andrewrk/node-s3-client

s3 relies on outdated mime package with security issue

naderm opened this issue · 6 comments

It looks like node-s3-client requires mime@~1.2.11 which is vulnerable to a regular expression denial of service exploit. This exploit is fixed in mime@^1.4.1 or mime@^2.0.3

Yes, this is breaking our builds. I've submitted a PR to bump that version here #191

Can we merge this?

+1

This repository seems to be dead. I am going to either change it to something else or fork it. Last commit was in Jan 19, 2017.

FYI: Fork with updated dependencies:

https://github.com/matrus2/node-s3-client

Thank you @matrus2 -- your fork works for me (appears to resolve an unrelated bug I was hitting)!

Recommend -- are you planning to maintain the fork?

@breathe Yes, this is a plan.