Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[chore] bump busboy dependency version #927

Closed
fbergeret95 opened this issue Oct 19, 2022 · 1 comment
Closed

[chore] bump busboy dependency version #927

fbergeret95 opened this issue Oct 19, 2022 · 1 comment

Comments

@fbergeret95
Copy link

fbergeret95 commented Oct 19, 2022
edited

Hello! Opened a blank issue since it's not a bug, but a vulnerability issue.

Current middy version depends on busboy@0.3.1 which has a vulnerable dependency (dicer): GHSA-wm7h-9275-46v2

Checked newer versions of the busboy package and since v1.0.0 that it does not have that dependency. Here is a list of breaking changes of v1: mscdex/busboy#266

Maybe someone with the understanding of how is this package is used can estimate the impact of upgrading it?

Thanks
@willfarrell
Copy link
Member

The latest version of middy, 3.6.1, already uses the latest version of busboy, 1.6.0, https://github.com/middyjs/middy/blob/main/packages/http-multipart-body-parser/package.json#L66

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willfarrell @fbergeret95