Vulnerability in dicer dependency (via busboy/await-busboy)

[yelworc]

Hi @3imed-jaberi – first of all, thanks for this fork and your maintenance commitment! :slightly_smiling_face:

As of a few days ago, npm audit is reporting a vulnerability in the dicer package, which koa-joi-router is using through busboy. The actual issue was found and reported quite a while ago, but since busboy is an indirect dependency and await-busboy seems unlikely to be updated anytime soon, I'm not sure what the best migration path for koa-joi-router would be. If it's feasible to get rid of the await-busboy layer, maybe switching to this more actively maintained busboy fork would be an option?

[3imed-jaberi]

Hello @yelworc, thanks! I will take a look 👀 ...

[3imed-jaberi]

@yelworc, solved and published v10.0.0 🎉!

[yelworc]

Nice, thank you!