chore: Override protobufjs version to 8.0.1

[Matsuuu]

Summary

Bump protobufjs version via override to fix an existing vulnerability in the current protobufjs package.

CI passes, but passing to @mutdmour for review in case there's some extra checks that should be done.

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/SEC-606

Review / Merge checklist

• I have seen this code, I have run this code, and I take responsibility for this code.
• PR title and summary are descriptive. (conventions)
• Docs updated or follow-up ticket created.
• Tests included.
• PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[codecov]

Bundle Report

Bundle size has no change ✅

[github-actions]

Performance Comparison

Comparing current → latest master → 14-day baseline

Memory consumption baseline with starter plan resources

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
memory-heap-used-baseline	114.75 MB	114.39 MB	114.37 MB (σ 0.40)	+0.3%	+0.3%	✅
memory-rss-baseline	341.08 MB	288.44 MB	290.51 MB (σ 41.09)	+18.2%	+17.4%	⚠️

docker-stats

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
docker-image-size-n8n	1269.76 MB	1269.76 MB	1269.76 MB (σ 0.00)	+0.0%	+0.0%	—
docker-image-size-runners	386.00 MB	386.00 MB	390.33 MB (σ 9.21)	+0.0%	-1.1%	✅

Idle baseline with Instance AI module loaded

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
instance-ai-heap-used-baseline	187.09 MB	186.88 MB	186.42 MB (σ 0.27)	+0.1%	+0.4%	🔴
instance-ai-rss-baseline	343.39 MB	386.52 MB	364.63 MB (σ 22.57)	-11.2%	-5.8%	✅

How to read this table

• Current: This PR's value (or latest master if PR perf tests haven't run)
• Latest Master: Most recent nightly master measurement
• Baseline: Rolling 14-day average from master
• vs Master: PR impact (current vs latest master)
• vs Baseline: Drift from baseline (current vs rolling avg)
• Status: ✅ within 1σ | ⚠️ 1-2σ | 🔴 >2σ regression

[Matsuuu]

Tests seem to pass after this override so I would assume it's pretty safe to apply it

[cubic-dev-ai]

No issues found across 2 files

Architecture diagram

sequenceDiagram
    participant Runner as n8n Workflow Executor
    participant Node as AI / Langchain Node
    participant Lib as Langchain / Google Libraries
    participant Proto as protobufjs (v8.0.1)
    participant API as External API (e.g., Vertex AI / gRPC)

    Note over Runner,API: Runtime interaction affected by protobufjs version override

    Runner->>Node: Trigger node execution
    Node->>Lib: Call Langchain integration
    
    Note over Lib,Proto: Serialization Phase
    Lib->>Proto: CHANGED: Encode payload (using v8.0.1)
    Proto-->>Lib: Encoded Buffer
    
    Lib->>API: Send request (Protobuf/gRPC)
    
    alt Successful Response
        API-->>Lib: Return Protobuf response
        Note over Lib,Proto: Deserialization Phase
        Lib->>Proto: CHANGED: Decode response (using v8.0.1)
        Proto-->>Lib: Plain JS Object
        Lib-->>Node: Data results
        Node-->>Runner: Node output
    else Serialization/Compatibility Error
        Lib->>Proto: Decode attempt
        Proto-->>Lib: Throw Error (e.g., Schema mismatch)
        Lib-->>Node: Execution Error
        Node-->>Runner: Node failed
    end

Loading

[Matsuuu]

Issues with current protobufjs version were resolved via updating to 7.5.5, so let's ignore this for now.