multerV1.4.3 had a peer dependency of dicer which is a vulnerable package and no patch was released for this. So, updating multer to version 1.4.5-lts.1 removed the vulnerable package as a peer dependency.
Checks
[ ] Code is formatted correctly (npm run lint:fix).
Intent
Implementation
multerV1.4.3
had a peer dependency ofdicer
which is a vulnerable package and no patch was released for this. So, updatingmulter
to version1.4.5-lts.1
removed the vulnerable package as a peer dependency.Checks
npm run lint:fix
).npm test
).