feat(core): Upgrade Rudderstack SDK to address CVE-2023-45857 (#8368)

2025-12-22 20:29:08 +00:00 · 2024-01-26 16:58:44 +01:00
parent d7a248a1c7
commit 2fba0e8d58
8 changed files with 85 additions and 263 deletions
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -99,10 +99,10 @@
    "@n8n/permissions": "workspace:*",
    "@n8n_io/license-sdk": "2.9.1",
    "@oclif/core": "3.18.1",
-    "@rudderstack/rudder-sdk-node": "1.0.6",
+    "@rudderstack/rudder-sdk-node": "2.0.6",
    "@sentry/integrations": "7.87.0",
    "@sentry/node": "7.87.0",
-    "axios": "1.6.5",
+    "axios": "1.6.7",
    "basic-auth": "2.0.1",
    "bcryptjs": "2.4.3",
    "bull": "4.12.1",
--- a/packages/cli/src/config/schema.ts
+++ b/packages/cli/src/config/schema.ts
@@ -1179,7 +1179,7 @@ export const schema = {
 			backend: {
 				doc: 'Diagnostics config for backend.',
 				format: String,
-				default: '1zPn7YoGC3ZXE9zLeTKLuQCB4F6;https://telemetry.n8n.io/v1/batch',
+				default: '1zPn7YoGC3ZXE9zLeTKLuQCB4F6;https://telemetry.n8n.io',
 				env: 'N8N_DIAGNOSTICS_CONFIG_BACKEND',
 			},
 		},
--- a/packages/cli/src/telemetry/index.ts
+++ b/packages/cli/src/telemetry/index.ts
@@ -1,3 +1,4 @@
+import axios from 'axios';
 import type RudderStack from '@rudderstack/rudder-sdk-node';
 import { PostHogClient } from '@/posthog';
 import { Container, Service } from 'typedi';
@@ -40,8 +41,8 @@ export class Telemetry {

 	constructor(
 		private readonly logger: Logger,
-		private postHog: PostHogClient,
-		private license: License,
+		private readonly postHog: PostHogClient,
+		private readonly license: License,
 		private readonly instanceSettings: InstanceSettings,
 		private readonly workflowRepository: WorkflowRepository,
 	) {}
@@ -50,9 +51,9 @@ export class Telemetry {
 		const enabled = config.getEnv('diagnostics.enabled');
 		if (enabled) {
 			const conf = config.getEnv('diagnostics.config.backend');
-			const [key, url] = conf.split(';');
+			const [key, dataPlaneUrl] = conf.split(';');

-			if (!key || !url) {
+			if (!key || !dataPlaneUrl) {
 				this.logger.warn('Diagnostics backend config is invalid');
 				return;
 			}
@@ -60,7 +61,17 @@ export class Telemetry {
 			const logLevel = config.getEnv('logs.level');

 			const { default: RudderStack } = await import('@rudderstack/rudder-sdk-node');
-			this.rudderStack = new RudderStack(key, url, { logLevel });
+			const axiosInstance = axios.create();
+			axiosInstance.interceptors.request.use((cfg) => {
+				cfg.headers.setContentType('application/json', false);
+				return cfg;
+			});
+			this.rudderStack = new RudderStack(key, {
+				axiosInstance,
+				logLevel,
+				dataPlaneUrl,
+				gzip: false,
+			});

 			this.startPulse();
 		}
@@ -154,16 +165,8 @@ export class Telemetry {

 	async trackN8nStop(): Promise<void> {
 		clearInterval(this.pulseIntervalReference);
-		void this.track('User instance stopped');
-		return await new Promise<void>(async (resolve) => {
-			await this.postHog.stop();
-
-			if (this.rudderStack) {
-				this.rudderStack.flush(resolve);
-			} else {
-				resolve();
-			}
-		});
+		await this.track('User instance stopped');
+		void Promise.all([this.postHog.stop(), this.rudderStack?.flush()]);
 	}

 	async identify(traits?: {
@@ -194,7 +197,7 @@ export class Telemetry {
 		return await new Promise<void>((resolve) => {
 			if (this.rudderStack) {
 				const { user_id } = properties;
-				const updatedProperties: ITelemetryTrackProperties = {
+				const updatedProperties = {
 					...properties,
 					instance_id: instanceId,
 					version_cli: N8N_VERSION,