Bumped multer 2.0.2 -> 2.1.1 in ghost/core

[9larsons]

Summary

Bumps multer in ghost/core from 2.0.2 to 2.1.1 to clear three high-severity advisories. Minor version within the 2.x major — no API changes; multer(), upload.single(), upload.fields(), and multer.MulterError behave identically.

Advisories cleared

CVE	severity	fixed in
CVE-2026-3304	high	2.1.0
CVE-2026-2359	high	2.1.0
CVE-2026-3520	high	2.1.1

pnpm audit total: 123 → 120 (−3 high).

Test plan

• Upload middleware unit tests (test/unit/server/web/api/middleware/upload.test.js) — 14 / 14 passing
• ghost/core full unit suite — 6200 / 6200 passing
• CI green (covers integration + e2e API)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 895068bc-eba9-4ce4-8e67-14d6928f3afc

📥 Commits

Reviewing files that changed from the base of the PR and between ec21010 and cd35c6c.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• ghost/core/package.json

---

Walkthrough

The pull request updates the multer dependency version in the Ghost core package configuration. The version constraint for multer is changed from 2.0.2 to 2.1.1 in ghost/core/package.json. This is a patch-level version update within the 2.x release line. No public APIs, exported interfaces, or other external contracts are affected by this change.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly matches the primary change: bumping multer from 2.0.2 to 2.1.1 in ghost/core, clearly summarizing the main objective.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, providing context on the bump, advisories cleared, and test results.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dep-bumps/multer-2.1.1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.14%. Comparing base (b119490) to head (cd35c6c).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #27574   +/-   ##
=======================================
  Coverage   73.14%   73.14%           
=======================================
  Files        1557     1557           
  Lines      126189   126189           
  Branches    15309    15310    +1     
=======================================
+ Hits        92301    92303    +2     
+ Misses      32909    32908    -1     
+ Partials      979      978    -1     

Flag	Coverage Δ
admin-tests	49.79% <ø> (+0.01%)	⬆️
e2e-tests	73.14% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.