mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2024-09-19 22:37:31 -07:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ci: Upgrade express to address CVE-2024-43796 (no-changelog) (#10785)

Browse source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2024-09-12 11:58:36 +02:00 committed by GitHub
parent 7d6ec6544e
commit 3b78094ffa
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 86 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
packages/cli/package.json
View file

@ -112,7 +112,7 @@
"csrf": "3.1.0",
"curlconverter": "3.21.0",
"dotenv": "8.6.0",
"express": "4.19.2",
"express": "4.21.0",
"express-async-errors": "3.1.1",
"express-handlebars": "7.1.2",
"express-openapi-validator": "5.3.3",

180
pnpm-lock.yaml
View file

@ -744,23 +744,23 @@ importers:
specifier: 8.6.0
version: 8.6.0
express:
specifier: 4.19.2
version: 4.19.2
specifier: 4.21.0
version: 4.21.0
express-async-errors:
specifier: 3.1.1
version: 3.1.1(express@4.19.2)
version: 3.1.1(express@4.21.0)
express-handlebars:
specifier: 7.1.2
version: 7.1.2
express-openapi-validator:
specifier: 5.3.3
version: 5.3.3(express@4.19.2)
version: 5.3.3(express@4.21.0)
express-prom-bundle:
specifier: 6.6.0
version: 6.6.0(prom-client@13.2.0)
express-rate-limit:
specifier: 7.2.0
version: 7.2.0(express@4.19.2)
version: 7.2.0(express@4.21.0)
fast-glob:
specifier: 'catalog:'
version: 3.2.12
@ -898,7 +898,7 @@ importers:
version: 1.17.0
swagger-ui-express:
specifier: 5.0.0
version: 5.0.0(express@4.19.2)
version: 5.0.0(express@4.21.0)
syslog-client:
specifier: 1.1.1
version: 1.1.1
@ -6786,8 +6786,8 @@ packages:
bn.js@5.2.1:
resolution: {integrity: sha512-eXRvHzWyYPBuB4NBy0cmYQjGitUrtqwbvlzP3G6VFnNRbsZQIxQ10PbKKHt8gZ/HW/D/747aDl+QkDqg3KQLMQ==}
body-parser@1.20.2:
resolution: {integrity: sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==}
body-parser@1.20.3:
resolution: {integrity: sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==}
engines: {node: '>= 0.8', npm: 1.2.8000 || >= 1.4.16}
boolbase@1.0.0:
@ -6897,9 +6897,6 @@ packages:
resolution: {integrity: sha512-A+Fezp4zxnit6FanDmv9EqXNAi3vt9DWp51/71UEhXukb7QUuvtv9344h91dyAxuTLoSYJFU299qzR3tzwPAhw==}
engines: {node: '>=6'}
call-bind@1.0.2:
resolution: {integrity: sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==}
call-bind@1.0.7:
resolution: {integrity: sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==}
engines: {node: '>= 0.4'}
@ -7840,6 +7837,10 @@ packages:
resolution: {integrity: sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==}
engines: {node: '>= 0.8'}
encodeurl@2.0.0:
resolution: {integrity: sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==}
engines: {node: '>= 0.8'}
encoding-japanese@2.0.0:
resolution: {integrity: sha512-++P0RhebUC8MJAwJOsT93dT+5oc5oPImp1HubZpAuCZ5kTLnhuuBhKHj2jJeO/Gj93idPBWmIuQ9QWMe5rX3pQ==}
engines: {node: '>=8.10.0'}
@ -8254,8 +8255,8 @@ packages:
peerDependencies:
express: 4 || 5 || ^5.0.0-beta.1
express@4.19.2:
resolution: {integrity: sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==}
express@4.21.0:
resolution: {integrity: sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==}
engines: {node: '>= 0.10.0'}
extend@3.0.2:
@ -8388,8 +8389,8 @@ packages:
resolution: {integrity: sha512-8rXg1ZnX7xzy2NGDVkBVaAy+lSlPNwad13BtgSlLuxfIslyt5Vg64U7tFcCt4WS1R0hvtnQybT/IyCkGZ3DpXQ==}
engines: {node: '>=0.10.0'}
finalhandler@1.2.0:
resolution: {integrity: sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==}
finalhandler@1.3.1:
resolution: {integrity: sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==}
engines: {node: '>= 0.8'}
find-cache-dir@2.1.0:
@ -8590,9 +8591,6 @@ packages:
get-func-name@2.0.2:
resolution: {integrity: sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==}
get-intrinsic@1.2.1:
resolution: {integrity: sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==}
get-intrinsic@1.2.4:
resolution: {integrity: sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==}
engines: {node: '>= 0.4'}
@ -8785,10 +8783,6 @@ packages:
has-property-descriptors@1.0.2:
resolution: {integrity: sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==}
has-proto@1.0.1:
resolution: {integrity: sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==}
engines: {node: '>= 0.4'}
has-proto@1.0.3:
resolution: {integrity: sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==}
engines: {node: '>= 0.4'}
@ -10274,8 +10268,8 @@ packages:
mensch@0.3.4:
resolution: {integrity: sha512-IAeFvcOnV9V0Yk+bFhYR07O3yNina9ANIN5MoXBKYJ/RLYPurd2d0yw14MDhpr9/momp0WofT1bPUh3hkzdi/g==}
merge-descriptors@1.0.1:
resolution: {integrity: sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==}
merge-descriptors@1.0.3:
resolution: {integrity: sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==}
merge-stream@2.0.0:
resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==}
@ -10906,10 +10900,6 @@ packages:
resolution: {integrity: sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==}
engines: {node: '>= 0.4'}
object.assign@4.1.4:
resolution: {integrity: sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==}
engines: {node: '>= 0.4'}
object.assign@4.1.5:
resolution: {integrity: sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==}
engines: {node: '>= 0.4'}
@ -11155,8 +11145,8 @@ packages:
resolution: {integrity: sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==}
engines: {node: '>=16 || 14 >=14.17'}
path-to-regexp@0.1.7:
resolution: {integrity: sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==}
path-to-regexp@0.1.10:
resolution: {integrity: sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==}
path-to-regexp@6.2.2:
resolution: {integrity: sha512-GQX3SSMokngb36+whdpRXE+3f9V8UzyAorlYvOGx87ufGHehNTn5lCxrKtLyZ4Yl/wEKnNnr98ZzOwwDZV5ogw==}
@ -11625,6 +11615,10 @@ packages:
resolution: {integrity: sha512-tDNIz22aBzCDxLtVH++VnTfzxlfeK5CbqohpSqpJgj1Wg/cQbStNAz3NuqCs5vV+pjBsK4x4pN9HlVh7rcYRiA==}
engines: {node: '>=0.6'}
qs@6.13.0:
resolution: {integrity: sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==}
engines: {node: '>=0.6'}
query-string@7.1.3:
resolution: {integrity: sha512-hh2WYhq4fi8+b+/2Kg9CEge4fDPvHS534aOOvOZeQ3+Vf2mCFsaFBYj0i+iXcAq6I9Vzp5fjMFBlONvayDC1qg==}
engines: {node: '>=6'}
@ -12088,8 +12082,8 @@ packages:
engines: {node: '>=10'}
hasBin: true
send@0.18.0:
resolution: {integrity: sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==}
send@0.19.0:
resolution: {integrity: sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==}
engines: {node: '>= 0.8.0'}
sentence-case@3.0.4:
@ -12101,8 +12095,8 @@ packages:
serialize-javascript@6.0.2:
resolution: {integrity: sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==}
serve-static@1.15.0:
resolution: {integrity: sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==}
serve-static@1.16.2:
resolution: {integrity: sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==}
engines: {node: '>= 0.8.0'}
set-blocking@2.0.0:
@ -12177,6 +12171,10 @@ packages:
side-channel@1.0.4:
resolution: {integrity: sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==}
side-channel@1.0.6:
resolution: {integrity: sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==}
engines: {node: '>= 0.4'}
siginfo@2.0.0:
resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==}
@ -18930,7 +18928,7 @@ snapshots:
ejs: 3.1.10
esbuild: 0.20.2
esbuild-plugin-alias: 0.2.1
express: 4.19.2
express: 4.21.0
fs-extra: 11.1.1
process: 0.11.10
util: 0.12.5
@ -18953,7 +18951,7 @@ snapshots:
'@types/find-cache-dir': 3.2.1
browser-assert: 1.2.1
es-module-lexer: 1.5.3
express: 4.19.2
express: 4.21.0
find-cache-dir: 3.3.2
fs-extra: 11.1.1
magic-string: 0.30.8
@ -19136,7 +19134,7 @@ snapshots:
compression: 1.7.4
detect-port: 1.5.1
diff: 5.2.0
express: 4.19.2
express: 4.21.0
fs-extra: 11.1.1
globby: 14.0.1
ip: 2.0.1
@ -20930,7 +20928,7 @@ snapshots:
bn.js@5.2.1: {}
body-parser@1.20.2:
body-parser@1.20.3:
dependencies:
bytes: 3.1.2
content-type: 1.0.5
@ -20940,7 +20938,7 @@ snapshots:
http-errors: 2.0.0
iconv-lite: 0.4.24
on-finished: 2.4.1
qs: 6.11.0
qs: 6.13.0
raw-body: 2.5.2
type-is: 1.6.18
unpipe: 1.0.0
@ -21082,11 +21080,6 @@ snapshots:
cachedir@2.3.0: {}
call-bind@1.0.2:
dependencies:
function-bind: 1.1.2
get-intrinsic: 1.2.4
call-bind@1.0.7:
dependencies:
es-define-property: 1.0.0
@ -21843,23 +21836,23 @@ snapshots:
deep-equal@2.2.0:
dependencies:
call-bind: 1.0.2
call-bind: 1.0.7
es-get-iterator: 1.1.3
get-intrinsic: 1.2.1
get-intrinsic: 1.2.4
is-arguments: 1.1.1
is-array-buffer: 3.0.2
is-array-buffer: 3.0.4
is-date-object: 1.0.5
is-regex: 1.1.4
is-shared-array-buffer: 1.0.2
is-shared-array-buffer: 1.0.3
isarray: 2.0.5
object-is: 1.1.5
object-keys: 1.1.1
object.assign: 4.1.4
regexp.prototype.flags: 1.5.0
side-channel: 1.0.4
object.assign: 4.1.5
regexp.prototype.flags: 1.5.2
side-channel: 1.0.6
which-boxed-primitive: 1.0.2
which-collection: 1.0.1
which-typed-array: 1.1.11
which-typed-array: 1.1.15
deep-extend@0.6.0: {}
@ -22133,6 +22126,8 @@ snapshots:
encodeurl@1.0.2: {}
encodeurl@2.0.0: {}
encoding-japanese@2.0.0: {}
encoding@0.1.13:
@ -22728,9 +22723,9 @@ snapshots:
expr-eval@2.0.2: {}
express-async-errors@3.1.1(express@4.19.2):
express-async-errors@3.1.1(express@4.21.0):
dependencies:
express: 4.19.2
express: 4.21.0
express-handlebars@7.1.2:
dependencies:
@ -22738,7 +22733,7 @@ snapshots:
graceful-fs: 4.2.11
handlebars: 4.7.8
express-openapi-validator@5.3.3(express@4.19.2):
express-openapi-validator@5.3.3(express@4.21.0):
dependencies:
'@apidevtools/json-schema-ref-parser': 11.7.0
'@types/multer': 1.4.11
@ -22746,7 +22741,7 @@ snapshots:
ajv-draft-04: 1.0.0(ajv@8.17.1)
ajv-formats: 2.1.1(ajv@8.17.1)
content-type: 1.0.5
express: 4.19.2
express: 4.21.0
json-schema-traverse: 1.0.0
lodash.clonedeep: 4.5.0
lodash.get: 4.4.2
@ -22761,38 +22756,38 @@ snapshots:
prom-client: 13.2.0
url-value-parser: 2.2.0
express-rate-limit@7.2.0(express@4.19.2):
express-rate-limit@7.2.0(express@4.21.0):
dependencies:
express: 4.19.2
express: 4.21.0
express@4.19.2:
express@4.21.0:
dependencies:
accepts: 1.3.8
array-flatten: 1.1.1
body-parser: 1.20.2
body-parser: 1.20.3
content-disposition: 0.5.4
content-type: 1.0.5
cookie: 0.6.0
cookie-signature: 1.0.6
debug: 2.6.9
depd: 2.0.0
encodeurl: 1.0.2
encodeurl: 2.0.0
escape-html: 1.0.3
etag: 1.8.1
finalhandler: 1.2.0
finalhandler: 1.3.1
fresh: 0.5.2
http-errors: 2.0.0
merge-descriptors: 1.0.1
merge-descriptors: 1.0.3
methods: 1.1.2
on-finished: 2.4.1
parseurl: 1.3.3
path-to-regexp: 0.1.7
path-to-regexp: 0.1.10
proxy-addr: 2.0.7
qs: 6.11.0
qs: 6.13.0
range-parser: 1.2.1
safe-buffer: 5.2.1
send: 0.18.0
serve-static: 1.15.0
send: 0.19.0
serve-static: 1.16.2
setprototypeof: 1.2.0
statuses: 2.0.1
type-is: 1.6.18
@ -22935,10 +22930,10 @@ snapshots:
filter-obj@1.1.0: {}
finalhandler@1.2.0:
finalhandler@1.3.1:
dependencies:
debug: 2.6.9
encodeurl: 1.0.2
encodeurl: 2.0.0
escape-html: 1.0.3
on-finished: 2.4.1
parseurl: 1.3.3
@ -23170,13 +23165,6 @@ snapshots:
get-func-name@2.0.2: {}
get-intrinsic@1.2.1:
dependencies:
function-bind: 1.1.2
has: 1.0.3
has-proto: 1.0.1
has-symbols: 1.0.3
get-intrinsic@1.2.4:
dependencies:
es-errors: 1.3.0
@ -23451,8 +23439,6 @@ snapshots:
dependencies:
es-define-property: 1.0.0
has-proto@1.0.1: {}
has-proto@1.0.3: {}
has-symbols@1.0.3: {}
@ -23784,7 +23770,7 @@ snapshots:
is-arguments@1.1.1:
dependencies:
call-bind: 1.0.7
has-tostringtag: 1.0.0
has-tostringtag: 1.0.2
is-array-buffer@3.0.2:
dependencies:
@ -25211,7 +25197,7 @@ snapshots:
mensch@0.3.4: {}
merge-descriptors@1.0.1: {}
merge-descriptors@1.0.3: {}
merge-stream@2.0.0: {}
@ -26055,13 +26041,6 @@ snapshots:
object-keys@1.1.1: {}
object.assign@4.1.4:
dependencies:
call-bind: 1.0.7
define-properties: 1.2.0
has-symbols: 1.0.3
object-keys: 1.1.1
object.assign@4.1.5:
dependencies:
call-bind: 1.0.7
@ -26358,7 +26337,7 @@ snapshots:
lru-cache: 10.2.2
minipass: 7.0.2
path-to-regexp@0.1.7: {}
path-to-regexp@0.1.10: {}
path-to-regexp@6.2.2: {}
@ -26849,6 +26828,10 @@ snapshots:
dependencies:
side-channel: 1.0.4
qs@6.13.0:
dependencies:
side-channel: 1.0.6
query-string@7.1.3:
dependencies:
decode-uri-component: 0.2.2
@ -27431,7 +27414,7 @@ snapshots:
dependencies:
lru-cache: 6.0.0
send@0.18.0:
send@0.19.0:
dependencies:
debug: 2.6.9
depd: 2.0.0
@ -27461,12 +27444,12 @@ snapshots:
dependencies:
randombytes: 2.1.0
serve-static@1.15.0:
serve-static@1.16.2:
dependencies:
encodeurl: 1.0.2
encodeurl: 2.0.0
escape-html: 1.0.3
parseurl: 1.3.3
send: 0.18.0
send: 0.19.0
transitivePeerDependencies:
- supports-color
@ -27556,6 +27539,13 @@ snapshots:
get-intrinsic: 1.2.4
object-inspect: 1.13.1
side-channel@1.0.6:
dependencies:
call-bind: 1.0.7
es-errors: 1.3.0
get-intrinsic: 1.2.4
object-inspect: 1.13.1
siginfo@2.0.0: {}
signal-exit@3.0.7: {}
@ -27818,7 +27808,7 @@ snapshots:
stop-iteration-iterator@1.0.0:
dependencies:
internal-slot: 1.0.5
internal-slot: 1.0.7
stoppable@1.1.0: {}
@ -28031,9 +28021,9 @@ snapshots:
swagger-ui-dist@5.11.0: {}
swagger-ui-express@5.0.0(express@4.19.2):
swagger-ui-express@5.0.0(express@4.21.0):
dependencies:
express: 4.19.2
express: 4.21.0
swagger-ui-dist: 5.11.0
swagger2openapi@7.0.8(encoding@0.1.13):