search

dominhhai / koa-busboy

Upload files with Busboy
https://www.npmjs.com/package/koa-busboy
MIT License
31 stars 5 forks source link

Remove depends on vulnerable versions of busboy #10

Closed ostec-marten closed 2 years ago

ostec-marten commented 2 years ago

@dominhhai @nervgh @christopherL91 Please apply request.

It fixes a security issue when running npm audit.

Example see here:

3 high severity vulnerabilities

    node_modules/koa-busboy
    Depends on vulnerable versions of busboy
    koa-busboy  *
  node_modules/busboy
  Depends on vulnerable versions of dicer
  busboy  <=0.3.1
node_modules/dicer
No fix available
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
Severity: high
dicer  *

The fix uses a newer version of busboy and make some changes to fix breaking changes see https://github.com/mscdex/busboy/issues/266

Best regards.

ostec-marten commented 2 years ago

Hi @dominhhai

Thanks for merging.

Please publish new version to npm.

If you not agree to new version 1.6. please change to 1.3. or 1.2.x and pubish to npm.

Only with npm publish package user get info that a new version is available.

bye, marten

ostec-marten commented 2 years ago

@nervgh @christopherL91 @dominhhai

Please publish new version to npm to get package health again

Screenshot 2022-08-16 at 12 59 21

see https://snyk.io/advisor/npm-package/koa-busboy