Skip to content

Version 15.0.0
Compare
Choose a tag to compare
@jaydenseric jaydenseric released this 28 May 02:34
· 24 commits to master since this release
v15.0.0
cd9e4f1

Major

  • Updated the busboy dependency to v1, fixing #311.
    • This important update addresses the vulnerability CVE-2022-24434 (GHSA-wm7h-9275-46v2).
    • Some error messages have changed.
    • Temporarily until mscdex/busboy#297 is fixed upstream, for the function processRequest and the middleware graphqlUploadExpress and graphqlUploadKoa the option maxFileSize is actually 1 byte less than the amount specified.

Patch

  • Updated the typescript dev dependency.
  • In the function processRequest use the on method instead of once to listen for error events on the busboy parser, as in edge cases the same parser could have multiple error events and all must be handled to prevent the Node.js process exiting with an error.
  • Simplified error handling within the function processRequest.
  • Added a test for the function processRequest with a maliciously malformed multipart request.
Assets 2