Bump version to 3.4.18

Docker: Set app user gid/uid to 1000

See merge request timvisee/send!22

Dockerfile

@@ -4,41 +4,57 @@
 # License https://gitlab.com/timvisee/send/blob/master/LICENSE
 ##
 
-
 # Build project
 FROM node:16.13-alpine3.13 AS builder
+
+RUN set -x \
+  # Change node uid/gid
+  && apk --no-cache add shadow \
+  && groupmod -g 1001 node \
+  && usermod -u 1001 -g 1001 node
+
 RUN set -x \
     # Add user
-    && addgroup --gid 10001 app \
+    && addgroup --gid 1000 app \
     && adduser --disabled-password \
         --gecos '' \
         --ingroup app \
         --home /app \
-        --uid 10001 \
+        --uid 1000 \
         app
+
 COPY --chown=app:app . /app
+
 USER app
 WORKDIR /app
+
 RUN set -x \
     # Build
     && PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true npm ci \
     && npm run build
 
-
 # Main image
 FROM node:16.13-alpine3.13
+
+RUN set -x \
+  # Change node uid/gid
+  && apk --no-cache add shadow \
+  && groupmod -g 1001 node \
+  && usermod -u 1001 -g 1001 node
+
 RUN set -x \
     # Add user
-    && addgroup --gid 10001 app \
+    && addgroup --gid 1000 app \
     && adduser --disabled-password \
         --gecos '' \
         --ingroup app \
         --home /app \
-        --uid 10001 \
+        --uid 1000 \
         app
 
 USER app
 WORKDIR /app
+
 COPY --chown=app:app package*.json ./
 COPY --chown=app:app app app
 COPY --chown=app:app common common

app/zip.js

@@ -29,7 +29,7 @@ class File {
     const v = new DataView(h);
     v.setUint32(0, 0x04034b50, true); // sig
     v.setUint16(4, 20, true); // version
-    v.setUint16(6, 8, true); // bit flags (8 = use data descriptor)
+    v.setUint16(6, 0x808, true); // bit flags (use data descriptor(8) + utf8-encoded(8 << 8))
     v.setUint16(8, 0, true); // compression
     v.setUint16(10, this.dateTime.time, true); // modified time
     v.setUint16(12, this.dateTime.date, true); // modified date
@@ -60,7 +60,7 @@ class File {
     v.setUint32(0, 0x02014b50, true); // sig
     v.setUint16(4, 20, true); // version made
     v.setUint16(6, 20, true); // version required
-    v.setUint16(8, 8, true); // bit flags (8 = use data descriptor)
+    v.setUint16(8, 0x808, true); // bit flags (use data descriptor(8) + utf8-encoded(8 << 8))
     v.setUint16(10, 0, true); // compression
     v.setUint16(12, this.dateTime.time, true); // modified time
     v.setUint16(14, this.dateTime.date, true); // modified date

docs/faq.md

@@ -1,12 +1,12 @@
 ## How big of a file can I transfer with Send?
 
-There is a 2.5GB file size limit built in to Send(1GB for non-signed in users), however, in practice you may
-be unable to send files that large.  Send encrypts and decrypts the files in
-the browser which is great for security but will tax your system resources.  In
-particular you can expect to see your memory usage go up by at least the size
-of the file when the transfer is processing.  You can see [the results of some
-testing](https://github.com/mozilla/send/issues/170#issuecomment-314107793).
-For the most reliable operation on common computers, it’s probably best to stay
+There is a 2GB file size limit built in to Send, but this may be changed by the
+hoster. Send encrypts and decrypts the files in the browser which is great for
+security but will tax your system resources.  In particular you can expect to
+see your memory usage go up by at least the size of the file when the transfer
+is processing.  You can see [the results of some
+testing](https://github.com/mozilla/send/issues/170#issuecomment-314107793). For
+the most reliable operation on common computers, it’s probably best to stay
 under a few hundred megabytes.
 
 ## Why is my browser not supported?

package.json

@@ -1,7 +1,7 @@
 {
   "name": "send",
   "description": "File Sharing Experiment",
-  "version": "3.4.16",
+  "version": "3.4.18",
   "author": "Mozilla (https://mozilla.org)",
   "contributors": [
     "Tim Visee <3a4fb3964f@sinenomine.email> (https://timvisee.com)"
@@ -62,21 +62,21 @@
     "node": "^16.13.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.16.7",
+    "@babel/core": "^7.17.8",
     "@babel/plugin-proposal-class-properties": "^7.16.7",
     "@babel/plugin-syntax-dynamic-import": "^7.2.0",
-    "@babel/preset-env": "^7.16.8",
+    "@babel/preset-env": "^7.16.11",
     "@dannycoates/webcrypto-liner": "^0.1.37",
     "@fullhuman/postcss-purgecss": "^1.3.0",
     "@mattiasbuelens/web-streams-polyfill": "0.2.1",
     "@sentry/browser": "^5.30.0",
     "asmcrypto.js": "^0.22.0",
-    "babel-loader": "^8.2.3",
+    "babel-loader": "^8.2.4",
     "babel-plugin-istanbul": "^5.2.0",
     "base64-js": "^1.5.1",
     "content-disposition": "^0.5.4",
     "copy-webpack-plugin": "^5.1.2",
-    "core-js": "^3.20.3",
+    "core-js": "^3.21.1",
     "crc": "^3.8.0",
     "cross-env": "^6.0.3",
     "css-loader": "^3.6.0",
@@ -106,7 +106,7 @@
     "npm-run-all": "^4.1.5",
     "nyc": "^14.1.1",
     "postcss-loader": "^3.0.0",
-    "postcss-preset-env": "^6.7.0",
+    "postcss-preset-env": "^6.7.1",
     "prettier": "^1.19.1",
     "proxyquire": "^2.1.3",
     "puppeteer": "^2.0.0",
@@ -133,18 +133,18 @@
     "@dannycoates/express-ws": "^5.0.3",
     "@fluent/bundle": "^0.13.0",
     "@fluent/langneg": "^0.3.0",
-    "@google-cloud/storage": "^5.17.0",
+    "@google-cloud/storage": "^5.18.3",
     "@sentry/node": "^5.30.0",
-    "aws-sdk": "^2.1058.0",
-    "body-parser": "^1.19.1",
+    "aws-sdk": "^2.1102.0",
+    "body-parser": "^1.19.2",
     "choo": "^7.0.0",
     "cldr-core": "^35.1.0",
     "configstore": "github:dannycoates/configstore#master",
     "convict": "^5.2.1",
     "double-ended-queue": "^2.1.0-0",
-    "express": "^4.17.2",
+    "express": "^4.17.3",
     "helmet": "^3.23.3",
-    "mkdirp": "^0.5.1",
+    "mkdirp": "^0.5.6",
     "mozlog": "^2.2.0",
     "node-fetch": "^2.6.7",
     "redis": "^3.1.1",