Skip to content

fix: upgrade multer to 2.1.1 to resolve DoS vulnerability#4314

Open
angelcaamal wants to merge 2 commits into
mainfrom
chore/update-multer-package
Open

fix: upgrade multer to 2.1.1 to resolve DoS vulnerability#4314
angelcaamal wants to merge 2 commits into
mainfrom
chore/update-multer-package

Conversation

@angelcaamal
Copy link
Copy Markdown
Contributor

@angelcaamal angelcaamal commented May 13, 2026
edited
Loading

Description

Fixes Internal: b/512910668

Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.

Checklist

  • I have followed guidelines from CONTRIBUTING.MD and Samples Style Guide
  • Tests pass: npm test (see Testing)
  • Lint pass: npm run lint (see Style)
  • Required CI tests pass (see CI testing)
  • These samples need a new API enabled in testing projects to pass (let us know which ones)
  • These samples need a new/updated env vars in testing projects set to pass (let us know which ones)
  • This pull request is from a branch created directly off of GoogleCloudPlatform/nodejs-docs-samples. Not a fork.
  • This sample adds a new sample directory, and I updated the CODEOWNERS file with the codeowners for this sample
  • This sample adds a new sample directory, and I created GitHub Actions workflow for this sample
  • This sample adds a new Product API, and I updated the Blunderbuss issue/PR auto-assigner with the codeowners for this sample
  • Please merge this PR for me once it is approved

Note: Any check with (dev), (experimental), or (legacy) can be ignored and should not block your PR from merging (see CI testing).

@angelcaamal angelcaamal added api: storage Issues related to the Cloud Storage API. samples Issues that are directly related to samples. labels May 13, 2026
@product-auto-label product-auto-label Bot added api: appengine Issues related to the App Engine Admin API API. asset: pattern DEE Asset tagging - Pattern. labels May 13, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request attempts to update the multer dependency version across several package.json files. However, the specified version ^2.1.1 does not exist on the npm registry, which will cause installation failures. It is recommended to revert to the stable ^1.4.5-lts.1 version, as 2.x versions are currently in pre-release and involve breaking changes.

Comment thread appengine/storage/flexible/package.json
Comment thread appengine/storage/flexible_nodejs16_and_earlier/package.json
Comment thread appengine/storage/standard/package.json
@angelcaamal angelcaamal marked this pull request as ready for review May 13, 2026 19:57
@angelcaamal angelcaamal requested review from a team as code owners May 13, 2026 19:57
@angelcaamal angelcaamal changed the title chore(deps): update multer to ^2.1.1 in appengine storage samples fix: upgrade multer to 2.1.1 to resolve DoS vulnerability Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

api: appengine Issues related to the App Engine Admin API API. api: storage Issues related to the Cloud Storage API. asset: pattern DEE Asset tagging - Pattern. samples Issues that are directly related to samples.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@angelcaamal