mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-25 04:34:06 -08:00
fix: Upgrade jsonwebtoken
to address CVE-2022-23540 (#5116)
This commit is contained in:
parent
0a5ab560b1
commit
97969fc815
|
@ -67,6 +67,7 @@
|
|||
"browserslist": "^4.21.4",
|
||||
"ejs": "^3.1.8",
|
||||
"fork-ts-checker-webpack-plugin": "^6.0.4",
|
||||
"jsonwebtoken": "9.0.0",
|
||||
"cpy@8>globby": "^11.1.0",
|
||||
"qqjs>globby": "^11.1.0"
|
||||
}
|
||||
|
|
|
@ -72,7 +72,7 @@
|
|||
"@types/cookie-parser": "^1.4.2",
|
||||
"@types/express": "^4.17.6",
|
||||
"@types/json-diff": "^0.5.1",
|
||||
"@types/jsonwebtoken": "^8.5.2",
|
||||
"@types/jsonwebtoken": "^9.0.0",
|
||||
"@types/localtunnel": "^1.9.0",
|
||||
"@types/lodash.get": "^4.4.6",
|
||||
"@types/lodash.intersection": "^4.4.7",
|
||||
|
@ -144,7 +144,7 @@
|
|||
"ioredis": "^5.2.4",
|
||||
"json-diff": "^0.5.4",
|
||||
"jsonschema": "^1.4.1",
|
||||
"jsonwebtoken": "^8.5.1",
|
||||
"jsonwebtoken": "^9.0.0",
|
||||
"jwks-rsa": "~1.12.1",
|
||||
"localtunnel": "^2.0.0",
|
||||
"lodash.get": "^4.4.2",
|
||||
|
|
|
@ -27,6 +27,7 @@ export function issueJWT(user: User): JwtToken {
|
|||
|
||||
const signedToken = jwt.sign(payload, config.getEnv('userManagement.jwtSecret'), {
|
||||
expiresIn: expiresIn / 1000 /* in seconds */,
|
||||
algorithm: 'HS256',
|
||||
});
|
||||
|
||||
return {
|
||||
|
@ -57,7 +58,9 @@ export async function resolveJwtContent(jwtPayload: JwtPayload): Promise<User> {
|
|||
}
|
||||
|
||||
export async function resolveJwt(token: string): Promise<User> {
|
||||
const jwtPayload = jwt.verify(token, config.getEnv('userManagement.jwtSecret')) as JwtPayload;
|
||||
const jwtPayload = jwt.verify(token, config.getEnv('userManagement.jwtSecret'), {
|
||||
algorithms: ['HS256'],
|
||||
}) as JwtPayload;
|
||||
return resolveJwtContent(jwtPayload);
|
||||
}
|
||||
|
||||
|
|
|
@ -735,7 +735,7 @@
|
|||
"@types/formidable": "^1.0.31",
|
||||
"@types/gm": "^1.18.2",
|
||||
"@types/imap-simple": "^4.2.0",
|
||||
"@types/jsonwebtoken": "^8.5.2",
|
||||
"@types/jsonwebtoken": "^9.0.0",
|
||||
"@types/lodash.set": "^4.3.6",
|
||||
"@types/lossless-json": "^1.0.0",
|
||||
"@types/mailparser": "^2.7.3",
|
||||
|
@ -780,7 +780,7 @@
|
|||
"isbot": "^3.3.4",
|
||||
"iso-639-1": "^2.1.3",
|
||||
"js-nacl": "^1.4.0",
|
||||
"jsonwebtoken": "^8.5.1",
|
||||
"jsonwebtoken": "^9.0.0",
|
||||
"kafkajs": "^1.14.0",
|
||||
"lodash.get": "^4.4.2",
|
||||
"lodash.set": "^4.3.2",
|
||||
|
|
|
@ -8,6 +8,7 @@ overrides:
|
|||
browserslist: ^4.21.4
|
||||
ejs: ^3.1.8
|
||||
fork-ts-checker-webpack-plugin: ^6.0.4
|
||||
jsonwebtoken: 9.0.0
|
||||
cpy@8>globby: ^11.1.0
|
||||
qqjs>globby: ^11.1.0
|
||||
|
||||
|
@ -110,7 +111,7 @@ importers:
|
|||
'@types/cookie-parser': ^1.4.2
|
||||
'@types/express': ^4.17.6
|
||||
'@types/json-diff': ^0.5.1
|
||||
'@types/jsonwebtoken': ^8.5.2
|
||||
'@types/jsonwebtoken': ^9.0.0
|
||||
'@types/localtunnel': ^1.9.0
|
||||
'@types/lodash.get': ^4.4.6
|
||||
'@types/lodash.intersection': ^4.4.7
|
||||
|
@ -167,7 +168,7 @@ importers:
|
|||
ioredis: ^5.2.4
|
||||
json-diff: ^0.5.4
|
||||
jsonschema: ^1.4.1
|
||||
jsonwebtoken: ^8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
jwks-rsa: ~1.12.1
|
||||
localtunnel: ^2.0.0
|
||||
lodash.get: ^4.4.2
|
||||
|
@ -259,7 +260,7 @@ importers:
|
|||
ioredis: 5.2.4
|
||||
json-diff: 0.5.5
|
||||
jsonschema: 1.4.1
|
||||
jsonwebtoken: 8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
jwks-rsa: 1.12.3
|
||||
localtunnel: 2.0.2
|
||||
lodash.get: 4.4.2
|
||||
|
@ -321,7 +322,7 @@ importers:
|
|||
'@types/cookie-parser': 1.4.3
|
||||
'@types/express': 4.17.14
|
||||
'@types/json-diff': 0.5.2
|
||||
'@types/jsonwebtoken': 8.5.9
|
||||
'@types/jsonwebtoken': 9.0.0
|
||||
'@types/localtunnel': 1.9.0
|
||||
'@types/lodash.get': 4.4.7
|
||||
'@types/lodash.intersection': 4.4.7
|
||||
|
@ -713,7 +714,7 @@ importers:
|
|||
'@types/gm': ^1.18.2
|
||||
'@types/imap-simple': ^4.2.0
|
||||
'@types/js-nacl': ^1.3.0
|
||||
'@types/jsonwebtoken': ^8.5.2
|
||||
'@types/jsonwebtoken': ^9.0.0
|
||||
'@types/lodash.set': ^4.3.6
|
||||
'@types/lossless-json': ^1.0.0
|
||||
'@types/mailparser': ^2.7.3
|
||||
|
@ -753,7 +754,7 @@ importers:
|
|||
isbot: ^3.3.4
|
||||
iso-639-1: ^2.1.3
|
||||
js-nacl: ^1.4.0
|
||||
jsonwebtoken: ^8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
kafkajs: ^1.14.0
|
||||
lodash.get: ^4.4.2
|
||||
lodash.set: ^4.3.2
|
||||
|
@ -813,7 +814,7 @@ importers:
|
|||
isbot: 3.6.1
|
||||
iso-639-1: 2.1.15
|
||||
js-nacl: 1.4.0
|
||||
jsonwebtoken: 8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
kafkajs: 1.16.0
|
||||
lodash.get: 4.4.2
|
||||
lodash.set: 4.3.2
|
||||
|
@ -860,7 +861,7 @@ importers:
|
|||
'@types/formidable': 1.2.5
|
||||
'@types/gm': 1.18.12
|
||||
'@types/imap-simple': 4.2.5
|
||||
'@types/jsonwebtoken': 8.5.9
|
||||
'@types/jsonwebtoken': 9.0.0
|
||||
'@types/lodash.set': 4.3.7
|
||||
'@types/lossless-json': 1.0.1
|
||||
'@types/mailparser': 2.7.4
|
||||
|
@ -1193,7 +1194,7 @@ packages:
|
|||
engines: {node: 10 || 12 || 14 || 16 || 18}
|
||||
dependencies:
|
||||
'@azure/msal-common': 7.6.0
|
||||
jsonwebtoken: 8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
uuid: 8.3.2
|
||||
dev: false
|
||||
|
||||
|
@ -5856,8 +5857,8 @@ packages:
|
|||
resolution: {integrity: sha512-v7qlPA0VpKUlEdhghbDqRoKMxFB3h3Ch688TApBJ6v+XLDdvWCGLJIYiPKGZnS6MAOie+IorCfNYVHOPIHSWwQ==}
|
||||
dev: true
|
||||
|
||||
/@types/jsonwebtoken/8.5.9:
|
||||
resolution: {integrity: sha512-272FMnFGzAVMGtu9tkr29hRL6bZj4Zs1KZNeHLnKqAvp06tAIcarTMwOh8/8bz4FmKRcMxZhZNeUAQsNLoiPhg==}
|
||||
/@types/jsonwebtoken/9.0.0:
|
||||
resolution: {integrity: sha512-mM4TkDpA9oixqg1Fv2vVpOFyIVLJjm5x4k0V+K/rEsizfjD7Tk7LKk3GTtbB7KCfP0FEHQtsZqFxYA0+sijNVg==}
|
||||
dependencies:
|
||||
'@types/node': 16.11.65
|
||||
dev: true
|
||||
|
@ -6093,7 +6094,7 @@ packages:
|
|||
resolution: {integrity: sha512-qRQ4qlww1Yhs3IaioDKrsDNmKy6gLDLgFsGwpCnc2YqWovO2Oxu9yCQdWHMJafQ7UIuOba4C4/TNXcGkQfEjlQ==}
|
||||
dependencies:
|
||||
'@types/express': 4.17.14
|
||||
'@types/jsonwebtoken': 8.5.9
|
||||
'@types/jsonwebtoken': 9.0.0
|
||||
'@types/passport-strategy': 0.2.35
|
||||
dev: true
|
||||
|
||||
|
@ -14770,20 +14771,14 @@ packages:
|
|||
resolution: {integrity: sha512-S6cATIPVv1z0IlxdN+zUk5EPjkGCdnhN4wVSBlvoUO1tOLJootbo9CquNJmbIh4yikWHiUedhRYrNPn1arpEmQ==}
|
||||
dev: false
|
||||
|
||||
/jsonwebtoken/8.5.1:
|
||||
resolution: {integrity: sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==}
|
||||
engines: {node: '>=4', npm: '>=1.4.28'}
|
||||
/jsonwebtoken/9.0.0:
|
||||
resolution: {integrity: sha512-tuGfYXxkQGDPnLJ7SibiQgVgeDgfbPq2k2ICcbgqW8WxWLBAxKQM/ZCu/IT8SOSwmaYl4dpTFCW5xZv7YbbWUw==}
|
||||
engines: {node: '>=12', npm: '>=6'}
|
||||
dependencies:
|
||||
jws: 3.2.2
|
||||
lodash.includes: 4.3.0
|
||||
lodash.isboolean: 3.0.3
|
||||
lodash.isinteger: 4.0.4
|
||||
lodash.isnumber: 3.0.3
|
||||
lodash.isplainobject: 4.0.6
|
||||
lodash.isstring: 4.0.1
|
||||
lodash.once: 4.1.1
|
||||
lodash: 4.17.21
|
||||
ms: 2.1.3
|
||||
semver: 5.7.1
|
||||
semver: 7.3.8
|
||||
dev: false
|
||||
|
||||
/jsplumb/2.15.4:
|
||||
|
@ -14850,7 +14845,7 @@ packages:
|
|||
debug: 4.3.4
|
||||
http-proxy-agent: 4.0.1
|
||||
https-proxy-agent: 5.0.1
|
||||
jsonwebtoken: 8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
limiter: 1.1.5
|
||||
lru-memoizer: 2.1.4
|
||||
ms: 2.1.3
|
||||
|
@ -15211,10 +15206,6 @@ packages:
|
|||
/lodash.get/4.4.2:
|
||||
resolution: {integrity: sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==}
|
||||
|
||||
/lodash.includes/4.3.0:
|
||||
resolution: {integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==}
|
||||
dev: false
|
||||
|
||||
/lodash.intersection/4.4.0:
|
||||
resolution: {integrity: sha512-N+L0cCfnqMv6mxXtSPeKt+IavbOBBSiAEkKyLasZ8BVcP9YXQgxLO12oPR8OyURwKV8l5vJKiE1M8aS70heuMg==}
|
||||
dev: false
|
||||
|
@ -15223,25 +15214,9 @@ packages:
|
|||
resolution: {integrity: sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==}
|
||||
dev: false
|
||||
|
||||
/lodash.isboolean/3.0.3:
|
||||
resolution: {integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==}
|
||||
dev: false
|
||||
|
||||
/lodash.isequal/4.5.0:
|
||||
resolution: {integrity: sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==}
|
||||
|
||||
/lodash.isinteger/4.0.4:
|
||||
resolution: {integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==}
|
||||
dev: false
|
||||
|
||||
/lodash.isnumber/3.0.3:
|
||||
resolution: {integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==}
|
||||
dev: false
|
||||
|
||||
/lodash.isplainobject/4.0.6:
|
||||
resolution: {integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==}
|
||||
dev: false
|
||||
|
||||
/lodash.isstring/4.0.1:
|
||||
resolution: {integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==}
|
||||
dev: false
|
||||
|
@ -15263,6 +15238,7 @@ packages:
|
|||
|
||||
/lodash.once/4.1.1:
|
||||
resolution: {integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==}
|
||||
dev: true
|
||||
|
||||
/lodash.orderby/4.6.0:
|
||||
resolution: {integrity: sha512-T0rZxKmghOOf5YPnn8EY5iLYeWCpZq8G41FfqoVHH5QDTAFaghJRmAdLiadEDq+ztgM2q5PjA+Z1fOwGrLgmtg==}
|
||||
|
@ -17037,7 +17013,7 @@ packages:
|
|||
/passport-jwt/4.0.0:
|
||||
resolution: {integrity: sha512-BwC0n2GP/1hMVjR4QpnvqA61TxenUMlmfNjYNgK0ZAs0HK4SOQkHcSv4L328blNTLtHq7DbmvyNJiH+bn6C5Mg==}
|
||||
dependencies:
|
||||
jsonwebtoken: 8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
passport-strategy: 1.0.0
|
||||
dev: false
|
||||
|
||||
|
@ -19404,7 +19380,7 @@ packages:
|
|||
extend: 3.0.2
|
||||
generic-pool: 3.9.0
|
||||
glob: 7.2.3
|
||||
jsonwebtoken: 8.5.1
|
||||
jsonwebtoken: 9.0.0
|
||||
mime-types: 2.1.35
|
||||
mkdirp: 1.0.4
|
||||
mock-require: 3.0.3
|
||||
|
|
Loading…
Reference in a new issue