Skip to content

Commit

Permalink
feat(core): Upgrade Rudderstack SDK to address CVE-2023-45857 (n8n-io…
Browse files Browse the repository at this point in the history 
…#8368)
  • Loading branch information
@netroy
netroy authored Jan 26, 2024
1 parent d7a248a commit 2fba0e8
Show file tree
Hide file tree
Showing 8 changed files with 78 additions and 256 deletions.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
],
"overrides": {
"@types/node": "^18.16.16",
"axios": "1.6.7",
"chokidar": "3.5.2",
"jsonwebtoken": "9.0.0",
"prettier": "^3.1.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/@n8n/client-oauth2/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@
"dist/**/*"
],
"dependencies": {
"axios": "1.6.5"
"axios": "1.6.7"
}
}
4 changes: 2 additions & 2 deletions packages/cli/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@
"@n8n/permissions": "workspace:*",
"@n8n_io/license-sdk": "2.9.1",
"@oclif/core": "3.18.1",
"@rudderstack/rudder-sdk-node": "1.0.6",
"@rudderstack/rudder-sdk-node": "2.0.6",
"@sentry/integrations": "7.87.0",
"@sentry/node": "7.87.0",
"axios": "1.6.5",
"axios": "1.6.7",
"basic-auth": "2.0.1",
"bcryptjs": "2.4.3",
"bull": "4.12.1",
Expand Down
2 changes: 1 addition & 1 deletion packages/cli/src/config/schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1179,7 +1179,7 @@ export const schema = {
backend: {
doc: 'Diagnostics config for backend.',
format: String,
default: '1zPn7YoGC3ZXE9zLeTKLuQCB4F6;https://telemetry.n8n.io/v1/batch',
default: '1zPn7YoGC3ZXE9zLeTKLuQCB4F6;https://telemetry.n8n.io',
env: 'N8N_DIAGNOSTICS_CONFIG_BACKEND',
},
},
Expand Down
35 changes: 19 additions & 16 deletions packages/cli/src/telemetry/index.ts
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import axios from 'axios';
import type RudderStack from '@rudderstack/rudder-sdk-node';
import { PostHogClient } from '@/posthog';
import { Container, Service } from 'typedi';
Expand Down Expand Up @@ -40,8 +41,8 @@ export class Telemetry {

constructor(
private readonly logger: Logger,
private postHog: PostHogClient,
private license: License,
private readonly postHog: PostHogClient,
private readonly license: License,
private readonly instanceSettings: InstanceSettings,
private readonly workflowRepository: WorkflowRepository,
) {}
Expand All @@ -50,17 +51,27 @@ export class Telemetry {
const enabled = config.getEnv('diagnostics.enabled');
if (enabled) {
const conf = config.getEnv('diagnostics.config.backend');
const [key, url] = conf.split(';');
const [key, dataPlaneUrl] = conf.split(';');

if (!key || !url) {
if (!key || !dataPlaneUrl) {
this.logger.warn('Diagnostics backend config is invalid');
return;
}

const logLevel = config.getEnv('logs.level');

const { default: RudderStack } = await import('@rudderstack/rudder-sdk-node');
this.rudderStack = new RudderStack(key, url, { logLevel });
const axiosInstance = axios.create();
axiosInstance.interceptors.request.use((cfg) => {
cfg.headers.setContentType('application/json', false);
return cfg;
});
this.rudderStack = new RudderStack(key, {
axiosInstance,
logLevel,
dataPlaneUrl,
gzip: false,
});

this.startPulse();
}
Expand Down Expand Up @@ -154,16 +165,8 @@ export class Telemetry {

async trackN8nStop(): Promise<void> {
clearInterval(this.pulseIntervalReference);
void this.track('User instance stopped');
return await new Promise<void>(async (resolve) => {
await this.postHog.stop();

if (this.rudderStack) {
this.rudderStack.flush(resolve);
} else {
resolve();
}
});
await this.track('User instance stopped');
void Promise.all([this.postHog.stop(), this.rudderStack?.flush()]);
}

async identify(traits?: {
Expand Down Expand Up @@ -194,7 +197,7 @@ export class Telemetry {
return await new Promise<void>((resolve) => {
if (this.rudderStack) {
const { user_id } = properties;
const updatedProperties: ITelemetryTrackProperties = {
const updatedProperties = {
...properties,
instance_id: instanceId,
version_cli: N8N_VERSION,
Expand Down
2 changes: 1 addition & 1 deletion packages/core/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"dependencies": {
"@n8n/client-oauth2": "workspace:*",
"aws4": "1.11.0",
"axios": "1.6.5",
"axios": "1.6.7",
"concat-stream": "2.0.0",
"cron": "1.7.2",
"fast-glob": "3.2.12",
Expand Down
2 changes: 1 addition & 1 deletion packages/editor-ui/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
"@n8n/permissions": "workspace:*",
"@vueuse/components": "^10.5.0",
"@vueuse/core": "^10.5.0",
"axios": "1.6.5",
"axios": "1.6.7",
"chart.js": "^4.4.0",
"codemirror-lang-html-n8n": "^1.0.0",
"codemirror-lang-n8n-expression": "^0.2.0",
Expand Down
Loading

0 comments on commit 2fba0e8

Please sign in to comment.