chore(deps): update dependency n8n to v1.47.1

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.45.1 -> 1.47.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.47.1

Compare Source

Bug Fixes

• core: Fix init for AuditEventRelay (#​9839) (e9703cc)
• editor: Fix initialize authenticated features (#​9867) (4b88f65)
• editor: Properly update workflow info in main header (#​9789) (9a4260e)

v1.47.0

Compare Source

Bug Fixes

• AI Agent Node: Exclude tools agent from unsupported node versions (#​9728) (28d1a5d)
• Airtable Node: Make multipleRecordLinks editable in fields (#​9608) (fdde995)
• AWS SES Node: Fix issue with email aliases not working for sending from or sending to (#​9811) (e1e8a75)
• Changes to workflow staticData erroneously updating updatedAt (#​9790) (adbd0d1)
• core: Ensure execution recovery skips successful executions (#​9793) (4131408)
• core: Ensure followers do not recover executions from logs (#​9785) (7c358e5)
• core: Update transactional email links for RBAC (#​9727) (ceb7f07)
• core: Upgrade ws to address CVE-2024-37890 (#​9801) (f98c4b8)
• editor: Active toggle incorrectly displayed as inactive in execution view (#​9778) (551fb6d)
• editor: Add telemetry to resource moving (#​9720) (e84d253)
• editor: Error dropdown in resource locator disappears when search filter is required (#​9681) (1a3f72b)
• editor: Fix node icon in node creator header (#​9782) (b7d356f)
• editor: Improve touch device detection (#​9675) (3b86f52)
• editor: Revert header toggle fix (#​9800) (11fe48b)
• editor: Use BroadcastChannel instead of window.opener for OAuth callback window (#​9779) (87cb199)
• editor: Use segments/graphemes when creating the compact sidebar entries (#​9776) (be7249f)
• Elasticsearch Node: Fix issue with self signed certificates (#​9805) (77bf166)
• Fix sending pin data twice causing payload too large errors (#​9710) (6c1a4c8)
• Google Sheets Node: Check for column names changes before upsert, append, update (#​9649) (223488f)
• Slack Node: Do not try to parse block if it's already object (#​9643) (8f94dcc)
• When editing nodes only show the credentials in the dropdown that the user is allowed to use in that workflow (#​9718) (2cf4364)

Features

• Add custom data to public API execution endpoints (#​9705) (a104660)
• core: Expand crash recovery to cover queue mode (#​9676) (c58621a)
• core: Use WebCrypto to generate all random numbers and strings (#​9786) (65c5609)
• HTTP request tool (#​9228) (be2635e)
• JWT Node: Add an option to allow a "kid" (key ID) header claim (#​9797) (15d631c)
• Pipedrive Node: Add sort field for get all persons (#​8138) (4e89343)
• Set Node: Preserve binary data by default (#​9668) (d116353)

Performance Improvements

• core: Introduce concurrency control for main mode (#​9453) (7973423)

v1.46.0

Compare Source

Bug Fixes

• Chat Trigger Node: Fix public chat container dimensions (#​9664) (3b10c0f)
• core: Allow graceful shutdown for main with active executions (#​9661) (4b345be)
• core: Fix optional chaining in continue on fail check (#​9667) (6ae6a5e)
• editor: Color node connections correctly in execution preview for nodes that have pinned data (#​9669) (ebba7c8)
• editor: Fix node connection showing incorrect item count during … (#​9684) (99b54bb)
• editor: Improve dragndrop of input pills with spaces (#​9656) (291d46a)
• editor: Improve large data warning in input/output panel (#​9671) (4918ac8)
• editor: Indent on tabs in expression fields (#​9659) (bb7227d)
• editor: Node background for executing nodes in dark mode (#​9682) (ae00b44)
• editor: Persist tag filter when clicking tag directly in workflows page (#​9709) (0502738)
• editor: Prevent running workflows using keyboard shortcuts if execution is disabled (#​9644) (e9e3b25)
• editor: Prevent saving already saved workflows (#​9670) (b652405)
• editor: Remove transparency from dark mode callouts (#​9650) (566b52c)
• editor: Render credentials editable when opening them from the node view (#​9678) (dc17cf3)
• Gotify Node: Fix issue with self signed certificates not working (#​9647) (68e856d)
• Introduce HooksService (#​8962) (dda7901)
• Jira Software Node: Fix the order by feature (#​9639) (7aea824)
• n8n Form Trigger Node: Error if Respond to Webhook and respond node not in workflow (#​9641) (b45f3dc)
• Remove Duplicates Node: Tolerate null fields (#​9642) (a684681)
• Reset pagination when output size changes (#​9652) (e520f8a)
• X (Formerly Twitter) Node: Change how tweet id is retrieved from quote URL (#​9635) (9853ecc)

Features

• Add support for dark mode node icons and colors (#​9412) (600013a)
• core: Add batching and other options to declarative nodes (#​8885) (4e56863)
• core: Implement project:viewer role (#​9611) (6187cc5)
• editor: Add isEmpty on DateTime, add is empty to all types in filter component (#​9645) (eccc637)
• editor: Add move resources option to workflows and credentials on (#​9654) (bc35e8c)
• editor: Harmonize rendering of new-lines in RunData (#​9614) (bc3dcf7)
• OpenAI Node: Allow to select Image analyze model & improve types (#​9660) (1fdd657)
• Update NPS Value Survey (#​9638) (50bd5b9)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.47.1

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.47.1

digest	sha256:5f00a048a423beef4bd11f3fe104f41d1c72f26f0ad61b36c71ba6f0c0b7254d
vulnerabilities
platform	linux/amd64
size	138 MB
packages	1342

pdfjs-dist 2.16.105 (npm) pkg:npm/pdfjs-dist@2.16.105 Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

lodash.set 4.3.2 (npm) pkg:npm/lodash.set@4.3.2 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Affected range >=3.7.0 <=4.3.2 Fixed version Not Fixed CVSS Score 7.4 CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Description Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays. This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

semver 5.3.0 (npm) pkg:npm/semver@5.3.0 Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

identity 3.4.2 (npm) pkg:npm/%40azure/identity@3.4.2 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <4.2.1 Fixed version 4.2.1 CVSS Score 5.5 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/9700334598.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/9700334598.