From fe3eb6034d54b3f575bc6acf5b3b573c90cc25a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Wed, 3 May 2023 15:34:13 +0200 Subject: [PATCH] fix(Google Sheets Node): Upgrade xlsx to address CVE-2023-30533 [GitHub Advisory](https://github.com/advisories/GHSA-4r6h-8v6p-xvw6) --- package.json | 1 + .../test/SpreadsheetFile.test.ts | 4 +- packages/nodes-base/package.json | 2 +- pnpm-lock.yaml | 99 +++---------------- 4 files changed, 18 insertions(+), 88 deletions(-) diff --git a/package.json b/package.json index 7bbcaa3420f48..9d47f412cbb2b 100644 --- a/package.json +++ b/package.json @@ -79,6 +79,7 @@ "tslib": "^2.5.0", "ts-node": "^10.9.1", "typescript": "^5.0.3", + "xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz", "xml2js": "^0.5.0", "cpy@8>globby": "^11.1.0", "qqjs>globby": "^11.1.0" diff --git a/packages/nodes-base/nodes/SpreadsheetFile/test/SpreadsheetFile.test.ts b/packages/nodes-base/nodes/SpreadsheetFile/test/SpreadsheetFile.test.ts index 9fae97cd527b0..d908c16895b34 100644 --- a/packages/nodes-base/nodes/SpreadsheetFile/test/SpreadsheetFile.test.ts +++ b/packages/nodes-base/nodes/SpreadsheetFile/test/SpreadsheetFile.test.ts @@ -87,9 +87,9 @@ describe('Execute Spreadsheet File Node', () => { mimeType: 'text/csv', fileType: 'text', fileExtension: 'csv', - data: '77u/QSxCLEMKMSwyLDMKNCw1LDYK', + data: '77u/QSxCLEMKMSwyLDMKNCw1LDY=', fileName: 'spreadsheet.csv', - fileSize: '21 B', + fileSize: '20 B', }, }, }, diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json index 601071be46996..7997fc8d29323 100644 --- a/packages/nodes-base/package.json +++ b/packages/nodes-base/package.json @@ -902,7 +902,7 @@ "tmp-promise": "^3.0.2", "uuid": "^8.3.2", "vm2": "~3.9.17", - "xlsx": "^0.17.0", + "xlsx": "^0.19.3", "xml2js": "^0.5.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 87e40272d8b25..1b1b8be5d7154 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -17,6 +17,7 @@ overrides: tslib: ^2.5.0 ts-node: ^10.9.1 typescript: ^5.0.3 + xlsx: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz xml2js: ^0.5.0 cpy@8>globby: ^11.1.0 qqjs>globby: ^11.1.0 @@ -1429,8 +1430,8 @@ importers: specifier: ~3.9.17 version: 3.9.17 xlsx: - specifier: ^0.17.0 - version: 0.17.5 + specifier: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz + version: '@cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz' xml2js: specifier: ^0.5.0 version: 0.5.0 @@ -4912,7 +4913,7 @@ packages: '@storybook/csf-plugin': 7.0.0-beta.46 '@storybook/csf-tools': 7.0.0-beta.46 '@storybook/global': 5.0.0 - '@storybook/mdx2-csf': 1.0.0-next.8 + '@storybook/mdx2-csf': 1.1.0-next.1 '@storybook/node-logger': 7.0.0-beta.46 '@storybook/postinstall': 7.0.0-beta.46 '@storybook/preview-api': 7.0.0-beta.46 @@ -5661,8 +5662,8 @@ packages: resolution: {integrity: sha512-0Tsm47YM3SU9rvPpXxp6/toQ1DDUrIbZt1pXcj72szLZvi7U/fXTMpsBX9gOB1MNVYIYRqS2V+jcO8UjFd4qyQ==} dev: true - /@storybook/mdx2-csf@1.0.0-next.8: - resolution: {integrity: sha512-t2O5s/HHTH5evZVHgVtCWTZgMZ/CaqDu3xVGgjVbKeTvpPAbi0Waab5SSX8T9PG5jNDei/x+jpAVCcNMOHoWzg==} + /@storybook/mdx2-csf@1.1.0-next.1: + resolution: {integrity: sha512-ONvFBZySHsBIkUYGrUM8FCG2tDKf663TIErztPSOghOpmBGyFLjSsXJHkNWiRi4c740PoemLqJd2XZZVlXRVLQ==} dev: true /@storybook/node-logger@6.5.15: @@ -7813,20 +7814,6 @@ packages: engines: {node: '>= 10.0.0'} dev: true - /adler-32@1.2.0: - resolution: {integrity: sha512-/vUqU/UY4MVeFsg+SsK6c+/05RZXIHZMGJA+PX5JyWI0ZRcBpupnRuPLU/NXXoFwMYCPCoxIfElM2eS+DUXCqQ==} - engines: {node: '>=0.8'} - hasBin: true - dependencies: - exit-on-epipe: 1.0.1 - printj: 1.1.2 - dev: false - - /adler-32@1.3.1: - resolution: {integrity: sha512-ynZ4w/nUUv5rrsR8UUGoe1VC9hZj6V5hU9Qw1HlMDJGEJw5S7TfTErWTjMys6M7vr0YWcPqs3qAr4ss0nDfP+A==} - engines: {node: '>=0.8'} - dev: false - /agent-base@5.1.1: resolution: {integrity: sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g==} engines: {node: '>= 6.0.0'} @@ -9090,14 +9077,6 @@ packages: /caseless@0.12.0: resolution: {integrity: sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==} - /cfb@1.2.2: - resolution: {integrity: sha512-KfdUZsSOw19/ObEWasvBP/Ac4reZvAGauZhs6S/gqNhXhI7cKwvlH7ulj+dOEYnca4bm4SGo8C1bTAQvnTjgQA==} - engines: {node: '>=0.8'} - dependencies: - adler-32: 1.3.1 - crc-32: 1.2.2 - dev: false - /chai@4.3.7: resolution: {integrity: sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==} engines: {node: '>=4'} @@ -9520,11 +9499,6 @@ packages: - '@lezer/common' dev: false - /codepage@1.15.0: - resolution: {integrity: sha512-3g6NUTPd/YtuuGrhMnOMRjFc+LJw/bnMp3+0r/Wcz3IXUuCosKRJvMphm5+Q+bvTVGcJJuRvVLuYba+WojaFaA==} - engines: {node: '>=0.8'} - dev: false - /collect-v8-coverage@1.0.1: resolution: {integrity: sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg==} dev: true @@ -10051,12 +10025,6 @@ packages: dev: false optional: true - /crc-32@1.2.2: - resolution: {integrity: sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==} - engines: {node: '>=0.8'} - hasBin: true - dev: false - /crelt@1.0.5: resolution: {integrity: sha512-+BO9wPPi+DWTDcNYhr/W90myha8ptzftZT+LwcmUbbok0rcP/fequmFYCw8NMoH7pkAZQzU78b3kYrlua5a9eA==} dev: false @@ -11715,11 +11683,6 @@ packages: pify: 2.3.0 dev: true - /exit-on-epipe@1.0.1: - resolution: {integrity: sha512-h2z5mrROTxce56S+pnvAV890uu7ls7f1kEvVGJbw1OlFH3/mlJ5bkXu0KRyW94v37zzHPiUd55iLn3DA7TjWpw==} - engines: {node: '>=0.8'} - dev: false - /exit@0.1.2: resolution: {integrity: sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==} engines: {node: '>= 0.8.0'} @@ -12365,11 +12328,6 @@ packages: resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==} engines: {node: '>= 0.6'} - /frac@1.1.2: - resolution: {integrity: sha512-w/XBfkibaTl3YDqASwfDUqkna4Z2p9cFSr1aHDt0WoMTECnRfBOv2WArlZILlqgWlmdIlALXGpM2AOhEk5W3IA==} - engines: {node: '>=0.8'} - dev: false - /fraction.js@4.2.0: resolution: {integrity: sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA==} dev: true @@ -17800,12 +17758,6 @@ packages: js-beautify: 1.14.7 dev: true - /printj@1.1.2: - resolution: {integrity: sha512-zA2SmoLaxZyArQTOPj5LXecR+RagfPSU5Kw1qP+jkWeNlrq+eJZyY2oS68SU1Z/7/myXM4lo9716laOFAVStCQ==} - engines: {node: '>=0.8'} - hasBin: true - dev: false - /process-nextick-args@2.0.1: resolution: {integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==} @@ -19608,13 +19560,6 @@ packages: resolution: {integrity: sha512-I539Tc0gyDTQ2QCSg4v78Flxo/UbqR9x7JoyPcqaPtwo+qzeOw/fF+aPSbk0xTvBQAAAZk7Dlkc8K1bum5GUnw==} dev: false - /ssf@0.11.2: - resolution: {integrity: sha512-+idbmIXoYET47hH+d7dfm2epdOMUDjqcB4648sTZ+t2JwoyBFL/insLfB/racrDmsKB3diwsDA696pZMieAC5g==} - engines: {node: '>=0.8'} - dependencies: - frac: 1.1.2 - dev: false - /ssh2-sftp-client@7.2.3: resolution: {integrity: sha512-Bmq4Uewu3e0XOwu5bnPbiS5KRQYv+dff5H6+85V4GZrPrt0Fkt1nUH+uXanyAkoNxUpzjnAPEEoLdOaBO9c3xw==} engines: {node: '>=10.24.1'} @@ -22163,20 +22108,10 @@ packages: babel-walk: 3.0.0-canary-5 dev: true - /wmf@1.0.2: - resolution: {integrity: sha512-/p9K7bEh0Dj6WbXg4JG0xvLQmIadrner1bi45VMJTfnbVHsc7yIajZyoSoK60/dtVBs12Fm6WkUI5/3WAVsNMw==} - engines: {node: '>=0.8'} - dev: false - /word-wrap@1.2.3: resolution: {integrity: sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==} engines: {node: '>=0.10.0'} - /word@0.3.0: - resolution: {integrity: sha512-OELeY0Q61OXpdUfTp+oweA/vtLVg5VDOXh+3he3PNzLGG/y0oylSOC1xRVj0+l4vQ3tj/bB1HVHv1ocXkQceFA==} - engines: {node: '>=0.8'} - dev: false - /wordwrap@1.0.0: resolution: {integrity: sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==} @@ -22292,20 +22227,6 @@ packages: utf-8-validate: optional: true - /xlsx@0.17.5: - resolution: {integrity: sha512-lXNU0TuYsvElzvtI6O7WIVb9Zar1XYw7Xb3VAx2wn8N/n0whBYrCnHMxtFyIiUU1Wjf09WzmLALDfBO5PqTb1g==} - engines: {node: '>=0.8'} - hasBin: true - dependencies: - adler-32: 1.2.0 - cfb: 1.2.2 - codepage: 1.15.0 - crc-32: 1.2.2 - ssf: 0.11.2 - wmf: 1.0.2 - word: 0.3.0 - dev: false - /xml-crypto@3.0.1: resolution: {integrity: sha512-7XrwB3ujd95KCO6+u9fidb8ajvRJvIfGNWD0XLJoTWlBKz+tFpUzEYxsN+Il/6/gHtEs1RgRh2RH+TzhcWBZUw==} engines: {node: '>=0.4.0'} @@ -22572,3 +22493,11 @@ packages: optionalDependencies: commander: 2.20.3 dev: true + + '@cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz': + resolution: {tarball: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz} + name: xlsx + version: 0.19.3 + engines: {node: '>=0.8'} + hasBin: true + dev: false