chore(deps): update dependency n8n to v1.67.1

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.66.0 -> 1.67.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.67.1

Compare Source

Bug Fixes

• core: Revert all the context helpers changes (#​11616) (8a804b3)

v1.67.0

Compare Source

Bug Fixes

• Bring back nodes panel telemetry events (#​11456) (130c942)
• core: Account for double quotes in instance base URL (#​11495) (c5191e6)
• core: Do not delete waiting executions when saving of successful executions is disabled (#​11458) (e8757e5)
• core: Don't send a executionFinished event to the browser with no run data if the execution has already been cleaned up (#​11502) (d1153f5)
• core: Include projectId in range query middleware (#​11590) (a6070af)
• core: Save exeution progress for waiting executions, even when progress saving is disabled (#​11535) (6b9353c)
• core: Use the correct docs URL for regular nodes when used as tools (#​11529) (a092b8e)
• Edit Image Node: Fix Text operation by setting Arial as default font (#​11125) (60c1ace)
• editor: Auto focus first fields on SignIn, SignUp and ForgotMyPassword views (#​11445) (5b5bd72)
• editor: Do not overwrite the webhookId in the new canvas (#​11562) (dfd785b)
• editor: Ensure Enter key on Cancel button correctly cancels node rename (#​11563) (be05ae3)
• editor: Fix emitting n8nReady notification via postmessage on new canvas (#​11558) (463d101)
• editor: Fix run index input for RunData view in sub-nodes (#​11538) (434d31c)
• editor: Fix selected credential being overwritten in NDV (#​11496) (a26c0e2)
• editor: Keep workflow pristine after load on new canvas (#​11579) (7254359)
• Show Pinned data in demo mode (#​11490) (ca2a583)
• Toast not aligned to the bottom when AI assistant disable (#​11549) (e80f7e0)

Features

• Add Rapid7 InsightVm credentials (#​11462) (46eceab)
• AI Transform Node: UX improvements (#​11280) (8a48407)
• Anthropic Chat Model Node: Add support for Haiku 3.5 (#​11551) (8b39825)
• Convert to File Node: Add delimiter convert to csv (#​11556) (63d454b)
• editor: Update panning and selection keybindings on new canvas (#​11534) (5e2e205)
• Gmail Trigger Node: Add filter option to include drafts (#​11441) (7a2be77)
• Intercom Node: Update credential to new style (#​11485) (b137e13)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.67.1

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.67.1

digest	sha256:c02db4bd8ff1d1f30d293c60b3d0b4af8b1809ffb1978f7307186d607c9a6997
vulnerabilities
platform	linux/amd64
size	143 MB
packages	1314

semver 5.3.0 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

pdfjs-dist 2.16.105 (npm) pkg:npm/[email protected] Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

identity 3.4.2 (npm) pkg:npm/%40azure/[email protected] Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <4.2.1 Fixed version 4.2.1 CVSS Score 5.5 CVSS Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

cookie 0.4.2 (npm) pkg:npm/[email protected] Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affected range <0.7.0 Fixed version 0.7.0 Description Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize("userName=<script>alert('XSS3')</script>; Max-Age=2592000; a", value) would result in "userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test", setting userName cookie to <script> and ignoring value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Patches Upgrade to 0.7.0, which updates the validation for name, path, and domain. Workarounds Avoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input. References fix: narrow the validation of cookies to match RFC6265 jshttp/cookie#167

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11829368928.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/11829368928.