From 469ce32957ac5e4d342db17a2f680ca65c21d44f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?=
 <netroy@users.noreply.github.com>
Date: Tue, 21 Mar 2023 09:50:29 +0100
Subject: [PATCH] fix(core): Upgrade `luxon` to address CVE-2023-22467 (#5731)

[GitHub Advisory](https://github.com/advisories/GHSA-3xq5-wjfh-ppjc)
---
 packages/cli/package.json        |  2 +-
 packages/editor-ui/package.json  |  4 ++--
 packages/nodes-base/package.json |  2 +-
 packages/workflow/package.json   |  4 ++--
 pnpm-lock.yaml                   | 34 ++++++++++++++++----------------
 5 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index f8557095d0..f4523f6f2e 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -169,7 +169,7 @@
     "lodash.uniq": "^4.5.0",
     "lodash.uniqby": "^4.7.0",
     "lodash.unset": "^4.5.2",
-    "luxon": "^3.1.0",
+    "luxon": "^3.3.0",
     "mysql2": "~2.3.3",
     "n8n-core": "workspace:*",
     "n8n-editor-ui": "workspace:*",
diff --git a/packages/editor-ui/package.json b/packages/editor-ui/package.json
index 6823adcc84..88a66e96ea 100644
--- a/packages/editor-ui/package.json
+++ b/packages/editor-ui/package.json
@@ -55,7 +55,7 @@
     "jquery": "^3.4.1",
     "jsonpath": "^1.1.1",
     "lodash-es": "^4.17.21",
-    "luxon": "^3.1.0",
+    "luxon": "^3.3.0",
     "monaco-editor": "^0.33.0",
     "n8n-design-system": "workspace:*",
     "n8n-workflow": "workspace:*",
@@ -97,7 +97,7 @@
     "@types/lodash.camelcase": "^4.3.6",
     "@types/lodash.get": "^4.4.6",
     "@types/lodash.set": "^4.3.6",
-    "@types/luxon": "^2.0.9",
+    "@types/luxon": "^3.2.0",
     "@types/uuid": "^8.3.2",
     "@vitest/coverage-c8": "^0.28.5",
     "@vitejs/plugin-legacy": "^3.0.1",
diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json
index 4bd403b9eb..62b1c59c7b 100644
--- a/packages/nodes-base/package.json
+++ b/packages/nodes-base/package.json
@@ -868,7 +868,7 @@
     "lodash.upperfirst": "^4",
     "lodash.zip": "^4",
     "lossless-json": "^1.0.4",
-    "luxon": "^3.1.0",
+    "luxon": "^3.3.0",
     "mailparser": "^3.2.0",
     "moment": "~2.29.2",
     "moment-timezone": "^0.5.28",
diff --git a/packages/workflow/package.json b/packages/workflow/package.json
index ae585d7d98..17955bf838 100644
--- a/packages/workflow/package.json
+++ b/packages/workflow/package.json
@@ -47,7 +47,7 @@
     "@types/lodash.isequal": "^4.5.6",
     "@types/lodash.merge": "^4.6.6",
     "@types/lodash.set": "^4.3.6",
-    "@types/luxon": "^2.0.9",
+    "@types/luxon": "^3.2.0",
     "@types/xml2js": "^0.4.3"
   },
   "dependencies": {
@@ -62,7 +62,7 @@
     "lodash.isequal": "^4.5.0",
     "lodash.merge": "^4.6.2",
     "lodash.set": "^4.3.2",
-    "luxon": "^3.1.0",
+    "luxon": "^3.3.0",
     "recast": "^0.21.5",
     "title-case": "^3.0.3",
     "transliteration": "^2.3.5",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 52b7a0f2dc..e4d46590b1 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -208,7 +208,7 @@ importers:
       lodash.uniq: ^4.5.0
       lodash.uniqby: ^4.7.0
       lodash.unset: ^4.5.2
-      luxon: ^3.1.0
+      luxon: ^3.3.0
       mock-jwks: ^1.0.9
       mysql2: ~2.3.3
       n8n-core: workspace:*
@@ -308,7 +308,7 @@ importers:
       lodash.uniq: 4.5.0
       lodash.uniqby: 4.7.0
       lodash.unset: 4.5.2
-      luxon: 3.1.1
+      luxon: 3.3.0
       mysql2: 2.3.3
       n8n-core: link:../core
       n8n-editor-ui: link:../editor-ui
@@ -588,7 +588,7 @@ importers:
       '@types/lodash.camelcase': ^4.3.6
       '@types/lodash.get': ^4.4.6
       '@types/lodash.set': ^4.3.6
-      '@types/luxon': ^2.0.9
+      '@types/luxon': ^3.2.0
       '@types/uuid': ^8.3.2
       '@vitejs/plugin-legacy': ^3.0.1
       '@vitejs/plugin-vue2': ^2.2.0
@@ -607,7 +607,7 @@ importers:
       jshint: ^2.9.7
       jsonpath: ^1.1.1
       lodash-es: ^4.17.21
-      luxon: ^3.1.0
+      luxon: ^3.3.0
       miragejs: ^0.1.47
       monaco-editor: ^0.33.0
       n8n-design-system: workspace:*
@@ -671,7 +671,7 @@ importers:
       jquery: 3.6.1
       jsonpath: 1.1.1
       lodash-es: 4.17.21
-      luxon: 3.1.1
+      luxon: 3.3.0
       monaco-editor: 0.33.0
       n8n-design-system: link:../design-system
       n8n-workflow: link:../workflow
@@ -712,7 +712,7 @@ importers:
       '@types/lodash.camelcase': 4.3.7
       '@types/lodash.get': 4.4.7
       '@types/lodash.set': 4.3.7
-      '@types/luxon': 2.4.0
+      '@types/luxon': 3.2.0
       '@types/uuid': 8.3.4
       '@vitejs/plugin-legacy': 3.0.1_terser@5.16.1+vite@4.0.4
       '@vitejs/plugin-vue2': 2.2.0_vite@4.0.4+vue@2.7.14
@@ -902,7 +902,7 @@ importers:
       lodash.upperfirst: ^4
       lodash.zip: ^4
       lossless-json: ^1.0.4
-      luxon: ^3.1.0
+      luxon: ^3.3.0
       mailparser: ^3.2.0
       moment: ~2.29.2
       moment-timezone: ^0.5.28
@@ -998,7 +998,7 @@ importers:
       lodash.upperfirst: 4.3.1
       lodash.zip: 4.2.0
       lossless-json: 1.0.5
-      luxon: 3.1.1
+      luxon: 3.3.0
       mailparser: 3.5.0
       moment: 2.29.4
       moment-timezone: 0.5.37
@@ -1113,7 +1113,7 @@ importers:
       '@types/lodash.isequal': ^4.5.6
       '@types/lodash.merge': ^4.6.6
       '@types/lodash.set': ^4.3.6
-      '@types/luxon': ^2.0.9
+      '@types/luxon': ^3.2.0
       '@types/xml2js': ^0.4.3
       ast-types: 0.15.2
       crypto-js: ^4.1.1
@@ -1125,7 +1125,7 @@ importers:
       lodash.isequal: ^4.5.0
       lodash.merge: ^4.6.2
       lodash.set: ^4.3.2
-      luxon: ^3.1.0
+      luxon: ^3.3.0
       recast: ^0.21.5
       title-case: ^3.0.3
       transliteration: ^2.3.5
@@ -1142,7 +1142,7 @@ importers:
       lodash.isequal: 4.5.0
       lodash.merge: 4.6.2
       lodash.set: 4.3.2
-      luxon: 3.1.1
+      luxon: 3.3.0
       recast: 0.21.5
       title-case: 3.0.3
       transliteration: 2.3.5
@@ -1156,7 +1156,7 @@ importers:
       '@types/lodash.isequal': 4.5.6
       '@types/lodash.merge': 4.6.7
       '@types/lodash.set': 4.3.7
-      '@types/luxon': 2.4.0
+      '@types/luxon': 3.2.0
       '@types/xml2js': 0.4.11
 
 packages:
@@ -6047,8 +6047,8 @@ packages:
     resolution: {integrity: sha512-zPE8kmpeL5/6L5gtTQHSOkAW/OSYYNTDRt6/2oEgLO1Zd3Rj5WVDoMloTtLJxQJhZGLGbL4pktKSh3NbzdaWdw==}
     dev: true
 
-  /@types/luxon/2.4.0:
-    resolution: {integrity: sha512-oCavjEjRXuR6URJEtQm0eBdfsBiEcGBZbq21of8iGkeKxU1+1xgKuFPClaBZl2KB8ZZBSWlgk61tH6Mf+nvZVw==}
+  /@types/luxon/3.2.0:
+    resolution: {integrity: sha512-lGmaGFoaXHuOLXFvuju2bfvZRqxAqkHPx9Y9IQdQABrinJJshJwfNCKV+u7rR3kJbiqfTF/NhOkcxxAFrObyaA==}
     dev: true
 
   /@types/mailparser/2.7.4:
@@ -9381,7 +9381,7 @@ packages:
     resolution: {integrity: sha512-BdAELR+MCT2ZWsIBhZKDuUqIUCBjHHulPJnm53OfdRLA4EWBjva3R+KM5NeidJuGsNXdEcZkjC7SCnkW5rAFSA==}
     engines: {node: '>=12.0.0'}
     dependencies:
-      luxon: 3.1.1
+      luxon: 3.3.0
     dev: false
 
   /cron/1.7.2:
@@ -14983,8 +14983,8 @@ packages:
     resolution: {integrity: sha512-Pn9cox5CsMYngeDbmChANltQl+5pi6XmTrraMSzhPmMBbmgcxmqWry0U3PGapCU1yB4/LqCcom7qhHZiF/jGfQ==}
     dev: false
 
-  /luxon/3.1.1:
-    resolution: {integrity: sha512-Ah6DloGmvseB/pX1cAmjbFvyU/pKuwQMQqz7d0yvuDlVYLTs2WeDHQMpC8tGjm1da+BriHROW/OEIT/KfYg6xw==}
+  /luxon/3.3.0:
+    resolution: {integrity: sha512-An0UCfG/rSiqtAIiBPO0Y9/zAnHUZxAMiCpTd5h2smgsj7GGmcenvrvww2cqNA8/4A5ZrD1gJpHN2mIHZQF+Mg==}
     engines: {node: '>=12'}
     dev: false