Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency n8n to v1.41.0 #4760

Merged
merged 1 commit into from
May 15, 2024
Merged

Conversation

uniget-bot
Copy link

This PR contains the following updates:

Package Update Change
n8n (source) minor 1.39.1 -> 1.41.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

n8n-io/n8n (n8n)

v1.41.0

Compare Source

Bug Fixes
  • Cast boolean values in filter parameter (#​9260) (30c8efc)
  • core: Prevent occassional 429s on license init in multi-main setup (#​9284) (22b6f90)
  • core: Report missing SAML attributes early with an actionable error message (#​9316) (225fdbb)
  • core: Webhooks responding with binary data should not prematurely end the response stream (#​9063) (23b676d)
  • editor: Fix multi-select parameters with load options getting cleared (#​9324) (0ee4b6c)
  • editor: Fix shortcut issue on save buttons (#​9309) (e74c14f)
  • editor: Resolve $vars and $secrets in expressions in credentials fields (#​9289) (d92f994)
  • editor: Show MFA section to instance owner, even when external auth is enabled (#​9301) (b65e0e2)
  • Gmail Node: Remove duplicate options when creating drafts (#​9299) (bfb0eb7)
  • Linear Node: Fix issue with data not always being returned (#​9273) (435272b)
  • n8n Form Trigger Node: Fix missing options when using respond to webhook (#​9282) (6ab3781)
  • Pipedrive Node: Improve type-safety in custom-property handling (#​9319) (c8895c5)
  • Read PDF Node: Disable JS evaluation from PDFs (#​9336) (c4bf5b2)
Features

v1.40.0

Compare Source

Bug Fixes
  • Airtable Node: Do not allow to use deprecated api keys in v1 (#​9171) (017ae6e)
  • core: Add view engine to webhook server to support forms (#​9224) (24c3150)
  • core: Fix browser session refreshes not working (#​9212) (1efeecc)
  • core: Prevent node param resolution from failing telemetry graph generation (#​9257) (f6c9493)
  • core: Stop relying on filesystem for SSH keys (#​9217) (093dcef)
  • Discord Node: When using OAuth2 authentication, check if user is a guild member when sending direct message (#​9183) (00dfad3)
  • editor: Fix read-only mode in inline expression editor (#​9232) (99f384e)
  • editor: Prevent excess runs in manual execution with run data (#​9259) (426a12a)
  • editor: Throw expression error on attempting to set variables at runtime (#​9229) (fec04d5)
  • Elaborate scope of Sustainable Use License (#​9233) (442aaba)
  • Google BigQuery Node: Better error messages, transform timestamps (#​9255) (7ff24f1)
  • Google Drive Node: Create from text operation (#​9185) (d9e7494)
  • Jira Trigger Node: Update credentials UI (#​9198) (ed98ca2)
  • LangChain Code Node: Fix execution of custom n8n tools called via LC code node (#​9265) (741e829)
  • LangChain Code Node: Fix resolution of scoped langchain modules (#​9258) (445c05d)
  • MySQL Node: Query to statements splitting fix (#​9207) (dc84452)
Features
  • Add Ask AI to HTTP Request Node (#​8917) (cd9bc44)
  • Gmail Node: Add support for creating drafts using an alias (#​8728) (3986356)
  • Gmail Node: Add thread option for draft emails (#​8729) (2dd0b32)
  • Groq Chat Model Node: Add support for Groq chat models (#​9250) (96f02bd)
  • HTTP Request Node: Option to provide SSL Certificates in Http Request Node (#​9125) (306b68d)
  • Jira Software Node: Add Wiki Markup support for Jira Cloud comments (#​8857) (756012b)
  • Microsoft To Do Node: Add an option to set a reminder when updating a task (#​6918) (22b2afd)
  • MISP Node: Rest search operations (#​9196) (b694e77)
  • Ollama Chat Model Node: Add aditional Ollama config parameters & fix vision (#​9215) (e17e767)
  • Pipedrive Node: Add busy and description options to activities (#​9208) (9b3ac16)
  • Postgres Node: Add option IS NOT NULL and hide value input fields (#​9241) (e896889)
  • S3 Node: Add support for self signed SSL certificates (#​9269) (ddff804)
  • Telegram Node: Disable page preview by default (#​9267) (41ce178)
  • Upgrade typeorm for separate sqlite read & write connections (#​9230) (0b52320)
  • Wise Node: Add XML as supported format in getStatement operation (#​9193) (a424b59)
  • Wise Trigger Node: Add support for balance updates (#​9189) (42a9891)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Copy link

@nicholasdille-bot nicholasdille-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved because label type/renovate is present.

Copy link

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.41.0

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.41.0
digestsha256:f17b54c72e9969eade489789834725b051341039713c610bf4fe029cb8c6bc18
vulnerabilitiescritical: 1 high: 2 medium: 1 low: 0
platformlinux/amd64
size141 MB
packages1527
critical: 1 high: 0 medium: 0 low: 0 protobufjs 7.2.4 (npm)

pkg:npm/protobufjs@7.2.4

critical 9.8: CVE--2023--36665 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected range>=7.0.0
<7.2.5
Fixed version7.2.5
CVSS Score9.8
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description

protobuf.js (aka protobufjs) 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about Object.constructor.prototype.<new-property> = ...; whereas CVE-2022-25878 was about Object.__proto__.<new-property> = ...; instead.

critical: 0 high: 1 medium: 0 low: 0 pdfjs-dist 2.16.105 (npm)

pkg:npm/pdfjs-dist@2.16.105

high : CVE--2024--4367

Affected range<=4.1.392
Fixed version4.2.67
Description

Impact

If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.

Patches

The patch removes the use of eval:
mozilla/pdf.js#18015

Workarounds

Set the option isEvalSupported to false.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

critical: 0 high: 1 medium: 0 low: 0 xlsx 0.19.3 (npm)

pkg:npm/xlsx@0.19.3

high 7.5: CVE--2024--22363 Inefficient Regular Expression Complexity

Affected range<0.20.2
Fixed version0.20.2
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).

critical: 0 high: 0 medium: 1 low: 0 semver 5.3.0 (npm)

pkg:npm/semver@5.3.0

medium 5.3: CVE--2022--25883 Inefficient Regular Expression Complexity

Affected range<5.7.2
Fixed version5.7.2
CVSS Score5.3
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Copy link

Copy link

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/9099455008.

@github-actions github-actions bot merged commit 2337fc4 into main May 15, 2024
9 checks passed
@github-actions github-actions bot deleted the renovate/n8n-1.x branch May 15, 2024 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants