Security vulnerability in busboy dependency of apollo-server-express 2.x

Vulnerability report by an audit returns `dicer` package dependency of `busboy@0.3.1` which is a transient dependency of `apollo-server@2.25.4`

```
dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
node_modules/dicer
  busboy  <=0.3.1
  Depends on vulnerable versions of dicer
  node_modules/busboy
    @apollographql/graphql-upload-8-fork  *
    Depends on vulnerable versions of busboy
    node_modules/@apollographql/graphql-upload-8-fork
      apollo-server-core  2.21.0-alpha.0 - 2.25.4
      Depends on vulnerable versions of @apollographql/graphql-upload-8-fork
      node_modules/apollo-server-core
        apollo-server-express  2.0.1 || 2.21.0-alpha.0 - 2.25.4
        Depends on vulnerable versions of apollo-server-core
        node_modules/apollo-server-express
          @vue/cli-ui  >=5.0.0-alpha.0
          Depends on vulnerable versions of apollo-server-express
          node_modules/@vue/cli-ui
            @vue/cli  >=5.0.0-alpha.0
            Depends on vulnerable versions of @vue/cli-ui
            node_modules/@vue/cli

7 high severity vulnerabilities
```
Is there a solution to this, without having to upgrade to apollo-server 3.x?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security vulnerability in busboy dependency of apollo-server-express 2.x #6590

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security vulnerability in busboy dependency of apollo-server-express 2.x #6590

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions