Depends on vulnerable versions of dicer-- High

mscdex / busboy

A streaming parser for HTML form data for node.js

MIT License

2.84k stars 213 forks source link

Closed RashadTanjim closed 1 year ago

RashadTanjim commented 1 year ago

node_modules/busboy It depends on vulnerable versions of dicer please remove or update dicer

** Severity: High Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2 No fix available

mscdex commented 1 year ago

I think you posted this to the wrong repository?

haydn commented 1 year ago

Yeah, looks like dicer was a dependency in an older version of busboy. It was removed in https://github.com/mscdex/busboy/commit/54a86838c15bba1fc78eebdfa3c6a986a5e57dd9.

@RashadTanjim You've probably got a transitive dependency that requires an older version of busboy.