Vulnerability in dicer package

[TheBrockEllis]

According to NPM audit, the dicer package has been marked with a high vulnerability. Swagger-tools is impacted by this vulnerability by way of this path: swagger-tools > multer > busboy > dicer

CVE link:GHSA-wm7h-9275-46v2

The multer team has just recently updated their 1.x branch to include a fix in a backwards compatible way. The branch can be found here.

Is there any chance that swagger-tools could be updated to use v1.4.5-lts.1 of multer? Would be will to put together the PR if desirable.

[leachjustin18]

Any updates on this?