chore(deps): update dependency n8n to v1.68.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.67.1 -> 1.68.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.68.0

Compare Source

Bug Fixes

• AI Agent Node: Throw better errors for non-tool agents when using structured tools (#​11582) (9b6123d)
• Auto-fixing Output Parser Node: Only run retry chain on parsing errors (#​11569) (21b31e4)
• core: Continue with error output reverse items in success branch (#​11684) (6d5ee83)
• core: Ensure task runner server closes websocket connection correctly (#​11633) (b496bf3)
• core: Handle websocket connection error more gracefully in task runners (#​11635) (af7d6e6)
• core: Improve model sub-nodes error handling (#​11418) (57467d0)
• core: Make push work for waiting webhooks (#​11678) (600479b)
• core: Revert all the context helpers changes (#​11616) (20fd38f)
• core: Set the authentication methad to email during startup if the SAML configuration in the database has been corrupted (#​11600) (6439291)
• core: Use cached value in retrieval of personal project owner (#​11533) (04029d8)
• Credentials save button is hidden unless you make changes to the (#​11492) (835fbfe)
• editor: Add stickies to node insert position conflict check allowlist (#​11624) (fc39e3c)
• editor: Adjust Scrollbar Width of RunData Header Row (#​11561) (d17d76a)
• editor: Cap NDV Output View Tab Index to prevent rare edge case (#​11614) (a6c8ee4)
• editor: Do not show hover tooltip when autocomplete is active (#​11653) (23caf43)
• editor: Enable pinning main output with error and always allow unpinning (#​11452) (40c8882)
• editor: Fix collapsing nested items in expression modal schema view (#​11645) (41dea52)
• editor: Fix default workflow settings (#​11632) (658568e)
• editor: Fix duplicate chat trigger (#​11693) (a025848)
• editor: Fix hiding SQL query output when trying to select (#​11649) (4dbf2f4)
• editor: Fix scrolling in code edit modal (#​11647) (8f695f3)
• editor: Prevent error being thrown in RLC while loading (#​11676) (ca8cb45)
• editor: Prevent NodeCreator from swallowing AskAssistant enter event (#​11532) (db94f16)
• editor: Show node executing status shortly before switching to success on new canvas (#​11675) (b0ba24c)
• editor: Show only error title and 'Open errored node' button; hide 'Ask Assistant' in root for sub-node errors (#​11573) (8cba100)
• Facebook Lead Ads Trigger Node: Fix issue with optional fields (#​11692) (70d315b)
• Google BigQuery Node: Add item index to insert error (#​11702) (145d092)
• Google Drive Node: Fix file upload for streams (#​11698) (770230f)
• In-Memory Vector Store Node: Fix displaying execution data of connected embedding nodes (#​11701) (40ade15)
• Item List Output Parser Node: Fix number of items parameter issue (#​11696) (01ebe9d)
• n8n Form Node: Find completion page (#​11674) (ed3ad6d)
• n8n Form Node: Open form page if form trigger has pin data (#​11673) (f0492bd)
• n8n Form Node: Trigger page stack in waiting if error in workflow (#​11671) (94b5873)
• n8n Form Trigger Node: Checkboxes different sizes (#​11677) (c08d23c)
• NDV search bugs (#​11613) (c32cf64)
• Notion Node: Extract page url (#​11643) (cbdd535)
• Redis Chat Memory Node: Respect the SSL flag from the credential (#​11689) (b5cbf75)
• Supabase Node: Reset query parameters in get many operation (#​11630) (7458229)
• Switch Node: Maintain output connections (#​11162) (9bd79fc)

Features

• AI Transform Node: Show warning for binary data (#​11560) (ddbb263)
• core: Make all http requests made with httpRequestWithAuthentication abortable (#​11704) (0d8aada)
• editor: Improve how we show default Agent prompt and Memory session parameters (#​11491) (565f8cd)
• editor: Improve workflow loading performance on new canvas (#​11629) (f1e2df7)
• editor: Redesign Canvas Chat (#​11634) (a412ab7)
• editor: Restrict when a ChatTrigger Node is added automatically (#​11523) (93a6f85)
• Github star button in-app (#​11695) (0fd684d)
• Oura Node: Update node for v2 api (#​11604) (3348fbb)

Performance Improvements

• editor: Add lint rules for optimization-friendly syntax (#​11681) (88295c7)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.68.0

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.68.0

digest	sha256:84cd061b0b7a067af746c04ada0f2c011573bc25029cb3ae7123c283cc424f17
vulnerabilities
platform	linux/amd64
size	143 MB
packages	1314

semver 5.3.0 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

pdfjs-dist 2.16.105 (npm) pkg:npm/[email protected] Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

cross-spawn 4.0.2 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <6.0.6 Fixed version 7.0.5 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

identity 3.4.2 (npm) pkg:npm/%40azure/[email protected] Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <4.2.1 Fixed version 4.2.1 CVSS Score 5.5 CVSS Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

cookie 0.4.2 (npm) pkg:npm/[email protected] Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affected range <0.7.0 Fixed version 0.7.0 Description Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize("userName=<script>alert('XSS3')</script>; Max-Age=2592000; a", value) would result in "userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test", setting userName cookie to <script> and ignoring value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Patches Upgrade to 0.7.0, which updates the validation for name, path, and domain. Workarounds Avoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input. References fix: narrow the validation of cookies to match RFC6265 jshttp/cookie#167

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11937888751.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/11937888751.