fix(core): Update packages to address CVE-2023-2142 and CVE-2020-28469 (

#6844) GH Advisories: [ CVE-2023-2142](GHSA-x77j-w7wf-fjmw) [CVE-2020-28469](GHSA-ww39-953v-wcq6) --------- Co-authored-by: Marcus <[email protected]>
n8n-io · Aug 17, 2023 · 6dd0850 · 6dd0850
1 parent 3e4483a
commit 6dd0850
Show file tree

Hide file tree

Showing 5 changed files with 123 additions and 91 deletions.
diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -124,7 +124,7 @@
     "cookie-parser": "^1.4.6",
     "crypto-js": "~4.1.1",
     "csrf": "^3.1.0",
-    "curlconverter": "^3.0.0",
+    "curlconverter": "3.21.0",
     "dotenv": "^8.0.0",
     "express": "^4.18.2",
     "express-async-errors": "^3.1.1",

diff --git a/packages/nodes-base/nodes/MQTT/Mqtt.node.ts b/packages/nodes-base/nodes/MQTT/Mqtt.node.ts
@@ -9,7 +9,7 @@ import type {
 	INodeTypeDescription,
 } from 'n8n-workflow';
 
-import mqtt from 'mqtt';
+import * as mqtt from 'mqtt';
 
 export class Mqtt implements INodeType {
 	description: INodeTypeDescription = {
@@ -155,7 +155,7 @@ export class Mqtt implements INodeType {
 						client = mqtt.connect(brokerUrl, clientOptions);
 					}
 
-					await new Promise((resolve, reject): any => {
+					await new Promise((resolve, reject) => {
 						client.on('connect', (test) => {
 							resolve(test);
 							client.end();
@@ -168,7 +168,7 @@ export class Mqtt implements INodeType {
 				} catch (error) {
 					return {
 						status: 'Error',
-						message: error.message,
+						message: (error as Error).message,
 					};
 				}
 				return {
@@ -232,7 +232,7 @@ export class Mqtt implements INodeType {
 
 		const sendInputData = this.getNodeParameter('sendInputData', 0) as boolean;
 
-		const data = await new Promise((resolve, reject): any => {
+		const data = await new Promise((resolve, reject) => {
 			client.on('connect', () => {
 				for (let i = 0; i < length; i++) {
 					let message;
@@ -256,7 +256,7 @@ export class Mqtt implements INodeType {
 					resolve([items]);
 				});
 
-				client.on('error', (e: string | undefined) => {
+				client.on('error', (e) => {
 					reject(e);
 				});
 			});

diff --git a/packages/nodes-base/nodes/MQTT/MqttTrigger.node.ts b/packages/nodes-base/nodes/MQTT/MqttTrigger.node.ts
@@ -7,7 +7,7 @@ import type {
 } from 'n8n-workflow';
 import { NodeOperationError } from 'n8n-workflow';
 
-import mqtt from 'mqtt';
+import * as mqtt from 'mqtt';
 
 export class MqttTrigger implements INodeType {
 	description: INodeTypeDescription = {
@@ -142,9 +142,9 @@ export class MqttTrigger implements INodeType {
 		const manualTriggerFunction = async () => {
 			await new Promise((resolve, reject) => {
 				client.on('connect', () => {
-					client.subscribe(topicsQoS as mqtt.ISubscriptionMap, (err, _granted) => {
-						if (err) {
-							reject(err);
+					client.subscribe(topicsQoS as mqtt.ISubscriptionMap, (error, _granted) => {
+						if (error) {
+							reject(error);
 						}
 						client.on('message', (topic: string, message: Buffer | string) => {
 							let result: IDataObject = {};
@@ -154,7 +154,7 @@ export class MqttTrigger implements INodeType {
 							if (options.jsonParseBody) {
 								try {
 									message = JSON.parse(message.toString());
-								} catch (error) {}
+								} catch (e) {}
 							}
 
 							result.message = message;

diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json
@@ -817,7 +817,7 @@
     "moment": "~2.29.2",
     "moment-timezone": "^0.5.28",
     "mongodb": "^4.9.1",
-    "mqtt": "4.2.6",
+    "mqtt": "^5.0.2",
     "mssql": "^8.1.2",
     "mysql2": "~2.3.0",
     "n8n-workflow": "workspace:*",