Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Giphy is pulling in files from S3 which raises security and privacy concerns #462

Open
2 tasks done
strefethen opened this issue Jan 16, 2025 · 2 comments
Open
2 tasks done
Labels
bug Something isn't working

Comments

@strefethen
Copy link

Duplicates

  • I have searched the existing issues

Latest version

  • I have tested the latest version

Current behavior 😯

Giphy refers to fonts on S3

https://github.com/Giphy/giphy-js/blob/master/packages/brand/src/typography.ts

Expected behavior 🤔

Fonts should be hosted on a known good CDN not via an S3 bucket.

Steps to reproduce 🕹

Steps:

  1. View https://github.com/Giphy/giphy-js/blob/master/packages/brand/src/typography.ts
  2. Notice the font references are to an S3 bucket.

Screenshots or Videos 📹

No response

Platform 🌍

  • OS: macOS
  • Browser: Safari
  • v18.2

GIPHY-JS SDK version

@giphy/js-brand 3.0.0

TypeScript version

No response

Additional context 🔦

coralproject/talk#4718 (comment)

@strefethen strefethen added the bug Something isn't working label Jan 16, 2025
@giannif
Copy link
Collaborator

giannif commented Jan 17, 2025

@strefethen thanks for reporting this. Are you using @giphy/js-brand directly? It was a way to share css and colors, but it was removed from our most popular package @giphy/react-components awhile ago. It does still exist in @giphy/svelte-components but could be replaced with @giphy/colors and then we can deprecate it completely

@strefethen
Copy link
Author

Hi @giannif, thanks very much for the reply. No, I'm not using it directly, rather it was pulled in as a dependency by a project called Coral which I started using. I just checked the version and Coral is using v5.4.0 of @giphy/react-components so it seems it's very outdated considering the latest release looks like v9.8.0 so that's very likely the problem.

Again, greatly appreciate the reply and I'll share these details with the Coral project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants