chore(express): bump multer 1.4.4 to 1.4.4-lts.1 to fix "CVE-2022-24434"

[sushant9096]

Signed-off-by: Sushant Zope [email protected]

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines: https://github.com/nestjs/nest/blob/master/CONTRIBUTING.md
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Other... Please describe:

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

• Yes
• No

Other information

[coveralls]

Pull Request Test Coverage Report for Build 0e6ad03a-1c07-4438-87ca-2a407f4faa23

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 94.107%

---

Totals
Change from base Build 2c609ad3-53bd-44dc-9a1e-0e3b21feab0c:	0.0%
Covered Lines:	5781
Relevant Lines:	6143

---

💛 - Coveralls

[sushant9096]

updated multer package version in packages/platform-express to fix vulnerbility

[ShaharAdskAcc]

also waiting for it 👍

[hiagodotme]

Until this is released a workaround to resolve the issue is:

1. Delete node_modules folder and package-lock.json file
2. Use npm's override feature to rewrite the multer dependency to 1.4.4-lts.1

Example:

{
    ...
    "overrides": {
        "multer": "^1.4.4-lts.1"
    },
    "dependencies": {
    ...
}

Remember to delete package-lock.json and node_modules and reinstall.

[pavleprica]

@hiagodotme just to expand that one, it has a requirement of npm >= 8.3.0. More on overriding

[hiagodotme]

Thanks @pavleprica as my npm was up to date I didn't pay attention to this detail.

[kamilmysliwiec]

lgtm