From ea3c2441be8ab01ee92993a4de1699a08643e42b Mon Sep 17 00:00:00 2001 From: ThatOneCalculator Date: Wed, 17 Aug 2022 15:57:16 -0700 Subject: [PATCH] fix: :lock: Up multer to LTS as to avoid CVE-2022-24434 --- packages/backend/package.json | 2 +- yarn.lock | 68 +++++++++++++++-------------------- 2 files changed, 29 insertions(+), 41 deletions(-) diff --git a/packages/backend/package.json b/packages/backend/package.json index 1236dfd88..8e9f42dac 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -72,7 +72,7 @@ "mime-types": "2.1.35", "misskey-js": "0.0.14", "mocha": "10.0.0", - "multer": "1.4.4", + "multer": "1.4.4-lts.1", "nested-property": "4.0.0", "node-fetch": "3.2.10", "nodemailer": "6.7.8", diff --git a/yarn.lock b/yarn.lock index 1a30293b4..625fadaf4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2962,7 +2962,7 @@ __metadata: mime-types: 2.1.35 misskey-js: 0.0.14 mocha: 10.0.0 - multer: 1.4.4 + multer: 1.4.4-lts.1 nested-property: 4.0.0 node-fetch: 3.2.10 nodemailer: 6.7.8 @@ -3246,7 +3246,7 @@ __metadata: "browser-image-resizer@git+https://github.com/misskey-dev/browser-image-resizer#v2.2.1-misskey.2": version: 2.2.1-misskey.2 resolution: "browser-image-resizer@https://github.com/misskey-dev/browser-image-resizer.git#commit=a58834f5fe2af9f9f31ff115121aef3de6f9d416" - checksum: 5a29181ee34a407b43069dcd5e3364c3066eb4af3ffdd262ba669ea37273ac232aadebff8204a6ae9ff8d74305429191feedb5d420449acf01e1bbf9759c4847 + checksum: 8ea30705704cc3f81eca23ff6cd0d5bf0d5404cd82612a52de11c0b851be511613022758babf5c202cc92b019483cfb97d7ef48cc18368a8913803fd654ac5d1 languageName: node linkType: hard @@ -3383,13 +3383,12 @@ __metadata: languageName: node linkType: hard -"busboy@npm:^0.2.11": - version: 0.2.14 - resolution: "busboy@npm:0.2.14" +"busboy@npm:^1.0.0": + version: 1.6.0 + resolution: "busboy@npm:1.6.0" dependencies: - dicer: 0.2.5 - readable-stream: 1.1.x - checksum: 9df9fca6d96dab9edd03f568bde31f215794e6fabd73c75d2b39a4be2e8b73a45121d987dea5db881f3fb499737c261b372106fe72d08b8db92afaed8d751165 + streamsearch: ^1.1.0 + checksum: 32801e2c0164e12106bf236291a00795c3c4e4b709ae02132883fe8478ba2ae23743b11c5735a0aae8afe65ac4b6ca4568b91f0d9fed1fdbc32ede824a73746e languageName: node linkType: hard @@ -5014,16 +5013,6 @@ __metadata: languageName: node linkType: hard -"dicer@npm:0.2.5": - version: 0.2.5 - resolution: "dicer@npm:0.2.5" - dependencies: - readable-stream: 1.1.x - streamsearch: 0.1.2 - checksum: a6f0ce9ac5099c7ffeaec7398d711eea1dd803eb99036d0f05342e9ed46a4235a5ed0ea01ad5d6c785fdb0aae6d61d2722e6e64f9fabdfe39885f7f52eb635ee - languageName: node - linkType: hard - "diff@npm:5.0.0": version: 5.0.0 resolution: "diff@npm:5.0.0" @@ -10283,19 +10272,18 @@ __metadata: languageName: node linkType: hard -"multer@npm:1.4.4": - version: 1.4.4 - resolution: "multer@npm:1.4.4" +"multer@npm:1.4.4-lts.1": + version: 1.4.4-lts.1 + resolution: "multer@npm:1.4.4-lts.1" dependencies: append-field: ^1.0.0 - busboy: ^0.2.11 + busboy: ^1.0.0 concat-stream: ^1.5.2 mkdirp: ^0.5.4 object-assign: ^4.1.1 - on-finished: ^2.3.0 type-is: ^1.6.4 xtend: ^4.0.0 - checksum: b5550d250aeee9c4d630eaecd133af0899239f6b10cec4b448ddd0a808025b383520b8227198a8612f60c2cd2094bcb60de93d973084f889d4e40efe6dbd641e + checksum: da04b06efdbff9bd42d9f71297eeb2c0566231a4b9c895f49479c09b163c5e404aa6e58bd1c19f006f82e2114362545e39cbf7e0163ffd8d73d0f88adf4489e2 languageName: node linkType: hard @@ -12509,18 +12497,6 @@ __metadata: languageName: node linkType: hard -"readable-stream@npm:1.1.x, readable-stream@npm:~1.1.9": - version: 1.1.14 - resolution: "readable-stream@npm:1.1.14" - dependencies: - core-util-is: ~1.0.0 - inherits: ~2.0.1 - isarray: 0.0.1 - string_decoder: ~0.10.x - checksum: 17dfeae3e909945a4a1abc5613ea92d03269ef54c49288599507fc98ff4615988a1c39a999dcf9aacba70233d9b7040bc11a5f2bfc947e262dedcc0a8b32b5a0 - languageName: node - linkType: hard - "readable-stream@npm:3, readable-stream@npm:^3.1.1, readable-stream@npm:^3.4.0, readable-stream@npm:^3.6.0": version: 3.6.0 resolution: "readable-stream@npm:3.6.0" @@ -12547,6 +12523,18 @@ __metadata: languageName: node linkType: hard +"readable-stream@npm:~1.1.9": + version: 1.1.14 + resolution: "readable-stream@npm:1.1.14" + dependencies: + core-util-is: ~1.0.0 + inherits: ~2.0.1 + isarray: 0.0.1 + string_decoder: ~0.10.x + checksum: 17dfeae3e909945a4a1abc5613ea92d03269ef54c49288599507fc98ff4615988a1c39a999dcf9aacba70233d9b7040bc11a5f2bfc947e262dedcc0a8b32b5a0 + languageName: node + linkType: hard + "readable-web-to-node-stream@npm:^3.0.2": version: 3.0.2 resolution: "readable-web-to-node-stream@npm:3.0.2" @@ -13786,10 +13774,10 @@ __metadata: languageName: node linkType: hard -"streamsearch@npm:0.1.2": - version: 0.1.2 - resolution: "streamsearch@npm:0.1.2" - checksum: d2db57cbfbf7947ab9c75a7b4c80a8ef8d24850cf0a1a24258bb6956c97317ce1eab7dbcbf9c5aba3e6198611af1053b02411057bbedb99bf9c64b8275248997 +"streamsearch@npm:^1.1.0": + version: 1.1.0 + resolution: "streamsearch@npm:1.1.0" + checksum: 1cce16cea8405d7a233d32ca5e00a00169cc0e19fbc02aa839959985f267335d435c07f96e5e0edd0eadc6d39c98d5435fb5bbbdefc62c41834eadc5622ad942 languageName: node linkType: hard