-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
【安全风险】egg-multipart 的底层依赖dicer全版本都有风险,请求出个新包解决一下 #4977
Labels
Comments
@hyj1991 看看怎么升级下 busybus 要求 10.x,mscdex/busboy#266 |
这个包升级了,就得提升 egg 2.x 的整体最低依赖了,感觉有风险,不过也许也可以等因为升级 busboy 导致最低 node 版本无法使用的人来提 issue? |
@hyj1991 两害权其轻吧,发 minor
|
@PockeyMaster 欢迎 PR~ |
This was referenced Sep 16, 2022
This was referenced Sep 16, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happens?
如题
egg-multipart最新的版本2.13.1,依赖路径为 co-busboy: ^1.4.0 -> busboy: ^0.2.8 -> dicer: 0.2.5
dicer 这个依赖包全版本有 安全风险,详情https://nvd.nist.gov/vuln/detail/CVE-2022-24434
请求出个新包解决一下
最小可复现仓库
复现步骤,错误日志以及相关配置
相关环境信息
The text was updated successfully, but these errors were encountered: