Merge pull request #2819 from mvanhorn/fix/2753-bump-multer-cve

fix(security): bump multer to 2.1.1 to fix HIGH CVEs

package.json

@@ -51,6 +51,9 @@
   "pnpm": {
     "patchedDependencies": {
       "embedded-postgres@18.1.0-beta.16": "patches/embedded-postgres@18.1.0-beta.16.patch"
+    },
+    "overrides": {
+      "rollup": ">=4.59.0"
     }
   }
 }

packages/plugins/examples/plugin-authoring-smoke-example/package.json

@@ -34,7 +34,7 @@
     "@types/node": "^24.6.0",
     "@types/react": "^19.0.8",
     "esbuild": "^0.27.3",
-    "rollup": "^4.38.0",
+    "rollup": "^4.59.0",
     "tslib": "^2.8.1",
     "typescript": "^5.7.3",
     "vitest": "^3.0.5"

server/package.json

@@ -68,7 +68,7 @@
     "express": "^5.1.0",
     "hermes-paperclip-adapter": "^0.2.0",
     "jsdom": "^28.1.0",
-    "multer": "^2.0.2",
+    "multer": "^2.1.1",
     "open": "^11.0.0",
     "pino": "^9.6.0",
     "pino-http": "^10.4.0",