Use newer S3 node package to patch security vulnerability with mime < 1.4.1 #10

emerick · 2018-08-14T17:22:37Z

Fixes #9

I tested by running the following command locally, which uses release-tools to upload the Brave Dark Theme extension to S3:

node bin/updateExtensions.js \
     --chromium=0.0.0.0 \
     --id bfdgpgibhagkpdlnjonhkabjoijopoge \
     --location=../vault-updater/data \
     --path=c:/mongoose/bfdgpgibhagkpdlnjonhkabjoijopoge/extension_1_0_0.crx \
     --version=1.0.0 \
     --v=2

… 1.4.1

emerick · 2018-08-14T17:27:18Z

@aekeus / @bsclifton This is to address a security vulnerability in mime 1.4.1, see #9 for additional details. I don't have permission to add a reviewer to this it seems, but was hoping one of you could take a look.

bsclifton

LGTM - once merged, we can easily test by doing browser-laptop builds

emerick · 2018-08-15T00:09:44Z

Thanks @bsclifton!

Use newer S3 node package to patch security vulnerability with mime <…

4daa0db

… 1.4.1

bsclifton requested review from aekeus and bsclifton August 14, 2018 22:53

bsclifton approved these changes Aug 14, 2018

View reviewed changes

aekeus approved these changes Aug 15, 2018

View reviewed changes

aekeus merged commit 157a84f into brave:master Aug 15, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use newer S3 node package to patch security vulnerability with mime < 1.4.1 #10

Use newer S3 node package to patch security vulnerability with mime < 1.4.1 #10

emerick commented Aug 14, 2018

emerick commented Aug 14, 2018

bsclifton left a comment

emerick commented Aug 15, 2018

Use newer S3 node package to patch security vulnerability with mime < 1.4.1 #10

Use newer S3 node package to patch security vulnerability with mime < 1.4.1 #10

Conversation

emerick commented Aug 14, 2018

Fixes #9

emerick commented Aug 14, 2018

bsclifton left a comment

Choose a reason for hiding this comment

emerick commented Aug 15, 2018