Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(editor): Upgrade frontend tooling to address a few vulnerabilities #8100

Merged
merged 2 commits into from
Dec 19, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented Dec 19, 2023

This addresses CVE-2023-49293, CVE-2023-48631, and CVE-2023-26364

Review / Merge checklist

  • PR title and summary are descriptive.

@n8n-assistant n8n-assistant bot added n8n team Authored by the n8n team ui Enhancement in /editor-ui or /design-system labels Dec 19, 2023
@netroy netroy changed the title feat(editor): Upgrade frontend tooling to address CVE-2023-49293 feat(editor): Upgrade frontend tooling to address a few vulnerabilities Dec 19, 2023
@netroy netroy requested a review from OlegIvaniv December 19, 2023 16:53
Copy link
Contributor

⚠️ Some Cypress E2E specs are failing, please fix them before merging

Copy link

cypress bot commented Dec 19, 2023

1 flaky test on run #3419 ↗︎

0 313 5 0 Flakiness 1

Details:

🌳 🖥️ browsers:node18.12.0-chrome107 🤖 netroy 🗃️ e2e/*
Project: n8n Commit: e7ca00d78d
Status: Passed Duration: 06:37 💡
Started: Dec 19, 2023 5:43 PM Ended: Dec 19, 2023 5:50 PM
Flakiness  cypress/e2e/24-ndv-paired-item.cy.ts • 1 flaky test

View Output Video

Test Artifacts
NDV > resolves expression with default item when input node is not parent, while still pairing items Screenshots Video

Review all test suite changes for PR #8100 ↗︎

Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit 19b7f1f into master Dec 19, 2023
21 checks passed
@netroy netroy deleted the upgrade-vite branch December 19, 2023 18:23
MiloradFilipovic added a commit that referenced this pull request Dec 21, 2023
* master: (22 commits)
  fix(editor): Make keyboard shortcuts more strict; don't accept extra Ctrl/Alt/Shift keys (#8024)
  fix(core):  Downgrade Rudderstack SDK (no-changelog) (#8107)
  fix(editor): Move versions check to init function and refactor store (no-changelog) (#8067)
  refactor(editor): Add telemetry for SSO/SAML (no-changelog) (#8102)
  fix(editor): Ensure execution data overrides pinned data when copying in executions view (#8009)
  fix(editor): Fix copy/paste issue when switch node is in workflow (#8103)
  feat(editor): Upgrade frontend tooling to address a few vulnerabilities (#8100)
  feat(editor): De-duplicate frontend devDependencies (no-changelog) (#8094)
  refactor(core): Improve test-webhooks (no-changelog) (#8069)
  refactor: Add telemetry for RBAC (no-changelog) (#8056)
  feat(core): Upgrade Rudderstack SDK (no-changelog) (#8090)
  fix: Upgrade axios to address CVE-2023-45857 (#7713)
  fix(core): Do not display error when stopping jobless execution in queue mode (#8007)
  feat(editor): Gracefully ignore invalid payloads in postMessage handler (#8096)
  feat(editor): Add lead enrichment suggestions to workflow list (#8042)
  refactor(Discord Node): Stop reporting to Sentry inaccessible guild error (no-changelog) (#8095)
  feat: Add opt-in enterprise license trial checkbox (no-changelog) (#7826)
  ci: Remove unnecessary async/await, enable await-thenable linting rule (no-changelog) (#8076)
  refactor(editor): Add telemetry for log streaming (no-changelog) (#8075)
  fix(core): Use relative imports for dynamic imports in SecurityAuditService (#8086)
  ...
@github-actions github-actions bot mentioned this pull request Dec 21, 2023
ivov added a commit that referenced this pull request Dec 21, 2023
#
[1.22.0](https://github.com/n8n-io/n8n/compare/[email protected]@1.22.0)
(2023-12-21)


### Bug Fixes

* **core:** Close db connection gracefully when exiting
([#8045](#8045))
([e69707e](e69707e))
* **core:** Consider timeout in shutdown an error
([#8050](#8050))
([4cae976](4cae976))
* **core:** Do not display error when stopping jobless execution in
queue mode ([#8007](#8007))
([8e6b951](8e6b951))
* **core:** Fix shutdown if terminating before hooks are initialized
([#8047](#8047))
([6ae2f5e](6ae2f5e))
* **core:** Handle multiple termination signals correctly
([#8046](#8046))
([67bd8ad](67bd8ad))
* **core:** Initialize queue once in queue mode
([#8025](#8025))
([53c0b49](53c0b49))
* **core:** Prevent axios from force setting a form-urlencoded
content-type ([#8117](#8117))
([bba9576](bba9576))
* **core:** Remove circular references before serializing executions in
public API ([#8043](#8043))
([989888d](989888d))
* **core:** Restore workflow ID during execution creation
([#8031](#8031))
([c5e6ba8](c5e6ba8))
* **core:** Use relative imports for dynamic imports in
SecurityAuditService ([#8086](#8086))
([785bf99](785bf99))
* **core:** Stop binary data restoration from preventing execution from
finishing ([#8082](#8082))
([5ffff1b](5ffff1b))
* **editor:** Add back credential `use` permission
([#8023](#8023))
([329e5bf](329e5bf))
* **editor:** Cleanup Executions page component
([#8053](#8053))
([2689c37](2689c37))
* **editor:** Disable auto scroll and list size check when clicking on
executions ([#7983](#7983))
([fcb8b91](fcb8b91))
* **editor:** Ensure execution data overrides pinned data when copying
in executions view ([#8009](#8009))
([1d1cb0d](1d1cb0d))
* **editor:** Fix copy/paste issue when switch node is in workflow
([#8103](#8103))
([4b86926](4b86926))
* **editor:** Make keyboard shortcuts more strict; don't accept extra
Ctrl/Alt/Shift keys ([#8024](#8024))
([8df49e1](8df49e1))
* **editor:** Show credential share info only to appropriate users
([#8020](#8020))
([b29b4d4](b29b4d4))
* **editor:** Turn off executions list auto-refresh after leaving the
page ([#8005](#8005))
([e3c363d](e3c363d))
* **editor:** Update image sizes in template description not to be full
width always ([#8037](#8037))
([63a6e7e](63a6e7e))
* **ActiveCampaign Node:** Fix pagination issue when loading tags
([#8017](#8017))
([1943857](1943857))
* **HTTP Request Node:** Do not create circular references in HTTP
request node output ([#8030](#8030))
([5b7ea16](5b7ea16))
* Upgrade axios to address CVE-2023-45857
([#7713](#7713))
([64eb9bb](64eb9bb))


### Features

* Add option to `returnIntermediateSteps` for AI agents
([#8113](#8113))
([7806a65](7806a65))
* **core:** Add config option to prefer GET request over LIST when using
Hashicorp Vault ([#8049](#8049))
([439a22d](439a22d))
* **core:** Add N8N_GRACEFUL_SHUTDOWN_TIMEOUT env var
([#8068](#8068))
([614f488](614f488))
* **editor:** Add lead enrichment suggestions to workflow list
([#8042](#8042))
([36a923c](36a923c))
* **editor:** Finalize workers view
([#8052](#8052))
([edfa784](edfa784))
* **editor:** Gracefully ignore invalid payloads in postMessage handler
([#8096](#8096))
([9d22c7a](9d22c7a))
* **editor:** Upgrade frontend tooling to address a few vulnerabilities
([#8100](#8100))
([19b7f1f](19b7f1f))
* **Filter Node:** Overhaul UI by adding the new filter component
([#8016](#8016))
([3d53052](3d53052))
* **Respond to Webhook Node:** Overhaul with improvements like returning
all items ([#8093](#8093))
([32d397e](32d397e))


### Performance Improvements

* **editor:** Improve canvas rendering performance
([#8022](#8022))
([b780436](b780436))

Co-authored-by: ivov <[email protected]>
@janober
Copy link
Member

janober commented Dec 21, 2023

Got released with [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
n8n team Authored by the n8n team Released ui Enhancement in /editor-ui or /design-system
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants