multer DoS via deeply nested field names in multipart form data

Multer is vulnerable to a Denial of Service (DoS) via deeply nested field names in multipart form data. The `append-field` dependency parses bracket notation in field names (e.g., `a[b][c]`) with no limit on nesting depth, allowing an attacker to force allocation of deeply nested object structures that consume CPU and memory.

Applications using Multer to parse multipart form data, especially those that accept user-uploaded files or form fields.

Upgrade to Multer 2.2.0 and configure `limits.fieldNestingDepth` to the minimum depth your application requires. As a workaround, set `limits.fields` to a reasonable value.