npm - @remotion/lambda-client - Versions diffs - 4.0.416 → 4.0.418 - Mend

@remotion/lambda-client 4.0.416 → 4.0.418

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cjs/index.js CHANGED Viewed

@@ -66556,7 +66556,7 @@ var validateDownloadBehavior = (downloadBehavior) => {
     }
   }
 };
-var VERSION = "4.0.416";
+var VERSION = "4.0.418";
 var isColorSupported = () => {
   const env = process.env || {};
   const isForceDisabled = "NO_COLOR" in env;
@@ -67059,6 +67059,17 @@ var calculateChunkTimes = ({
   }
   throw new Error("invalid time for calculate chunk times");
 };
+var checkBucketListing = async ({
+  bucketName,
+  region
+}) => {
+  try {
+    const res = await fetch(`https://${bucketName}.s3.${region}.amazonaws.com/`);
+    if (res.status === 200) {
+      console.warn(`Warning: Your bucket ${bucketName} allows public listing of its contents. See https://remotion.dev/docs/lambda/bucket-security for how to fix this.`);
+    }
+  } catch {}
+};
 var makeBucketName = (region, providerSpecifics) => {
   return `${providerSpecifics.getBucketPrefix()}${region.replace(/-/g, "")}-${providerSpecifics.randomHash()}`;
 };
@@ -67083,6 +67094,7 @@ var internalGetOrCreateBucket = async (params) => {
       forcePathStyle: params.forcePathStyle,
       requestHandler: params.requestHandler
     });
+    await checkBucketListing({ bucketName: existingBucketName, region });
     return { bucketName: remotionBuckets[0].name, alreadyExisted: true };
   }
   const bucketName = makeBucketName(params.region, params.providerSpecifics);
@@ -67091,7 +67103,8 @@ var internalGetOrCreateBucket = async (params) => {
     region: params.region,
     forcePathStyle: params.forcePathStyle,
     skipPutAcl: params.skipPutAcl,
-    requestHandler: params.requestHandler
+    requestHandler: params.requestHandler,
+    logLevel: params.logLevel
   });
   await params.providerSpecifics.applyLifeCycle({
     enableFolderExpiry: enableFolderExpiry ?? null,
@@ -67173,7 +67186,8 @@ var compressInputProps = async ({
   providerSpecifics,
   forcePathStyle,
   skipPutAcl,
-  requestHandler
+  requestHandler,
+  logLevel
 }) => {
   const hash = providerSpecifics.randomHash();
   if (needsToUpload) {
@@ -67184,7 +67198,8 @@ var compressInputProps = async ({
       providerSpecifics,
       forcePathStyle,
       skipPutAcl,
-      requestHandler
+      requestHandler,
+      logLevel
     })).bucketName;
     await providerSpecifics.writeFile({
       body: stringifiedInputProps,
@@ -68961,6 +68976,33 @@ var createBucket = async ({ region, bucketName, forcePathStyle, requestHandler }
     }
     throw err;
   }
+  let usedBucketPolicy = false;
+  try {
+    const policy = JSON.stringify({
+      Version: "2012-10-17",
+      Statement: [
+        {
+          Sid: "PublicReadGetObject",
+          Effect: "Allow",
+          Principal: "*",
+          Action: "s3:GetObject",
+          Resource: `arn:aws:s3:::${bucketName}/*`
+        }
+      ]
+    });
+    await getS3Client({
+      region,
+      customCredentials: null,
+      forcePathStyle,
+      requestHandler
+    }).send(new import_client_s33.PutBucketPolicyCommand({
+      Bucket: bucketName,
+      Policy: policy
+    }));
+    usedBucketPolicy = true;
+  } catch {
+    console.warn("Could not apply a bucket policy to restrict public access to s3:GetObject only. Falling back to public-read ACL which also allows listing objects. To fix this, add the s3:PutBucketPolicy permission to your IAM user. See https://remotion.dev/docs/lambda/bucket-security");
+  }
   try {
     await getS3Client({
       region,
@@ -68969,7 +69011,7 @@ var createBucket = async ({ region, bucketName, forcePathStyle, requestHandler }
       requestHandler
     }).send(new import_client_s33.PutBucketAclCommand({
       Bucket: bucketName,
-      ACL: "public-read"
+      ACL: usedBucketPolicy ? "private" : "public-read"
     }));
   } catch (err) {
     if (err.message.includes("The bucket does not allow ACLs")) {
@@ -70640,7 +70682,7 @@ var lambdaWriteFileImplementation = async (params) => {
 };
 // src/aws-provider.ts
-if (/^AWS_Lambda_nodejs(?:18|20)[.]x$/.test(process.env.AWS_EXECUTION_ENV ?? "") === true) {
+if (/^AWS_Lambda_nodejs(?:18|20|24)[.]x$/.test(process.env.AWS_EXECUTION_ENV ?? "") === true) {
   process.env.FONTCONFIG_PATH = "/opt";
   process.env.FONTCONFIG_FILE = "/opt/fonts.conf";
   process.env.DISABLE_FROM_SURFACE = "1";
@@ -71047,7 +71089,8 @@ var makeLambdaRenderMediaPayload = async ({
     providerSpecifics: awsImplementation,
     forcePathStyle: forcePathStyle ?? false,
     skipPutAcl: privacy === "no-acl",
-    requestHandler: requestHandler ?? null
+    requestHandler: requestHandler ?? null,
+    logLevel
   });
   return {
     rendererFunctionName,
@@ -71166,7 +71209,8 @@ var makeLambdaRenderStillPayload = async ({
     providerSpecifics: awsImplementation,
     forcePathStyle,
     skipPutAcl: privacy === "no-acl",
-    requestHandler
+    requestHandler,
+    logLevel
   });
   return {
     composition,
@@ -71688,7 +71732,8 @@ var getCompositionsOnLambda = async ({
     providerSpecifics: awsImplementation,
     forcePathStyle: forcePathStyle ?? false,
     skipPutAcl: false,
-    requestHandler
+    requestHandler,
+    logLevel: logLevel ?? "info"
   });
   try {
     const res = await awsImplementation.callFunctionSync({

package/dist/esm/index.mjs CHANGED Viewed

@@ -65899,7 +65899,7 @@ var validateDownloadBehavior = (downloadBehavior) => {
     }
   }
 };
-var VERSION = "4.0.416";
+var VERSION = "4.0.418";
 var isColorSupported = () => {
   const env = process.env || {};
   const isForceDisabled = "NO_COLOR" in env;
@@ -66402,6 +66402,17 @@ var calculateChunkTimes = ({
   }
   throw new Error("invalid time for calculate chunk times");
 };
+var checkBucketListing = async ({
+  bucketName,
+  region
+}) => {
+  try {
+    const res = await fetch(`https://${bucketName}.s3.${region}.amazonaws.com/`);
+    if (res.status === 200) {
+      console.warn(`Warning: Your bucket ${bucketName} allows public listing of its contents. See https://remotion.dev/docs/lambda/bucket-security for how to fix this.`);
+    }
+  } catch {}
+};
 var makeBucketName = (region, providerSpecifics) => {
   return `${providerSpecifics.getBucketPrefix()}${region.replace(/-/g, "")}-${providerSpecifics.randomHash()}`;
 };
@@ -66426,6 +66437,7 @@ var internalGetOrCreateBucket = async (params) => {
       forcePathStyle: params.forcePathStyle,
       requestHandler: params.requestHandler
     });
+    await checkBucketListing({ bucketName: existingBucketName, region });
     return { bucketName: remotionBuckets[0].name, alreadyExisted: true };
   }
   const bucketName = makeBucketName(params.region, params.providerSpecifics);
@@ -66434,7 +66446,8 @@ var internalGetOrCreateBucket = async (params) => {
     region: params.region,
     forcePathStyle: params.forcePathStyle,
     skipPutAcl: params.skipPutAcl,
-    requestHandler: params.requestHandler
+    requestHandler: params.requestHandler,
+    logLevel: params.logLevel
   });
   await params.providerSpecifics.applyLifeCycle({
     enableFolderExpiry: enableFolderExpiry ?? null,
@@ -66516,7 +66529,8 @@ var compressInputProps = async ({
   providerSpecifics,
   forcePathStyle,
   skipPutAcl,
-  requestHandler
+  requestHandler,
+  logLevel
 }) => {
   const hash = providerSpecifics.randomHash();
   if (needsToUpload) {
@@ -66527,7 +66541,8 @@ var compressInputProps = async ({
       providerSpecifics,
       forcePathStyle,
       skipPutAcl,
-      requestHandler
+      requestHandler,
+      logLevel
     })).bucketName;
     await providerSpecifics.writeFile({
       body: stringifiedInputProps,
@@ -68304,6 +68319,33 @@ var createBucket = async ({ region, bucketName, forcePathStyle, requestHandler }
     }
     throw err;
   }
+  let usedBucketPolicy = false;
+  try {
+    const policy = JSON.stringify({
+      Version: "2012-10-17",
+      Statement: [
+        {
+          Sid: "PublicReadGetObject",
+          Effect: "Allow",
+          Principal: "*",
+          Action: "s3:GetObject",
+          Resource: `arn:aws:s3:::${bucketName}/*`
+        }
+      ]
+    });
+    await getS3Client({
+      region,
+      customCredentials: null,
+      forcePathStyle,
+      requestHandler
+    }).send(new import_client_s33.PutBucketPolicyCommand({
+      Bucket: bucketName,
+      Policy: policy
+    }));
+    usedBucketPolicy = true;
+  } catch {
+    console.warn("Could not apply a bucket policy to restrict public access to s3:GetObject only. Falling back to public-read ACL which also allows listing objects. To fix this, add the s3:PutBucketPolicy permission to your IAM user. See https://remotion.dev/docs/lambda/bucket-security");
+  }
   try {
     await getS3Client({
       region,
@@ -68312,7 +68354,7 @@ var createBucket = async ({ region, bucketName, forcePathStyle, requestHandler }
       requestHandler
     }).send(new import_client_s33.PutBucketAclCommand({
       Bucket: bucketName,
-      ACL: "public-read"
+      ACL: usedBucketPolicy ? "private" : "public-read"
     }));
   } catch (err) {
     if (err.message.includes("The bucket does not allow ACLs")) {
@@ -70467,7 +70509,7 @@ var lambdaWriteFileImplementation = async (params) => {
 };
 // src/aws-provider.ts
-if (/^AWS_Lambda_nodejs(?:18|20)[.]x$/.test(process.env.AWS_EXECUTION_ENV ?? "") === true) {
+if (/^AWS_Lambda_nodejs(?:18|20|24)[.]x$/.test(process.env.AWS_EXECUTION_ENV ?? "") === true) {
   process.env.FONTCONFIG_PATH = "/opt";
   process.env.FONTCONFIG_FILE = "/opt/fonts.conf";
   process.env.DISABLE_FROM_SURFACE = "1";
@@ -70874,7 +70916,8 @@ var makeLambdaRenderMediaPayload = async ({
     providerSpecifics: awsImplementation,
     forcePathStyle: forcePathStyle ?? false,
     skipPutAcl: privacy === "no-acl",
-    requestHandler: requestHandler ?? null
+    requestHandler: requestHandler ?? null,
+    logLevel
   });
   return {
     rendererFunctionName,
@@ -70993,7 +71036,8 @@ var makeLambdaRenderStillPayload = async ({
     providerSpecifics: awsImplementation,
     forcePathStyle,
     skipPutAcl: privacy === "no-acl",
-    requestHandler
+    requestHandler,
+    logLevel
   });
   return {
     composition,
@@ -71515,7 +71559,8 @@ var getCompositionsOnLambda = async ({
     providerSpecifics: awsImplementation,
     forcePathStyle: forcePathStyle ?? false,
     skipPutAcl: false,
-    requestHandler
+    requestHandler,
+    logLevel: logLevel ?? "info"
   });
   try {
     const res = await awsImplementation.callFunctionSync({

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
 		"url": "https://github.com/remotion-dev/remotion/tree/main/packages/lambda-client"
 	},
 	"name": "@remotion/lambda-client",
-	"version": "4.0.416",
+	"version": "4.0.418",
 	"main": "dist/cjs/index.js",
 	"sideEffects": false,
 	"scripts": {
@@ -26,10 +26,10 @@
 		"@aws-sdk/lib-storage": "3.936.0",
 		"mime-types": "2.1.34",
 		"@aws-sdk/credential-provider-ini": "3.936.0",
-		"@remotion/serverless-client": "4.0.416",
+		"@remotion/serverless-client": "4.0.418",
 		"@types/express": "^5.0.0",
 		"express": "4.21.0",
-		"@remotion/eslint-config-internal": "4.0.416",
+		"@remotion/eslint-config-internal": "4.0.418",
 		"eslint": "9.19.0",
 		"next": "16.1.5",
 		"@types/mime-types": "2.1.1"