Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): Update xml2js to address CVE-2023-0842 #5948

Merged
merged 1 commit into from
Apr 11, 2023
Merged

Conversation

netroy
Copy link
Member

@netroy netroy commented Apr 11, 2023

GH advisory: GHSA-776f-qx25-q3cc

@github-actions
Copy link
Contributor

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

  • If fixing bug, added test to cover scenario.
  • If addressing forum or Github issue, added link to description.

Make sure to check off this list before asking for review.

@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Apr 11, 2023
@github-actions
Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit 3085ed9 into master Apr 11, 2023
@netroy netroy deleted the upgrade-xml2js branch April 11, 2023 13:05
netroy added a commit that referenced this pull request Apr 11, 2023
netroy added a commit that referenced this pull request Apr 11, 2023
MiloradFilipovic added a commit that referenced this pull request Apr 13, 2023
* master: (62 commits)
  fix(editor): Redirect to home page after saving data on SAML onboarding page (no-changelog) (#5961)
  feat: Replace Vue.extend with defineComponent in design system (no-changelog) (#5918)
  feat(MySQL Node): Overhaul
  fix(OpenAI Node): Update models to only show those supported (#5805)
  ci: Add test for wait node (no-changelog) (#5414)
  fix(Github Trigger Node): Remove content_reference event (#5830)
  ci: Validate load options methods in nodes-base (no-changelog) (#5862)
  ci: Use `--chown=node:node` in COPY commands in the custom docker image (no-changelog) (#5913)
  🚀 Release 0.224.0 (#5957)
  fix(NocoDB Node): Fix for updating or deleting rows with not default primary keys
  fix(HTTP Request Node): Show detailed error message in the UI again (#5959)
  ci: Prevent skipping of E2E fail job (no-changelog) (#5958)
  ci: Fix E2E tests on master (no-changelog) (#5960)
  refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953)
  fix(core): Validate customData keys and values (#5920) (no-changelog)
  feat(editor): Add user activation survey (#5677)
  fix(editor): Update vite legacy-plugin browser target (no-changelog) (#5952)
  docs: Fix typo in AWS S3 and S3 nodes for parent folder key (#5933)
  fix(core): Update xml2js to address CVE-2023-0842 (#5948)
  fix(Code Node): Update vm2 to address CVE-2023-29017 (#5947)
  ...

# Conflicts:
#	packages/workflow/src/Interfaces.ts
MiloradFilipovic added a commit that referenced this pull request Apr 13, 2023
…rce-mapper-ui

* feature/resource-mapping-component: (62 commits)
  fix(editor): Redirect to home page after saving data on SAML onboarding page (no-changelog) (#5961)
  feat: Replace Vue.extend with defineComponent in design system (no-changelog) (#5918)
  feat(MySQL Node): Overhaul
  fix(OpenAI Node): Update models to only show those supported (#5805)
  ci: Add test for wait node (no-changelog) (#5414)
  fix(Github Trigger Node): Remove content_reference event (#5830)
  ci: Validate load options methods in nodes-base (no-changelog) (#5862)
  ci: Use `--chown=node:node` in COPY commands in the custom docker image (no-changelog) (#5913)
  🚀 Release 0.224.0 (#5957)
  fix(NocoDB Node): Fix for updating or deleting rows with not default primary keys
  fix(HTTP Request Node): Show detailed error message in the UI again (#5959)
  ci: Prevent skipping of E2E fail job (no-changelog) (#5958)
  ci: Fix E2E tests on master (no-changelog) (#5960)
  refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953)
  fix(core): Validate customData keys and values (#5920) (no-changelog)
  feat(editor): Add user activation survey (#5677)
  fix(editor): Update vite legacy-plugin browser target (no-changelog) (#5952)
  docs: Fix typo in AWS S3 and S3 nodes for parent folder key (#5933)
  fix(core): Update xml2js to address CVE-2023-0842 (#5948)
  fix(Code Node): Update vm2 to address CVE-2023-29017 (#5947)
  ...

# Conflicts:
#	packages/workflow/src/Interfaces.ts
@janober
Copy link
Member

janober commented Apr 19, 2023

Got released with [email protected]

sunilrr pushed a commit to fl-g6/qp-n8n that referenced this pull request Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team Released
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants