Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): Upgrade sheetjs to address CVE-2024-22363 #9498

Merged
merged 2 commits into from
May 23, 2024
Merged

Conversation

netroy
Copy link
Member

@netroy netroy commented May 23, 2024

Advisory

Related tickets and issues

https://community.n8n.io/t/1c2h-vulnerabilties-in-the-docker/46296

Review / Merge checklist

  • PR title and summary are descriptive

@n8n-assistant n8n-assistant bot added the n8n team Authored by the n8n team label May 23, 2024
@netroy netroy force-pushed the fix-CVE-2024-22363 branch from d03c71b to b118cc9 Compare May 23, 2024 11:06
@@ -109,7 +113,7 @@ describe('Execute Spreadsheet File Node', () => {
mimeType: 'text/html',
fileType: 'html',
fileExtension: 'html',
data: 'PGh0bWw+PGhlYWQ+PG1ldGEgY2hhcnNldD0idXRmLTgiLz48dGl0bGU+U2hlZXRKUyBUYWJsZSBFeHBvcnQ8L3RpdGxlPjwvaGVhZD48Ym9keT48dGFibGU+PHRyPjx0ZCBkYXRhLXQ9InMiIGRhdGEtdj0iQSIgaWQ9InNqcy1BMSI+QTwvdGQ+PHRkIGRhdGEtdD0icyIgZGF0YS12PSJCIiBpZD0ic2pzLUIxIj5CPC90ZD48dGQgZGF0YS10PSJzIiBkYXRhLXY9IkMiIGlkPSJzanMtQzEiPkM8L3RkPjwvdHI+PHRyPjx0ZCBkYXRhLXQ9Im4iIGRhdGEtdj0iMSIgaWQ9InNqcy1BMiI+MTwvdGQ+PHRkIGRhdGEtdD0ibiIgZGF0YS12PSIyIiBpZD0ic2pzLUIyIj4yPC90ZD48dGQgZGF0YS10PSJuIiBkYXRhLXY9IjMiIGlkPSJzanMtQzIiPjM8L3RkPjwvdHI+PHRyPjx0ZCBkYXRhLXQ9Im4iIGRhdGEtdj0iNCIgaWQ9InNqcy1BMyI+NDwvdGQ+PHRkIGRhdGEtdD0ibiIgZGF0YS12PSI1IiBpZD0ic2pzLUIzIj41PC90ZD48dGQgZGF0YS10PSJuIiBkYXRhLXY9IjYiIGlkPSJzanMtQzMiPjY8L3RkPjwvdHI+PC90YWJsZT48L2JvZHk+PC9odG1sPg==',
data: readBinaryFile('spreadsheet.html'),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is soo much better 😻

Copy link

cypress bot commented May 23, 2024

3 flaky tests on run #5112 ↗︎

0 363 0 0 Flakiness 3

Details:

🌳 🖥️ browsers:node18.12.0-chrome107 🤖 netroy 🗃️ e2e/*
Project: n8n Commit: b118cc9431
Status: Passed Duration: 04:48 💡
Started: May 23, 2024 12:56 PM Ended: May 23, 2024 1:01 PM
Flakiness  5-ndv.cy.ts • 1 flaky test

View Output Video

Test Artifacts
NDV > Stop listening for trigger event from NDV Screenshots Video
Flakiness  24-ndv-paired-item.cy.ts • 2 flaky tests

View Output Video

Test Artifacts
NDV > maps paired input and output items based on selected run Test Replay Screenshots Video
NDV > resolves expression with default item when input node is not parent, while still pairing items Test Replay Screenshots Video

Review all test suite changes for PR #9498 ↗︎

Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit 8737c09 into master May 23, 2024
28 checks passed
@netroy netroy deleted the fix-CVE-2024-22363 branch May 23, 2024 13:04
MiloradFilipovic added a commit that referenced this pull request May 24, 2024
* master:
  refactor(core): Use consistent CSRF state validation across oAuth controllers (#9104)
  feat(core): Print the name of the migration that cannot be reverted when using `n8n db:revert` (#9473)
  fix(editor): Hard load after logout to reset stores (no-changelog) (#9500)
  refactor(core): Stop reporting `EAUTH` error codes to Sentry (no-changelog) (#9496)
  fix(core): Upgrade sheetjs to address CVE-2024-22363 (#9498)
  refactor: Remove skipped tests (no-changelog) (#9497)
  feat(editor): Add initial code for NodeView and Canvas rewrite (no-changelog) (#9135)
  fix(editor): Show input panel with not connected message (#9495)
  fix(editor): Prevent XSS in node-issues tooltip (#9490)

# Conflicts:
#	pnpm-lock.yaml
@github-actions github-actions bot mentioned this pull request May 24, 2024
@janober
Copy link
Member

janober commented May 24, 2024

Got released with n8n@1.43.1

@github-actions github-actions bot mentioned this pull request May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
n8n team Authored by the n8n team Released
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants