fix(formdata): updated busboy to 1.6.0 to remove vulnerability

Author: davidtucker

lib/middleware/formData.js

@@ -1,13 +1,5 @@
 import Busboy from 'busboy';
 
-const getConfig = event => {
-  return {
-    headers: {
-      'content-type': event.headers['content-type'] || event.headers['Content-Type'],
-    },
-  };
-};
-
 export const parseMultipartFormData = async request => {
   const { event } = request;
 
@@ -16,12 +8,15 @@ export const parseMultipartFormData = async request => {
     fields: {},
   };
 
-  const busboy = new Busboy(getConfig(event));
+  const busboyHeaders = { ...request.headers };
+  busboyHeaders['content-type'] = event.headers['content-type'] || event.headers['Content-Type'];
+
+  const busboy = Busboy({ headers: busboyHeaders });
 
   return new Promise((resolve, reject) => {
     const buffers = [];
-
-    busboy.on('file', (fieldName, file, fileName, encoding, mimeType) => {
+    busboy.on('file', (name, file, info) => {
+      const { filename, encoding, mimeType } = info;
       const userSubmittedFile = {};
 
       file.on('data', data => {
@@ -33,10 +28,10 @@ export const parseMultipartFormData = async request => {
       file.on('end', () => {
         if (buffers.length) {
           userSubmittedFile.content = Buffer.concat(buffers);
-          userSubmittedFile.fileName = fileName;
+          userSubmittedFile.fileName = filename;
           userSubmittedFile.contentType = mimeType;
           userSubmittedFile.encoding = encoding;
-          userSubmittedFile.fieldName = fieldName;
+          userSubmittedFile.fieldName = name;
           formData.files.push(userSubmittedFile);
         }
       });
@@ -50,7 +45,7 @@ export const parseMultipartFormData = async request => {
       reject(error);
     });
 
-    busboy.on('finish', () => {
+    busboy.on('close', () => {
       request.addRequestData('formData', formData);
       resolve();
     });