jpike88
commented
2 years ago @jamhall this is quite a serious vulnerability. Are we able to have this resolved? If I make a PR will you merge it?
Open mheironimus-rgare opened 2 years ago
jpike88
commented
2 years ago @jamhall this is quite a serious vulnerability. Are we able to have this resolved? If I make a PR will you merge it?
parajbs
commented
1 year ago hi @jpike88 and @jamhall,
I also think this is a pretty serious vulnerability.
@jpike88, did you manage to solve it? And can you make an RP, I think @jamhall will thank you and if it works, take over.
If not, then it would definitely be a help for all other developers.
I would also help, but I don't have enough time to find out for myself.
jpike88
commented
1 year ago I don’t think the maintainer is very interested in maintaining this, look how many PRs are open and unaddressed. Best thing to do is just fork it
parajbs
commented
1 year ago hello @jpike88,
it was similar last year until "jamhall" released a new version. I think he collects some PRs until it's worth releasing a new version.
Somewhere it was said that a version 4.0 should follow, but not when.
We can ask @leontastic if he is in contact with @jamhall and if it makes sense to open a PR here.
But if I were you, I would open a PR here, then all developers can help, and the result is useful for everyone. With a fork it would not appear in the original of "jamhall", where it also has to be corrected.
But your decision. Let me know and I'll help. Maybe @mheironimus-rgare can help too.
NPM audit, and other security vulnerability scanning tools, are indicating the following issue in version 3.7.1 of s3rver:
My understanding is the issue (https://github.com/advisories/GHSA-wm7h-9275-46v2) was addressed in busboy v1.0.0 (https://github.com/mscdex/busboy/issues/250#issuecomment-997450751). Could a new version of s3rver be released that uses a newer version of busboy to address this issue?