$insta_reels_publishing_api_sample main > npm install 10:05:04
npm WARN deprecated [email protected]: Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.
added 262 packages, and audited 263 packages in 16s
39 packages are looking for funding
run `npm fund` for details
3 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
$insta_reels_publishing_api_sample main > npm audit 18s 10:05:24
# npm audit report
dicer *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
No fix available
{
node_modules/dicer
busboy <=0.3.1
Depends on vulnerable versions of dicer
node_modules/busboy
multer <=2.0.0-rc.3
Depends on vulnerable versions of busboy
node_modules/multer
3 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
diff --git a/insta_reels_publishing_api_sample/package.json b/insta_reels_publishing_api_sample/package.json
index f308153..48ea1ff 100644
--- a/insta_reels_publishing_api_sample/package.json
+++ b/insta_reels_publishing_api_sample/package.json
@@ -16,7 +16,7 @@
"express": "^4.17.3",
"express-session": "^1.17.2",
"fs": "^0.0.1-security",
- "multer": "^1.4.4",
+ "multer": "1.4.4-lts.1",
"path": "^0.12.7",
"pug": "^3.0.2"
},
(END)
I'm submitting this here because I'm not able to (or don't know how to) make a pull request for this change.