
||||||
|
@ -6303,10 +6278,10 @@ stream-parser@~0.3.1:
|
||||||
dependencies:
|
dependencies:
|
||||||
debug "2"
|
debug "2"
|
||||||
|
|
||||||
streamsearch@0.1.2:
|
streamsearch@^1.1.0:
|
||||||
version "0.1.2"
|
version "1.1.0"
|
||||||
resolved "https://registry.yarnpkg.com/streamsearch/-/streamsearch-0.1.2.tgz#808b9d0e56fc273d809ba57338e929919a1a9f1a"
|
resolved "https://registry.yarnpkg.com/streamsearch/-/streamsearch-1.1.0.tgz#404dd1e2247ca94af554e841a8ef0eaa238da764"
|
||||||
integrity sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=
|
integrity sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==
|
||||||
|
|
||||||
strict-event-emitter-types@2.0.0:
|
strict-event-emitter-types@2.0.0:
|
||||||
version "2.0.0"
|
version "2.0.0"
|
||||||
|
@ -6371,11 +6346,6 @@ string_decoder@^1.1.1:
|
||||||
dependencies:
|
dependencies:
|
||||||
safe-buffer "~5.2.0"
|
safe-buffer "~5.2.0"
|
||||||
|
|
||||||
string_decoder@~0.10.x:
|
|
||||||
version "0.10.31"
|
|
||||||
resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-0.10.31.tgz#62e203bc41766c6c28c9fc84301dab1c5310fa94"
|
|
||||||
integrity sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=
|
|
||||||
|
|
||||||
string_decoder@~1.1.1:
|
string_decoder@~1.1.1:
|
||||||
version "1.1.1"
|
version "1.1.1"
|
||||||
resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8"
|
resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8"
|
||||||
|
|
Loading…
Reference in a new issue