s3 relies on outdated mime package with security issue
naderm opened this issue · 6 comments
naderm commented
It looks like node-s3-client requires mime@~1.2.11 which is vulnerable to a regular expression denial of service exploit. This exploit is fixed in mime@^1.4.1 or mime@^2.0.3
carterbancroft commented
Yes, this is breaking our builds. I've submitted a PR to bump that version here #191
Can we merge this?
matrus2 commented
+1
matrus2 commented
This repository seems to be dead. I am going to either change it to something else or fork it. Last commit was in Jan 19, 2017.
matrus2 commented
FYI: Fork with updated dependencies: