From 639d34769e75096d0725f1f60861dc972b344abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Wed, 17 Jan 2024 16:33:54 +0100 Subject: [PATCH] feat(core): Upgrade bull and ioredis to address CVE-2023-52079 (#8365) --- packages/cli/package.json | 6 +-- pnpm-lock.yaml | 103 ++++++++++++++++++-------------------- 2 files changed, 51 insertions(+), 58 deletions(-) diff --git a/packages/cli/package.json b/packages/cli/package.json index e49bc000e4418..1f01f299d1377 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -99,6 +99,7 @@ "dependencies": { "@n8n/client-oauth2": "workspace:*", "@n8n/localtunnel": "2.1.0", + "@n8n/n8n-nodes-langchain": "workspace:*", "@n8n/permissions": "workspace:*", "@n8n_io/license-sdk": "2.7.2", "@oclif/command": "1.8.18", @@ -111,7 +112,7 @@ "axios": "1.6.2", "basic-auth": "2.0.1", "bcryptjs": "2.4.3", - "bull": "4.10.2", + "bull": "4.12.1", "cache-manager": "5.2.3", "callsites": "3.1.0", "change-case": "4.1.2", @@ -137,7 +138,7 @@ "handlebars": "4.7.7", "infisical-node": "1.3.0", "inquirer": "7.3.3", - "ioredis": "5.2.4", + "ioredis": "5.3.2", "isbot": "3.6.13", "json-diff": "1.0.6", "jsonschema": "1.4.1", @@ -150,7 +151,6 @@ "n8n-core": "workspace:*", "n8n-editor-ui": "workspace:*", "n8n-nodes-base": "workspace:*", - "@n8n/n8n-nodes-langchain": "workspace:*", "n8n-workflow": "workspace:*", "nanoid": "3.3.6", "nodemailer": "6.8.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 9f12f9da067ce..8d074ecdf72a0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -407,8 +407,8 @@ importers: specifier: 2.4.3 version: 2.4.3 bull: - specifier: 4.10.2 - version: 4.10.2 + specifier: 4.12.1 + version: 4.12.1 cache-manager: specifier: 5.2.3 version: 5.2.3 @@ -485,8 +485,8 @@ importers: specifier: 7.3.3 version: 7.3.3 ioredis: - specifier: 5.2.4 - version: 5.2.4 + specifier: 5.3.2 + version: 5.3.2 isbot: specifier: 3.6.13 version: 3.6.13 @@ -621,7 +621,7 @@ importers: version: 0.10.0(patch_hash=sk6omkefrosihg7lmqbzh7vfxe) typeorm: specifier: 0.3.17 - version: 0.3.17(ioredis@5.2.4)(mysql2@2.3.3)(pg@8.8.0)(sqlite3@5.1.6) + version: 0.3.17(ioredis@5.3.2)(mysql2@2.3.3)(pg@8.8.0)(sqlite3@5.1.6) uuid: specifier: 8.3.2 version: 8.3.2 @@ -733,7 +733,7 @@ importers: version: 8.2.0 ioredis-mock: specifier: ^8.8.1 - version: 8.8.1(@types/ioredis-mock@8.2.2)(ioredis@5.2.4) + version: 8.8.1(@types/ioredis-mock@8.2.2)(ioredis@5.3.2) ts-essentials: specifier: ^7.0.3 version: 7.0.3(typescript@5.3.2) @@ -6099,43 +6099,43 @@ packages: dev: false optional: true - /@msgpackr-extract/msgpackr-extract-darwin-arm64@2.2.0: - resolution: {integrity: sha512-Z9LFPzfoJi4mflGWV+rv7o7ZbMU5oAU9VmzCgL240KnqDW65Y2HFCT3MW06/ITJSnbVLacmcEJA8phywK7JinQ==} + /@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.2: + resolution: {integrity: sha512-9bfjwDxIDWmmOKusUcqdS4Rw+SETlp9Dy39Xui9BEGEk19dDwH0jhipwFzEff/pFg95NKymc6TOTbRKcWeRqyQ==} cpu: [arm64] os: [darwin] dev: false optional: true - /@msgpackr-extract/msgpackr-extract-darwin-x64@2.2.0: - resolution: {integrity: sha512-vq0tT8sjZsy4JdSqmadWVw6f66UXqUCabLmUVHZwUFzMgtgoIIQjT4VVRHKvlof3P/dMCkbMJ5hB1oJ9OWHaaw==} + /@msgpackr-extract/msgpackr-extract-darwin-x64@3.0.2: + resolution: {integrity: sha512-lwriRAHm1Yg4iDf23Oxm9n/t5Zpw1lVnxYU3HnJPTi2lJRkKTrps1KVgvL6m7WvmhYVt/FIsssWay+k45QHeuw==} cpu: [x64] os: [darwin] dev: false optional: true - /@msgpackr-extract/msgpackr-extract-linux-arm64@2.2.0: - resolution: {integrity: sha512-hlxxLdRmPyq16QCutUtP8Tm6RDWcyaLsRssaHROatgnkOxdleMTgetf9JsdncL8vLh7FVy/RN9i3XR5dnb9cRA==} + /@msgpackr-extract/msgpackr-extract-linux-arm64@3.0.2: + resolution: {integrity: sha512-FU20Bo66/f7He9Fp9sP2zaJ1Q8L9uLPZQDub/WlUip78JlPeMbVL8546HbZfcW9LNciEXc8d+tThSJjSC+tmsg==} cpu: [arm64] os: [linux] dev: false optional: true - /@msgpackr-extract/msgpackr-extract-linux-arm@2.2.0: - resolution: {integrity: sha512-SaJ3Qq4lX9Syd2xEo9u3qPxi/OB+5JO/ngJKK97XDpa1C587H9EWYO6KD8995DAjSinWvdHKRrCOXVUC5fvGOg==} + /@msgpackr-extract/msgpackr-extract-linux-arm@3.0.2: + resolution: {integrity: sha512-MOI9Dlfrpi2Cuc7i5dXdxPbFIgbDBGgKR5F2yWEa6FVEtSWncfVNKW5AKjImAQ6CZlBK9tympdsZJ2xThBiWWA==} cpu: [arm] os: [linux] dev: false optional: true - /@msgpackr-extract/msgpackr-extract-linux-x64@2.2.0: - resolution: {integrity: sha512-94y5PJrSOqUNcFKmOl7z319FelCLAE0rz/jPCWS+UtdMZvpa4jrQd+cJPQCLp2Fes1yAW/YUQj/Di6YVT3c3Iw==} + /@msgpackr-extract/msgpackr-extract-linux-x64@3.0.2: + resolution: {integrity: sha512-gsWNDCklNy7Ajk0vBBf9jEx04RUxuDQfBse918Ww+Qb9HCPoGzS+XJTLe96iN3BVK7grnLiYghP/M4L8VsaHeA==} cpu: [x64] os: [linux] dev: false optional: true - /@msgpackr-extract/msgpackr-extract-win32-x64@2.2.0: - resolution: {integrity: sha512-XrC0JzsqQSvOyM3t04FMLO6z5gCuhPE6k4FXuLK5xf52ZbdvcFe1yBmo7meCew9B8G2f0T9iu9t3kfTYRYROgA==} + /@msgpackr-extract/msgpackr-extract-win32-x64@3.0.2: + resolution: {integrity: sha512-O+6Gs8UeDbyFpbSh2CPEz/UOrrdWPTBYNblZK5CxxLisYt4kGX3Sc+czffFonyjiGSq3jWLwJS/CCJc7tBr4sQ==} cpu: [x64] os: [win32] dev: false @@ -10339,7 +10339,7 @@ packages: /@types/ioredis-mock@8.2.2: resolution: {integrity: sha512-bnbPHOjxy4TUDjRh61MMoK2QvDNZqrMDXJYrEDZP/HPFvBubR24CQ0DBi5lgWhLxG4lvVsXPRDXtZ03+JgonoQ==} dependencies: - ioredis: 5.2.4 + ioredis: 5.3.2 transitivePeerDependencies: - supports-color dev: true @@ -12709,17 +12709,15 @@ packages: - supports-color dev: false - /bull@4.10.2: - resolution: {integrity: sha512-xa65xtWjQsLqYU/eNaXxq9VRG8xd6qNsQEjR7yjYuae05xKrzbVMVj2QgrYsTMmSs/vsqJjHqHSRRiW1+IkGXQ==} + /bull@4.12.1: + resolution: {integrity: sha512-ft4hTmex7WGSHt56mydw9uRKskkvgiNwqTYiV9b6q3ubhplglQmjo9OZrHlcUVNwBqSBhnzlsJQ9N/Wd7nhENA==} engines: {node: '>=12'} dependencies: - cron-parser: 4.7.0 - debuglog: 1.0.1 + cron-parser: 4.9.0 get-port: 5.1.1 - ioredis: 5.2.4 + ioredis: 5.3.2 lodash: 4.17.21 - msgpackr: 1.8.1 - p-timeout: 3.2.0 + msgpackr: 1.10.1 semver: 7.5.4 uuid: 8.3.2 transitivePeerDependencies: @@ -13226,14 +13224,9 @@ packages: readable-stream: 2.3.7 dev: true - /cluster-key-slot@1.1.1: - resolution: {integrity: sha512-rwHwUfXL40Chm1r08yrhU3qpUvdVlgkKNeyeGPOxnW8/SyVDvgRaed/Uz54AqWNaTCAThlj6QAs3TZcKI0xDEw==} - engines: {node: '>=0.10.0'} - /cluster-key-slot@1.1.2: resolution: {integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==} engines: {node: '>=0.10.0'} - dev: false /co@4.6.0: resolution: {integrity: sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ==} @@ -13639,11 +13632,11 @@ packages: moment-timezone: 0.5.37 dev: false - /cron-parser@4.7.0: - resolution: {integrity: sha512-BdAELR+MCT2ZWsIBhZKDuUqIUCBjHHulPJnm53OfdRLA4EWBjva3R+KM5NeidJuGsNXdEcZkjC7SCnkW5rAFSA==} + /cron-parser@4.9.0: + resolution: {integrity: sha512-p0SaNjrHOnQeR8/VnfGbmg9te2kfyYSQ7Sc/j/6DtPL3JQvKxmjO9TSjNFpujqV3vEYYBvNNvXSxzyksBWAx1Q==} engines: {node: '>=12.0.0'} dependencies: - luxon: 3.3.0 + luxon: 3.4.4 dev: false /cron@1.7.2: @@ -17276,7 +17269,7 @@ packages: engines: {node: '>=0.10.0'} dev: true - /ioredis-mock@8.8.1(@types/ioredis-mock@8.2.2)(ioredis@5.2.4): + /ioredis-mock@8.8.1(@types/ioredis-mock@8.2.2)(ioredis@5.3.2): resolution: {integrity: sha512-zXSaDf86EcDFVf8jMOirWU6Js4WcwLd/cxwJiCh9EbD1GoHfeE/fVqLhLz/l1MkyL85Fb6MwfF2Fr/9819Ul9Q==} engines: {node: '>=12.22'} peerDependencies: @@ -17288,7 +17281,7 @@ packages: '@types/ioredis-mock': 8.2.2 fengari: 0.1.4 fengari-interop: 0.1.3(fengari@0.1.4) - ioredis: 5.2.4 + ioredis: 5.3.2 semver: 7.5.4 dev: true @@ -17311,12 +17304,12 @@ packages: - supports-color dev: false - /ioredis@5.2.4: - resolution: {integrity: sha512-qIpuAEt32lZJQ0XyrloCRdlEdUUNGG9i0UOk6zgzK6igyudNWqEBxfH6OlbnOOoBBvr1WB02mm8fR55CnikRng==} + /ioredis@5.3.2: + resolution: {integrity: sha512-1DKMMzlIHM02eBBVOFQ1+AolGjs6+xEcM4PDL7NqOS6szq7H9jSaEkIUH6/a5Hl241LzW6JLSiAbNvTQjUupUA==} engines: {node: '>=12.22.0'} dependencies: '@ioredis/commands': 1.2.0 - cluster-key-slot: 1.1.1 + cluster-key-slot: 1.1.2 debug: 4.3.4(supports-color@8.1.1) denque: 2.1.0 lodash.defaults: 4.2.0 @@ -20530,25 +20523,25 @@ packages: /ms@2.1.3: resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==} - /msgpackr-extract@2.2.0: - resolution: {integrity: sha512-0YcvWSv7ZOGl9Od6Y5iJ3XnPww8O7WLcpYMDwX+PAA/uXLDtyw94PJv9GLQV/nnp3cWlDhMoyKZIQLrx33sWog==} + /msgpackr-extract@3.0.2: + resolution: {integrity: sha512-SdzXp4kD/Qf8agZ9+iTu6eql0m3kWm1A2y1hkpTeVNENutaB0BwHlSvAIaMxwntmRUAUjon2V4L8Z/njd0Ct8A==} hasBin: true dependencies: - node-gyp-build-optional-packages: 5.0.3 + node-gyp-build-optional-packages: 5.0.7 optionalDependencies: - '@msgpackr-extract/msgpackr-extract-darwin-arm64': 2.2.0 - '@msgpackr-extract/msgpackr-extract-darwin-x64': 2.2.0 - '@msgpackr-extract/msgpackr-extract-linux-arm': 2.2.0 - '@msgpackr-extract/msgpackr-extract-linux-arm64': 2.2.0 - '@msgpackr-extract/msgpackr-extract-linux-x64': 2.2.0 - '@msgpackr-extract/msgpackr-extract-win32-x64': 2.2.0 + '@msgpackr-extract/msgpackr-extract-darwin-arm64': 3.0.2 + '@msgpackr-extract/msgpackr-extract-darwin-x64': 3.0.2 + '@msgpackr-extract/msgpackr-extract-linux-arm': 3.0.2 + '@msgpackr-extract/msgpackr-extract-linux-arm64': 3.0.2 + '@msgpackr-extract/msgpackr-extract-linux-x64': 3.0.2 + '@msgpackr-extract/msgpackr-extract-win32-x64': 3.0.2 dev: false optional: true - /msgpackr@1.8.1: - resolution: {integrity: sha512-05fT4J8ZqjYlR4QcRDIhLCYKUOHXk7C/xa62GzMKj74l3up9k2QZ3LgFc6qWdsPHl91QA2WLWqWc8b8t7GLNNw==} + /msgpackr@1.10.1: + resolution: {integrity: sha512-r5VRLv9qouXuLiIBrLpl2d5ZvPt8svdQTl5/vMvE4nzDMyEX4sgW5yWhuBBj5UmgwOTWj8CIdSXn5sAfsHAWIQ==} optionalDependencies: - msgpackr-extract: 2.2.0 + msgpackr-extract: 3.0.2 dev: false /mssql@8.1.4: @@ -20796,8 +20789,8 @@ packages: engines: {node: '>= 6.13.0'} dev: false - /node-gyp-build-optional-packages@5.0.3: - resolution: {integrity: sha512-k75jcVzk5wnnc/FMxsf4udAoTEUv2jY3ycfdSd3yWu6Cnd1oee6/CfZJApyscA4FJOmdoixWwiwOyf16RzD5JA==} + /node-gyp-build-optional-packages@5.0.7: + resolution: {integrity: sha512-YlCCc6Wffkx0kHkmam79GKvDQ6x+QZkMjFGrIMxgFNILFvGSbCp2fCBC55pGTT9gVaz8Na5CLmxt/urtzRv36w==} hasBin: true dev: false optional: true @@ -25640,7 +25633,7 @@ packages: dev: false patched: true - /typeorm@0.3.17(ioredis@5.2.4)(mysql2@2.3.3)(pg@8.8.0)(sqlite3@5.1.6): + /typeorm@0.3.17(ioredis@5.3.2)(mysql2@2.3.3)(pg@8.8.0)(sqlite3@5.1.6): resolution: {integrity: sha512-UDjUEwIQalO9tWw9O2A4GU+sT3oyoUXheHJy4ft+RFdnRdQctdQ34L9SqE2p7LdwzafHx1maxT+bqXON+Qnmig==} engines: {node: '>= 12.9.0'} hasBin: true @@ -25707,7 +25700,7 @@ packages: debug: 4.3.4(supports-color@8.1.1) dotenv: 16.3.1 glob: 8.1.0 - ioredis: 5.2.4 + ioredis: 5.3.2 mkdirp: 2.1.3 mysql2: 2.3.3 pg: 8.8.0