chore(deps): update dependency n8n to v1.34.2

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.33.1 -> 1.34.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.34.2

Compare Source

Bug Fixes

• editor: Nodes connectors improvements (#​8945) (6310e36)
• Pinecone Vector Store Node: Fix vector store nodes execution issue (#​8968) (9bd14c0)

v1.34.1

Compare Source

Bug Fixes

• Anthropic Chat Model Node: Fix detection of chat models in docker build & add support Claude Haiku (#​8953) (becc804)
• core: Ensure the generic OAuth2 API credential uses the OAuth2 credential test (#​8941) (578f01a)
• core: Stringify all Luxon DateTimes in cleanupParameterData (#​8959) (58d9983)
• editor: Fix opening of chat window when executing a child node (#​8789) (e695927)
• editor: Use bracket notation for all invalid identifiers in expressions (#​8933) (1316f2d)
• MySQL Node: Set paired items correctly in single query batch mode (#​8940) (5d129ba)
• Overhaul expression error messages related to paired item (#​8765) (09654f9)

v1.34.0

Compare Source

Bug Fixes

• Chat Trigger exclude summarization node from valid ai nodes (#​8875) (4861556)
• Cohere Model Node: Fix issue with credential test (#​8916) (4f0b52c)
• core: Improve handling of invalid objects in cleanupParameterData (no-chanhelog) (#​8910) (33ab781)
• core: Remove HTTP body for GET, HEAD, and OPTIONS requests (#​3621) (d85d0ec)
• core: Update follow-redirects to address CVE-2024-28849 (#​8902) (a10120f)
• editor: Add proper scroll to Environments push modal (#​8883) (bcbff76)
• editor: Fix an issue with an empty chat response if not in output property (#​8913) (024be62)
• editor: Fix design system component props (#​8923) (7176cd1)
• editor: Fix source control docs link in add workflow button tooltip (#​8891) (a92d8bf)
• editor: Improve expression editor performance by removing watchers (#​8900) (a5261d6)
• editor: Remove isOwner from IUser interface (#​8888) (6955e89)
• OpenAI Node function to preserve original tools after node execution (#​8872) (054a4fc)
• Validate custom tool names for forbidden chars (#​8878) (edce632)

Features

• Add AI Error Debugging using OpenAI (#​8805) (948c383)
• Add Onedrive Trigger Node (#​8742) (ff8dd4e)
• core: Add support for SQLite connection pooling (#​8722) (c4c319d)
• editor: Add missing extension methods for expressions (#​8845) (5e84c2a)
• editor: Add type information to autocomplete dropdown (#​8843) (d7bfd45)
• editor: Block the frontend when trying to access n8n from another host over http (#​8906) (669bd83)
• editor: Refactor expression editors and mixins to composition API (#​8894) (0c179e4)
• editor: Release @n8n/chat@0.9.1 (#​8918) (e0c303c)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.34.2

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.34.2

digest	sha256:1c8885dd46aefd2acec5816b133a375a61cd732d3bf8227f83471bf2cfe678ee
vulnerabilities
platform	linux/amd64
size	133 MB
packages	1282

semver 5.3.0 (npm) pkg:npm/semver@5.3.0 Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

express 4.18.3 (npm) pkg:npm/express@4.18.3 Improper Validation of Syntactic Correctness of Input Affected range <4.19.2 Fixed version 4.19.2 CVSS Score 6.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Description Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the contents before passing it to the location header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is res.location() but this is also called from within res.redirect(). Patches expressjs/express@0867302 expressjs/express@0b74695 An initial fix went out with express@4.19.0, we then patched a feature regression in 4.19.1 and added improved handling for the bypass in 4.19.2. Workarounds The fix for this involves pre-parsing the url string with either require('node:url').parse or new URL. These are steps you can take on your own before passing the user input string to res.location or res.redirect. References expressjs/express#5539 koajs/koa#1800 https://expressjs.com/en/4x/api.html#res.location

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/8526321100.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/8526321100.