chore(deps): update dependency n8n to v1.41.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.39.1 -> 1.41.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.41.0

Compare Source

Bug Fixes

• Cast boolean values in filter parameter (#​9260) (30c8efc)
• core: Prevent occassional 429s on license init in multi-main setup (#​9284) (22b6f90)
• core: Report missing SAML attributes early with an actionable error message (#​9316) (225fdbb)
• core: Webhooks responding with binary data should not prematurely end the response stream (#​9063) (23b676d)
• editor: Fix multi-select parameters with load options getting cleared (#​9324) (0ee4b6c)
• editor: Fix shortcut issue on save buttons (#​9309) (e74c14f)
• editor: Resolve $vars and $secrets in expressions in credentials fields (#​9289) (d92f994)
• editor: Show MFA section to instance owner, even when external auth is enabled (#​9301) (b65e0e2)
• Gmail Node: Remove duplicate options when creating drafts (#​9299) (bfb0eb7)
• Linear Node: Fix issue with data not always being returned (#​9273) (435272b)
• n8n Form Trigger Node: Fix missing options when using respond to webhook (#​9282) (6ab3781)
• Pipedrive Node: Improve type-safety in custom-property handling (#​9319) (c8895c5)
• Read PDF Node: Disable JS evaluation from PDFs (#​9336) (c4bf5b2)

Features

• editor: Implement AI Assistant chat UI (#​9300) (491c6ec)
• editor: Temporarily disable AI error helper (#​9329) (35b983b)
• LinkedIn Node: Upgrade LinkedIn API version (#​9307) (3860077)
• Redis Node: Add support for TLS (#​9266) (0a2de09)
• Send Email Node: Add an option to customize client host-name on SMTP connections (#​9322) (d0d52de)
• Slack Node: Update to use the new API method for file uploads (#​9323) (695e762)

v1.40.0

Compare Source

Bug Fixes

• Airtable Node: Do not allow to use deprecated api keys in v1 (#​9171) (017ae6e)
• core: Add view engine to webhook server to support forms (#​9224) (24c3150)
• core: Fix browser session refreshes not working (#​9212) (1efeecc)
• core: Prevent node param resolution from failing telemetry graph generation (#​9257) (f6c9493)
• core: Stop relying on filesystem for SSH keys (#​9217) (093dcef)
• Discord Node: When using OAuth2 authentication, check if user is a guild member when sending direct message (#​9183) (00dfad3)
• editor: Fix read-only mode in inline expression editor (#​9232) (99f384e)
• editor: Prevent excess runs in manual execution with run data (#​9259) (426a12a)
• editor: Throw expression error on attempting to set variables at runtime (#​9229) (fec04d5)
• Elaborate scope of Sustainable Use License (#​9233) (442aaba)
• Google BigQuery Node: Better error messages, transform timestamps (#​9255) (7ff24f1)
• Google Drive Node: Create from text operation (#​9185) (d9e7494)
• Jira Trigger Node: Update credentials UI (#​9198) (ed98ca2)
• LangChain Code Node: Fix execution of custom n8n tools called via LC code node (#​9265) (741e829)
• LangChain Code Node: Fix resolution of scoped langchain modules (#​9258) (445c05d)
• MySQL Node: Query to statements splitting fix (#​9207) (dc84452)

Features

• Add Ask AI to HTTP Request Node (#​8917) (cd9bc44)
• Gmail Node: Add support for creating drafts using an alias (#​8728) (3986356)
• Gmail Node: Add thread option for draft emails (#​8729) (2dd0b32)
• Groq Chat Model Node: Add support for Groq chat models (#​9250) (96f02bd)
• HTTP Request Node: Option to provide SSL Certificates in Http Request Node (#​9125) (306b68d)
• Jira Software Node: Add Wiki Markup support for Jira Cloud comments (#​8857) (756012b)
• Microsoft To Do Node: Add an option to set a reminder when updating a task (#​6918) (22b2afd)
• MISP Node: Rest search operations (#​9196) (b694e77)
• Ollama Chat Model Node: Add aditional Ollama config parameters & fix vision (#​9215) (e17e767)
• Pipedrive Node: Add busy and description options to activities (#​9208) (9b3ac16)
• Postgres Node: Add option IS NOT NULL and hide value input fields (#​9241) (e896889)
• S3 Node: Add support for self signed SSL certificates (#​9269) (ddff804)
• Telegram Node: Disable page preview by default (#​9267) (41ce178)
• Upgrade typeorm for separate sqlite read & write connections (#​9230) (0b52320)
• Wise Node: Add XML as supported format in getStatement operation (#​9193) (a424b59)
• Wise Trigger Node: Add support for balance updates (#​9189) (42a9891)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.41.0

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.41.0

digest	sha256:f17b54c72e9969eade489789834725b051341039713c610bf4fe029cb8c6bc18
vulnerabilities
platform	linux/amd64
size	141 MB
packages	1527

protobufjs 7.2.4 (npm) pkg:npm/protobufjs@7.2.4 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Affected range >=7.0.0 <7.2.5 Fixed version 7.2.5 CVSS Score 9.8 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Description protobuf.js (aka protobufjs) 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about Object.constructor.prototype.<new-property> = ...; whereas CVE-2022-25878 was about Object.__proto__.<new-property> = ...; instead.

pdfjs-dist 2.16.105 (npm) pkg:npm/pdfjs-dist@2.16.105 Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

xlsx 0.19.3 (npm) pkg:npm/xlsx@0.19.3 Inefficient Regular Expression Complexity Affected range <0.20.2 Fixed version 0.20.2 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).

semver 5.3.0 (npm) pkg:npm/semver@5.3.0 Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/9099455008.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/9099455008.