fix: pin multer -> 1.4.4-lts.1 to mitigate GHSA-wm7h-9275-46v2

sgammon · sgammon · commit 204800e58854 · 2022-12-19T01:46:56.000-08:00
Severity: High References: CVE-2022-24434 SNYK-JS-DICER-2311764 mscdex/busboy#250 mscdex/dicer#22 Notes: Only used during test anyway.
diff --git a/package.json b/package.json
@@ -207,7 +207,7 @@
     "karma-sourcemap-loader": "^0.3.8",
     "minimist": "^1.2.6",
     "mocha": "^10.0.0",
-    "multer": "^1.4.4",
+    "multer": "1.4.4-lts.1",
     "proxy-from-env": "^1.1.0",
     "release-it": "^15.5.1",
     "rollup": "^3.7.5",
@@ -221,6 +221,9 @@
     "typescript": "^4.8.4",
     "url-search-params": "^0.10.0"
   },
+  "overrides": {
+    "busboy": ">=0.3.1"
+  },
   "browser": {
     "./lib/adapters/http.js": "./lib/helpers/null.js",
     "./lib/platform/generic/index.js": "./lib/platform/browser/index.js",
