Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): Upgrade convict to address CVE-2023-0163 #5729

Merged
merged 1 commit into from
Mar 21, 2023
Merged

Conversation

netroy
Copy link
Member

@netroy netroy commented Mar 20, 2023

also, do not allow passing any cli arguments to config.

GitHub Advisory

also, do not allow passing any cli arguments to config.
@github-actions
Copy link
Contributor

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Files matching packages/**/*.ts:

  • Added unit tests to cover new or updated functionality.

Make sure to check off this list before asking for review.

@netroy netroy changed the title fix(core): upgrade convict to address CVE-2023-0163 fix(core): Upgrade convict to address CVE-2023-0163 Mar 20, 2023
@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Mar 20, 2023
@netroy netroy merged commit 564bc03 into master Mar 21, 2023
@netroy netroy deleted the convict-no-args branch March 21, 2023 08:47
@n8n-assistant n8n-assistant bot added the Upcoming Release Will be part of the upcoming release label Mar 21, 2023
@janober
Copy link
Member

janober commented Mar 30, 2023

Got released with [email protected]

sunilrr pushed a commit to fl-g6/qp-n8n that referenced this pull request Apr 24, 2023
fix(core): upgrade convict to address CVE-2023-0163

also, do not allow passing any cli arguments to config.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team Released security skip-e2e Upcoming Release Will be part of the upcoming release
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants