I'm currently working on a node project that uses multer and multer-gridfs-storage.
I'm trying to use multer version 1.4.4-lts.1. When I install multer and specify this version on its own, node installs it as expected. However, when I install all the dependencies of the project (via a simple npm install), the version of multer changes to 1.4.4.
This wouldn't be a huge deal, except 1.4.4 has a high-severity CVE, and I'd really like to avoid that by using 1.4.4-lts.1.
Steps to reproduce
I've run npm install [email protected], and I have ensured that my package.json and package-lock.json files show multer version 1.4.4-lts.1.
However, when I then run npm install (either in the same environment or from within a Docker container), it changes the multer version to 1.4.4. Additionally, when I then run npm install [email protected] again, npm alerts me of a conflicting peer dependency with multer-gridfs-storage:
A screenshot of a bash terminal showing what happens when installing multer 1.4.4-lts.1 after previously installing multer 1.4.4.
Is there any way I can ensure that node installs [email protected], while still satisfying multer-gridfs-storage's dependency?