Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(editor): Update vite legacy-plugin browser target (no-changelog) #5952

Merged
merged 1 commit into from
Apr 11, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented Apr 11, 2023

Currently the generated/bundled polyfills-legacy-*.js has a md5sum that conflicts with some known malware, which is making n8n instances being incorrectly marked as malware.

image

Changing the browserlist target changes the browser coverage from 88.3% to 88.2%, and changes the md5sum from 7bbe04e33326032f3bf00ac7685bfccb to 457638e9318cc92d88d45730c81724e4.

Fixes:

  1. ALERT! - for /types/credentials.json - make my domain list by google Dangerous: Avoid this site. If you get a full-page red warning screen, #5743
  2. Potentially Suspicious code. Google marked site as phishing

Currently the generated `polyfills-legacy-*.js` has a md5sum that conflicts with some known malware, which is making n8n instances being incorrectly marked as malware.

Changing the browserlist target changes the browser coverage from [88.3%](https://browsersl.ist/#q=defaults) to [88.2%](https://browsersl.ist/#q=%3E1%25%2Clast+3+versions%2Cnot+dead), and changes the md5sum from `
7bbe04e33326032f3bf00ac7685bfccb` to `457638e9318cc92d88d45730c81724e4`.
@github-actions
Copy link
Contributor

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Files matching packages/**/*.ts:

  • Added unit tests to cover new or updated functionality.

Make sure to check off this list before asking for review.

Copy link
Contributor

@krynble krynble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for looking into this, great that you've found it.

I hope this solves the false positive outcomes.

@netroy netroy changed the title fix(editor-ui): Update vite legacy-plugin browser target (no-changelog) fix(editor): Update vite legacy-plugin browser target (no-changelog) Apr 11, 2023
@codecov
Copy link

codecov bot commented Apr 11, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (c236d5d) 17.53% compared to head (621308b) 17.53%.

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #5952   +/-   ##
=======================================
  Coverage   17.53%   17.53%           
=======================================
  Files        2500     2500           
  Lines      114336   114336           
  Branches    17849    17850    +1     
=======================================
  Hits        20050    20050           
  Misses      93694    93694           
  Partials      592      592           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@github-actions
Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit 7119bde into master Apr 11, 2023
@netroy netroy deleted the fix-5743 branch April 11, 2023 15:55
@luizeof
Copy link
Contributor

luizeof commented Apr 12, 2023

thanks!!!

MiloradFilipovic added a commit that referenced this pull request Apr 13, 2023
* master: (62 commits)
  fix(editor): Redirect to home page after saving data on SAML onboarding page (no-changelog) (#5961)
  feat: Replace Vue.extend with defineComponent in design system (no-changelog) (#5918)
  feat(MySQL Node): Overhaul
  fix(OpenAI Node): Update models to only show those supported (#5805)
  ci: Add test for wait node (no-changelog) (#5414)
  fix(Github Trigger Node): Remove content_reference event (#5830)
  ci: Validate load options methods in nodes-base (no-changelog) (#5862)
  ci: Use `--chown=node:node` in COPY commands in the custom docker image (no-changelog) (#5913)
  🚀 Release 0.224.0 (#5957)
  fix(NocoDB Node): Fix for updating or deleting rows with not default primary keys
  fix(HTTP Request Node): Show detailed error message in the UI again (#5959)
  ci: Prevent skipping of E2E fail job (no-changelog) (#5958)
  ci: Fix E2E tests on master (no-changelog) (#5960)
  refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953)
  fix(core): Validate customData keys and values (#5920) (no-changelog)
  feat(editor): Add user activation survey (#5677)
  fix(editor): Update vite legacy-plugin browser target (no-changelog) (#5952)
  docs: Fix typo in AWS S3 and S3 nodes for parent folder key (#5933)
  fix(core): Update xml2js to address CVE-2023-0842 (#5948)
  fix(Code Node): Update vm2 to address CVE-2023-29017 (#5947)
  ...

# Conflicts:
#	packages/workflow/src/Interfaces.ts
MiloradFilipovic added a commit that referenced this pull request Apr 13, 2023
…rce-mapper-ui

* feature/resource-mapping-component: (62 commits)
  fix(editor): Redirect to home page after saving data on SAML onboarding page (no-changelog) (#5961)
  feat: Replace Vue.extend with defineComponent in design system (no-changelog) (#5918)
  feat(MySQL Node): Overhaul
  fix(OpenAI Node): Update models to only show those supported (#5805)
  ci: Add test for wait node (no-changelog) (#5414)
  fix(Github Trigger Node): Remove content_reference event (#5830)
  ci: Validate load options methods in nodes-base (no-changelog) (#5862)
  ci: Use `--chown=node:node` in COPY commands in the custom docker image (no-changelog) (#5913)
  🚀 Release 0.224.0 (#5957)
  fix(NocoDB Node): Fix for updating or deleting rows with not default primary keys
  fix(HTTP Request Node): Show detailed error message in the UI again (#5959)
  ci: Prevent skipping of E2E fail job (no-changelog) (#5958)
  ci: Fix E2E tests on master (no-changelog) (#5960)
  refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953)
  fix(core): Validate customData keys and values (#5920) (no-changelog)
  feat(editor): Add user activation survey (#5677)
  fix(editor): Update vite legacy-plugin browser target (no-changelog) (#5952)
  docs: Fix typo in AWS S3 and S3 nodes for parent folder key (#5933)
  fix(core): Update xml2js to address CVE-2023-0842 (#5948)
  fix(Code Node): Update vm2 to address CVE-2023-29017 (#5947)
  ...

# Conflicts:
#	packages/workflow/src/Interfaces.ts
netroy added a commit that referenced this pull request Apr 14, 2023
…5952)

fix(editor-ui): Update vite legacy-plugin browser target (no-changelog)

Currently the generated `polyfills-legacy-*.js` has a md5sum that conflicts with some known malware, which is making n8n instances being incorrectly marked as malware.

Changing the browserlist target changes the browser coverage from [88.3%](https://browsersl.ist/#q=defaults) to [88.2%](https://browsersl.ist/#q=%3E1%25%2Clast+3+versions%2Cnot+dead), and changes the md5sum from `
7bbe04e33326032f3bf00ac7685bfccb` to `457638e9318cc92d88d45730c81724e4`.
@janober
Copy link
Member

janober commented Apr 19, 2023

Got released with n8n@0.222.3

sunilrr pushed a commit to fl-g6/qp-n8n that referenced this pull request Apr 24, 2023
…8n-io#5952)

fix(editor-ui): Update vite legacy-plugin browser target (no-changelog)

Currently the generated `polyfills-legacy-*.js` has a md5sum that conflicts with some known malware, which is making n8n instances being incorrectly marked as malware.

Changing the browserlist target changes the browser coverage from [88.3%](https://browsersl.ist/#q=defaults) to [88.2%](https://browsersl.ist/#q=%3E1%25%2Clast+3+versions%2Cnot+dead), and changes the md5sum from `
7bbe04e33326032f3bf00ac7685bfccb` to `457638e9318cc92d88d45730c81724e4`.
@baptisteArno
Copy link

Hey @netroy, maintainer of Typebot here 👋

I have the same kind of issue on the project (baptisteArno/typebot.io#492). I have no clue how to debug this. Can you tell me how you targeted the issue?

@netroy
Copy link
Member Author

netroy commented May 9, 2023

Hey @baptisteArno If you use a scanner like quttera, they tell you the file that they think is is causing the website to be flagged.
Since this is likely a false flag (likely because of an MD5 collision), the quickest solution is to change the file in a way that would cause the md5sum to change. You could append a comment in the file after it is generated.
In our case, we updated the list of browsers we were targeting, and that changed the file for us.

@cbalbinos
Copy link

issue identified in domain with n8n@0.227.0

screencapture-quttera-detailed-report-automation-vamosautomatizar-com-2023-05-10-18_43_12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants