fix(core): Disable Node.js custom inspection to address CVE-2023-37903 #7125
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Great PR! Please pay attention to the following items before merging: Files matching
Make sure to check off this list before asking for review. |
n8n-assistant
bot
added
core
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## master #7125 +/- ##
=======================================
Coverage 31.95% 31.95%
=======================================
Files 3274 3274
Lines 197818 197818
Branches 21565 21561 -4
=======================================
Hits 63206 63206
Misses 133556 133556
Partials 1056 1056 ☔ View full report in Codecov by Sentry. |
valya
approved these changes
Sep 7, 2023
2 flaky tests on run #2130 ↗︎
Details:
|
|||||||||||||||||||||||||||
| Test | Artifacts | |
|---|---|---|
| Webhook Trigger node > should listen for a GET request and respond custom status code 201 |
Output
Screenshots
Video
|
|
28-debug.cy.ts • 1 flaky test
| Test | Artifacts | |
|---|---|---|
| Debug > should be able to debug executions |
Output
Screenshots
Video
|
|
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.
|
✅ All Cypress E2E specs passed |
Merged
netroy
added a commit
that referenced
this pull request
Sep 13, 2023
# [1.7.0](https://github.com/n8n-io/n8n/compare/n8n@1.6.0...n8n@1.7.0) (2023-09-13) ### Bug Fixes * **Code Node:** Disable WASM to address CVE-2023-37903 ([#7122](#7122)) ([36a8e91](36a8e91)) * **Code Node:** Upgrade vm2 to address CVE-2023-37466 ([#7123](#7123)) ([0a35025](0a35025)) * **core:** Disable Node.js custom inspection to address CVE-2023-37903 ([#7125](#7125)) ([a223734](a223734)), closes [#7122](#7122) * **editor** Account for nanoid workflow ids for subworkflow execute policy ([#7094](#7094)) ([67092c0](67092c0)) * **editor:** Unbind workflow endpoint events in case of workspace reset ([#7129](#7129)) ([c9b7948](c9b7948)) * **editor:** Update git repo url validation regex ([#7151](#7151)) ([e51f173](e51f173)) * **Google Cloud Firestore Node:** Fix empty string interpreted as number ([#7136](#7136)) ([915cfa0](915cfa0)) * **HubSpot Node:** Fix issue with contact lists not working ([#5582](#5582)) ([6e5a4f6](6e5a4f6)) * **Postgres Node:** Fix automatic column mapping ([#7121](#7121)) ([92af131](92af131)) * **Zoho CRM Node:** Fix issue with Sales Order not updating ([#6959](#6959)) ([fd800b6](fd800b6)) ### Features * **core:** Add an option to enable WAL mode for SQLite ([#7118](#7118)) ([1d1a022](1d1a022)) * **core:** Add commands to workers to respond with current state ([#7029](#7029)) ([7b49cf2](7b49cf2)) * **Salesforce Node:** Add fax field to lead option ([#7030](#7030)) ([01f875a](01f875a)) Co-authored-by: netroy <netroy@users.noreply.github.com>
Merged
netroy
added a commit
that referenced
this pull request
Sep 13, 2023
# [1.7.0](https://github.com/n8n-io/n8n/compare/n8n@1.6.0...n8n@1.7.0) (2023-09-13) ### Bug Fixes * **Code Node:** Disable WASM to address CVE-2023-37903 ([#7122](#7122)) ([36a8e91](36a8e91)) * **Code Node:** Upgrade vm2 to address CVE-2023-37466 ([#7123](#7123)) ([0a35025](0a35025)) * **core:** Disable Node.js custom inspection to address CVE-2023-37903 ([#7125](#7125)) ([a223734](a223734)) * **editor** Account for nanoid workflow ids for subworkflow execute policy ([#7094](#7094)) ([67092c0](67092c0)) * **editor:** Tweak hover area of workflow / cred cards ([#7108](#7108)) ([217de21](217de21)) * **editor:** Unbind workflow endpoint events in case of workspace reset ([#7129](#7129)) ([c9b7948](c9b7948)) * **editor:** Update git repo url validation regex ([#7151](#7151)) ([e51f173](e51f173)) * **Google Cloud Firestore Node:** Fix empty string interpreted as number ([#7136](#7136)) ([915cfa0](915cfa0)) * **HubSpot Node:** Fix issue with contact lists not working ([#5582](#5582)) ([6e5a4f6](6e5a4f6)) * **Postgres Node:** Fix automatic column mapping ([#7121](#7121)) ([92af131](92af131)) * **Zoho CRM Node:** Fix issue with Sales Order not updating ([#6959](#6959)) ([fd800b6](fd800b6)) ### Features * **core:** Add an option to enable WAL mode for SQLite ([#7118](#7118)) ([1d1a022](1d1a022)) * **core:** Add commands to workers to respond with current state ([#7029](#7029)) ([7b49cf2](7b49cf2)) * **Salesforce Node:** Add fax field to lead option ([#7030](#7030)) ([01f875a](01f875a)) Co-authored-by: netroy <netroy@users.noreply.github.com>
|
Got released with |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This seems like a better fix than #7122