Open TheBrockEllis opened 2 years ago
According to NPM audit, the dicer package has been marked with a high vulnerability. Swagger-tools is impacted by this vulnerability by way of this path: swagger-tools > multer > busboy > dicer
dicer
swagger-tools > multer > busboy > dicer
CVE link:https://github.com/advisories/GHSA-wm7h-9275-46v2
The multer team has just recently updated their 1.x branch to include a fix in a backwards compatible way. The branch can be found here.
multer
Is there any chance that swagger-tools could be updated to use v1.4.5-lts.1 of multer? Would be will to put together the PR if desirable.
Any updates on this?
leachjustin18
commented
2 years ago
According to NPM audit, the
dicerpackage has been marked with a high vulnerability. Swagger-tools is impacted by this vulnerability by way of this path:swagger-tools > multer > busboy > dicerCVE link:https://github.com/advisories/GHSA-wm7h-9275-46v2
The
multerteam has just recently updated their 1.x branch to include a fix in a backwards compatible way. The branch can be found here.Is there any chance that swagger-tools could be updated to use v1.4.5-lts.1 of multer? Would be will to put together the PR if desirable.