chore: bump up multer version to v2.1.1 [SECURITY] (#14576)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [multer](https://redirect.github.com/expressjs/multer) | [`2.1.0` →
`2.1.1`](https://renovatebot.com/diffs/npm/multer/2.1.0/2.1.1) |
![age](https://developer.mend.io/api/mc/badges/age/npm/multer/2.1.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/multer/2.1.0/2.1.1?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-2359](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc)

### Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by dropping connection during file upload,
potentially causing resource exhaustion.

### Patches

Users should upgrade to `2.1.0`

### Workarounds

None

####
[CVE-2026-3304](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p)

### Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially
causing resource exhaustion.

### Patches

Users should upgrade to `2.1.0`

### Workarounds

None

####
[CVE-2026-3520](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2)

### Impact

A vulnerability in Multer versions < 2.1.1 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially
causing stack overflow.

### Patches

Users should upgrade to `2.1.1`

### Workarounds

None

### Resources

-
https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2
- https://www.cve.org/CVERecord?id=CVE-2026-3520
-
7e66481f8b
- https://cna.openjsf.org/security-advisories.html

---

### Release Notes

<details>
<summary>expressjs/multer (multer)</summary>

###
[`v2.1.1`](https://redirect.github.com/expressjs/multer/blob/HEAD/CHANGELOG.md#211)

[Compare
Source](https://redirect.github.com/expressjs/multer/compare/v2.1.0...v2.1.1)

- Fix [CVE-2026-3520](https://www.cve.org/CVERecord?id=CVE-2026-3520)
([GHSA-5528-5vmv-3xc2](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2))
- fix error/abort handling

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41NS40IiwidXBkYXRlZEluVmVyIjoiNDMuNTUuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

yarn.lock

@@ -29128,14 +29128,14 @@ __metadata:
   linkType: hard
 
 "multer@npm:^2.0.2":
-  version: 2.1.0
-  resolution: "multer@npm:2.1.0"
+  version: 2.1.1
+  resolution: "multer@npm:2.1.1"
   dependencies:
     append-field: "npm:^1.0.0"
     busboy: "npm:^1.6.0"
     concat-stream: "npm:^2.0.0"
     type-is: "npm:^1.6.18"
-  checksum: 10/7677636ed84ebd12d67849887ab69c982a7043c1ed0d209e512500f8cff73474601fc0b6922ba07dfd872641822788d323ab795e53f6d0910a5f00b10e07b498
+  checksum: 10/fb22868caaed37d725715c14c60b740b81665265da3a026bb61954414f65b99f76b360128413b8a2a7cc1a95ecae28a42bf831fe172bb79682d19ec105b556bd
   languageName: node
   linkType: hard