Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Code Node): Update vm2 to address CVE-2023-32313 #6318

Merged
merged 2 commits into from
May 25, 2023
Merged

fix(Code Node): Update vm2 to address CVE-2023-32313 #6318

merged 2 commits into from
May 25, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented May 25, 2023

GH advisory: GHSA-p5gc-c584-jj6v

@github-actions
Copy link
Contributor

github-actions bot commented May 25, 2023
edited
Loading

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Files matching packages/**/*.ts:

  • Added unit tests to cover new or updated functionality.

Files matching packages/nodes-base/nodes/**:

  • Added workflow tests for nodes if possible.

Files matching packages/nodes-base/package.json:

  • Avoided adding dependencies for nodes if not absolutely necessary.

Make sure to check off this list before asking for review.

krynble
krynble previously approved these changes May 25, 2023
View reviewed changes
@github-actions
Copy link
Contributor

⚠️ Some Cypress E2E specs are failing, please fix them before merging

@n8n-assistant n8n-assistant bot added n8n team Authored by the n8n team node/improvement New feature or request labels May 25, 2023
@codecov
Copy link

codecov bot commented May 25, 2023

Codecov Report

Patch coverage: 75.00% and no project coverage change.

Comparison is base (071955b) 27.64% compared to head (e3b2428) 27.65%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6318   +/-   ##
=======================================
  Coverage   27.64%   27.65%           
=======================================
  Files        2958     2958           
  Lines      181343   181337    -6     
  Branches    19727    19722    -5     
=======================================
+ Hits        50140    50142    +2     
+ Misses     130456   130450    -6     
+ Partials      747      745    -2
Impacted Files Coverage Δ
...nodes-base/nodes/FunctionItem/FunctionItem.node.ts 0.00% <0.00%> (ø)
...ackages/nodes-base/nodes/Code/JavaScriptSandbox.ts 60.97% <100.00%> (+0.97%) ⬆️
...ackages/nodes-base/nodes/Function/Function.node.ts 44.11% <100.00%> (+3.27%) ⬆️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@github-actions
Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit bcbec52 into master May 25, 2023
@netroy netroy deleted the fix-CVE-2023-32313 branch May 25, 2023 10:55
maspio pushed a commit that referenced this pull request May 30, 2023
@netroy @maspio
fix(Code Node): Update vm2 to address CVE-2023-32313 (#6318)
4301127 
GH advisory: GHSA-p5gc-c584-jj6v
@janober
Copy link
Member

janober commented May 31, 2023

Got released with n8n@0.230.2

MiloradFilipovic added a commit that referenced this pull request Jun 1, 2023
@MiloradFilipovic
Merge branch 'master' into sql-editor-support-expressions
1e65316 
* master: (54 commits)
  feat: Version control mvp (#6271)
  feat(editor): Implement Resource Mapper component (#6207)
  fix(editor): Update SSO settings styles (#6342)
  fix: Show `Ask AI` only on Code Node (#6336)
  feat(core): Add metadata (customdata) to event log (#6334)
  refactor: Add telemetry to upgrade paths (no-changelog) (#6313)
  fix(Code Node): Fix `item` and `items` alias regression (#6331)
  feat: Add manual login option and password reset link for SSO (#6328)
  fix(editor): Fix Luxon date parsing of ExecutionsUsage component (#6333)
  fix(core): Do not track errored workflow executions for automated executions (no-changelog) (#6322)
  fix(core): Prevent prototype pollution on injectable services (#6309)
  fix(core): Optimize getSharedWorkflowIds query (#6314)
  ci: Reset DB only once per e2e test (no-changelog) (#6216)
  feat(editor): Bring back checklist experiment (no-changelog) (#6307)
  fix: Add ldapts to nodes-base package (no-changelog) (#6315)
  fix(Code Node): Update vm2 to address CVE-2023-32313 (#6318)
  feat: Add tab visibility change detection when polling executions (no-changelog) (#6311)
  fix(editor): Fix locale plularisation if count is 0 (#6312)
  🚀 Release 0.230.0 (#6310)
  fix(Execute Command Node): Block executions when `command` is empty (#6308)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valya valya valya approved these changes

@krynble krynble krynble left review comments

Assignees
No one assigned
Labels
n8n team Authored by the n8n team node/improvement New feature or request Released security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@netroy @janober @krynble @valya