From 3996d2852a2e2a056af008a8f1a1c6cec9ba6084 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Wed, 24 Apr 2024 11:03:21 +0200 Subject: [PATCH] fix(core): Upgrade mysql2 to address CVE-2024-21511 (#9206) --- packages/cli/package.json | 2 +- packages/nodes-base/package.json | 2 +- pnpm-lock.yaml | 36 ++++++++++++++++---------------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/packages/cli/package.json b/packages/cli/package.json index 6b7833da52178..ab91479e6d20f 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -142,7 +142,7 @@ "ldapts": "4.2.6", "lodash": "4.17.21", "luxon": "3.3.0", - "mysql2": "3.9.5", + "mysql2": "3.9.7", "n8n-core": "workspace:*", "n8n-editor-ui": "workspace:*", "n8n-nodes-base": "workspace:*", diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json index 403fa4b5e6389..6665da4f5e139 100644 --- a/packages/nodes-base/package.json +++ b/packages/nodes-base/package.json @@ -872,7 +872,7 @@ "mongodb": "6.3.0", "mqtt": "5.0.2", "mssql": "10.0.2", - "mysql2": "3.9.5", + "mysql2": "3.9.7", "n8n-workflow": "workspace:*", "nanoid": "3.3.6", "node-html-markdown": "1.2.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0f9fc38eed5d5..b45084b7146f1 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -477,7 +477,7 @@ importers: dependencies: '@langchain/community': specifier: 0.0.44 - version: 0.0.44(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.5)(pg@8.11.3)(ws@8.14.2) + version: 0.0.44(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.7)(pg@8.11.3)(ws@8.14.2) '@langchain/core': specifier: 0.1.41 version: 0.1.41 @@ -498,7 +498,7 @@ importers: version: link:../@n8n/permissions '@n8n/typeorm': specifier: 0.3.20-8 - version: 0.3.20-8(@sentry/node@7.87.0)(ioredis@5.3.2)(mysql2@3.9.5)(pg@8.11.3)(sqlite3@5.1.7) + version: 0.3.20-8(@sentry/node@7.87.0)(ioredis@5.3.2)(mysql2@3.9.7)(pg@8.11.3)(sqlite3@5.1.7) '@n8n_io/license-sdk': specifier: 2.10.0 version: 2.10.0 @@ -621,7 +621,7 @@ importers: version: 9.0.2 langchain: specifier: 0.1.25 - version: 0.1.25(axios@1.6.7)(handlebars@4.7.8)(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.5)(pg@8.11.3)(ws@8.14.2) + version: 0.1.25(axios@1.6.7)(handlebars@4.7.8)(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.7)(pg@8.11.3)(ws@8.14.2) ldapts: specifier: 4.2.6 version: 4.2.6 @@ -632,8 +632,8 @@ importers: specifier: 3.3.0 version: 3.3.0 mysql2: - specifier: 3.9.5 - version: 3.9.5 + specifier: 3.9.7 + version: 3.9.7 n8n-core: specifier: workspace:* version: link:../core @@ -1378,8 +1378,8 @@ importers: specifier: 10.0.2 version: 10.0.2 mysql2: - specifier: 3.9.5 - version: 3.9.5 + specifier: 3.9.7 + version: 3.9.7 n8n-workflow: specifier: workspace:* version: link:../workflow @@ -6051,7 +6051,7 @@ packages: - supports-color dev: false - /@langchain/community@0.0.44(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.5)(pg@8.11.3)(ws@8.14.2): + /@langchain/community@0.0.44(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.7)(pg@8.11.3)(ws@8.14.2): resolution: {integrity: sha512-II9Hz90jJmfWRICtxTg1auQWzFw0npqacWiiOpaxNhzs6rptdf56gyfC48Z6n1ii4R8FfAlfX6YxhOE7lGGKXg==} engines: {node: '>=18'} peerDependencies: @@ -6338,7 +6338,7 @@ packages: jsonwebtoken: 9.0.2 langsmith: 0.1.12 lodash: 4.17.21 - mysql2: 3.9.5 + mysql2: 3.9.7 pg: 8.11.3 uuid: 9.0.1 ws: 8.14.2 @@ -6643,7 +6643,7 @@ packages: recast: 0.22.0 dev: false - /@n8n/typeorm@0.3.20-8(@sentry/node@7.87.0)(ioredis@5.3.2)(mysql2@3.9.5)(pg@8.11.3)(sqlite3@5.1.7): + /@n8n/typeorm@0.3.20-8(@sentry/node@7.87.0)(ioredis@5.3.2)(mysql2@3.9.7)(pg@8.11.3)(sqlite3@5.1.7): resolution: {integrity: sha512-WJFa9Pg6BJVS1dEe1xFRQcLtvjKx2O1KTgI6pFrTTcH7zZMy3qNww7A3HIrW/LvzCu0+rnSfHU4GvDg5/oJhlg==} engines: {node: '>=16.13.0'} hasBin: true @@ -6719,7 +6719,7 @@ packages: glob: 10.3.10 ioredis: 5.3.2 mkdirp: 2.1.3 - mysql2: 3.9.5 + mysql2: 3.9.7 pg: 8.11.3 reflect-metadata: 0.2.1 sha.js: 2.4.11 @@ -9237,7 +9237,7 @@ packages: ts-dedent: 2.2.0 type-fest: 2.19.0 vue: 3.4.21(typescript@5.4.2) - vue-component-type-helpers: 2.0.13 + vue-component-type-helpers: 2.0.14 transitivePeerDependencies: - encoding - supports-color @@ -18603,7 +18603,7 @@ packages: - voy-search dev: false - /langchain@0.1.25(axios@1.6.7)(handlebars@4.7.8)(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.5)(pg@8.11.3)(ws@8.14.2): + /langchain@0.1.25(axios@1.6.7)(handlebars@4.7.8)(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.7)(pg@8.11.3)(ws@8.14.2): resolution: {integrity: sha512-sfEChvr4H2CklHdSByNBbytwBrFhgtA5kPOnwcBrxuXGg1iOaTzhVxQA0QcNcQucI3hZrsNbZjxGp+Can1ooZQ==} engines: {node: '>=18'} peerDependencies: @@ -18763,7 +18763,7 @@ packages: optional: true dependencies: '@anthropic-ai/sdk': 0.9.1 - '@langchain/community': 0.0.44(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.5)(pg@8.11.3)(ws@8.14.2) + '@langchain/community': 0.0.44(ioredis@5.3.2)(jsonwebtoken@9.0.2)(lodash@4.17.21)(mysql2@3.9.7)(pg@8.11.3)(ws@8.14.2) '@langchain/core': 0.1.41 '@langchain/openai': 0.0.16 axios: 1.6.7 @@ -20111,8 +20111,8 @@ packages: engines: {node: '>=12.0.0'} dev: true - /mysql2@3.9.5: - resolution: {integrity: sha512-idfCjWgJEIU2zToiAsy1UO9RQ+VvCrbfB9458LrComY7mJmAIvjdD+/58VmNLFUeQpKE4xZZqD+yZe3tlu62NQ==} + /mysql2@3.9.7: + resolution: {integrity: sha512-KnJT8vYRcNAZv73uf9zpXqNbvBG7DJrs+1nACsjZP1HMJ1TgXEy8wnNilXAn/5i57JizXKtrUtwDB7HxT9DDpw==} engines: {node: '>= 8.0'} dependencies: denque: 2.1.0 @@ -25914,8 +25914,8 @@ packages: resolution: {integrity: sha512-0vOfAtI67UjeO1G6UiX5Kd76CqaQ67wrRZiOe7UAb9Jm6GzlUr/fC7CV90XfwapJRjpCMaZFhv1V0ajWRmE9Dg==} dev: true - /vue-component-type-helpers@2.0.13: - resolution: {integrity: sha512-xNO5B7DstNWETnoYflLkVgh8dK8h2ZDgxY1M2O0zrqGeBNq5yAZ8a10yCS9+HnixouNGYNX+ggU9MQQq86HTpg==} + /vue-component-type-helpers@2.0.14: + resolution: {integrity: sha512-DInfgOyXlMyliyqAAD9frK28tTfch0+tMi4qoWJcZlRxUf+NFAtraJBnAsKLep+FOyLMiajkhfyEb3xLK08i7w==} dev: true /vue-demi@0.14.5(vue@3.4.21):