mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-24 20:24:05 -08:00
fix(core): Upgrade convict to address CVE-2023-0163 (#5729)
fix(core): upgrade convict to address CVE-2023-0163 also, do not allow passing any cli arguments to config.
This commit is contained in:
parent
33d9784319
commit
564bc03d3f
|
@ -70,7 +70,7 @@
|
|||
"@types/body-parser-xml": "^2.0.2",
|
||||
"@types/compression": "1.0.1",
|
||||
"@types/connect-history-api-fallback": "^1.3.1",
|
||||
"@types/convict": "^4.2.1",
|
||||
"@types/convict": "^6.1.1",
|
||||
"@types/cookie-parser": "^1.4.2",
|
||||
"@types/express": "^4.17.6",
|
||||
"@types/json-diff": "^0.5.1",
|
||||
|
@ -134,7 +134,7 @@
|
|||
"client-oauth2": "^4.2.5",
|
||||
"compression": "^1.7.4",
|
||||
"connect-history-api-fallback": "^1.6.0",
|
||||
"convict": "^6.0.1",
|
||||
"convict": "^6.2.4",
|
||||
"cookie-parser": "^1.4.6",
|
||||
"crypto-js": "~4.1.1",
|
||||
"csrf": "^3.1.0",
|
||||
|
|
|
@ -24,7 +24,7 @@ if (inE2ETests) {
|
|||
dotenv.config();
|
||||
}
|
||||
|
||||
const config = convict(schema);
|
||||
const config = convict(schema, { args: [] });
|
||||
|
||||
if (inE2ETests) {
|
||||
config.set('enterprise.features.sharing', true);
|
||||
|
|
|
@ -124,7 +124,7 @@ importers:
|
|||
'@types/body-parser-xml': ^2.0.2
|
||||
'@types/compression': 1.0.1
|
||||
'@types/connect-history-api-fallback': ^1.3.1
|
||||
'@types/convict': ^4.2.1
|
||||
'@types/convict': ^6.1.1
|
||||
'@types/cookie-parser': ^1.4.2
|
||||
'@types/express': ^4.17.6
|
||||
'@types/json-diff': ^0.5.1
|
||||
|
@ -172,7 +172,7 @@ importers:
|
|||
compression: ^1.7.4
|
||||
concurrently: ^5.1.0
|
||||
connect-history-api-fallback: ^1.6.0
|
||||
convict: ^6.0.1
|
||||
convict: ^6.2.4
|
||||
cookie-parser: ^1.4.6
|
||||
crypto-js: ~4.1.1
|
||||
csrf: ^3.1.0
|
||||
|
@ -273,7 +273,7 @@ importers:
|
|||
client-oauth2: 4.3.3
|
||||
compression: 1.7.4
|
||||
connect-history-api-fallback: 1.6.0
|
||||
convict: 6.2.3
|
||||
convict: 6.2.4
|
||||
cookie-parser: 1.4.6
|
||||
crypto-js: 4.1.1
|
||||
csrf: 3.1.0
|
||||
|
@ -354,7 +354,7 @@ importers:
|
|||
'@types/body-parser-xml': 2.0.2
|
||||
'@types/compression': 1.0.1
|
||||
'@types/connect-history-api-fallback': 1.3.5
|
||||
'@types/convict': 4.2.1
|
||||
'@types/convict': 6.1.1
|
||||
'@types/cookie-parser': 1.4.3
|
||||
'@types/express': 4.17.14
|
||||
'@types/json-diff': 0.5.2
|
||||
|
@ -5509,8 +5509,10 @@ packages:
|
|||
dependencies:
|
||||
'@types/node': 16.18.12
|
||||
|
||||
/@types/convict/4.2.1:
|
||||
resolution: {integrity: sha512-2cd51m3i0yeY1i3dKxcqJKeS5Q4jZnjP37OseoNeIX1OM0AhmGPuuYmwJ9OqtsU35YrREQxdb2VeX5sM3cwGMQ==}
|
||||
/@types/convict/6.1.1:
|
||||
resolution: {integrity: sha512-R+JLaTvhsD06p4jyjUDtbd5xMtZTRE3c0iI+lrFWZogSVEjgTWPYwvJPVf+t92E+yrlbXa4X4Eg9ro6gPdUt4w==}
|
||||
dependencies:
|
||||
'@types/node': 16.18.12
|
||||
dev: true
|
||||
|
||||
/@types/cookie-parser/1.4.3:
|
||||
|
@ -9249,8 +9251,8 @@ packages:
|
|||
resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
|
||||
dev: true
|
||||
|
||||
/convict/6.2.3:
|
||||
resolution: {integrity: sha512-mTY04Qr7WrqiXifdeUYXr4/+Te4hPFWDvz6J2FVIKCLc2XBhq63VOSSYAKJ+unhZAYOAjmEdNswTOeHt7s++pQ==}
|
||||
/convict/6.2.4:
|
||||
resolution: {integrity: sha512-qN60BAwdMVdofckX7AlohVJ2x9UvjTNoKVXCL2LxFk1l7757EJqf1nySdMkPQer0bt8kQ5lQiyZ9/2NvrFBuwQ==}
|
||||
engines: {node: '>=6'}
|
||||
dependencies:
|
||||
lodash.clonedeep: 4.5.0
|
||||
|
|
Loading…
Reference in a new issue