Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Google Sheets Node): Upgrade xlsx to address CVE-2023-30533 (no-changelog) #6172

Merged
merged 1 commit into from
May 4, 2023
Merged

fix(Google Sheets Node): Upgrade xlsx to address CVE-2023-30533 (no-changelog) #6172

merged 1 commit into from
May 4, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented May 3, 2023

@github-actions
Copy link
Contributor

github-actions bot commented May 3, 2023
edited
Loading

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Files matching packages/**/*.ts:

  • Added unit tests to cover new or updated functionality.

Files matching packages/nodes-base/nodes/**:

  • Added workflow tests for nodes if possible.

Files matching packages/nodes-base/package.json:

  • Avoided adding dependencies for nodes if not absolutely necessary.

Make sure to check off this list before asking for review.

netroy
netroy commented May 3, 2023
View reviewed changes
package.json
@@ -79,6 +79,7 @@
"tslib": "^2.5.0",
"ts-node": "^10.9.1",
"typescript": "^5.0.3",
"xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sheetsjs has stopped publishing to NPM for over a year ago, and this is the only way to get updates.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting stuff "Due to ongoing legal matters between SheetJS LLC and npm" 🤨

@n8n-assistant n8n-assistant bot added the n8n team Authored by the n8n team label May 3, 2023
maspio
maspio previously approved these changes May 4, 2023
View reviewed changes
Copy link
Contributor

@maspio maspio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Tested the affected nodes

  • Google Sheet
  • Google Sheet Trigger
  • Spreadsheet File

@github-actions
Copy link
Contributor

github-actions bot commented May 4, 2023

✅ All Cypress E2E specs passed

@netroy netroy requested a review from maspio May 4, 2023 14:25
netroy
netroy commented May 4, 2023
View reviewed changes
packages/nodes-base/nodes/SpreadsheetFile/test/SpreadsheetFile.test.ts
@@ -87,9 +87,9 @@ describe('Execute Spreadsheet File Node', () => {
mimeType: 'text/csv',
fileType: 'text',
fileExtension: 'csv',
data: '77u/QSxCLEMKMSwyLDMKNCw1LDYK',
data: '77u/QSxCLEMKMSwyLDMKNCw1LDY=',
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

had to update this test because the generated csv files don't have an additional empty line at the end of the file anymore.

@github-actions
Copy link
Contributor

github-actions bot commented May 4, 2023

✅ All Cypress E2E specs passed

@netroy netroy merged commit 45dc985 into master May 4, 2023
23 checks passed
@netroy netroy deleted the CVE-2023-30533 branch May 4, 2023 15:10
MiloradFilipovic added a commit that referenced this pull request May 5, 2023
@MiloradFilipovic
Merge branch 'master' into N8N-5677-refactor-workflows-store
f8829a2 
* master: (110 commits)
  fix(editor): Update and add design system checkbox component to Editor (#6178)
  fix(editor): Display SSO entry in Settings on Cloud (#6181)
  feat(Code Node): Add Python support (#4295)
  fix(editor): Update and fix storybook (was failing to run in local dev mode) (#6180)
  feat(Kafka Trigger Node): Add non-parallel execution (#6175)
  fix(Postgres Node): Always return TIMESTAMP and TIMESTAMPZ as ISO string (#6145)
  fix: Revert change that hid the SSH private key (no-changelog) (#6158)
  fix(Google Sheets Node): Upgrade xlsx to address CVE-2023-30533 (#6172)
  fix(editor): Show the correct actions count in the nodes list (#6183)
  ci: Revert full db reset for e2e (no-changelog) (#6182)
  fix(AWS Rekognition Node): Fix all different action type (#6136)
  feat(Airtable Node): Access token support (#6160)
  fix(editor): Remove duplicate mapping of `item.json` key in data pinning (#6135)
  fix(HTTP Request Node): Correctly doesn't redirect on non GET method (#6132)
  fix(MySQL Node): Node should return date types as strings (#6169)
  feat(JotForm Trigger Node): Add support for hipaa-api.jotform.com (#6171)
  🚀 Release 0.227.0 (#6167)
  fix(editor): Flag issues only on workflow activation (#6127)
  fix(editor): Faster reconnects for push (no-changelog) (#6164)
  fix: Log unhandled errors during license activation (no-changelog) (#6165)
  ...

# Conflicts:
#	packages/editor-ui/src/mixins/workflowHelpers.ts
#	packages/editor-ui/src/views/NodeView.vue
netroy added a commit that referenced this pull request May 15, 2023
@netroy
fix(Google Sheets Node): Upgrade xlsx to address CVE-2023-30533 (#6172)
c786525 
[GitHub Advisory](GHSA-4r6h-8v6p-xvw6)
@CajuCLC CajuCLC mentioned this pull request May 20, 2023
Merged
@janober
Copy link
Member

janober commented May 25, 2023

Got released with n8n@0.228.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maspio maspio maspio approved these changes

Assignees
No one assigned
Labels
n8n team Authored by the n8n team Released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@netroy @janober @maspio