Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): Update xml2js to address CVE-2023-0842 #5948

Merged
merged 1 commit into from
Apr 11, 2023
Merged

fix(core): Update xml2js to address CVE-2023-0842 #5948

merged 1 commit into from
Apr 11, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented Apr 11, 2023

GH advisory: GHSA-776f-qx25-q3cc

@github-actions
Copy link
Contributor

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Make sure to check off this list before asking for review.

@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Apr 11, 2023
@github-actions
Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit 3085ed9 into master Apr 11, 2023
@netroy netroy deleted the upgrade-xml2js branch April 11, 2023 13:05
netroy added a commit that referenced this pull request Apr 11, 2023
@netroy
fix(core): Update xml2js to address CVE-2023-0842 (#5948)
cf7a4b6 
GH advisory: GHSA-776f-qx25-q3cc
netroy added a commit that referenced this pull request Apr 11, 2023
@netroy
fix(core): Update xml2js to address CVE-2023-0842 (#5948)
e903d61 
GH advisory: GHSA-776f-qx25-q3cc
MiloradFilipovic added a commit that referenced this pull request Apr 13, 2023
@MiloradFilipovic
Merge branch 'master' into feature/resource-mapping-component
8576dcc 
* master: (62 commits)
  fix(editor): Redirect to home page after saving data on SAML onboarding page (no-changelog) (#5961)
  feat: Replace Vue.extend with defineComponent in design system (no-changelog) (#5918)
  feat(MySQL Node): Overhaul
  fix(OpenAI Node): Update models to only show those supported (#5805)
  ci: Add test for wait node (no-changelog) (#5414)
  fix(Github Trigger Node): Remove content_reference event (#5830)
  ci: Validate load options methods in nodes-base (no-changelog) (#5862)
  ci: Use `--chown=node:node` in COPY commands in the custom docker image (no-changelog) (#5913)
  🚀 Release 0.224.0 (#5957)
  fix(NocoDB Node): Fix for updating or deleting rows with not default primary keys
  fix(HTTP Request Node): Show detailed error message in the UI again (#5959)
  ci: Prevent skipping of E2E fail job (no-changelog) (#5958)
  ci: Fix E2E tests on master (no-changelog) (#5960)
  refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953)
  fix(core): Validate customData keys and values (#5920) (no-changelog)
  feat(editor): Add user activation survey (#5677)
  fix(editor): Update vite legacy-plugin browser target (no-changelog) (#5952)
  docs: Fix typo in AWS S3 and S3 nodes for parent folder key (#5933)
  fix(core): Update xml2js to address CVE-2023-0842 (#5948)
  fix(Code Node): Update vm2 to address CVE-2023-29017 (#5947)
  ...

# Conflicts:
#	packages/workflow/src/Interfaces.ts
MiloradFilipovic added a commit that referenced this pull request Apr 13, 2023
@MiloradFilipovic
Merge branch 'feature/resource-mapping-component' into NODE-399-resou…
1d808a9 
…rce-mapper-ui

* feature/resource-mapping-component: (62 commits)
  fix(editor): Redirect to home page after saving data on SAML onboarding page (no-changelog) (#5961)
  feat: Replace Vue.extend with defineComponent in design system (no-changelog) (#5918)
  feat(MySQL Node): Overhaul
  fix(OpenAI Node): Update models to only show those supported (#5805)
  ci: Add test for wait node (no-changelog) (#5414)
  fix(Github Trigger Node): Remove content_reference event (#5830)
  ci: Validate load options methods in nodes-base (no-changelog) (#5862)
  ci: Use `--chown=node:node` in COPY commands in the custom docker image (no-changelog) (#5913)
  🚀 Release 0.224.0 (#5957)
  fix(NocoDB Node): Fix for updating or deleting rows with not default primary keys
  fix(HTTP Request Node): Show detailed error message in the UI again (#5959)
  ci: Prevent skipping of E2E fail job (no-changelog) (#5958)
  ci: Fix E2E tests on master (no-changelog) (#5960)
  refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953)
  fix(core): Validate customData keys and values (#5920) (no-changelog)
  feat(editor): Add user activation survey (#5677)
  fix(editor): Update vite legacy-plugin browser target (no-changelog) (#5952)
  docs: Fix typo in AWS S3 and S3 nodes for parent folder key (#5933)
  fix(core): Update xml2js to address CVE-2023-0842 (#5948)
  fix(Code Node): Update vm2 to address CVE-2023-29017 (#5947)
  ...

# Conflicts:
#	packages/workflow/src/Interfaces.ts
@janober
Copy link
Member

janober commented Apr 19, 2023

Got released with n8n@0.222.2

sunilrr pushed a commit to fl-g6/qp-n8n that referenced this pull request Apr 24, 2023
@netroy @sunilrr
fix(core): Update xml2js to address CVE-2023-0842 (n8n-io#5948)
8c45ac9 
GH advisory: GHSA-776f-qx25-q3cc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krynble krynble krynble approved these changes

Assignees
No one assigned
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team Released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@netroy @janober @krynble