mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-02-21 02:56:40 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(core): Switch from lodash.set to lodash to address CVE-2020-8203 (no-changelog) (#12286)

Browse source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2024-12-18 20:05:41 +01:00 committed by GitHub
parent dc7864a86d
commit 7ce4e8d169
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 98 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/@n8n/task-runner/package.json
View file

@ -38,7 +38,7 @@
"@sentry/node": "catalog:",
"acorn": "8.14.0",
"acorn-walk": "8.3.4",
"lodash.set": "4.3.2",
"lodash": "catalog:",
"n8n-core": "workspace:*",
"n8n-workflow": "workspace:*",
"nanoid": "catalog:",
@ -46,7 +46,7 @@
"ws": "^8.18.0"
},
"devDependencies": {
"@types/lodash.set": "4.3.9",
"@types/lodash": "catalog:",
"luxon": "catalog:"
}
}

2
packages/@n8n/task-runner/src/js-task-runner/js-task-runner.ts
View file

@ -1,4 +1,4 @@
import set from 'lodash.set';
import set from 'lodash/set';
import { getAdditionalKeys } from 'n8n-core';
import { WorkflowDataProxy, Workflow, ObservableObject } from 'n8n-workflow';
import type {

124
pnpm-lock.yaml
View file

@ -672,9 +672,9 @@ importers:
acorn-walk:
specifier: 8.3.4
version: 8.3.4
lodash.set:
specifier: 4.3.2
version: 4.3.2
lodash:
specifier: 'catalog:'
version: 4.17.21
n8n-core:
specifier: workspace:*
version: link:../../core
@ -691,9 +691,9 @@ importers:
specifier: '>=8.17.1'
version: 8.17.1
devDependencies:
'@types/lodash.set':
specifier: 4.3.9
version: 4.3.9
'@types/lodash':
specifier: 'catalog:'
version: 4.14.195
luxon:
specifier: 'catalog:'
version: 3.4.4
@ -1120,7 +1120,7 @@ importers:
dependencies:
'@langchain/core':
specifier: 'catalog:'
version: 0.3.19(openai@4.73.1(encoding@0.1.13)(zod@3.23.8))
version: 0.3.19(openai@4.73.1(zod@3.23.8))
'@n8n/client-oauth2':
specifier: workspace:*
version: link:../@n8n/client-oauth2
@ -1972,7 +1972,7 @@ importers:
devDependencies:
'@langchain/core':
specifier: 'catalog:'
version: 0.3.19(openai@4.73.1(encoding@0.1.13)(zod@3.23.8))
version: 0.3.19(openai@4.73.1)
'@types/deep-equal':
specifier: ^1.0.1
version: 1.0.1
@ -5627,9 +5627,6 @@ packages:
'@types/lodash-es@4.17.6':
resolution: {integrity: sha512-R+zTeVUKDdfoRxpAryaQNRKk3105Rrgx2CFRClIgRGaqDTdjsm8h6IYA8ir584W3ePzkZfst5xIgDwYrlh9HLg==}
'@types/lodash.set@4.3.9':
resolution: {integrity: sha512-KOxyNkZpbaggVmqbpr82N2tDVTx05/3/j0f50Es1prxrWB0XYf9p3QNxqcbWb7P1Q9wlvsUSlCFnwlPCIJ46PQ==}
'@types/lodash@4.14.195':
resolution: {integrity: sha512-Hwx9EUgdwf2GLarOjQp5ZH8ZmblzcbTBC2wtQWNKARBSxM9ezRIAUpeDTgoQRAFB0+8CNWXVA9+MaSOzOF3nPg==}
@ -9745,9 +9742,6 @@ packages:
lodash.orderby@4.6.0:
resolution: {integrity: sha512-T0rZxKmghOOf5YPnn8EY5iLYeWCpZq8G41FfqoVHH5QDTAFaghJRmAdLiadEDq+ztgM2q5PjA+Z1fOwGrLgmtg==}
lodash.set@4.3.2:
resolution: {integrity: sha512-4hNPN5jlm/N/HLMCO43v8BXKq9Z7QdAGc/VGrRD61w8gN9g/6jF9A4L1pbUgBLCffi0w9VsXfTOij5x8iTyFvg==}
lodash.throttle@4.1.1:
resolution: {integrity: sha512-wIkUCfVKpVsWo3JSZlc+8MB5it+2AN5W8J7YVMST30UrvcQNZ1Okbj+rbVniijTWE6FGYy4XJq/rHkas8qJMLQ==}
@ -16218,6 +16212,38 @@ snapshots:
transitivePeerDependencies:
- openai
'@langchain/core@0.3.19(openai@4.73.1(zod@3.23.8))':
dependencies:
ansi-styles: 5.2.0
camelcase: 6.3.0
decamelize: 1.2.0
js-tiktoken: 1.0.12
langsmith: 0.2.3(openai@4.73.1(zod@3.23.8))
mustache: 4.2.0
p-queue: 6.6.2
p-retry: 4.6.2
uuid: 10.0.0
zod: 3.23.8
zod-to-json-schema: 3.23.3(zod@3.23.8)
transitivePeerDependencies:
- openai
'@langchain/core@0.3.19(openai@4.73.1)':
dependencies:
ansi-styles: 5.2.0
camelcase: 6.3.0
decamelize: 1.2.0
js-tiktoken: 1.0.12
langsmith: 0.2.3(openai@4.73.1)
mustache: 4.2.0
p-queue: 6.6.2
p-retry: 4.6.2
uuid: 10.0.0
zod: 3.23.8
zod-to-json-schema: 3.23.3(zod@3.23.8)
transitivePeerDependencies:
- openai
'@langchain/google-common@0.1.3(@langchain/core@0.3.19(openai@4.73.1(encoding@0.1.13)(zod@3.23.8)))(zod@3.23.8)':
dependencies:
'@langchain/core': 0.3.19(openai@4.73.1(encoding@0.1.13)(zod@3.23.8))
@ -18341,10 +18367,6 @@ snapshots:
dependencies:
'@types/lodash': 4.14.195
'@types/lodash.set@4.3.9':
dependencies:
'@types/lodash': 4.14.195
'@types/lodash@4.14.195': {}
'@types/long@4.0.2': {}
@ -19450,6 +19472,14 @@ snapshots:
transitivePeerDependencies:
- debug
axios@1.7.7:
dependencies:
follow-redirects: 1.15.6(debug@4.3.6)
form-data: 4.0.0
proxy-from-env: 1.1.0
transitivePeerDependencies:
- debug
axios@1.7.7(debug@4.3.6):
dependencies:
follow-redirects: 1.15.6(debug@4.3.6)
@ -21163,7 +21193,7 @@ snapshots:
eslint-import-resolver-node@0.3.9:
dependencies:
debug: 3.2.7(supports-color@8.1.1)
debug: 3.2.7(supports-color@5.5.0)
is-core-module: 2.13.1
resolve: 1.22.8
transitivePeerDependencies:
@ -21188,7 +21218,7 @@ snapshots:
eslint-module-utils@2.8.0(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.7.2))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.7.2))(eslint-plugin-import@2.29.1)(eslint@8.57.0))(eslint@8.57.0):
dependencies:
debug: 3.2.7(supports-color@8.1.1)
debug: 3.2.7(supports-color@5.5.0)
optionalDependencies:
'@typescript-eslint/parser': 7.2.0(eslint@8.57.0)(typescript@5.7.2)
eslint: 8.57.0
@ -21208,7 +21238,7 @@ snapshots:
array.prototype.findlastindex: 1.2.3
array.prototype.flat: 1.3.2
array.prototype.flatmap: 1.3.2
debug: 3.2.7(supports-color@8.1.1)
debug: 3.2.7(supports-color@5.5.0)
doctrine: 2.1.0
eslint: 8.57.0
eslint-import-resolver-node: 0.3.9
@ -21987,7 +22017,7 @@ snapshots:
array-parallel: 0.1.3
array-series: 0.1.5
cross-spawn: 4.0.2
debug: 3.2.7(supports-color@8.1.1)
debug: 3.2.7(supports-color@5.5.0)
transitivePeerDependencies:
- supports-color
@ -22368,7 +22398,7 @@ snapshots:
infisical-node@1.3.0:
dependencies:
axios: 1.7.7(debug@4.3.6)
axios: 1.7.7
dotenv: 16.3.1
tweetnacl: 1.0.3
tweetnacl-util: 0.15.1
@ -23345,6 +23375,28 @@ snapshots:
optionalDependencies:
openai: 4.73.1(encoding@0.1.13)(zod@3.23.8)
langsmith@0.2.3(openai@4.73.1(zod@3.23.8)):
dependencies:
'@types/uuid': 10.0.0
commander: 10.0.1
p-queue: 6.6.2
p-retry: 4.6.2
semver: 7.6.0
uuid: 10.0.0
optionalDependencies:
openai: 4.73.1(zod@3.23.8)
langsmith@0.2.3(openai@4.73.1):
dependencies:
'@types/uuid': 10.0.0
commander: 10.0.1
p-queue: 6.6.2
p-retry: 4.6.2
semver: 7.6.0
uuid: 10.0.0
optionalDependencies:
openai: 4.73.1(zod@3.23.8)
lazy-ass@1.6.0: {}
ldapts@4.2.6:
@ -23526,8 +23578,6 @@ snapshots:
lodash.orderby@4.6.0: {}
lodash.set@4.3.2: {}
lodash.throttle@4.1.1: {}
lodash@4.17.21: {}
@ -24679,6 +24729,22 @@ snapshots:
- encoding
- supports-color
openai@4.73.1(zod@3.23.8):
dependencies:
'@types/node': 18.16.16
'@types/node-fetch': 2.6.4
abort-controller: 3.0.0
agentkeepalive: 4.2.1
form-data-encoder: 1.7.2
formdata-node: 4.4.1
node-fetch: 2.7.0(encoding@0.1.13)
optionalDependencies:
zod: 3.23.8
transitivePeerDependencies:
- encoding
- supports-color
optional: true
openapi-sampler@1.5.1:
dependencies:
'@types/json-schema': 7.0.15
@ -24859,7 +24925,7 @@ snapshots:
pdf-parse@1.1.1:
dependencies:
debug: 3.2.7(supports-color@8.1.1)
debug: 3.2.7(supports-color@5.5.0)
node-ensure: 0.0.0
transitivePeerDependencies:
- supports-color
@ -25061,7 +25127,7 @@ snapshots:
posthog-node@3.2.1:
dependencies:
axios: 1.7.7(debug@4.3.6)
axios: 1.7.7
rusha: 0.8.14
transitivePeerDependencies:
- debug
@ -25701,7 +25767,7 @@ snapshots:
rhea@1.0.24:
dependencies:
debug: 3.2.7(supports-color@8.1.1)
debug: 3.2.7(supports-color@5.5.0)
transitivePeerDependencies:
- supports-color
@ -26079,7 +26145,7 @@ snapshots:
asn1.js: 5.4.1
asn1.js-rfc2560: 5.0.1(asn1.js@5.4.1)
asn1.js-rfc5280: 3.0.0
axios: 1.7.7(debug@4.3.6)
axios: 1.7.7
big-integer: 1.6.51
bignumber.js: 9.1.2
binascii: 0.0.2