Skip to content
This repository has been archived by the owner on Feb 12, 2021. It is now read-only.

Update Mime to fix https://nodesecurity.io/advisories/535 #191

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Mime to fix https://nodesecurity.io/advisories/535 #191

wants to merge 1 commit into from

Conversation

carterbancroft
Copy link

Fixes #190

A RegEx denial of service attack was discovered/reported in the Mime package breaking CI builds for anyone using Node Package Security in their build process. The exploit has been fixed in Mime v1.4.1 and v2.0.3, see: https://github.com/broofa/node-mime/releases

@carterbancroft carterbancroft mentioned this pull request Sep 29, 2017
Open
@carterbancroft carterbancroft changed the title Bump mime package to fix https://nodesecurity.io/advisories/535 Bump mime package version to fix https://nodesecurity.io/advisories/535 Sep 29, 2017
@carterbancroft carterbancroft changed the title Bump mime package version to fix https://nodesecurity.io/advisories/535 Update Mime to fix https://nodesecurity.io/advisories/535 Sep 29, 2017
@sam-breed-ck
Copy link

@andrewrk any indication of when this will be merged? automated nsp checks in CI are pretty common, and I'd hate to have to use a fork because of this 🚫 🍴

Thanks!

@StoneCypher
Copy link

@andrewrk please merge

@carterbancroft
Copy link
Author

@andrewrk yeah just checking in on getting this merged... I know someone has forked it but it seems like it'd be ideal to fix this in the original repo.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

s3 relies on outdated mime package with security issue
3 participants
@carterbancroft @sam-breed-ck @StoneCypher