High vulnerability with dependency dicer 0.3.1

[hardysabs2]

Presumably indirect dependencies such as this...

apollo-server > apollo-server-core >
@apollographql/graphql-upload-8-fork > busboy > dicer

...are of very little security risk remaining on dicer v0.3.1 with no current fix for the High audit GHSA-wm7h-9275-46v2?

Can you give any reassurances?

[glasser]

See discussion at #6485

This is only a dependency of the outdated Apollo Server 2. Upgrading to AS3 fully resolves this concern. On top of that, the feature that dicer enables in AS2 (uploads) is itself a security vulnerability by design and the latest version of AS2 makes it no longer enabled by default.