This repository has been archived by the owner on Feb 12, 2021. It is now read-only.
s3 relies on outdated mime package with security issue #190
Comments
|
Yes, this is breaking our builds. I've submitted a PR to bump that version here #191 Can we merge this? |
|
+1 |
|
This repository seems to be dead. I am going to either change it to something else or fork it. Last commit was in Jan 19, 2017. |
|
FYI: Fork with updated dependencies: |
|
Thank you @matrus2 -- your fork works for me (appears to resolve an unrelated bug I was hitting)! Recommend -- are you planning to maintain the fork? |
|
@breathe Yes, this is a plan. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It looks like node-s3-client requires mime@~1.2.11 which is vulnerable to a regular expression denial of service exploit. This exploit is fixed in mime@^1.4.1 or mime@^2.0.3
The text was updated successfully, but these errors were encountered: