Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): Update packages to address CVE-2023-2142 and CVE-2020-28469 #6844

Merged
merged 4 commits into from
Aug 3, 2023
Merged

fix(core): Update packages to address CVE-2023-2142 and CVE-2020-28469 #6844

merged 4 commits into from
Aug 3, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented Aug 3, 2023

GH Advisories:

@github-actions
Copy link
Contributor

github-actions bot commented Aug 3, 2023

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Files matching packages/**/*.ts:

  • Added unit tests to cover new or updated functionality.

Files matching packages/nodes-base/nodes/**:

  • Added workflow tests for nodes if possible.

Files matching packages/nodes-base/package.json:

  • Avoided adding dependencies for nodes if not absolutely necessary.

Make sure to check off this list before asking for review.

@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team node/improvement New feature or request labels Aug 3, 2023
@codecov
Copy link

codecov bot commented Aug 3, 2023
edited
Loading

Codecov Report

Patch coverage has no change and project coverage change: -0.01% ⚠️

Comparison is base (732416f) 24.77% compared to head (2e2b5e9) 24.76%.
Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6844      +/-   ##
==========================================
- Coverage   24.77%   24.76%   -0.01%     
==========================================
  Files        3130     3130              
  Lines      190824   190824              
  Branches    21020    21018       -2     
==========================================
- Hits        47268    47266       -2     
- Misses     142598   142600       +2     
  Partials      958      958
Files Changed Coverage Δ
packages/nodes-base/nodes/MQTT/Mqtt.node.ts 0.00% <0.00%> (ø)
packages/nodes-base/nodes/MQTT/MqttTrigger.node.ts 0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

maspio
maspio approved these changes Aug 3, 2023
View reviewed changes
Copy link
Contributor

@maspio maspio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@cypress
Copy link

cypress bot commented Aug 3, 2023

Passing run #1767 ↗︎

0 221 0 0 Flakiness 0

Details:

🌳 fix-cves 🖥️ browsers:node18.12.0-chrome107 🤖 netroy 🗃️ e2e/*
Project: n8n Commit: 2e2b5e9b45
Status: Passed Duration: 07:51 💡
Started: Aug 3, 2023 1:44 PM Ended: Aug 3, 2023 1:51 PM

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.

@github-actions
Copy link
Contributor

github-actions bot commented Aug 3, 2023

✅ All Cypress E2E specs passed

@netroy netroy merged commit a5667e6 into master Aug 3, 2023
18 checks passed
@netroy netroy deleted the fix-cves branch August 3, 2023 14:31
@github-actions github-actions bot mentioned this pull request Aug 9, 2023
Merged
@janober
Copy link
Member

janober commented Aug 9, 2023

Got released with n8n@1.2.1

netroy added a commit that referenced this pull request Aug 17, 2023
@netroy @maspio
fix(core): Update packages to address CVE-2023-2142 and CVE-2020-28469 (
2835dce 
#6844)

GH Advisories:
[ CVE-2023-2142](GHSA-x77j-w7wf-fjmw)
[CVE-2020-28469](GHSA-ww39-953v-wcq6)

---------

Co-authored-by: Marcus <marcus@n8n.io>
@github-actions github-actions bot mentioned this pull request Aug 17, 2023
Closed
netroy added a commit that referenced this pull request Aug 17, 2023
@netroy @maspio
fix(core): Update packages to address CVE-2023-2142 and CVE-2020-28469 (
6dd0850 
#6844)

GH Advisories:
[ CVE-2023-2142](GHSA-x77j-w7wf-fjmw)
[CVE-2020-28469](GHSA-ww39-953v-wcq6)

---------

Co-authored-by: Marcus <marcus@n8n.io>
@github-actions github-actions bot mentioned this pull request Aug 17, 2023
Merged
netroy added a commit that referenced this pull request Aug 17, 2023
@github-actions @netroy
🚀 Release 0.237.0 (#6965)
507eb38 
#
[0.237.0](https://github.com/n8n-io/n8n/compare/n8n@0.236.3...n8n@0.237.0)
(2023-08-17)


### Bug Fixes

* **API:** Fix issue with workflow setting not supporting newer nanoids
([#6699](#6699))
([2e64c9d](2e64c9d))
* **AwsS3 Node:** Fix issue if bucket name contains a '.'
([#6542](#6542))
([219f897](219f897))
* **core:** Add missing primary key on the `execution_data` table on
postgres ([#6797](#6797))
([1c5f98d](1c5f98d))
* **core:** Fix `continueOnFail` for expression error in Set
([#6939](#6939))
([2a3937f](2a3937f))
* **core:** Fix property existence checks on AugmentObject
([#6842](#6842))
([3e4483a](3e4483a))
* **core:** Log crash causes to console when sentry is disabled
([#6890](#6890))
([f19c9c1](f19c9c1))
* **core:** Restrict read/write file paths access
([#6582](#6582))
([6e6b90e](6e6b90e))
* **core:** Serialize BigInts
([#6805](#6805))
([17ce49b](17ce49b))
* **core:** Update frontend urls when using the `--tunnel` option
([#6898](#6898))
([ec3c066](ec3c066))
* **core:** Update packages to address CVE-2023-2142 and CVE-2020-28469
([#6844](#6844))
([6dd0850](6dd0850))
* Correct typos in Taiga and ServiceNow nodes
([#6814](#6814))
([b9f52ec](b9f52ec))
* **editor:** Fix code node’s content property to be reactive
([#6931](#6931))
([f3b380d](f3b380d))
* **editor:** Prevent Code node linter from erroring on `null` parse
([#6934](#6934))
([baada92](baada92))
* **Email Trigger (IMAP) Node:** UTF-8 attachments are not correctly
named ([#6856](#6856))
([f3f1c14](f3f1c14))
* **Email Trigger (IMAP) Node:** Fix connection issue with unexpected
spaces in host ([#6886](#6886))
([35c29ac](35c29ac))
* Fix issue with key based credentials not being read correctly
([#6824](#6824))
([2459b0a](2459b0a))
* Fix issue with key formatting if null or undefined
([#6924](#6924))
([59d33db](59d33db))
* Fix issue with key formatting introduced in 1.2.0
([#6896](#6896))
([8423153](8423153))
* **FTP Node:** List recursive ignore . and .. to prevent infinite loops
([#6707](#6707))
([6a787dd](6a787dd))
* **GitLab Trigger Node:** Fix trigger activation 404 error
([#6711](#6711))
([8c5145b](8c5145b))
* **Gmail Trigger Node:** Early returns in case of no data
([#6727](#6727))
([df2f1d6](df2f1d6))
* **Google BigQuery Node:** Error description improvement
([#6715](#6715))
([261d73e](261d73e))
* **GoToWebinar Node:** Fix issue with timezone incorrectly being
required ([#6865](#6865))
([2f61e34](2f61e34))
* **HTTP Request Node:** Improve error handling for TCP socket errors
when `Continue On Fail` is enabled
([#6925](#6925))
([e8e4c9e](e8e4c9e))
* **Lemlist Node:** Fix pagination issues with campaigns and activities
([#6734](#6734))
([73eddc6](73eddc6))
* **Salesforce Node:** Fix Account update owner operation
([#6958](#6958))
([e71ff76](e71ff76))
* **Telegram Trigger Node:** Add guard to 'include' call on null or
undefined ([#6730](#6730))
([c3c845c](c3c845c))
* **Todoist Node:** Fix issue with section id being ignored
([#6799](#6799))
([e53f4a0](e53f4a0))


### Features

* Add support for not requiring SMTP auth with user management
([#3742](#3742))
([fc97d18](fc97d18))
* **core:** Add support for ready hooks, and credentials overwrite
endpoint in workers ([#6954](#6954))
([e5986c5](e5986c5))
* **editor:** Add "Download" button if JSON data is to large
([#6850](#6850))
([3d815cf](3d815cf))
* Enable parallel processing on multiple queue nodes
([#6295](#6295))
([e45461a](e45461a))

Co-authored-by: netroy <netroy@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maspio maspio maspio approved these changes

Assignees
No one assigned
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team node/improvement New feature or request Released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@netroy @janober @maspio