Merge pull request #8896 from liranmauda/liran-backport-into-5.18

liranmauda · web-flow · commit fc5584f1b187 · 2025-03-24T16:13:07.000+02:00
Bumping deps to avoid CVE (16/03/2025)
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -71,9 +71,9 @@
     ]
   },
   "dependencies": {
-    "@aws-sdk/client-s3": "3.750.0",
-    "@aws-sdk/client-sts": "3.750.0",
-    "@azure/identity": "4.7.0",
+    "@aws-sdk/client-s3": "3.758.0",
+    "@aws-sdk/client-sts": "3.758.0",
+    "@azure/identity": "4.8.0",
     "@azure/monitor-query": "1.3.1",
     "@azure/storage-blob": "12.26.0",
     "@google-cloud/storage": "7.15.2",
@@ -97,41 +97,39 @@
     "jsonwebtoken": "9.0.2",
     "linux-blockutils": "0.2.0",
     "lodash": "4.17.21",
-    "mime": "3.0.0",
+    "mime-type": "5.0.2",
     "minimist": "1.2.8",
     "moment": "2.30.1",
     "moment-timezone": "0.5.47",
     "mongo-query-to-postgres-jsonb": "0.2.17",
     "mongodb": "3.7.4",
     "morgan": "1.10.0",
-    "nan": "2.22.1",
+    "nan": "2.22.2",
     "ncp": "2.0.0",
     "node-addon-api": "8.3.1",
-    "node-rdkafka": "3.3.0",
+    "node-rdkafka": "3.3.1",
     "performance-now": "2.1.0",
-    "pg": "8.13.3",
+    "pg": "8.14.0",
     "ping": "0.4.4",
     "prom-client": "15.1.3",
     "ps-node": "0.1.6",
-    "rimraf": "6.0.1",
     "seedrandom": "3.0.5",
     "setimmediate": "1.0.5",
-    "typescript": "5.7.3",
-    "uuid": "10.0.0",
+    "typescript": "5.8.2",
     "ws": "8.18.1",
     "xml2js": "0.6.2",
     "yaml": "2.7.0",
     "yauzl": "3.2.0",
     "yazl": "3.3.1"
   },
   "devDependencies": {
-    "@aws-sdk/client-iam": "3.750.0",
-    "@aws-sdk/lib-storage": "3.750.0",
+    "@aws-sdk/client-iam": "3.758.0",
+    "@aws-sdk/lib-storage": "3.758.0",
     "@stylistic/eslint-plugin-js": "1.8.1",
     "@types/jest": "29.5.14",
-    "@types/lodash": "4.17.15",
+    "@types/lodash": "4.17.16",
     "@types/mongodb": "4.0.7",
-    "@types/node": "22.13.5",
+    "@types/node": "22.13.10",
     "@types/pg": "8.11.11",
     "eslint": "8.57.1",
     "eslint-plugin-header": "3.1.1",
diff --git a/src/agent/agent_cli.js b/src/agent/agent_cli.js
@@ -10,7 +10,7 @@ const os = require('os');
 const path = require('path');
 const util = require('util');
 const repl = require('repl');
-const { v4: uuid } = require('uuid');
+const crypto = require('crypto');
 const argv = require('minimist')(process.argv);
 const S3Auth = require('aws-sdk/lib/signers/s3');
 
@@ -114,7 +114,7 @@ class AgentCLI {
                     self.client.options.address = self.params.address;
                 }
                 if (!self.params.host_id) {
-                    self.params.host_id = uuid();
+                    self.params.host_id = crypto.randomUUID();
                     return self.agent_conf.update({
                         host_id: self.params.host_id
                     });
diff --git a/src/endpoint/blob/ops/blob_put_blob.js b/src/endpoint/blob/ops/blob_put_blob.js
@@ -4,7 +4,7 @@
 const blob_utils = require('../blob_utils');
 const http_utils = require('../../../util/http_utils');
 const time_utils = require('../../../util/time_utils');
-const mime = require('mime');
+const mime = require('mime-types');
 
 
 /**
@@ -16,7 +16,7 @@ async function put_blob(req, res) {
     const { etag } = await req.object_sdk.upload_object({
         bucket: req.params.bucket,
         key: req.params.key,
-        content_type: req.headers['x-ms-blob-content-type'] || (copy_source ? undefined : (mime.getType(req.params.key) || 'application/octet-stream')),
+        content_type: req.headers['x-ms-blob-content-type'] || (copy_source ? undefined : (mime.lookup(req.params.key) || 'application/octet-stream')),
         size: req.content_length >= 0 ? req.content_length : undefined,
         md5_b64: req.content_md5 ? req.content_md5.toString('base64') : undefined,
         sha256_b64: req.content_sha256_buf ? req.content_sha256_buf.toString('base64') : undefined,
diff --git a/src/endpoint/blob/ops/blob_put_blob_blocklist.js b/src/endpoint/blob/ops/blob_put_blob_blocklist.js
@@ -5,7 +5,7 @@ const _ = require('lodash');
 
 const blob_utils = require('../blob_utils');
 const http_utils = require('../../../util/http_utils');
-const mime = require('mime');
+const mime = require('mime-types');
 
 /**
  * https://docs.microsoft.com/en-us/rest/api/storageservices/put-block-list
@@ -19,7 +19,7 @@ async function put_blob_blocklist(req, res) {
     const reply = await req.object_sdk.commit_blob_block_list({
         bucket: req.params.bucket,
         key: req.params.key,
-        content_type: req.headers['x-ms-blob-content-type'] || mime.getType(req.params.key) || 'application/octet-stream',
+        content_type: req.headers['x-ms-blob-content-type'] || mime.lookup(req.params.key) || 'application/octet-stream',
         md_conditions: http_utils.get_md_conditions(req),
         xattr: blob_utils.get_request_xattr(req),
         block_list
diff --git a/src/endpoint/s3/ops/s3_post_object_uploads.js b/src/endpoint/s3/ops/s3_post_object_uploads.js
@@ -2,7 +2,7 @@
 'use strict';
 
 const s3_utils = require('../s3_utils');
-const mime = require('mime');
+const mime = require('mime-types');
 const config = require('../../../../config');
 const S3Error = require('../s3_errors').S3Error;
 
@@ -21,7 +21,7 @@ async function post_object_uploads(req, res) {
     const reply = await req.object_sdk.create_object_upload({
         bucket: req.params.bucket,
         key: req.params.key,
-        content_type: req.headers['content-type'] || mime.getType(req.params.key) || 'application/octet-stream',
+        content_type: req.headers['content-type'] || mime.lookup(req.params.key) || 'application/octet-stream',
         content_encoding: req.headers['content-encoding'],
         xattr: s3_utils.get_request_xattr(req),
         storage_class,
diff --git a/src/endpoint/s3/ops/s3_put_bucket_lifecycle.js b/src/endpoint/s3/ops/s3_put_bucket_lifecycle.js
@@ -3,7 +3,7 @@
 
 const _ = require('lodash');
 const s3_const = require('../s3_constants');
-const { v4: uuid } = require('uuid');
+const crypto = require('crypto');
 const dbg = require('../../../util/debug_module')(__filename);
 const S3Error = require('../s3_errors').S3Error;
 
@@ -98,13 +98,13 @@ async function put_bucket_lifecycle(req) {
             }
         } else {
             // Generate a random ID if missing
-            current_rule.id = uuid();
+            current_rule.id = crypto.randomUUID();
         }
 
         // Check for duplicate ID in the rules
         if (id_set.has(current_rule.id)) {
             dbg.error('Rule ID must be unique. Found same ID for more than one rule: ', current_rule.id);
-            throw new S3Error({ ...S3Error.InvalidArgument, message: 'Rule ID must be unique. Found same ID for more than one rule'});
+            throw new S3Error({ ...S3Error.InvalidArgument, message: 'Rule ID must be unique. Found same ID for more than one rule' });
         }
         id_set.add(current_rule.id);
 
diff --git a/src/endpoint/s3/ops/s3_put_object.js b/src/endpoint/s3/ops/s3_put_object.js
@@ -5,7 +5,7 @@ const dbg = require('../../../util/debug_module')(__filename);
 const s3_utils = require('../s3_utils');
 const S3Error = require('../s3_errors').S3Error;
 const http_utils = require('../../../util/http_utils');
-const mime = require('mime');
+const mime = require('mime-types');
 const config = require('../../../../config');
 
 const s3_error_options = {
@@ -41,7 +41,7 @@ async function put_object(req, res) {
     const reply = await req.object_sdk.upload_object({
         bucket: req.params.bucket,
         key: req.params.key,
-        content_type: req.headers['content-type'] || (copy_source ? undefined : (mime.getType(req.params.key) || 'application/octet-stream')),
+        content_type: req.headers['content-type'] || (copy_source ? undefined : (mime.lookup(req.params.key) || 'application/octet-stream')),
         content_encoding: req.headers['content-encoding'],
         copy_source,
         source_stream,
diff --git a/src/hosted_agents/hosted_agents.js b/src/hosted_agents/hosted_agents.js
@@ -1,7 +1,7 @@
 /* Copyright (C) 2016 NooBaa */
 'use strict';
 
-const { v4: uuid } = require('uuid');
+const crypto = require('crypto');
 const path = require('path');
 const util = require('util');
 const fs = require('fs');
@@ -197,7 +197,7 @@ class HostedAgents {
     start_local_agent(params) {
         if (!this._started) return;
 
-        const host_id = uuid();
+        const host_id = crypto.randomUUID();
         const node_name = 'noobaa-internal-agent-' + params.name;
         const storage_path = path.join(process.cwd(), 'noobaa_storage', node_name);
 
diff --git a/src/sdk/endpoint_stats_collector.js b/src/sdk/endpoint_stats_collector.js
@@ -2,15 +2,16 @@
 'use strict';
 
 const _ = require('lodash');
-const mime = require('mime');
+const mime = require('mime-types');
 
 const dbg = require('../util/debug_module')(__filename);
 const prom_report = require('../server/analytic_services/prometheus_reporting');
 const stats_aggregator = require('../server/system_services/stats_aggregator');
 const DelayedCollector = require('../util/delayed_collector');
 const config = require('../../config');
 const cluster = /** @type {import('node:cluster').Cluster} */ (
-    /** @type {unknown} */ (require('node:cluster'))
+    /** @type {unknown} */
+    (require('node:cluster'))
 );
 
 /**
@@ -239,16 +240,20 @@ class EndpointStatsCollector {
     }
 
     update_bucket_read_counters({ bucket_name, key, content_type, }) {
-        content_type = content_type || mime.getType(key) || 'application/octet-stream';
+        content_type = content_type || mime.lookup(key) || 'application/octet-stream';
         this.endpoint_stats_collector.update({
-            bucket_counters: { [bucket_name]: { [content_type]: { read_count: 1 } } }
+            bucket_counters: {
+                [bucket_name]: {
+                    [content_type]: { read_count: 1 } } }
         });
     }
 
     update_bucket_write_counters({ bucket_name, key, content_type, }) {
-        content_type = content_type || mime.getType(key) || 'application/octet-stream';
+        content_type = content_type || mime.lookup(key) || 'application/octet-stream';
         this.endpoint_stats_collector.update({
-            bucket_counters: { [bucket_name]: { [content_type]: { write_count: 1 } } }
+            bucket_counters: {
+                [bucket_name]: {
+                    [content_type]: { write_count: 1 } } }
         });
     }
 
@@ -361,7 +366,7 @@ class EndpointStatsCollector {
     update_fork_counter() {
         // add fork related metrics to prometheus
         const code = `worker_${cluster.worker.id}`;
-        this.prom_metrics_report.inc('fork_counter', {code});
+        this.prom_metrics_report.inc('fork_counter', { code });
     }
 }
 if (cluster.isWorker) {
diff --git a/src/sdk/namespace_fs.js b/src/sdk/namespace_fs.js
@@ -7,8 +7,7 @@ const _ = require('lodash');
 const fs = require('fs');
 const path = require('path');
 const util = require('util');
-const mime = require('mime');
-const { v4: uuidv4 } = require('uuid');
+const mime = require('mime-types');
 const P = require('../util/promise');
 const dbg = require('../util/debug_module')(__filename);
 const config = require('../../config');
@@ -1270,7 +1269,7 @@ class NamespaceFS {
         let upload_path;
         // upload path is needed only when open_mode is w / for copy
         if (open_mode === 'w' || params.copy_source) {
-            const upload_id = uuidv4();
+            const upload_id = crypto.randomUUID();
             const bucket_tmp_dir_path = this.get_bucket_tmpdir_full_path();
             upload_path = path.join(bucket_tmp_dir_path, 'uploads', upload_id);
             await native_fs_utils._make_path_dirs(upload_path, fs_context);
@@ -1680,7 +1679,7 @@ class NamespaceFS {
             const fs_context = this.prepare_fs_context(object_sdk);
             await this._load_bucket(params, fs_context);
             await this._throw_if_low_space(fs_context);
-            params.obj_id = uuidv4();
+            params.obj_id = crypto.randomUUID();
             params.mpu_path = this._mpu_path(params);
             await native_fs_utils._create_path(params.mpu_path, fs_context);
             const create_params = JSON.stringify({ ...params, source_stream: null });
@@ -2460,7 +2459,7 @@ class NamespaceFS {
         const dir_content_type = stat.xattr?.[XATTR_DIR_CONTENT] && ((Number(stat.xattr?.[XATTR_DIR_CONTENT]) > 0 && 'application/octet-stream') || 'application/x-directory');
         const content_type = stat.xattr?.[XATTR_CONTENT_TYPE] ||
             (isDir && dir_content_type) ||
-            mime.getType(key) || 'application/octet-stream';
+            mime.lookup(key) || 'application/octet-stream';
 
         const storage_class = Glacier.storage_class_from_xattr(stat.xattr);
         const size = Number(stat.xattr?.[XATTR_DIR_CONTENT] || stat.size);
diff --git a/src/sdk/namespace_net_storage.js b/src/sdk/namespace_net_storage.js
@@ -5,7 +5,7 @@ const _ = require('lodash');
 const util = require('util');
 
 const P = require('../util/promise');
-const mime = require('mime');
+const mime = require('mime-types');
 const dbg = require('../util/debug_module')(__filename);
 const NetStorage = require('../util/NetStorageKit-Node-master/lib/netstorage');
 
@@ -158,7 +158,7 @@ class NamespaceNetStorage {
             size: res.size,
             etag,
             create_time: new Date(Number(res.mtime || 0) * 1000),
-            content_type: mime.getType(res.name) || 'application/octet-stream',
+            content_type: mime.lookup(res.name) || 'application/octet-stream',
             xattr,
         };
     }
diff --git a/src/server/object_services/md_store.js b/src/server/object_services/md_store.js
@@ -7,7 +7,7 @@ const _ = require('lodash');
 const assert = require('assert');
 const moment = require('moment');
 const mongodb = require('mongodb');
-const mime = require('mime');
+const mime = require('mime-types');
 
 const P = require('../../util/promise');
 const dbg = require('../../util/debug_module')(__filename);
@@ -292,7 +292,7 @@ class MDStore {
             system: obj.system,
             bucket: obj.bucket,
             key: obj.key,
-            content_type: obj.content_type || mime.getType(obj.key) || 'application/octet-stream',
+            content_type: obj.content_type || mime.lookup(obj.key) || 'application/octet-stream',
             delete_marker: true,
             create_time: new Date(),
             version_seq,
diff --git a/src/server/object_services/object_server.js b/src/server/object_services/object_server.js
@@ -7,7 +7,7 @@ require('../../util/fips');
 const _ = require('lodash');
 const os = require('os');
 const util = require('util');
-const mime = require('mime');
+const mime = require('mime-types');
 const crypto = require('crypto');
 const assert = require('assert');
 const glob_to_regexp = require('glob-to-regexp');
@@ -69,7 +69,7 @@ async function create_object_upload(req) {
         bucket: req.bucket._id,
         key: req.rpc_params.key,
         content_type: req.rpc_params.content_type ||
-            mime.getType(req.rpc_params.key) ||
+            mime.lookup(req.rpc_params.key) ||
             'application/octet-stream',
         tagging: req.rpc_params.tagging,
         storage_class: req.rpc_params.storage_class,
@@ -1661,19 +1661,19 @@ function check_md_conditions(conditions, obj) {
  * @returns {string}
  */
 function get_etag(entity, updates) {
-   const etag = updates?.etag || entity.etag;
-   if (etag) return etag;
+    const etag = updates?.etag || entity.etag;
+    if (etag) return etag;
 
-   const md5_b64 = updates?.md5_b64 || entity.md5_b64;
-   if (md5_b64) return Buffer.from(md5_b64, 'base64').toString('hex');
+    const md5_b64 = updates?.md5_b64 || entity.md5_b64;
+    if (md5_b64) return Buffer.from(md5_b64, 'base64').toString('hex');
 
-   const sha256_b64 = updates?.sha256_b64 || entity.sha256_b64;
-   if (sha256_b64) return 'sha256-' + Buffer.from(sha256_b64, 'base64').toString('hex');
+    const sha256_b64 = updates?.sha256_b64 || entity.sha256_b64;
+    if (sha256_b64) return 'sha256-' + Buffer.from(sha256_b64, 'base64').toString('hex');
 
-   const id = updates?._id || entity._id;
-   if (id) return 'id-' + id.toHexString();
+    const id = updates?._id || entity._id;
+    if (id) return 'id-' + id.toHexString();
 
-   return '';
+    return '';
 }
 
 function throw_if_maintenance(req) {
diff --git a/src/server/system_services/pool_controllers.js b/src/server/system_services/pool_controllers.js
@@ -8,7 +8,7 @@ const dbg = require('../../util/debug_module')(__filename);
 const { KubeStore } = require('../kube-store.js');
 const yaml = require('yaml');
 const Agent = require('../../agent/agent');
-const { v4: uuid } = require('uuid');
+const crypto = require('crypto');
 const js_utils = require('../../util/js_utils');
 const size_utils = require('../../util/size_utils');
 
@@ -220,7 +220,7 @@ class InProcessAgentsPoolController extends PoolController {
                 read: () => _.cloneDeep(create_node_token),
                 write: new_token => { create_node_token = _.cloneDeep(new_token); }
             },
-            host_id: uuid(),
+            host_id: crypto.randomUUID(),
             test_hostname: hostname
         });
         await agent.start();
diff --git a/src/test/system_tests/test_bucket_access.js b/src/test/system_tests/test_bucket_access.js
diff --git a/src/test/system_tests/test_node_failure.js b/src/test/system_tests/test_node_failure.js
diff --git a/src/test/unit_tests/test_lifecycle.js b/src/test/unit_tests/test_lifecycle.js
diff --git a/src/tools/s3cat.js b/src/tools/s3cat.js
diff --git a/src/util/fs_utils.js b/src/util/fs_utils.js
diff --git a/src/util/native_fs_utils.js b/src/util/native_fs_utils.js
