From fef0867997ae95ace373af32670e6052ddc8a02f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EB=B0=95=EA=B7=BC=ED=98=95?= Date: Tue, 23 Apr 2024 20:51:29 +0900 Subject: [PATCH] fix: Formidable arbitrary file upload (#18) --- package-lock.json | 33 ++++++++++++++++++++++----------- package.json | 3 ++- 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8991444..d715913 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,6 +18,7 @@ "class-transformer": "^0.5.1", "class-validator": "^0.14.1", "exceljs": "^4.4.0", + "formidable": "^3.5.1", "mongodb-memory-server": "^9.1.8", "mongoose": "^8.3.0", "reflect-metadata": "^0.1.13", @@ -41,7 +42,7 @@ "jest": "^29.5.0", "prettier": "^3.0.0", "source-map-support": "^0.5.21", - "supertest": "^6.3.3", + "supertest": "^6.3.4", "ts-jest": "^29.1.0", "ts-loader": "^9.4.3", "ts-node": "^10.9.1", @@ -3312,8 +3313,7 @@ "node_modules/asap": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", - "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==", - "dev": true + "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==" }, "node_modules/async": { "version": "3.2.5", @@ -4401,7 +4401,6 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz", "integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==", - "dev": true, "dependencies": { "asap": "^2.0.0", "wrappy": "1" @@ -5437,15 +5436,13 @@ } }, "node_modules/formidable": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz", - "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==", - "dev": true, + "version": "3.5.1", + "resolved": "https://registry.npmjs.org/formidable/-/formidable-3.5.1.tgz", + "integrity": "sha512-WJWKelbRHN41m5dumb0/k8TeAx7Id/y3a+Z7QfhxP/htI9Js5zYaEDtG8uMgG0vM0lOlqnmjE99/kfpOYi/0Og==", "dependencies": { "dezalgo": "^1.0.4", "hexoid": "^1.0.0", - "once": "^1.4.0", - "qs": "^6.11.0" + "once": "^1.4.0" }, "funding": { "url": "https://ko-fi.com/tunnckoCore/commissions" @@ -5800,7 +5797,6 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz", "integrity": "sha512-QFLV0taWQOZtvIRIAdBChesmogZrtuXvVWsFHZTk2SU+anspqZ2vMnoLg7IE1+Uk16N19APic1BuF8bC8c2m5g==", - "dev": true, "engines": { "node": ">=8" } @@ -9227,6 +9223,21 @@ "node": ">=6.4.0 <13 || >=14" } }, + "node_modules/superagent/node_modules/formidable": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz", + "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==", + "dev": true, + "dependencies": { + "dezalgo": "^1.0.4", + "hexoid": "^1.0.0", + "once": "^1.4.0", + "qs": "^6.11.0" + }, + "funding": { + "url": "https://ko-fi.com/tunnckoCore/commissions" + } + }, "node_modules/superagent/node_modules/mime": { "version": "2.6.0", "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz", diff --git a/package.json b/package.json index f9636df..3cb67bb 100644 --- a/package.json +++ b/package.json @@ -29,6 +29,7 @@ "class-transformer": "^0.5.1", "class-validator": "^0.14.1", "exceljs": "^4.4.0", + "formidable": "^3.5.1", "mongodb-memory-server": "^9.1.8", "mongoose": "^8.3.0", "reflect-metadata": "^0.1.13", @@ -52,7 +53,7 @@ "jest": "^29.5.0", "prettier": "^3.0.0", "source-map-support": "^0.5.21", - "supertest": "^6.3.3", + "supertest": "^6.3.4", "ts-jest": "^29.1.0", "ts-loader": "^9.4.3", "ts-node": "^10.9.1",