fix: Upgrade amqplib to address CVE-2022-0686 (#4972)

n8n-io · Dec 19, 2022 · 570ed3b · 570ed3b
1 parent 3754c49
commit 570ed3b
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 31 deletions.
diff --git a/packages/nodes-base/nodes/RabbitMQ/GenericFunctions.ts b/packages/nodes-base/nodes/RabbitMQ/GenericFunctions.ts
@@ -2,12 +2,6 @@ import { IDataObject, IExecuteFunctions, ITriggerFunctions, sleep } from 'n8n-wo
 
 import * as amqplib from 'amqplib';
 
-declare module 'amqplib' {
-	interface Channel {
-		connection: amqplib.Connection;
-	}
-}
-
 export async function rabbitmqConnect(
 	this: IExecuteFunctions | ITriggerFunctions,
 	options: IDataObject,

diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json
@@ -725,7 +725,7 @@
     ]
   },
   "devDependencies": {
-    "@types/amqplib": "^0.8.2",
+    "@types/amqplib": "^0.10.1",
     "@types/aws4": "^1.5.1",
     "@types/basic-auth": "^1.1.2",
     "@types/cheerio": "^0.22.15",
@@ -758,7 +758,7 @@
   "dependencies": {
     "@kafkajs/confluent-schema-registry": "1.0.6",
     "@types/js-nacl": "^1.3.0",
-    "amqplib": "^0.8.0",
+    "amqplib": "^0.10.3",
     "aws4": "^1.8.0",
     "basic-auth": "^2.0.1",
     "change-case": "^4.1.1",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml