chore(deps): update dependency n8n to v1.47.3

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	patch	1.47.2 -> 1.47.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.47.3

Compare Source

Bug Fixes

• core: Fix AddActivatedAtUserSetting migration on MariaDB (#​9910) (e8510c2)
• core: Fix worker logs relay (#​9919) (7495136)
• core: Throw on adding execution without execution data (#​9903) (ada1adb)
• editor: Fix frontend project roles (#​9901) (82703d6)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.47.3

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.47.3

digest	sha256:3affce5c73f42a24dd4a4abb089cfb371cc518791517c5177719ee5c0b456c70
vulnerabilities
platform	linux/amd64
size	138 MB
packages	1343

pdfjs-dist 2.16.105 (npm) pkg:npm/[email protected] Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

lodash.set 4.3.2 (npm) pkg:npm/[email protected] Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Affected range >=3.7.0 <=4.3.2 Fixed version Not Fixed CVSS Score 7.4 CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Description Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays. This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

identity 3.4.2 (npm) pkg:npm/%40azure/[email protected] Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <4.2.1 Fixed version 4.2.1 CVSS Score 5.5 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

semver 5.3.0 (npm) pkg:npm/[email protected] Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/9781672293.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/9781672293.