Busboy package vulnerability

[nikoes]

Hello,

I just want to mention that the current version of Multer uses a very old version of Busboy which uses Dicer.
This version of Dicer has this vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-24434
The latest version of Busboy 1.6.0 does not use Dicer anymore and it is save.
Would it be possible to update Busboy's version?

Kind regards

[LinusU]

This is adressed in #1097, and released as 1.4.5-lts.1.

We cannot release it as 1.4.6 until someone backports the fix to our supported Node.js versions...