fbsamples/reels_publishing_apis

fb_reels_publishing_api_sample's `npm install` failure due to 'multer@1.4.4'

Closed this issue · 1 comments

pbz1856 commented

Encountered the following error message while following the fb_reels_publishing_api_sample instruction, specifically during the npm install step:

$insta_reels_publishing_api_sample main > npm install                                                                                                            10:05:04
npm WARN deprecated multer@1.4.4: Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.

added 262 packages, and audited 263 packages in 16s

39 packages are looking for funding
  run `npm fund` for details

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

$insta_reels_publishing_api_sample main > npm audit                                                                                                          18s 10:05:24
# npm audit report

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
No fix available
{
node_modules/dicer
  busboy  <=0.3.1
  Depends on vulnerable versions of dicer
  node_modules/busboy
    multer  <=2.0.0-rc.3
    Depends on vulnerable versions of busboy
    node_modules/multer

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Looks like the issue can be resolved by following the suggestion above:

diff --git a/insta_reels_publishing_api_sample/package.json b/insta_reels_publishing_api_sample/package.json
index f308153..48ea1ff 100644
--- a/insta_reels_publishing_api_sample/package.json
+++ b/insta_reels_publishing_api_sample/package.json
@@ -16,7 +16,7 @@
     "express": "^4.17.3",
     "express-session": "^1.17.2",
     "fs": "^0.0.1-security",
-    "multer": "^1.4.4",
+    "multer": "1.4.4-lts.1",
     "path": "^0.12.7",
     "pug": "^3.0.2"
   },
(END)

I'm submitting this here because I'm not able to (or don't know how to) make a pull request for this change.

dkstevekwak commented

Thanks @pbz1856 for raising the issue. Closing this as it's resolved by #29