Additional context
I tried the following fixes to work around the issue:
Try lifting graphql-upload forcefully to 15.0.0 by using an override in package.json
This lead to an error in openapi-to-graphql/dist/index.js:8:23), which tries to:
const graphqlUpload = require('graphql-upload');
With the new versions of we get the following error:
No "exports" main defined in /<path>/node_modules/graphql-upload/package.json
Forcing busboy to be >=1.0.0 by using an override in package.json.
This seems to have solved the problem but I'm now left with the potential issues stemming from violating the dependencies of graphql-upload which is not prepared to work with such a new version of busboy.
Description According to https://security.snyk.io/vuln/SNYK-JS-DICER-2311764 the package
diceris vulnerable in all versions and should be replaced with an alternative.To Reproduce
Expected behavior A version of
graphql-upload>= 15.0.0 is used. See release notes: https://github.com/jaydenseric/graphql-upload/releases/tag/v15.0.0 which mention the corresponding fix.Actual behavior This leads to the following chain being installed:
Additional context I tried the following fixes to work around the issue:
Try lifting
graphql-uploadforcefully to15.0.0by using anoverrideinpackage.jsonThis lead to an error inopenapi-to-graphql/dist/index.js:8:23), which tries to:With the new versions of we get the following error:
Forcing
busboyto be>=1.0.0by using anoverrideinpackage.json. This seems to have solved the problem but I'm now left with the potential issues stemming from violating the dependencies ofgraphql-uploadwhich is not prepared to work with such a new version ofbusboy.