DoS vulnerability from dicer@0.2.5

[mrded]

Hello,

Snyk is reporting a vulnerability in this repo, that is coming from the Dicer library:

Issues with no direct upgrade or patch:
  ✗ Denial of Service (DoS) [High Severity][https://snyk.io/vuln/SNYK-JS-DICER-2311764] in dicer@0.2.5
    introduced by express-openapi-validator@4.13.7 > multer@1.4.4 > busboy@0.2.14 > dicer@0.2.5
  No upgrade or patch available

Thanks

[mrded]

Updating multer > busboy@1.0.0 drops the dependency on dicer (where the vuln comes from).

[ansonallard]

multer has an active PR for this issue: expressjs/multer#1097

[finpingvin]

multer has an active PR for this issue: expressjs/multer#1097

They seem to have released it under 1.4.4-lts.1

[cdimascio]

Fixed in 4.13.8