From 6c1b99d6c2c62b9d6f71bab88cfc6ef936b9dbd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Tue, 11 Mar 2025 09:08:01 +0100 Subject: [PATCH] chore: Upgrade axios to address CVE-2025-27152 (#13799) --- cypress/package.json | 2 +- package.json | 6 +- .../nodes/GraphQL/test/GraphQL.node.test.ts | 1 - pnpm-lock.yaml | 129 ++++++++---------- pnpm-workspace.yaml | 2 +- 5 files changed, 62 insertions(+), 78 deletions(-) diff --git a/cypress/package.json b/cypress/package.json index 4ad2d4f199..97419b07ab 100644 --- a/cypress/package.json +++ b/cypress/package.json @@ -30,6 +30,6 @@ "flatted": "catalog:", "lodash": "catalog:", "nanoid": "catalog:", - "start-server-and-test": "^2.0.8" + "start-server-and-test": "^2.0.10" } } diff --git a/package.json b/package.json index a345b1a75f..f2f59b8c25 100644 --- a/package.json +++ b/package.json @@ -87,7 +87,11 @@ "tsconfig-paths": "^4.2.0", "typescript": "^5.7.2", "vue-tsc": "^2.1.10", - "ws": ">=8.17.1" + "ws": ">=8.17.1", + "@rudderstack/rudder-sdk-node>axios": "1.8.2", + "ibm-cloud-sdk-core>axios": "1.8.2", + "langchain>axios": "1.8.2", + "snowflake-sdk>axios": "1.8.2" }, "patchedDependencies": { "bull@4.12.1": "patches/bull@4.12.1.patch", diff --git a/packages/nodes-base/nodes/GraphQL/test/GraphQL.node.test.ts b/packages/nodes-base/nodes/GraphQL/test/GraphQL.node.test.ts index 563c5b31f9..460e9ebcf8 100644 --- a/packages/nodes-base/nodes/GraphQL/test/GraphQL.node.test.ts +++ b/packages/nodes-base/nodes/GraphQL/test/GraphQL.node.test.ts @@ -21,7 +21,6 @@ describe('GraphQL Node', () => { nock(baseUrl) .matchHeader('accept', 'application/json') .matchHeader('content-type', 'application/json') - .matchHeader('user-agent', 'axios/1.7.4') .matchHeader('content-length', '263') .matchHeader('accept-encoding', 'gzip, compress, deflate, br') .post( diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c1c783ba1f..5aa70ab954 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -28,8 +28,8 @@ catalogs: specifier: ^0.4.14 version: 0.4.14 axios: - specifier: 1.7.4 - version: 1.7.4 + specifier: 1.8.2 + version: 1.8.2 basic-auth: specifier: 2.0.1 version: 2.0.1 @@ -140,6 +140,10 @@ overrides: typescript: ^5.7.2 vue-tsc: ^2.1.10 ws: '>=8.17.1' + '@rudderstack/rudder-sdk-node>axios': 1.8.2 + ibm-cloud-sdk-core>axios: 1.8.2 + langchain>axios: 1.8.2 + snowflake-sdk>axios: 1.8.2 patchedDependencies: '@types/express-serve-static-core@4.17.43': @@ -274,8 +278,8 @@ importers: specifier: 'catalog:' version: 3.3.8 start-server-and-test: - specifier: ^2.0.8 - version: 2.0.8 + specifier: ^2.0.10 + version: 2.0.10 devDependencies: '@n8n/api-types': specifier: workspace:* @@ -319,7 +323,7 @@ importers: version: 4.0.7 axios: specifier: 'catalog:' - version: 1.7.4 + version: 1.8.2(debug@4.3.6) dotenv: specifier: 8.6.0 version: 8.6.0 @@ -344,7 +348,7 @@ importers: dependencies: axios: specifier: 'catalog:' - version: 1.7.4 + version: 1.8.2(debug@4.3.6) devDependencies: '@n8n/typescript-config': specifier: workspace:* @@ -493,7 +497,7 @@ importers: version: 3.666.0(@aws-sdk/client-sts@3.666.0) '@getzep/zep-cloud': specifier: 1.0.12 - version: 1.0.12(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13)(langchain@0.3.11(c10b80e38f5a8711ccad1e2174de91e6)) + version: 1.0.12(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13)(langchain@0.3.11(fd386e1130022c8548c06dd951c5cbf0)) '@getzep/zep-js': specifier: 0.9.0 version: 0.9.0 @@ -520,7 +524,7 @@ importers: version: 0.3.2(@aws-sdk/client-sso-oidc@3.666.0(@aws-sdk/client-sts@3.666.0))(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13) '@langchain/community': specifier: 0.3.24 - version: 0.3.24(1ea346ff95b1be1e3f1f4333b25e2811) + version: 0.3.24(42357ca76b0448889f7aa58ce1d85a15) '@langchain/core': specifier: 'catalog:' version: 0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)) @@ -610,7 +614,7 @@ importers: version: 23.0.1 langchain: specifier: 0.3.11 - version: 0.3.11(c10b80e38f5a8711ccad1e2174de91e6) + version: 0.3.11(fd386e1130022c8548c06dd951c5cbf0) lodash: specifier: 'catalog:' version: 4.17.21 @@ -881,7 +885,7 @@ importers: version: 1.11.0 axios: specifier: 'catalog:' - version: 1.7.4 + version: 1.8.2(debug@4.3.6) bcryptjs: specifier: 2.4.3 version: 2.4.3 @@ -1209,7 +1213,7 @@ importers: version: 1.11.0 axios: specifier: 'catalog:' - version: 1.7.4 + version: 1.8.2(debug@4.3.6) callsites: specifier: 'catalog:' version: 3.1.0 @@ -1656,7 +1660,7 @@ importers: version: 1.1.4 axios: specifier: 'catalog:' - version: 1.7.4 + version: 1.8.2(debug@4.3.6) bowser: specifier: 2.11.0 version: 2.11.0 @@ -2196,7 +2200,7 @@ importers: version: 0.15.2 axios: specifier: 'catalog:' - version: 1.7.4 + version: 1.8.2(debug@4.3.6) callsites: specifier: 'catalog:' version: 3.1.0 @@ -6848,11 +6852,8 @@ packages: axios-retry@3.7.0: resolution: {integrity: sha512-ZTnCkJbRtfScvwiRnoVskFAfvU0UG3xNcsjwTR0mawSbIJoothxn67gKsMaNAFHRXJ1RmuLhmZBzvyXi3+9WyQ==} - axios@1.7.4: - resolution: {integrity: sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==} - - axios@1.7.7: - resolution: {integrity: sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==} + axios@1.8.2: + resolution: {integrity: sha512-ls4GYBm5aig9vWx8AWDSGLpnpDQRtWAfrjU+EuytuODrFBkqesN2RkOQCBzrA1RQNHw1SmRMSDDDSwzNAYQ6Rg==} babel-jest@29.6.2: resolution: {integrity: sha512-BYCzImLos6J3BH/+HvUCHG1dTf2MzmAB4jaVxHV+29RZLjR29XuYTmsf2sdDwkrb+FczkGo3kOhE7ga6sI0P4A==} @@ -9818,7 +9819,7 @@ packages: '@langchain/groq': '*' '@langchain/mistralai': '*' '@langchain/ollama': '*' - axios: '*' + axios: 1.8.2 cheerio: '*' handlebars: ^4.7.8 peggy: ^3.0.2 @@ -12293,8 +12294,8 @@ packages: standard-as-callback@2.1.0: resolution: {integrity: sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==} - start-server-and-test@2.0.8: - resolution: {integrity: sha512-v2fV6NV2F7tL1ocwfI4Wpait+IKjRbT5l3ZZ+ZikXdMLmxYsS8ynGAsCQAUVXkVyGyS+UibsRnvgHkMvJIvCsw==} + start-server-and-test@2.0.10: + resolution: {integrity: sha512-nZphcfcqGqwk74lbZkqSwClkYz+M5ZPGOMgWxNVJrdztPKN96qe6HooRu6L3TpwITn0lKJJdKACqHbJtqythOQ==} engines: {node: '>=16'} hasBin: true @@ -13419,8 +13420,8 @@ packages: resolution: {integrity: sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==} engines: {node: '>=18'} - wait-on@8.0.1: - resolution: {integrity: sha512-1wWQOyR2LVVtaqrcIL2+OM+x7bkpmzVROa0Nf6FryXkS+er5Sa1kzFGjzZRqLnHa3n1rACFLeTwUqE1ETL9Mig==} + wait-on@8.0.2: + resolution: {integrity: sha512-qHlU6AawrgAIHlueGQHQ+ETcPLAauXbnoTKl3RKq20W0T8x0DKVAo5xWIYjHSyvHxQlcYbFdR0jp4T9bDVITFA==} engines: {node: '>=12.0.0'} hasBin: true @@ -15929,7 +15930,7 @@ snapshots: '@gar/promisify@1.1.3': optional: true - '@getzep/zep-cloud@1.0.12(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13)(langchain@0.3.11(c10b80e38f5a8711ccad1e2174de91e6))': + '@getzep/zep-cloud@1.0.12(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13)(langchain@0.3.11(fd386e1130022c8548c06dd951c5cbf0))': dependencies: form-data: 4.0.0 node-fetch: 2.7.0(encoding@0.1.13) @@ -15938,7 +15939,7 @@ snapshots: zod: 3.24.1 optionalDependencies: '@langchain/core': 0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)) - langchain: 0.3.11(c10b80e38f5a8711ccad1e2174de91e6) + langchain: 0.3.11(fd386e1130022c8548c06dd951c5cbf0) transitivePeerDependencies: - encoding @@ -16457,7 +16458,7 @@ snapshots: - aws-crt - encoding - '@langchain/community@0.3.24(1ea346ff95b1be1e3f1f4333b25e2811)': + '@langchain/community@0.3.24(42357ca76b0448889f7aa58ce1d85a15)': dependencies: '@browserbasehq/stagehand': 1.9.0(@playwright/test@1.49.1)(deepmerge@4.3.1)(dotenv@16.4.5)(encoding@0.1.13)(openai@4.78.1(encoding@0.1.13)(zod@3.24.1))(zod@3.24.1) '@ibm-cloud/watsonx-ai': 1.1.2 @@ -16468,7 +16469,7 @@ snapshots: flat: 5.0.2 ibm-cloud-sdk-core: 5.1.0 js-yaml: 4.1.0 - langchain: 0.3.11(c10b80e38f5a8711ccad1e2174de91e6) + langchain: 0.3.11(fd386e1130022c8548c06dd951c5cbf0) langsmith: 0.2.15(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)) openai: 4.78.1(encoding@0.1.13)(zod@3.24.1) uuid: 10.0.0 @@ -16483,7 +16484,7 @@ snapshots: '@aws-sdk/credential-provider-node': 3.666.0(@aws-sdk/client-sso-oidc@3.666.0(@aws-sdk/client-sts@3.666.0))(@aws-sdk/client-sts@3.666.0) '@azure/storage-blob': 12.18.0(encoding@0.1.13) '@browserbasehq/sdk': 2.0.0(encoding@0.1.13) - '@getzep/zep-cloud': 1.0.12(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13)(langchain@0.3.11(c10b80e38f5a8711ccad1e2174de91e6)) + '@getzep/zep-cloud': 1.0.12(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13)(langchain@0.3.11(fd386e1130022c8548c06dd951c5cbf0)) '@getzep/zep-js': 0.9.0 '@google-ai/generativelanguage': 2.6.0(encoding@0.1.13) '@google-cloud/storage': 7.12.1(encoding@0.1.13) @@ -16783,7 +16784,7 @@ snapshots: '@n8n/localtunnel@3.0.0': dependencies: - axios: 1.7.7(debug@4.3.6) + axios: 1.8.2(debug@4.3.6) debug: 4.3.6(supports-color@8.1.1) transitivePeerDependencies: - supports-color @@ -17473,7 +17474,7 @@ snapshots: '@rudderstack/rudder-sdk-node@2.0.9(tslib@2.6.2)': dependencies: - axios: 1.7.4 + axios: 1.8.2 axios-retry: 3.7.0 component-type: 1.2.1 join-component: 1.1.0 @@ -19792,7 +19793,7 @@ snapshots: '@babel/runtime': 7.24.7 is-retry-allowed: 2.2.0 - axios@1.7.4: + axios@1.8.2: dependencies: follow-redirects: 1.15.6(debug@4.3.6) form-data: 4.0.0 @@ -19800,7 +19801,15 @@ snapshots: transitivePeerDependencies: - debug - axios@1.7.4(debug@4.4.0): + axios@1.8.2(debug@4.3.6): + dependencies: + follow-redirects: 1.15.6(debug@4.3.6) + form-data: 4.0.0 + proxy-from-env: 1.1.0 + transitivePeerDependencies: + - debug + + axios@1.8.2(debug@4.4.0): dependencies: follow-redirects: 1.15.6(debug@4.4.0) form-data: 4.0.0 @@ -19808,30 +19817,6 @@ snapshots: transitivePeerDependencies: - debug - axios@1.7.7: - dependencies: - follow-redirects: 1.15.6(debug@4.3.6) - form-data: 4.0.0 - proxy-from-env: 1.1.0 - transitivePeerDependencies: - - debug - - axios@1.7.7(debug@4.3.6): - dependencies: - follow-redirects: 1.15.6(debug@4.3.6) - form-data: 4.0.0 - proxy-from-env: 1.1.0 - transitivePeerDependencies: - - debug - - axios@1.7.7(debug@4.3.7): - dependencies: - follow-redirects: 1.15.6(debug@4.3.7) - form-data: 4.0.0 - proxy-from-env: 1.1.0 - transitivePeerDependencies: - - debug - babel-jest@29.6.2(@babel/core@7.26.0): dependencies: '@babel/core': 7.26.0 @@ -22006,10 +21991,6 @@ snapshots: optionalDependencies: debug: 4.3.6(supports-color@8.1.1) - follow-redirects@1.15.6(debug@4.3.7): - optionalDependencies: - debug: 4.3.7 - follow-redirects@1.15.6(debug@4.4.0): optionalDependencies: debug: 4.4.0(supports-color@8.1.1) @@ -22605,7 +22586,7 @@ snapshots: '@types/debug': 4.1.12 '@types/node': 18.16.16 '@types/tough-cookie': 4.0.2 - axios: 1.7.4(debug@4.4.0) + axios: 1.8.2(debug@4.4.0) camelcase: 6.3.0 debug: 4.4.0(supports-color@8.1.1) dotenv: 16.4.5 @@ -22615,7 +22596,7 @@ snapshots: isstream: 0.1.2 jsonwebtoken: 9.0.2 mime-types: 2.1.35 - retry-axios: 2.6.0(axios@1.7.4) + retry-axios: 2.6.0(axios@1.8.2) tough-cookie: 4.1.3 transitivePeerDependencies: - supports-color @@ -22680,7 +22661,7 @@ snapshots: infisical-node@1.3.0: dependencies: - axios: 1.7.7 + axios: 1.8.2 dotenv: 16.3.1 tweetnacl: 1.0.3 tweetnacl-util: 0.15.1 @@ -23602,7 +23583,7 @@ snapshots: kuler@2.0.0: {} - langchain@0.3.11(c10b80e38f5a8711ccad1e2174de91e6): + langchain@0.3.11(fd386e1130022c8548c06dd951c5cbf0): dependencies: '@langchain/core': 0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)) '@langchain/openai': 0.3.17(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13) @@ -23626,7 +23607,7 @@ snapshots: '@langchain/groq': 0.1.3(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1)))(encoding@0.1.13) '@langchain/mistralai': 0.2.0(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1))) '@langchain/ollama': 0.1.4(@langchain/core@0.3.30(openai@4.78.1(encoding@0.1.13)(zod@3.24.1))) - axios: 1.7.4 + axios: 1.8.2 cheerio: 1.0.0 handlebars: 4.7.8 transitivePeerDependencies: @@ -25375,7 +25356,7 @@ snapshots: posthog-node@3.2.1: dependencies: - axios: 1.7.7 + axios: 1.8.2 rusha: 0.8.14 transitivePeerDependencies: - debug @@ -25974,9 +25955,9 @@ snapshots: ret@0.1.15: {} - retry-axios@2.6.0(axios@1.7.4): + retry-axios@2.6.0(axios@1.8.2): dependencies: - axios: 1.7.4 + axios: 1.8.2 retry-request@7.0.2(encoding@0.1.13): dependencies: @@ -26392,7 +26373,7 @@ snapshots: asn1.js: 5.4.1 asn1.js-rfc2560: 5.0.1(asn1.js@5.4.1) asn1.js-rfc5280: 3.0.0 - axios: 1.7.7 + axios: 1.8.2 big-integer: 1.6.51 bignumber.js: 9.1.2 binascii: 0.0.2 @@ -26546,16 +26527,16 @@ snapshots: standard-as-callback@2.1.0: {} - start-server-and-test@2.0.8: + start-server-and-test@2.0.10: dependencies: arg: 5.0.2 bluebird: 3.7.2 check-more-types: 2.24.0 - debug: 4.3.7 + debug: 4.4.0(supports-color@8.1.1) execa: 5.1.1 lazy-ass: 1.6.0 ps-tree: 1.2.0 - wait-on: 8.0.1(debug@4.3.7) + wait-on: 8.0.2(debug@4.4.0) transitivePeerDependencies: - supports-color @@ -27745,9 +27726,9 @@ snapshots: dependencies: xml-name-validator: 5.0.0 - wait-on@8.0.1(debug@4.3.7): + wait-on@8.0.2(debug@4.4.0): dependencies: - axios: 1.7.7(debug@4.3.7) + axios: 1.8.2(debug@4.4.0) joi: 17.13.3 lodash: 4.17.21 minimist: 1.2.8 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 418858956b..12e5dea7b2 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -11,7 +11,7 @@ catalog: '@types/lodash': ^4.14.195 '@types/uuid': ^10.0.0 '@types/xml2js': ^0.4.14 - axios: 1.7.4 + axios: 1.8.2 basic-auth: 2.0.1 callsites: 3.1.0 chokidar: 4.0.1