chore(deps): update dependency n8n to v1.71.2

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.70.4 -> 1.71.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.71.2

Compare Source

Bug Fixes

• core: Make sure task runner exits (#​12123) (78315ac)
• editor: Fix svg background pattern rendering on safari (#​12079) (36eb25c)

Features

• core: Cancel runner task on timeout in external mode (#​12101) (f18263b)

v1.71.1

Compare Source

Bug Fixes

• editor: Don't reset all Parameter Inputs when switched to read-only (#​12063) (728dba2)
• editor: Fix Nodeview.v2 reinitialise based on route changes (#​12062) (4b6db26)
• editor: Fix switching from v2 to v1 (#​12050) (1d0c4e0)
• editor: Load node types in demo and preview modes (#​12048) (c24602f)
• editor: Polyfill crypto.randomUUID (#​12052) (3ca8521)
• editor: Redirect Settings to the proper sub page depending on the instance type (cloud or not) (#​12053) (7a0a9e4)

v1.71.0

Compare Source

Bug Fixes

• core: Fix push for waiting executions (#​11984) (8d71307)
• core: Improve header parameter parsing on http client responses (#​11953) (41e9e39)
• core: Opt-out from optimizations if $item is used (#​12036) (872535a)
• core: Use the configured timezone in task runner (#​12032) (2e6845a)
• core: Validate node name when creating NodeOperationErrror (#​11999) (e68c9da)
• editor: Add execution concurrency info and paywall (#​11847) (57d3269)
• editor: Fix bug causing connection lines to disappear when hovering stickies (#​11950) (439a1cc)
• editor: Fix canvas keybindings using splitter keys such as zooming using + key (#​12022) (6af9c82)
• editor: Fix community check (#​11979) (af0398a)
• editor: Fix copy/paste keyboard events in canvas chat (#​12004) (967340a)
• editor: Fix node showing as successful if errors exists on subsequent runs (#​12019) (8616b17)
• editor: Fix pin data showing up in production executions on new canvas (#​11951) (5f6f8a1)
• editor: Handle source control initialization to prevent UI form crashing (#​11776) (6be8e86)
• editor: Implement dirty nodes for partial executions (#​11739) (b8da4ff)
• editor: Resolve going back from Settings (#​11958) (d74423c)
• editor: Unify executions card label color (#​11949) (fc79718)
• editor: Use optional chaining for all members in execution data when using the debug feature (#​12024) (67aa0c9)
• GraphQL Node: Throw error if GraphQL variables are not objects or strings (#​11904) (85f30b2)
• HTTP Request Node: Use iconv-lite to decode http responses, to support more encoding types (#​11930) (461b39c)
• Load workflows with unconnected Switch outputs (#​12020) (abc851c)
• n8n Form Node: Use https to load google fonts (#​11948) (eccd924)
• Telegram Trigger Node: Fix header secret check (#​12018) (f16de4d)
• Webflow Node: Fix issue with pagination in v2 node (#​11934) (1eb94bc)
• Webflow Node: Fix issue with publishing items (#​11982) (0a8a57e)

Features

• AI Transform Node: Node Prompt improvements (#​11611) (40a7445)
• Code Node: Warning if pairedItem absent or could not be auto mapped (#​11737) (3a5bd12)
• editor: Canvas chat UI & UX improvements (#​11924) (1e25774)
• editor: Persist user's preferred display modes on localStorage (#​11929) (bd69316)

Performance Improvements

• editor: Virtualize SchemaView (#​11694) (9c6def9)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.71.2

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.71.2

digest	sha256:c6ce16215528eea0eef0adad58849d2a1345921c79d4e1506734adf7c085cc01
vulnerabilities
platform	linux/amd64
size	152 MB
packages	1322

semver 5.3.0 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

pdfjs-dist 2.16.105 (npm) pkg:npm/[email protected] Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

cross-spawn 4.0.2 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <6.0.6 Fixed version 7.0.5 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

path-to-regexp 0.1.10 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <0.1.12 Fixed version 0.1.12 Description Impact The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . (e.g. no /:a-:b). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking. References GHSA-9wv6-86v2-598j https://blakeembrey.com/posts/2024-09-web-redos/

identity 3.4.2 (npm) pkg:npm/%40azure/[email protected] Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <4.2.1 Fixed version 4.2.1 CVSS Score 6.8 CVSS Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

nanoid 3.3.6 (npm) pkg:npm/[email protected] Loop with Unreachable Exit Condition ('Infinite Loop') Affected range <3.3.8 Fixed version 3.3.8 Description nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

cookie 0.4.2 (npm) pkg:npm/[email protected] Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affected range <0.7.0 Fixed version 0.7.0 Description Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize("userName=<script>alert('XSS3')</script>; Max-Age=2592000; a", value) would result in "userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test", setting userName cookie to <script> and ignoring value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Patches Upgrade to 0.7.0, which updates the validation for name, path, and domain. Workarounds Avoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input. References fix: narrow the validation of cookies to match RFC6265 jshttp/cookie#167

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12281039661.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12281039661.