Update to version 6.2.6 (#554)

Author: simonkrol

.gitignore

@@ -10,6 +10,7 @@
 
 # dependencies
 **/node_modules
+**/modules
 
 # test assets
 **/coverage

CHANGELOG.md

@@ -5,12 +5,44 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [6.2.5] - 2024-01-12
+## [6.2.6] - 2024-06-27
+
+### Added
+- StackId tag to CloudFrontLoggingBucket and its bucket name as a CfnOutput [#529](https://github.com/aws-solutions/serverless-image-handler/issues/529)
+- Test case to verify UTF-8 support in object key [#320](https://github.com/aws-solutions/serverless-image-handler/pull/320)
+- Test cases to verify crop functionality [#459](https://github.com/aws-solutions/serverless-image-handler/pull/459)
+- VERSION.txt and build script change to auto-update local package versions
+- S3:bucket-name tag for defining which source bucket to use in thumbor style requests [#521](https://github.com/aws-solutions/serverless-image-handler/pull/521)
+- Ability to override whether an image should be animated [#456](https://github.com/aws-solutions/serverless-image-handler/issues/456)
+- Support for 8-bit depth AVIF image type inference [#360](https://github.com/aws-solutions/serverless-image-handler/issues/360)
+
+### Changed
+- Decreased permissions allotted to CustomResource Lambda and ImageHandler Lambda
+- cdk update to 2.124.0
+- aws-solutions-constructs update to 2.51.0
+- SourceBucketsParameter to require explicit bucket names
+- Demo-ui dependency update
+- Demo-ui to be a package and manage script/stylesheet dependencies through NPM
+- Modified JPEG SOI marker parsing to only check first 2 bytes [#429]
+
+### Security
+- Upgraded follow-redirects to v1.15.6 for vulnerability CVE-2024-28849
+- Upgraded braces to v3.0.3 for vulnerability CVE-2024-4068
+
+### Removed
+- Unused CopyS3Assets custom resource
+
+### Fixed
+- Some error messages indicating incorrect file types
+- Solution version and id not being passed to Backend Lambda
+- Thumbor-style URL matching being overly permissive
+
+
+## [6.2.5] - 2024-01-03
 
 ### Fixed
 
 - Ensure accurate image metadata when generating Amazon Rekognition compatible images [#374](https://github.com/aws-solutions/serverless-image-handler/issues/374)
-- Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159
 - Exclude demo-ui-config from being deleted upon BucketDeployment update sync when updating to a new version
 
 ### Changed
@@ -20,6 +52,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - typescript update to 5.3.3
 - GIF files without multiple pages are now treated as non-animated, allowing all filters to be used on them [#460](https://github.com/aws-solutions/serverless-image-handler/issues/460)
 
+### Security
+
+- Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159
+
 ## [6.2.4] - 2023-12-06
 
 ### Changed

README.md

@@ -105,6 +105,8 @@ This solution collects anonymous operational metrics to help AWS improve the qua
 - [@Fjool](https://github.com/Fjool) for [#489](https://github.com/aws-solutions/serverless-image-handler/pull/489)
 - [@fvsnippets](https://github.com/fvsnippets) for [#373](https://github.com/aws-solutions/serverless-image-handler/pull/373), [#380](https://github.com/aws-solutions/serverless-image-handler/pull/380)
 - [@ccchapman](https://github.com/ccchapman) for [#490](https://github.com/aws-solutions/serverless-image-handler/pull/490)
+- [@bennet-esyoil][https://github.com/bennet-esyoil] for [#521](https://github.com/aws-solutions/serverless-image-handler/pull/521)
+- [@vaniyokk][https://github.com/vaniyokk] for [#511](https://github.com/aws-solutions/serverless-image-handler/pull/511)
 
 # License
 

VERSION.txt

@@ -0,0 +1 @@
+6.2.6

deployment/build-s3-dist.sh

@@ -32,6 +32,9 @@ mkdir -p "$template_dist_dir"
 rm -rf "$build_dist_dir"
 mkdir -p "$build_dist_dir"
 
+headline "[Init] Ensure package versions are updated"
+npm --prefix "$source_dir" run bump-version
+
 headline "[Build] Synthesize cdk template and assets"
 cd "$cdk_source_dir"
 npm run clean:install

deployment/cdk-solution-helper/package-lock.json

@@ -22,7 +22,7 @@
   },
   "dependencies": {
     "adm-zip": "^0.5.10",
-    "aws-cdk-lib": "^2.118.0"
+    "aws-cdk-lib": "^2.124.0"
   },
   "overrides": {
     "semver": "7.5.4"

deployment/cdk-solution-helper/package.json

@@ -20,12 +20,13 @@ if (DIST_OUTPUT_BUCKET && SOLUTION_NAME && VERSION)
 
 const app = new App();
 const solutionDisplayName = "Serverless Image Handler";
-const description = `(${app.node.tryGetContext("solutionId")}) - ${solutionDisplayName}. Version ${VERSION ?? app.node.tryGetContext("solutionVersion")}`;
+const solutionVersion = VERSION ?? app.node.tryGetContext("solutionVersion");
+const description = `(${app.node.tryGetContext("solutionId")}) - ${solutionDisplayName}. Version ${solutionVersion}`;
 // eslint-disable-next-line no-new
 new ServerlessImageHandlerStack(app, "ServerlessImageHandlerStack", {
-  synthesizer: synthesizer,
-  description: description,
+  synthesizer,
+  description,
   solutionId: app.node.tryGetContext("solutionId"),
-  solutionVersion: app.node.tryGetContext("solutionVersion"),
+  solutionVersion,
   solutionName: app.node.tryGetContext("solutionName"),
 });

source/constructs/bin/constructs.ts

@@ -2,7 +2,7 @@
   "app": "npx ts-node --prefer-ts-exts bin/constructs.ts",
   "context": {
     "solutionId": "SO0023",
-    "solutionVersion": "custom-v6.2.5",
+    "solutionVersion": "custom-v6.2.6",
     "solutionName": "serverless-image-handler"
   }
 }

source/constructs/cdk.json

@@ -31,11 +31,13 @@ import * as api from "aws-cdk-lib/aws-apigateway";
 
 export interface BackEndProps extends SolutionConstructProps {
   readonly solutionVersion: string;
+  readonly solutionId: string;
   readonly solutionName: string;
   readonly secretsManagerPolicy: Policy;
   readonly logsBucket: IBucket;
   readonly uuid: string;
   readonly cloudFrontPriceClass: string;
+  readonly createSourceBucketsResource: (key?: string) => string[];
 }
 
 export class BackEnd extends Construct {
@@ -64,15 +66,16 @@ export class BackEnd extends Construct {
           ],
         }),
         new PolicyStatement({
-          actions: ["s3:GetObject", "s3:PutObject", "s3:ListBucket"],
-          resources: [
-            Stack.of(this).formatArn({
-              service: "s3",
-              resource: "*",
-              region: "",
-              account: "",
-            }),
-          ],
+          actions: ["s3:GetObject"],
+          resources: props.createSourceBucketsResource("/*"),
+        }),
+        new PolicyStatement({
+          actions: ["s3:ListBucket"],
+          resources: props.createSourceBucketsResource(),
+        }),
+        new PolicyStatement({
+          actions: ["s3:GetObject"],
+          resources: [`arn:aws:s3:::${props.fallbackImageS3Bucket}/${props.fallbackImageS3KeyBucket}`],
         }),
         new PolicyStatement({
           actions: ["rekognition:DetectFaces", "rekognition:DetectModerationLabels"],
@@ -106,6 +109,8 @@ export class BackEnd extends Construct {
         ENABLE_DEFAULT_FALLBACK_IMAGE: props.enableDefaultFallbackImage,
         DEFAULT_FALLBACK_IMAGE_BUCKET: props.fallbackImageS3Bucket,
         DEFAULT_FALLBACK_IMAGE_KEY: props.fallbackImageS3KeyBucket,
+        SOLUTION_VERSION: props.solutionVersion,
+        SOLUTION_ID: props.solutionId,
       },
       bundling: {
         externalModules: ["sharp"],