Closed ghost closed 3 years ago
@derkinderfietsen - when the new version will be released?
@badunk Could you please merge this? it's a very critical vulnerability.
@badunk I updated to using is-svg
version 4.2.2
and I noticed my application's functionality did not break. It seemed to function fine and without any issues. I would suggest trying to get this PR merged because it could present issues for those using the package.
For what it is worth, I approve this pull request.
@LinusU - Could you please merge this?
Any update on this?
fine, I'll do it myself. I created an npm package so that we can use a patched version of is-svg. Being a new developer and first time publishing to npm, I hope I didn't do any mistakes.
The package is available at: https://www.npmjs.com/package/multer-s3-is-svg-fix I hope the project owner will be active again soon, but looking at his github page it seems like he disappeared about 4 months ago. I hope nothing has happened to him and he does well. I think it would be a good idea if someone knowledgable would take over this project. I am not knowledgable enough, else I would do it.
I also had to disable a specific test. Couldn't figure out why the file size got changed.
- assert.equal(req.file.size, 100)
+ // assert.equal(req.file.size, 100) // FIXME actual 102 expected 100
@LinusU pleas merge this pr and create a new release!
Sorry that no one ever took a look at this 😢
This was addressed in #103
Fixes #149