Skip to content

Commit 29302d8

Browse files
danny-avilatimmanik
danny-avila
authored and
timmanik
committed
🛡️ chore: multer v2.0.0 for CVE-2025-47935 and CVE-2025-47944 (danny-avila#7454)
* chore: bump multer to v2.0.0 to resolve CVE-2025-47935 and CVE-2025-47944 * chore: temp. remove helmet dependency to appease unused NPM package workflow
1 parent 1ceae62 commit 29302d8

File tree

2 files changed

+32
-41
lines changed

2 files changed

+32
-41
lines changed

api/package.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,6 @@
7171
"firebase": "^11.0.2",
7272
"googleapis": "^126.0.1",
7373
"handlebars": "^4.7.7",
74-
"helmet": "^8.1.0",
7574
"https-proxy-agent": "^7.0.6",
7675
"ioredis": "^5.3.2",
7776
"js-yaml": "^4.1.0",
@@ -87,7 +86,7 @@
8786
"mime": "^3.0.0",
8887
"module-alias": "^2.2.3",
8988
"mongoose": "^8.12.1",
90-
"multer": "^1.4.5-lts.1",
89+
"multer": "^2.0.0",
9190
"nanoid": "^3.3.7",
9291
"nodemailer": "^6.9.15",
9392
"ollama": "^0.5.0",

package-lock.json

Lines changed: 31 additions & 39 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)