Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Code Node): Update vm2 to address CVE-2023-30547 #6039

Merged
merged 1 commit into from
Apr 21, 2023
Merged

fix(Code Node): Update vm2 to address CVE-2023-30547 #6039

merged 1 commit into from
Apr 21, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented Apr 20, 2023

GH advisory: GHSA-ch3r-j5x3-6q2m

@github-actions
Copy link
Contributor

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Files matching packages/nodes-base/package.json:

  • Avoided adding dependencies for nodes if not absolutely necessary.

Make sure to check off this list before asking for review.

@n8n-assistant n8n-assistant bot added the n8n team Authored by the n8n team label Apr 20, 2023
@codecov
Copy link

codecov bot commented Apr 20, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (589f19e) 18.72% compared to head (ee7c11b) 18.72%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6039   +/-   ##
=======================================
  Coverage   18.72%   18.72%           
=======================================
  Files        2582     2582           
  Lines      116475   116475           
  Branches    18175    18175           
=======================================
  Hits        21810    21810           
  Misses      94027    94027           
  Partials      638      638

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

krynble
krynble approved these changes Apr 21, 2023
View reviewed changes
Copy link
Contributor

@krynble krynble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested some manual executions + webhooks, working fine.

@github-actions
Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit 8268f23 into master Apr 21, 2023
@netroy netroy deleted the fix-CVE-2023-30547 branch April 21, 2023 07:48
MiloradFilipovic added a commit that referenced this pull request Apr 21, 2023
@MiloradFilipovic
Merge branch 'master' into N8N-5677-refactor-workflows-store
f2c5398 
* master: (199 commits)
  feat(editor): Add disable template experiment (#5963)
  feat(core): Upgrade google-timezones-json to use the correct timezone for Sao Paulo (#6042)
  fix(Code Node): Update vm2 to address CVE-2023-30547 (#6039)
  docs: Add proprietary license text (no-changelog) (#6038)
  test(n8n Node): Unit tests (no-changelog)
  refactor: Accumulate `loadOptions` from all node versions to validate (no-changelog) (#6014)
  Update CHANGELOG.md
  feat: Add variables e2e tests (no-changelog) (#6027)
  fix(editor): Fix typo in SSO upgrade link (#6031)
  fix(editor): Add correct add variable button message when no variables created (no-changelog) (#6028)
  docs: Add api notice to credentials for google sheets nodes (no-changelog) (#6024)
  fix(Notion Node): Update credential test to not require user permissions (#6022)
  fix(editor): Clean up demo and template callouts from workflows page (#6023)
  fix(editor): Fix memory leak in Node Detail View by correctly unsubscribing from event buses (#6021)
  fix(editor): SettingsSidebar should disconnect from push when navigating away (#6025)
  fix(editor): Use fake timers in useDebounce.test.ts to make the test less flaky (no-changelog) (#6029)
  docs: Update the info URL for updating n8n (no-changelog) (#6018)
  fix(core): Improve domain and url matching for extractDomain and extractUrl (#6010)
  feat(core): Add SSH key generation (#6006)
  fix(editor): Update SSO upgrade link (#6016)
  ...

# Conflicts:
#	packages/editor-ui/src/components/WorkflowShareModal.ee.vue
#	packages/editor-ui/src/stores/workflows.ts
#	packages/editor-ui/src/views/NodeView.vue
MiloradFilipovic added a commit that referenced this pull request Apr 24, 2023
@MiloradFilipovic
Merge branch 'master' into feature/resource-mapping-component
ae6929d 
* master: (47 commits)
  feat: Replace Vue.extend with defineComponent in editor-ui (no-changelog) (#6033)
  feat(core): Add migration to add property userActivated to user settings (no-changelog) (#5940)
  feat(core): Add license:info command (#6047)
  feat: Replace this.$refs.refName as Vue with InstanceType<T> (no-changelog) (#6050)
  refactor(editor): Turn titleChange mixin to composable (#6059)
  test: Add stickies tests (#5413)
  refactor: Patch to adjust `consistent-type-imports` (no-changelog) (#6057)
  fix(editor): Resolve expressions for grandparent nodes (#5859)
  ci(editor): Do not run parallel jobs for a single spec (no-changelog) (#6052)
  refactor(editor): Consolidate IN8nUISettings interface (#6055)
  refactor(core): Forbid raw enums (no-changelog)
  refactor(core): Sort variables files under variables folder (#6051)
  fix(core): Add breaking change record for domain and url matching (no-changelog) (#6048)
  feat(editor): Version control paywall (WIP) (#6030)
  feat(editor): Add disable template experiment (#5963)
  feat(core): Upgrade google-timezones-json to use the correct timezone for Sao Paulo (#6042)
  fix(Code Node): Update vm2 to address CVE-2023-30547 (#6039)
  docs: Add proprietary license text (no-changelog) (#6038)
  test(n8n Node): Unit tests (no-changelog)
  refactor: Accumulate `loadOptions` from all node versions to validate (no-changelog) (#6014)
  ...

# Conflicts:
#	packages/cli/src/Server.ts
netroy added a commit that referenced this pull request Apr 24, 2023
@netroy
fix(Code Node): Update vm2 to address CVE-2023-30547 (#6039)
e38911b
netroy added a commit that referenced this pull request Apr 24, 2023
@netroy
fix(Code Node): Update vm2 to address CVE-2023-30547 (#6039)
df01660
netroy added a commit that referenced this pull request Apr 24, 2023
@netroy
fix(Code Node): Update vm2 to address CVE-2023-30547 (#6039)
6cd15bd
sunilrr pushed a commit to fl-g6/qp-n8n that referenced this pull request Apr 24, 2023
@netroy @sunilrr
fix(Code Node): Update vm2 to address CVE-2023-30547 (n8n-io#6039)
33b7715
netroy added a commit that referenced this pull request Apr 25, 2023
@netroy
fix(Code Node): Update vm2 to address CVE-2023-30547 (#6039)
f1ca4e2
@janober
Copy link
Member

janober commented Apr 25, 2023

Got released with [email protected]

@CajuCLC CajuCLC mentioned this pull request Apr 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krynble krynble krynble approved these changes

Assignees
No one assigned
Labels
n8n team Authored by the n8n team Released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@netroy @janober @krynble