next-runtime icon indicating copy to clipboard operation
next-runtime copied to clipboard
verified publisher icon smeijer

dependency vunlunbility

Open ripple0328 opened this issue 3 years ago • 2 comments

dependency busboy <=0.3.1 depend on dicer which has vunlunbility, is it possible to upgrade, I saw 1.6 available

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2

ripple0328 avatar Jun 16 '22 05:06 ripple0328

+1

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
No fix available
node_modules/dicer
  busboy  <=0.3.1
  Depends on vulnerable versions of dicer
  node_modules/busboy
    next-runtime  *
    Depends on vulnerable versions of busboy
    node_modules/next-runtime

DaveCole avatar Dec 12 '23 20:12 DaveCole

Happy to merge a pull that fixes it.

smeijer avatar Dec 14 '23 08:12 smeijer