fix(core): Prevent shared user details being saved alongside execution data (#5334)

* 🔨 - Remove `shared` key from execution save data

* 👕 - Using import type where needed

* remove console.log

* 🔨 - Create new clean workflowData instead of removing shared

If IWorkflowBase changes in future, TS will error out here ensuring it's kept up to date

* 🔨 - use lodash.pick for less verbosity

* 🔨 - fix lodash imports

packages/cli/src/WorkflowExecuteAdditionalData.ts

@@ -41,6 +41,7 @@ import {
 	WorkflowHooks,
 } from 'n8n-workflow';
 
+import pick from 'lodash.pick';
 import { LessThanOrEqual } from 'typeorm';
 import { DateUtils } from 'typeorm/util/DateUtils';
 import config from '@/config';
@@ -583,13 +584,28 @@ function hookFunctionsSave(parentProcessMode?: string): IWorkflowExecuteHooks {
 						}
 					}
 
+					// Although it is treated as IWorkflowBase here, it's being instantiated elsewhere with properties that may be sensitive
+					// As a result, we should create an IWorkflowBase object with only the data we want to save in it.
+					const pristineWorkflowData: IWorkflowBase = pick(this.workflowData, [
+						'id',
+						'name',
+						'active',
+						'createdAt',
+						'updatedAt',
+						'nodes',
+						'connections',
+						'settings',
+						'staticData',
+						'pinData',
+					]);
+
 					const fullExecutionData: IExecutionDb = {
 						data: fullRunData.data,
 						mode: fullRunData.mode,
 						finished: fullRunData.finished ? fullRunData.finished : false,
 						startedAt: fullRunData.startedAt,
 						stoppedAt: fullRunData.stoppedAt,
-						workflowData: this.workflowData,
+						workflowData: pristineWorkflowData,
 						waitTill: fullRunData.waitTill,
 					};