[ui-cve] Upgrade mime in the ace editor source for CVE-2017-16138

[ananya-agarwal]

What changes were proposed in this pull request?

This PR is to fix the CVE on gitHub by dependabot (https://github.com/cloudera/hue/security/dependabot/26) This involves upgrading mime (used as a dependency by ace-editor) version from 1.2.x to 1.4.1

How was this patch tested?

Changed version of mime from 1.2.x to 1.4.1 and no changes in the files were seen.

Please review Hue Contributing Guide before opening a pull request.

[ananya-agarwal]

Steps that were taken to resolve the CVE: nvm use 12 (Change the node version to a not so upgraded version) cd tools/ace-editor npm install cd … hue/make ace There were no errors/ file changes changed version of mime from 1.2.x to 1.4.1 manually in tools/ace-editor/package.json make ace no major changes (except for some linting issues in sql files->revert those)

[bjornalm]

And did you manually test Editor after the upgrade and build? Do we know/how when this mime packe is used by the Editor?

[JohanAhlen]

And did you manually test Editor after the upgrade and build? Do we know/how when this mime packe is used by the Editor?

There were no code changes after the build so no change to the actual code that the Hue editor uses.

[ananya-agarwal]

@bjornalm The editor (Hue UI) was working fine after this change too. I think you wanna ask about below only: ace-editor has a dependency on mime (present in just one place here in package.json)

[ananya-agarwal]

mime is used in ace-editor (internally) in a file called static.js. The file static.js is responsible for creating a backend server. That file or the backend server created for ace-editor has nothing to do with Hue. So, we don't use mime directly at all in the Hue editor.So, we are all good here.