mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2024-12-25 20:54:07 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(Google Sheets Node): Upgrade xlsx to address CVE-2023-30533 (#6172)

Browse source 
[GitHub Advisory](https://github.com/advisories/GHSA-4r6h-8v6p-xvw6)
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2023-05-04 15:10:54 +00:00 committed by GitHub
parent 751e132968
commit 45dc985af7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
package.json
View file

@ -79,6 +79,7 @@
"tslib": "^2.5.0", "tslib": "^2.5.0",
"ts-node": "^10.9.1", "ts-node": "^10.9.1",
"typescript": "^5.0.3", "typescript": "^5.0.3",
"xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz",
"xml2js": "^0.5.0", "xml2js": "^0.5.0",
"cpy@8>globby": "^11.1.0", "cpy@8>globby": "^11.1.0",
"qqjs>globby": "^11.1.0" "qqjs>globby": "^11.1.0"

4
packages/nodes-base/nodes/SpreadsheetFile/test/SpreadsheetFile.test.ts
View file

@ -87,9 +87,9 @@ describe('Execute Spreadsheet File Node', () => {
mimeType: 'text/csv', mimeType: 'text/csv',
fileType: 'text', fileType: 'text',
fileExtension: 'csv', fileExtension: 'csv',
data: '77u/QSxCLEMKMSwyLDMKNCw1LDYK', data: '77u/QSxCLEMKMSwyLDMKNCw1LDY=',
fileName: 'spreadsheet.csv', fileName: 'spreadsheet.csv',
fileSize: '21 B', fileSize: '20 B',
}, },
}, },
}, },

2
packages/nodes-base/package.json
View file

@ -902,7 +902,7 @@
"tmp-promise": "^3.0.2", "tmp-promise": "^3.0.2",
"uuid": "^8.3.2", "uuid": "^8.3.2",
"vm2": "~3.9.17", "vm2": "~3.9.17",
"xlsx": "^0.17.0", "xlsx": "^0.19.3",
"xml2js": "^0.5.0" "xml2js": "^0.5.0"
} }
} }

99
pnpm-lock.yaml
View file

@ -17,6 +17,7 @@ overrides:
tslib: ^2.5.0 tslib: ^2.5.0
ts-node: ^10.9.1 ts-node: ^10.9.1
typescript: ^5.0.3 typescript: ^5.0.3
xlsx: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz
xml2js: ^0.5.0 xml2js: ^0.5.0
cpy@8>globby: ^11.1.0 cpy@8>globby: ^11.1.0
qqjs>globby: ^11.1.0 qqjs>globby: ^11.1.0
@ -1429,8 +1430,8 @@ importers:
specifier: ~3.9.17 specifier: ~3.9.17
version: 3.9.17 version: 3.9.17
xlsx: xlsx:
specifier: ^0.17.0 specifier: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz
version: 0.17.5 version: '@cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz'
xml2js: xml2js:
specifier: ^0.5.0 specifier: ^0.5.0
version: 0.5.0 version: 0.5.0
@ -4912,7 +4913,7 @@ packages:
'@storybook/csf-plugin': 7.0.0-beta.46 '@storybook/csf-plugin': 7.0.0-beta.46
'@storybook/csf-tools': 7.0.0-beta.46 '@storybook/csf-tools': 7.0.0-beta.46
'@storybook/global': 5.0.0 '@storybook/global': 5.0.0
'@storybook/mdx2-csf': 1.0.0-next.8 '@storybook/mdx2-csf': 1.1.0-next.1
'@storybook/node-logger': 7.0.0-beta.46 '@storybook/node-logger': 7.0.0-beta.46
'@storybook/postinstall': 7.0.0-beta.46 '@storybook/postinstall': 7.0.0-beta.46
'@storybook/preview-api': 7.0.0-beta.46 '@storybook/preview-api': 7.0.0-beta.46
@ -5661,8 +5662,8 @@ packages:
resolution: {integrity: sha512-0Tsm47YM3SU9rvPpXxp6/toQ1DDUrIbZt1pXcj72szLZvi7U/fXTMpsBX9gOB1MNVYIYRqS2V+jcO8UjFd4qyQ==} resolution: {integrity: sha512-0Tsm47YM3SU9rvPpXxp6/toQ1DDUrIbZt1pXcj72szLZvi7U/fXTMpsBX9gOB1MNVYIYRqS2V+jcO8UjFd4qyQ==}
dev: true dev: true
/@storybook/mdx2-csf@1.0.0-next.8: /@storybook/mdx2-csf@1.1.0-next.1:
resolution: {integrity: sha512-t2O5s/HHTH5evZVHgVtCWTZgMZ/CaqDu3xVGgjVbKeTvpPAbi0Waab5SSX8T9PG5jNDei/x+jpAVCcNMOHoWzg==} resolution: {integrity: sha512-ONvFBZySHsBIkUYGrUM8FCG2tDKf663TIErztPSOghOpmBGyFLjSsXJHkNWiRi4c740PoemLqJd2XZZVlXRVLQ==}
dev: true dev: true
/@storybook/node-logger@6.5.15: /@storybook/node-logger@6.5.15:
@ -7813,20 +7814,6 @@ packages:
engines: {node: '>= 10.0.0'} engines: {node: '>= 10.0.0'}
dev: true dev: true
/adler-32@1.2.0:
resolution: {integrity: sha512-/vUqU/UY4MVeFsg+SsK6c+/05RZXIHZMGJA+PX5JyWI0ZRcBpupnRuPLU/NXXoFwMYCPCoxIfElM2eS+DUXCqQ==}
engines: {node: '>=0.8'}
hasBin: true
dependencies:
exit-on-epipe: 1.0.1
printj: 1.1.2
dev: false
/adler-32@1.3.1:
resolution: {integrity: sha512-ynZ4w/nUUv5rrsR8UUGoe1VC9hZj6V5hU9Qw1HlMDJGEJw5S7TfTErWTjMys6M7vr0YWcPqs3qAr4ss0nDfP+A==}
engines: {node: '>=0.8'}
dev: false
/agent-base@5.1.1: /agent-base@5.1.1:
resolution: {integrity: sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g==} resolution: {integrity: sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g==}
engines: {node: '>= 6.0.0'} engines: {node: '>= 6.0.0'}
@ -9090,14 +9077,6 @@ packages:
/caseless@0.12.0: /caseless@0.12.0:
resolution: {integrity: sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==} resolution: {integrity: sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==}
/cfb@1.2.2:
resolution: {integrity: sha512-KfdUZsSOw19/ObEWasvBP/Ac4reZvAGauZhs6S/gqNhXhI7cKwvlH7ulj+dOEYnca4bm4SGo8C1bTAQvnTjgQA==}
engines: {node: '>=0.8'}
dependencies:
adler-32: 1.3.1
crc-32: 1.2.2
dev: false
/chai@4.3.7: /chai@4.3.7:
resolution: {integrity: sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==} resolution: {integrity: sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==}
engines: {node: '>=4'} engines: {node: '>=4'}
@ -9520,11 +9499,6 @@ packages:
- '@lezer/common' - '@lezer/common'
dev: false dev: false
/codepage@1.15.0:
resolution: {integrity: sha512-3g6NUTPd/YtuuGrhMnOMRjFc+LJw/bnMp3+0r/Wcz3IXUuCosKRJvMphm5+Q+bvTVGcJJuRvVLuYba+WojaFaA==}
engines: {node: '>=0.8'}
dev: false
/collect-v8-coverage@1.0.1: /collect-v8-coverage@1.0.1:
resolution: {integrity: sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg==} resolution: {integrity: sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg==}
dev: true dev: true
@ -10051,12 +10025,6 @@ packages:
dev: false dev: false
optional: true optional: true
/crc-32@1.2.2:
resolution: {integrity: sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==}
engines: {node: '>=0.8'}
hasBin: true
dev: false
/crelt@1.0.5: /crelt@1.0.5:
resolution: {integrity: sha512-+BO9wPPi+DWTDcNYhr/W90myha8ptzftZT+LwcmUbbok0rcP/fequmFYCw8NMoH7pkAZQzU78b3kYrlua5a9eA==} resolution: {integrity: sha512-+BO9wPPi+DWTDcNYhr/W90myha8ptzftZT+LwcmUbbok0rcP/fequmFYCw8NMoH7pkAZQzU78b3kYrlua5a9eA==}
dev: false dev: false
@ -11715,11 +11683,6 @@ packages:
pify: 2.3.0 pify: 2.3.0
dev: true dev: true
/exit-on-epipe@1.0.1:
resolution: {integrity: sha512-h2z5mrROTxce56S+pnvAV890uu7ls7f1kEvVGJbw1OlFH3/mlJ5bkXu0KRyW94v37zzHPiUd55iLn3DA7TjWpw==}
engines: {node: '>=0.8'}
dev: false
/exit@0.1.2: /exit@0.1.2:
resolution: {integrity: sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==} resolution: {integrity: sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==}
engines: {node: '>= 0.8.0'} engines: {node: '>= 0.8.0'}
@ -12365,11 +12328,6 @@ packages:
resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==} resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==}
engines: {node: '>= 0.6'} engines: {node: '>= 0.6'}
/frac@1.1.2:
resolution: {integrity: sha512-w/XBfkibaTl3YDqASwfDUqkna4Z2p9cFSr1aHDt0WoMTECnRfBOv2WArlZILlqgWlmdIlALXGpM2AOhEk5W3IA==}
engines: {node: '>=0.8'}
dev: false
/fraction.js@4.2.0: /fraction.js@4.2.0:
resolution: {integrity: sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA==} resolution: {integrity: sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA==}
dev: true dev: true
@ -17800,12 +17758,6 @@ packages:
js-beautify: 1.14.7 js-beautify: 1.14.7
dev: true dev: true
/printj@1.1.2:
resolution: {integrity: sha512-zA2SmoLaxZyArQTOPj5LXecR+RagfPSU5Kw1qP+jkWeNlrq+eJZyY2oS68SU1Z/7/myXM4lo9716laOFAVStCQ==}
engines: {node: '>=0.8'}
hasBin: true
dev: false
/process-nextick-args@2.0.1: /process-nextick-args@2.0.1:
resolution: {integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==} resolution: {integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==}
@ -19608,13 +19560,6 @@ packages:
resolution: {integrity: sha512-I539Tc0gyDTQ2QCSg4v78Flxo/UbqR9x7JoyPcqaPtwo+qzeOw/fF+aPSbk0xTvBQAAAZk7Dlkc8K1bum5GUnw==} resolution: {integrity: sha512-I539Tc0gyDTQ2QCSg4v78Flxo/UbqR9x7JoyPcqaPtwo+qzeOw/fF+aPSbk0xTvBQAAAZk7Dlkc8K1bum5GUnw==}
dev: false dev: false
/ssf@0.11.2:
resolution: {integrity: sha512-+idbmIXoYET47hH+d7dfm2epdOMUDjqcB4648sTZ+t2JwoyBFL/insLfB/racrDmsKB3diwsDA696pZMieAC5g==}
engines: {node: '>=0.8'}
dependencies:
frac: 1.1.2
dev: false
/ssh2-sftp-client@7.2.3: /ssh2-sftp-client@7.2.3:
resolution: {integrity: sha512-Bmq4Uewu3e0XOwu5bnPbiS5KRQYv+dff5H6+85V4GZrPrt0Fkt1nUH+uXanyAkoNxUpzjnAPEEoLdOaBO9c3xw==} resolution: {integrity: sha512-Bmq4Uewu3e0XOwu5bnPbiS5KRQYv+dff5H6+85V4GZrPrt0Fkt1nUH+uXanyAkoNxUpzjnAPEEoLdOaBO9c3xw==}
engines: {node: '>=10.24.1'} engines: {node: '>=10.24.1'}
@ -22163,20 +22108,10 @@ packages:
babel-walk: 3.0.0-canary-5 babel-walk: 3.0.0-canary-5
dev: true dev: true
/wmf@1.0.2:
resolution: {integrity: sha512-/p9K7bEh0Dj6WbXg4JG0xvLQmIadrner1bi45VMJTfnbVHsc7yIajZyoSoK60/dtVBs12Fm6WkUI5/3WAVsNMw==}
engines: {node: '>=0.8'}
dev: false
/word-wrap@1.2.3: /word-wrap@1.2.3:
resolution: {integrity: sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==} resolution: {integrity: sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==}
engines: {node: '>=0.10.0'} engines: {node: '>=0.10.0'}
/word@0.3.0:
resolution: {integrity: sha512-OELeY0Q61OXpdUfTp+oweA/vtLVg5VDOXh+3he3PNzLGG/y0oylSOC1xRVj0+l4vQ3tj/bB1HVHv1ocXkQceFA==}
engines: {node: '>=0.8'}
dev: false
/wordwrap@1.0.0: /wordwrap@1.0.0:
resolution: {integrity: sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==} resolution: {integrity: sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==}
@ -22292,20 +22227,6 @@ packages:
utf-8-validate: utf-8-validate:
optional: true optional: true
/xlsx@0.17.5:
resolution: {integrity: sha512-lXNU0TuYsvElzvtI6O7WIVb9Zar1XYw7Xb3VAx2wn8N/n0whBYrCnHMxtFyIiUU1Wjf09WzmLALDfBO5PqTb1g==}
engines: {node: '>=0.8'}
hasBin: true
dependencies:
adler-32: 1.2.0
cfb: 1.2.2
codepage: 1.15.0
crc-32: 1.2.2
ssf: 0.11.2
wmf: 1.0.2
word: 0.3.0
dev: false
/xml-crypto@3.0.1: /xml-crypto@3.0.1:
resolution: {integrity: sha512-7XrwB3ujd95KCO6+u9fidb8ajvRJvIfGNWD0XLJoTWlBKz+tFpUzEYxsN+Il/6/gHtEs1RgRh2RH+TzhcWBZUw==} resolution: {integrity: sha512-7XrwB3ujd95KCO6+u9fidb8ajvRJvIfGNWD0XLJoTWlBKz+tFpUzEYxsN+Il/6/gHtEs1RgRh2RH+TzhcWBZUw==}
engines: {node: '>=0.4.0'} engines: {node: '>=0.4.0'}
@ -22572,3 +22493,11 @@ packages:
optionalDependencies: optionalDependencies:
commander: 2.20.3 commander: 2.20.3
dev: true dev: true
'@cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz':
resolution: {tarball: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz}
name: xlsx
version: 0.19.3
engines: {node: '>=0.8'}
hasBin: true
dev: false