mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2024-12-26 05:04:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(editor): Upgrade sanitize-html to address CVE-2024-21501 (#8816)

Browse source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2024-03-05 17:20:07 +01:00 committed by GitHub
parent 4af907fba8
commit a3e9e3db62
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 18 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/design-system/package.json
View file

@ -46,7 +46,7 @@
"@types/markdown-it": "^12.2.3", "@types/markdown-it": "^12.2.3",
"@types/markdown-it-emoji": "^2.0.2", "@types/markdown-it-emoji": "^2.0.2",
"@types/markdown-it-link-attributes": "^3.0.1", "@types/markdown-it-link-attributes": "^3.0.1",
"@types/sanitize-html": "^2.9.0", "@types/sanitize-html": "^2.11.0",
"@vitejs/plugin-vue": "^4.5.2", "@vitejs/plugin-vue": "^4.5.2",
"@vue/test-utils": "^2.4.3", "@vue/test-utils": "^2.4.3",
"@vue/tsconfig": "^0.5.1", "@vue/tsconfig": "^0.5.1",
@ -71,7 +71,7 @@
"markdown-it-emoji": "^2.0.2", "markdown-it-emoji": "^2.0.2",
"markdown-it-link-attributes": "^4.0.1", "markdown-it-link-attributes": "^4.0.1",
"markdown-it-task-lists": "^2.1.1", "markdown-it-task-lists": "^2.1.1",
"sanitize-html": "2.10.0", "sanitize-html": "2.12.1",
"vue": "^3.4.21", "vue": "^3.4.21",
"vue-boring-avatars": "^1.3.0", "vue-boring-avatars": "^1.3.0",
"vue-router": "^4.2.2", "vue-router": "^4.2.2",

55
pnpm-lock.yaml
View file

@ -836,8 +836,8 @@ importers:
specifier: ^2.1.1 specifier: ^2.1.1
version: 2.1.1 version: 2.1.1
sanitize-html: sanitize-html:
specifier: 2.10.0 specifier: 2.12.1
version: 2.10.0 version: 2.12.1
vue: vue:
specifier: ^3.4.21 specifier: ^3.4.21
version: 3.4.21(typescript@5.3.2) version: 3.4.21(typescript@5.3.2)
@ -909,8 +909,8 @@ importers:
specifier: ^3.0.1 specifier: ^3.0.1
version: 3.0.1 version: 3.0.1
'@types/sanitize-html': '@types/sanitize-html':
specifier: ^2.9.0 specifier: ^2.11.0
version: 2.9.0 version: 2.11.0
'@vitejs/plugin-vue': '@vitejs/plugin-vue':
specifier: ^4.5.2 specifier: ^4.5.2
version: 4.5.2(vite@5.1.5)(vue@3.4.21) version: 4.5.2(vite@5.1.5)(vue@3.4.21)
@ -9377,7 +9377,7 @@ packages:
ts-dedent: 2.2.0 ts-dedent: 2.2.0
type-fest: 2.19.0 type-fest: 2.19.0
vue: 3.4.21(typescript@5.3.2) vue: 3.4.21(typescript@5.3.2)
vue-component-type-helpers: 2.0.4 vue-component-type-helpers: 2.0.5
transitivePeerDependencies: transitivePeerDependencies:
- encoding - encoding
- supports-color - supports-color
@ -10128,10 +10128,10 @@ packages:
'@types/node': 18.16.16 '@types/node': 18.16.16
dev: false dev: false
/@types/sanitize-html@2.9.0: /@types/sanitize-html@2.11.0:
resolution: {integrity: sha512-4fP/kEcKNj2u39IzrxWYuf/FnCCwwQCpif6wwY6ROUS1EPRIfWJjGkY3HIowY1EX/VbX5e86yq8AAE7UPMgATg==} resolution: {integrity: sha512-7oxPGNQHXLHE48r/r/qjn7q0hlrs3kL7oZnGj0Wf/h9tj/6ibFyRkNbsDxaBBZ4XUZ0Dx5LGCyDJ04ytSofacQ==}
dependencies: dependencies:
htmlparser2: 8.0.1 htmlparser2: 8.0.2
dev: true dev: true
/@types/scheduler@0.16.2: /@types/scheduler@0.16.2:
@ -13735,11 +13735,6 @@ packages:
/deep-is@0.1.4: /deep-is@0.1.4:
resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==} resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==}
/deepmerge@4.2.2:
resolution: {integrity: sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==}
engines: {node: '>=0.10.0'}
dev: false
/deepmerge@4.3.1: /deepmerge@4.3.1:
resolution: {integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==} resolution: {integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==}
engines: {node: '>=0.10.0'} engines: {node: '>=0.10.0'}
@ -16500,14 +16495,6 @@ packages:
entities: 2.2.0 entities: 2.2.0
dev: false dev: false
/htmlparser2@8.0.1:
resolution: {integrity: sha512-4lVbmc1diZC7GUJQtRQ5yBAeUCL1exyMwmForWkRLnwyzWBFxN633SALPMGYaWZvKe9j1pRZJpauvmxENSp/EA==}
dependencies:
domelementtype: 2.3.0
domhandler: 5.0.3
domutils: 3.0.1
entities: 4.4.0
/htmlparser2@8.0.2: /htmlparser2@8.0.2:
resolution: {integrity: sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==} resolution: {integrity: sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==}
dependencies: dependencies:
@ -16515,7 +16502,6 @@ packages:
domhandler: 5.0.3 domhandler: 5.0.3
domutils: 3.0.1 domutils: 3.0.1
entities: 4.4.0 entities: 4.4.0
dev: false
/http-cache-semantics@4.1.1: /http-cache-semantics@4.1.1:
resolution: {integrity: sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==} resolution: {integrity: sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==}
@ -21060,7 +21046,7 @@ packages:
/parse5@7.1.2: /parse5@7.1.2:
resolution: {integrity: sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==} resolution: {integrity: sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==}
dependencies: dependencies:
entities: 4.4.0 entities: 4.5.0
dev: true dev: true
/parseley@0.12.1: /parseley@0.12.1:
@ -21833,15 +21819,6 @@ packages:
source-map: 0.6.1 source-map: 0.6.1
dev: true dev: true
/postcss@8.4.21:
resolution: {integrity: sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==}
engines: {node: ^10 || ^12 || >=14}
dependencies:
nanoid: 3.3.6
picocolors: 1.0.0
source-map-js: 1.0.2
dev: false
/postcss@8.4.31: /postcss@8.4.31:
resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==} resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==}
engines: {node: ^10 || ^12 || >=14} engines: {node: ^10 || ^12 || >=14}
@ -23253,15 +23230,15 @@ packages:
xpath: 0.0.32 xpath: 0.0.32
dev: false dev: false
/sanitize-html@2.10.0: /sanitize-html@2.12.1:
resolution: {integrity: sha512-JqdovUd81dG4k87vZt6uA6YhDfWkUGruUu/aPmXLxXi45gZExnt9Bnw/qeQU8oGf82vPyaE0vO4aH0PbobB9JQ==} resolution: {integrity: sha512-Plh+JAn0UVDpBRP/xEjsk+xDCoOvMBwQUf/K+/cBAVuTbtX8bj2VB7S1sL1dssVpykqp0/KPSesHrqXtokVBpA==}
dependencies: dependencies:
deepmerge: 4.2.2 deepmerge: 4.3.1
escape-string-regexp: 4.0.0 escape-string-regexp: 4.0.0
htmlparser2: 8.0.1 htmlparser2: 8.0.2
is-plain-object: 5.0.0 is-plain-object: 5.0.0
parse-srcset: 1.0.2 parse-srcset: 1.0.2
postcss: 8.4.21 postcss: 8.4.35
dev: false dev: false
/sass-loader@13.3.2(sass@1.64.1)(webpack@5.75.0): /sass-loader@13.3.2(sass@1.64.1)(webpack@5.75.0):
@ -26042,8 +26019,8 @@ packages:
resolution: {integrity: sha512-NCA6sekiJIMnMs4DdORxATXD+/NRkQpS32UC+I1KQJUasx+Z7MZUb3Y+MsKsFmX+PgyTYSteb73JW77AibaCCw==} resolution: {integrity: sha512-NCA6sekiJIMnMs4DdORxATXD+/NRkQpS32UC+I1KQJUasx+Z7MZUb3Y+MsKsFmX+PgyTYSteb73JW77AibaCCw==}
dev: true dev: true
/vue-component-type-helpers@2.0.4: /vue-component-type-helpers@2.0.5:
resolution: {integrity: sha512-IFZ8rjfV1zWf1LOMPfmMaHe28zZfo5w2NyZxCqeqLGT3CGur0Y9+R3/bvX400tqVukuzf8mLw2fOvGTyXKPWjg==} resolution: {integrity: sha512-v9N4ufDSnd8YHcDq/vURPjxDyBVak5ZVAQ6aGNIrf7ZAj/VxRKpLZXFHEaqt9yHkWi0/TZp76Jmf8yNJxDQi4g==}
dev: true dev: true
/vue-demi@0.14.5(vue@3.4.21): /vue-demi@0.14.5(vue@3.4.21):