fix: [CVE-2021-28092] is-svg bump

[ghost]

Fixes #149

[nbmedikonda]

@derkinderfietsen - when the new version will be released?

[ghost]

@badunk Could you please merge this? it's a very critical vulnerability.

[mardinyadegar]

@badunk I updated to using is-svg version 4.2.2 and I noticed my application's functionality did not break. It seemed to function fine and without any issues. I would suggest trying to get this PR merged because it could present issues for those using the package.

For what it is worth, I approve this pull request.

[nbmedikonda]

@LinusU - Could you please merge this?

[riggedCoinflip]

Any update on this?

[riggedCoinflip]

fine, I'll do it myself. I created an npm package so that we can use a patched version of is-svg. Being a new developer and first time publishing to npm, I hope I didn't do any mistakes.

The package is available at: https://www.npmjs.com/package/multer-s3-is-svg-fix I hope the project owner will be active again soon, but looking at his github page it seems like he disappeared about 4 months ago. I hope nothing has happened to him and he does well. I think it would be a good idea if someone knowledgable would take over this project. I am not knowledgable enough, else I would do it.

I also had to disable a specific test. Couldn't figure out why the file size got changed.

- assert.equal(req.file.size, 100)
+ // assert.equal(req.file.size, 100)  // FIXME actual 102 expected 100

[TheVaan]

@LinusU pleas merge this pr and create a new release!

[LinusU]

Sorry that no one ever took a look at this 😢

This was addressed in #103