chore(deps): update dependency n8n to v1.69.2

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.68.1 -> 1.69.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.69.2

Compare Source

Bug Fixes

• editor: Restore workers view (#​11876) (c28ed67)

v1.69.1

Compare Source

Bug Fixes

• core: Bring back execution data on the executionFinished push message (#​11821) (55ae09a)
• core: Fix broken execution query when using projectId (#​11852) (74261da)
• editor: Fix AI assistant loading message layout (#​11819) (5f98dd4)

v1.69.0

Compare Source

Bug Fixes

• Add supported versions warning to Zep memory node (#​11803) (9cc5bc1)
• AI Agent Node: Escape curly brackets in tools description for non Tool agents (#​11772) (83abdfa)
• Anthropic Chat Model Node: Update credentials test endpoint (#​11756) (6cf0aba)
• core: Add missing env vars to task runner config (#​11810) (870c576)
• core: Allow Azure's SAML metadata XML containing WS-Federation nodes to pass validation (#​11724) (3b62bd5)
• core: Delete binary data parent folder when pruning executions (#​11790) (17ef2c6)
• core: Fix diagnostics.enabled default value (#​11809) (5fa72b0)
• core: Improve the security on OAuth callback endpoints (#​11593) (274fcf4)
• core: Restore old names for pruning config keys (#​11782) (d15b8d0)
• core: Unload any existing version of a community nodes package before upgrading it (#​11727) (1d8fd13)
• editor: Add documentation link to insufficient quota message (#​11777) (1987363)
• editor: Add project header subtitle (#​11797) (ff4261c)
• editor: Change Home label to Overview (#​11736) (1a78360)
• editor: Fix executions sorting (#​11808) (cd5ad65)
• editor: Fix partial executions not working due to broken push message queue and race conditions (#​11798) (b05d435)
• editor: Fix reordered switch connections when copying nodes on new canvas (#​11788) (6c2dad7)
• editor: Fix the issue with RMC Values to Send collection disappears (#​11710) (7bb9002)
• editor: Improve formatting of expired trial error message (#​11708) (8a0ad0f)
• editor: Optimize application layout (#​11769) (91f9390)
• Google Sheets Trigger Node: Fix issue with regex showing correct sheet as invalid (#​11770) (d5ba1a0)
• HTTP Request Node: Continue using error (#​11733) (d1bae1a)
• n8n Form Node: Support expressions in completion page (#​11781) (1099167)
• Prevent workflow to run if active and single webhook service (#​11752) (bcb9a20)
• Read/Write Files from Disk Node: Escape parenthesis when reading file (#​11753) (285534e)
• YouTube Node: Issue in published before and after dates filters (#​11741) (7381c28)

Features

• core: Improve debugging of sub-workflows (#​11602) (fd3254d)
• core: Improve handling of manual executions with wait nodes (#​11750) (61696c3)
• editor: Add Info Note to NDV Output Panel if no existing Tools were used during Execution (#​11672) (de0e861)
• editor: Add option to create sub workflow from workflows list in Execute Workflow node (#​11706) (c265d44)
• editor: Add selection navigation using the keyboard on new canvas (#​11679) (6cd9b99)
• editor: Add universal Create Resource Menu (#​11564) (b38ce14)
• Embeddings Azure OpenAI Node, Azure OpenAI Chat Model Node: Add support for basePath url in Azure Open AI nodes (#​11784) (e298ebe)
• Embeddings OpenAI Node, Embeddings Azure OpenAI Node: Add dimensions option (#​11773) (de01a8a)
• GitHub stars dismiss button (#​11794) (8fbad74)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.69.2

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.69.2

digest	sha256:04aada1fd5b15a529087656edaffc2a36e5c24ce3fa734d8e43fb5eb78c93e44
vulnerabilities
platform	linux/amd64
size	143 MB
packages	1318

semver 5.3.0 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

pdfjs-dist 2.16.105 (npm) pkg:npm/[email protected] Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

cross-spawn 4.0.2 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <6.0.6 Fixed version 7.0.5 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

identity 3.4.2 (npm) pkg:npm/%40azure/[email protected] Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <4.2.1 Fixed version 4.2.1 CVSS Score 6.8 CVSS Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

cookie 0.4.2 (npm) pkg:npm/[email protected] Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affected range <0.7.0 Fixed version 0.7.0 Description Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize("userName=<script>alert('XSS3')</script>; Max-Age=2592000; a", value) would result in "userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test", setting userName cookie to <script> and ignoring value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Patches Upgrade to 0.7.0, which updates the validation for name, path, and domain. Workarounds Avoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input. References fix: narrow the validation of cookies to match RFC6265 jshttp/cookie#167

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12054726655.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12054726655.