n8n: 1.123.5 -> 2.3.0

[sweenu]

Closes #472698

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

---

Add a 👍 reaction to pull requests you find important.

[sweenu]

I deployed it and don't see any issues so far.

[gepbird]

Thanks for becoming a maintainer and pushing n8n v2!

There are breaking changes documented in https://docs.n8n.io/2-0-breaking-changes/, I think a sentence with this link could be included in the release notes.
Also, for the NixOS module we could add warnings/assertions for deprecated environment variables like QUEUE_WORKER_MAX_STALLED_COUNT and N8N_CONFIG_FILES. Not entirely sure about this since it wasn't explicitly defined in the NixOS module and seems like this is not a common option to set.

[sweenu]

I haven't added anything to my own deployment, so I don't understand why it reports any issues with my instance 🤔

Do you want me to add those warning in the same PR ?

[sweenu]

Added the release note warning.

[gepbird]

That in-app v2 compatibility is neat, let's skip adding warnings/asserts in the module.
It's only 2 environment variables that are removed and there are many other breaking changes that we can't really cover.

[gepbird]

I haven't added anything to my own deployment, so I don't understand why it reports any issues with my instance 🤔

That's interesting, for example we don't specify --tunnel from nixpkgs and I assume you don't either but it n8n asks you to remove it.

Do you want me to add those warning in the same PR ?

Release note warning should go in this PR as you did.

[gepbird]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 477422
Commit: b77c563ed6411f300e479ed28dfae63cab707a8e

---

x86_64-linux

⏩ 1 package blacklisted:

• tests.nixos-functions.nixos-test

✅ 2 packages built:

• n8n
• nixpkgs-manual

[gepbird]

I don't think the false positives in the compatibility reports are blocking, I don't see how it could be a packaging issue.
Do you think we should go forward with this or try to find what causes that first?

[sweenu]

Yeah, it seems like the tool was made to be run in 1.x before upgrading, they don't check if you're already in 2.x.
https://docs.n8n.io/migration-tool-v2/#instance-issues-tab

[leona-ya]

This solves GHSA-62r4-hw23-cc8v, we need to do something about 25.11.

[gepbird]

This solves GHSA-62r4-hw23-cc8v, we need to do something about 25.11.

What would be the correct action to take here? Can we detect whether the instance is vulnerable by checking some settings at eval time? Some of my ideas:

1. set N8N_RUNNERS_ENABLED = true and N8N_NATIVE_PYTHON_RUNNER = true on 25.11, I don't if this could break some workflows
2. ask upstream to create a fix on n8n v1 or ask if it was fixed in case the GHSA is inaccurate, finally backport the latest v1
3. backport this breaking change
4. lighter backport: create an n8n_2 package on 25.11 (remove that next release), add a warning to the module, I imagine this would result in some/many false positives