chore(deps): update dependency fastify-multipart to v5.3.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
fastify-multipart	5.3.0 -> 5.3.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

GitHub Vulnerability Alerts

CVE-2021-23597

Impact

This is a bypass of CVE-2020-8136 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8136).
By providing a name=constructor property it is still possible to crash the application.
The original fix only checks for the key __proto__ (https://github.com/fastify/fastify-multipart/pull/116).

All users are recommended to upgrade

Patches

v5.3.1 includes a patch

Workarounds

No workarounds are possible.

References

Read up https://www.fastify.io/docs/latest/Guides/Prototype-Poisoning/

For more information

If you have any questions or comments about this advisory:

• Open an issue in https://github.com/fastify/fastify-multipart
• Email us at [email protected]

---

Release Notes

fastify/fastify-multipart (fastify-multipart)

v5.3.1

Compare Source

Security Release

• Fix for GHSA-qh73-qc3p-rjv2, CVE CVE-2021-23597

What's Changed

• build: reduce dependabot update frequency by @​Fdawgs in https://github.com/fastify/fastify-multipart/pull/323
• build(deps): bump fastify/github-action-merge-dependabot from 2.7.1 to 3 by @​Fdawgs in https://github.com/fastify/fastify-multipart/pull/325

Full Changelog: fastify/fastify-multipart@v5.3.0...v5.3.1

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.