Bump multer from 1.4.4 to 2.0.2
Open
Number: #3629
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Contributor
Comments: 0
dependabot[bot]Association: Contributor
Comments: 0
Created:
July 18, 2025 at 06:16 AM UTC
(4 months ago)
(4 months ago)
Updated:
July 18, 2025 at 06:16 AM UTC
(4 months ago)
(4 months ago)
Labels:
dependencies javascript
dependencies javascript
Description:
Bumps multer from 1.4.4 to 2.0.2.
Release notes
Sourced from multer's releases.
v2.0.2
Important
Full Changelog: https://github.com/expressjs/multer/compare/v2.0.1...v2.0.2
v2.0.1
Important
What's Changed
- add Arabic translation for README .. by
@3imed-jaberiin expressjs/multer#762- Update README.md to fix issue #1114 by
@Mohamed-Abdelfattahin expressjs/multer#1169- Improved documentation translation to Spanish by
@juliomontenegroin expressjs/multer#1174- Translated to french by
@AlanLgin expressjs/multer#1182- Improve the Brazilian Portuguese translation by
@vitorRibeiro7in expressjs/multer#1204- doc: uzbek language by
@eugene0928in expressjs/multer#1232- Fix a mistake with README-pt-br.md by
@Igor-CAin expressjs/multer#1251- Update in Readme-pt-br and fix in Readme-ko by
@carlosstenzelin expressjs/multer#1252- chore: add support for OSSF scorecard reporting by
@inigomarquinezin expressjs/multer#1260- ci: replace travis with github action by
@inigomarquinezin expressjs/multer#1259- docs: improve readability by
@Sreejit-Senguptoin expressjs/multer#1255- test: add test for out-of-band error event by
@LinusUin expressjs/multer#1294- chore: upgrade scorecard workflow pinned action versions by
@carpassein expressjs/multer#1290- Documentation: remove unfortunate abbreviation from readme by
@MaddyGuthridgein expressjs/multer#1299- ci: use
ubuntu-latestas default runner by@UlisesGasconin expressjs/multer#1308- ci: add CodeQL (SAST) by
@bjohansebasin expressjs/multer#1289- Update readme badges by
@bjohansebasin expressjs/multer#1268- 📝 fix changelog information by
@ctcpipin expressjs/multer#1316- master -> v2 by
@ctcpipin expressjs/multer#1317- chore: fix typo by
@saucecodeein expressjs/multer#993- Remove --save from README by
@username1001in expressjs/multer#929- feat - update link badge in docs by
@carlosstenzelin expressjs/multer#1273- ci: change branch reference by
@UlisesGasconin expressjs/multer#1319- ♻️ use version tag for CI, fix CI badge, fix references to master/main by
@ctcpipin expressjs/multer#1324- deps: update dependencies to latest versions by
@bjohansebasin expressjs/multer#1328- 📝 list languages in table to prevent GH right-aligning list due to RTL language by
@ctcpipin expressjs/multer#1325- [StepSecurity] Apply security best practices by
@step-security-botin expressjs/multer#1311New Contributors
@3imed-jaberimade their first contribution in expressjs/multer#762@Mohamed-Abdelfattahmade their first contribution in expressjs/multer#1169@juliomontenegromade their first contribution in expressjs/multer#1174@AlanLgmade their first contribution in expressjs/multer#1182@vitorRibeiro7made their first contribution in expressjs/multer#1204@eugene0928made their first contribution in expressjs/multer#1232@Igor-CAmade their first contribution in expressjs/multer#1251
... (truncated)
Changelog
Sourced from multer's changelog.
2.0.2
2.0.1
2.0.0
- Breaking change: The minimum supported Node version is now 10.16.0
- Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)
- Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)
1.4.5-lts.2
- Fix out-of-band error event from busboy (#1177)
1.4.5-lts.1
- No changes
1.4.4-lts.1
Commits
e5db9ca🔖 2.0.2adfeaf6🥅 improve error handlinge259a7e🔖 2.0.135a3272Fixes expressjs/multer#1233. Makes multer handle mi...f897007ci: apply security best practices (#1311)061f4cb📝 list languages in table to prevent GH right-aligning list due to RTL language854d769deps: update dependencies to latest versions (#1328)256da2f♻️ use version tag for CI, fix CI badge, fix references to master/maindd9dde4📝 fix badges in translation files (#1321)dc2a880ci: change branch reference- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
1
Files Changed:
2
2
Additions:
+41
+41
Deletions:
-61
-61
Package Dependencies
Security Advisories
Multer vulnerable to Denial of Service via unhandled exception
GHSA-g5hg-p3ph-g8qg
CVE-2025-48997
HIGH
### Impact
A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This ...
Multer vulnerable to Denial of Service from maliciously crafted requests
GHSA-4pg4-qvpc-4q3h
CVE-2025-47944
HIGH
### Impact
A vulnerability in Multer versions >=1.4.4-lts.1 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandle...
Multer vulnerable to Denial of Service via memory leaks from unclosed streams
GHSA-44fp-w29j-9vj5
CVE-2025-47935
HIGH
### Impact
Multer <2.0.0 is vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is ...
Crash in HeaderParser in dicer
GHSA-wm7h-9275-46v2
CVE-2022-24434
HIGH
This affects all versions of the package `dicer`. A malicious attacker can send a modified form to the server and crash the Node.js service. A complete denial of service can be achieved by sending ...
Multer vulnerable to Denial of Service via unhandled exception from malformed request
GHSA-fjgf-rc76-4x9p
CVE-2025-7338
HIGH
### Impact
A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled excep...
Technical Details
| ID: | 3732611 |
| UUID: | 2676176834 |
| Node ID: | PR_kwDOAyKKHs6fgzfC |
| Host: | GitHub |
| Repository: | draft-js-plugins/draft-js-plugins |
| Merge State: | Unknown |