Skip to content

fix: Update NPM to address security vulnerability #15968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 3, 2025
Merged

fix: Update NPM to address security vulnerability #15968

merged 1 commit into from
Jun 3, 2025

Conversation

shortstacked
Copy link
Contributor

@shortstacked shortstacked commented Jun 3, 2025
edited
Loading

Updates NPM to version 11.4.1 within the Docker image. This update resolves a known security vulnerability related to the cross-spawn dependency.

Summary

Tested locally on the docker image by installing/removing/updating/listing a community node. Everything still works.
Also tested installing community node from node list and it works.

Related Linear tickets, Github issues, and Community forum posts

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)

@shortstacked
fix: Update NPM to address security vulnerability
737ce45 
Updates NPM to version 11.4.1 within the Docker image.
This update resolves a known security vulnerability related
to the cross-spawn dependency.
@shortstacked shortstacked requested review from netroy and Joffcom June 3, 2025 10:47
@codecov Codecov
Copy link

codecov bot commented Jun 3, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jun 3, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cubic found 1 issue across 1 file. Review it in cubic.dev

React with 👍 or 👎 to teach cubic. Tag @cubic-dev-ai to give specific feedback.

Joffcom
Joffcom approved these changes Jun 3, 2025
View reviewed changes
Copy link
Member

@Joffcom Joffcom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can’t see any breaking changes between 10.8.2 and 11.4.1 that would cause any issues

@n8n-assistant n8n-assistant bot added the n8n team Authored by the n8n team label Jun 3, 2025
@shortstacked shortstacked merged commit 2e18e07 into master Jun 3, 2025
32 checks passed
@shortstacked shortstacked deleted the cross-spawn-fix branch June 3, 2025 11:01
Alexandero89 pushed a commit to Alexandero89/n8n that referenced this pull request Jun 4, 2025
@shortstacked
fix: Update NPM to address security vulnerability (n8n-io#15968)
58700ec
Alexandero89 pushed a commit to Alexandero89/n8n that referenced this pull request Jun 4, 2025
@shortstacked
fix: Update NPM to address security vulnerability (n8n-io#15968)
d653c08
This was referenced Jun 11, 2025
Closed
Closed
Merged
@janober
Copy link
Member

janober commented Jun 11, 2025

Got released with [email protected]

TianYi0217 pushed a commit to TianYi0217/n8n that referenced this pull request Jun 14, 2025
@shortstacked @TianYi0217
fix: Update NPM to address security vulnerability (n8n-io#15968)
cb2a83e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@Joffcom Joffcom Joffcom approved these changes

@netroy netroy Awaiting requested review from netroy

Assignees
No one assigned
Labels
n8n team Authored by the n8n team Released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shortstacked @janober @Joffcom