Merge d2e178a677 into 48294e7ec1

refactor(editor): Stop importing Vue compiler macros (#10890 )
fix the TODO
2024-09-19 22:37:31 -07:00 · 2024-09-19 16:45:06 -04:00 · 2024-09-19 13:53:23 -04:00 · 2024-09-19 17:58:55 +02:00 · 2024-09-19 17:39:17 +02:00 · 2024-09-19 16:29:04 +02:00
61 changed files with 1706 additions and 1413 deletions
--- a/biome.jsonc
+++ b/biome.jsonc
@ -33,6 +33,9 @@
 		"enabled": false
 	},
 	"javascript": {
+		"parser": {
+			"unsafeParameterDecoratorsEnabled": true
+		},
 		"formatter": {
 			"jsxQuoteStyle": "double",
 			"quoteProperties": "asNeeded",
--- a/package.json
+++ b/package.json
@ -72,7 +72,6 @@
      "chokidar": "3.5.2",
      "esbuild": "^0.20.2",
      "formidable": "3.5.1",
-      "prettier": "^3.2.5",
      "pug": "^3.0.3",
      "semver": "^7.5.4",
      "tslib": "^2.6.2",
--- a/packages/@n8n/api-types/package.json
+++ b/packages/@n8n/api-types/package.json
@ -11,7 +11,8 @@
    "lint": "eslint .",
    "lintfix": "eslint . --fix",
    "watch": "tsc -p tsconfig.build.json --watch",
-    "test": "echo \"No tests yet\" && exit 0"
+    "test": "jest",
+    "test:dev": "jest --watch"
  },
  "main": "dist/index.js",
  "module": "src/index.ts",
@ -21,5 +22,10 @@
  ],
  "devDependencies": {
    "n8n-workflow": "workspace:*"
+  },
+  "dependencies": {
+    "xss": "catalog:",
+    "zod": "catalog:",
+    "zod-class": "0.0.15"
  }
 }
--- a/packages/@n8n/api-types/src/dto/index.ts
+++ b/packages/@n8n/api-types/src/dto/index.ts
@ -0,0 +1,4 @@
+export { PasswordUpdateRequestDTO } from './user/password-update-request.dto';
+export { RoleChangeRequestDTO } from './user/role-change-request.dto';
+export { SettingsUpdateRequestDTO } from './user/settings-update-request.dto';
+export { UserUpdateRequestDTO } from './user/user-update-request.dto';
--- a/packages/@n8n/api-types/src/dto/user/tests/password-update-request.dto.test.ts
+++ b/packages/@n8n/api-types/src/dto/user/tests/password-update-request.dto.test.ts
@ -0,0 +1,50 @@
+import { PasswordUpdateRequestDTO } from '../password-update-request.dto';
+
+describe('PasswordUpdateRequestDTO', () => {
+	it('should fail validation with missing currentPassword', () => {
+		const data = {
+			newPassword: 'newPassword123',
+			mfaCode: '123456',
+		};
+
+		const result = PasswordUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path[0]).toBe('currentPassword');
+	});
+
+	it('should fail validation with missing newPassword', () => {
+		const data = {
+			currentPassword: 'oldPassword123',
+			mfaCode: '123456',
+		};
+
+		const result = PasswordUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path[0]).toBe('newPassword');
+	});
+
+	it('should pass validation with missing mfaCode', () => {
+		const data = {
+			currentPassword: 'oldPassword123',
+			newPassword: 'newPassword123',
+		};
+
+		const result = PasswordUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(true);
+	});
+
+	it('should pass validation with valid data', () => {
+		const data = {
+			currentPassword: 'oldPassword123',
+			newPassword: 'newPassword123',
+			mfaCode: '123456',
+		};
+
+		const result = PasswordUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(true);
+	});
+});
--- a/packages/@n8n/api-types/src/dto/user/tests/role-change-request.dto.test.ts
+++ b/packages/@n8n/api-types/src/dto/user/tests/role-change-request.dto.test.ts
@ -0,0 +1,37 @@
+import { RoleChangeRequestDTO } from '../role-change-request.dto';
+
+describe('RoleChangeRequestDTO', () => {
+	it('should fail validation with missing newRoleName', () => {
+		const data = {};
+
+		const result = RoleChangeRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path[0]).toBe('newRoleName');
+		expect(result.error?.issues[0].message).toBe('New role is required');
+	});
+
+	it('should fail validation with invalid newRoleName', () => {
+		const data = {
+			newRoleName: 'invalidRole',
+		};
+
+		const result = RoleChangeRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path[0]).toBe('newRoleName');
+		expect(result.error?.issues[0].message).toBe(
+			"Invalid enum value. Expected 'global:admin' | 'global:member', received 'invalidRole'",
+		);
+	});
+
+	it('should pass validation with valid data', () => {
+		const data = {
+			newRoleName: 'global:admin',
+		};
+
+		const result = RoleChangeRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(true);
+	});
+});
--- a/packages/@n8n/api-types/src/dto/user/tests/settings-update-request.dto.test.ts
+++ b/packages/@n8n/api-types/src/dto/user/tests/settings-update-request.dto.test.ts
@ -0,0 +1,68 @@
+import { SettingsUpdateRequestDTO } from '../settings-update-request.dto';
+
+describe('SettingsUpdateRequestDTO', () => {
+	it('should pass validation with missing userActivated', () => {
+		const data = {
+			allowSSOManualLogin: false,
+		};
+
+		const result = SettingsUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(true);
+	});
+
+	it('should pass validation with missing allowSSOManualLogin', () => {
+		const data = {
+			userActivated: true,
+		};
+
+		const result = SettingsUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(true);
+	});
+
+	it('should pass validation with missing userActivated and allowSSOManualLogin', () => {
+		const data = {};
+
+		const result = SettingsUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(true);
+	});
+
+	it('should fail validation with invalid userActivated', () => {
+		const data = {
+			userActivated: 'invalid',
+			allowSSOManualLogin: false,
+		};
+
+		const result = SettingsUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path[0]).toBe('userActivated');
+		expect(result.error?.issues[0].message).toBe('Expected boolean, received string');
+	});
+
+	it('should fail validation with invalid allowSSOManualLogin', () => {
+		const data = {
+			userActivated: true,
+			allowSSOManualLogin: 'invalid',
+		};
+
+		const result = SettingsUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path[0]).toBe('allowSSOManualLogin');
+		expect(result.error?.issues[0].message).toBe('Expected boolean, received string');
+	});
+
+	it('should pass validation with valid data', () => {
+		const data = {
+			userActivated: true,
+			allowSSOManualLogin: false,
+		};
+
+		const result = SettingsUpdateRequestDTO.safeParse(data);
+
+		expect(result.success).toBe(true);
+	});
+});
--- a/packages/@n8n/api-types/src/dto/user/tests/user-update-request.dto.test.ts
+++ b/packages/@n8n/api-types/src/dto/user/tests/user-update-request.dto.test.ts
@ -0,0 +1,86 @@
+import { UserUpdateRequestDTO } from '../user-update-request.dto';
+
+describe('UserUpdateRequestDTO', () => {
+	it('should fail validation for an invalid email', () => {
+		const invalidRequest = {
+			email: 'invalid-email',
+			firstName: 'John',
+			lastName: 'Doe',
+			mfaCode: '123456',
+		};
+
+		const result = UserUpdateRequestDTO.safeParse(invalidRequest);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path).toEqual(['email']);
+	});
+
+	it('should fail validation for a firstName with potential XSS attack', () => {
+		const invalidRequest = {
+			email: 'test@example.com',
+			firstName: '<script>alert("XSS")</script>',
+			lastName: 'Doe',
+			mfaCode: '123456',
+		};
+
+		const result = UserUpdateRequestDTO.safeParse(invalidRequest);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path).toEqual(['firstName']);
+	});
+
+	it('should fail validation for a firstName with a URL', () => {
+		const invalidRequest = {
+			email: 'test@example.com',
+			firstName: 'test http://malicious.com',
+			lastName: 'Doe',
+			mfaCode: '123456',
+		};
+
+		const result = UserUpdateRequestDTO.safeParse(invalidRequest);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path).toEqual(['firstName']);
+	});
+
+	it('should fail validation for a lastName with potential XSS attack', () => {
+		const invalidRequest = {
+			email: 'test@example.com',
+			firstName: 'John',
+			lastName: '<script>alert("XSS")</script>',
+			mfaCode: '123456',
+		};
+
+		const result = UserUpdateRequestDTO.safeParse(invalidRequest);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path).toEqual(['lastName']);
+	});
+
+	it('should fail validation for a lastName with a URL', () => {
+		const invalidRequest = {
+			email: 'test@example.com',
+			firstName: 'John',
+			lastName: 'testing http://malicious.com',
+			mfaCode: '123456',
+		};
+
+		const result = UserUpdateRequestDTO.safeParse(invalidRequest);
+
+		expect(result.success).toBe(false);
+		expect(result.error?.issues[0].path).toEqual(['lastName']);
+	});
+
+	it('should validate a valid user update request', () => {
+		const validRequest = {
+			email: 'test@example.com',
+			firstName: 'John',
+			lastName: 'Doe',
+			mfaCode: '123456',
+		};
+
+		const result = UserUpdateRequestDTO.safeParse(validRequest);
+
+		expect(result.success).toBe(true);
+	});
+});
--- a/packages/@n8n/api-types/src/dto/user/password-update-request.dto.ts
+++ b/packages/@n8n/api-types/src/dto/user/password-update-request.dto.ts
@ -0,0 +1,8 @@
+import { z } from 'zod';
+import { Z } from 'zod-class';
+
+export class PasswordUpdateRequestDTO extends Z.class({
+	currentPassword: z.string(),
+	newPassword: z.string(),
+	mfaCode: z.string().optional(),
+}) {}
--- a/packages/@n8n/api-types/src/dto/user/role-change-request.dto.ts
+++ b/packages/@n8n/api-types/src/dto/user/role-change-request.dto.ts
@ -0,0 +1,8 @@
+import { z } from 'zod';
+import { Z } from 'zod-class';
+
+export class RoleChangeRequestDTO extends Z.class({
+	newRoleName: z.enum(['global:admin', 'global:member'], {
+		required_error: 'New role is required',
+	}),
+}) {}
--- a/packages/@n8n/api-types/src/dto/user/settings-update-request.dto.ts
+++ b/packages/@n8n/api-types/src/dto/user/settings-update-request.dto.ts
@ -0,0 +1,7 @@
+import { z } from 'zod';
+import { Z } from 'zod-class';
+
+export class SettingsUpdateRequestDTO extends Z.class({
+	userActivated: z.boolean().optional(),
+	allowSSOManualLogin: z.boolean().optional(),
+}) {}
--- a/packages/@n8n/api-types/src/dto/user/user-update-request.dto.ts
+++ b/packages/@n8n/api-types/src/dto/user/user-update-request.dto.ts
@ -0,0 +1,31 @@
+import xss from 'xss';
+import { z } from 'zod';
+import { Z } from 'zod-class';
+
+const xssCheck = (value: string) =>
+	value ===
+	xss(value, {
+		whiteList: {}, // no tags are allowed
+	});
+
+const URL_REGEX = /^(https?:\/\/|www\.)|(\.[\p{L}\d-]+)/iu;
+const urlCheck = (value: string) => !URL_REGEX.test(value);
+
+const nameSchema = () =>
+	z
+		.string()
+		.min(1)
+		.max(32)
+		.refine(xssCheck, {
+			message: 'Potentially malicious string',
+		})
+		.refine(urlCheck, {
+			message: 'Potentially malicious string',
+		});
+
+export class UserUpdateRequestDTO extends Z.class({
+	email: z.string().email(),
+	firstName: nameSchema().optional(),
+	lastName: nameSchema().optional(),
+	mfaCode: z.string().optional(),
+}) {}
--- a/packages/@n8n/api-types/src/index.ts
+++ b/packages/@n8n/api-types/src/index.ts
@ -1,4 +1,5 @@
 export type * from './datetime';
+export * from './dto';
 export type * from './push';
 export type * from './scaling';
 export type * from './frontend-settings';
--- a/packages/@n8n/benchmark/scenarios/binary-data/binary-data.script.js
+++ b/packages/@n8n/benchmark/scenarios/binary-data/binary-data.script.js
@ -3,8 +3,9 @@ import { check } from 'k6';

 const apiBaseUrl = __ENV.API_BASE_URL;

-const file = open(__ENV.SCRIPT_FILE_PATH, 'b');
-const filename = String(__ENV.SCRIPT_FILE_PATH).split('/').pop();
+// This creates a 2MB file (16 * 128 * 1024 = 2 * 1024 * 1024 = 2MB)
+const file = Array.from({ length: 128 * 1024 }, () => Math.random().toString().slice(2)).join('');
+const filename = 'test.bin';

 export default function () {
 	const data = {
--- a/packages/@n8n/benchmark/src/test-execution/k6-executor.ts
+++ b/packages/@n8n/benchmark/src/test-execution/k6-executor.ts
@ -77,7 +77,6 @@ export function handleSummary(data) {
 			env: {
 				API_BASE_URL: this.opts.n8nApiBaseUrl,
 				K6_CLOUD_TOKEN: this.opts.k6ApiToken,
-				SCRIPT_FILE_PATH: augmentedTestScriptPath,
 			},
 			stdio: 'inherit',
 		})`${k6ExecutablePath} run ${flattedFlags} ${augmentedTestScriptPath}`;
--- a/packages/@n8n_io/eslint-config/frontend.js
+++ b/packages/@n8n_io/eslint-config/frontend.js
@ -25,7 +25,6 @@ module.exports = {
 		},
 		{
 			files: ['**/*.vue'],
-			plugins: isCI ? [] : ['eslint-plugin-prettier'],
 			rules: {
 				'vue/no-deprecated-slot-attribute': 'error',
 				'vue/no-deprecated-slot-scope-attribute': 'error',
@ -68,14 +67,6 @@ module.exports = {
 				],
 				'vue/no-v-html': 'error',

-				...(isCI
-					? {}
-					: {
-							'prettier/prettier': ['error', { endOfLine: 'auto' }],
-							'arrow-body-style': 'off',
-							'prefer-arrow-callback': 'off',
-						}),
-
 				// TODO: remove these
 				'vue/no-mutating-props': 'warn',
 				'vue/no-side-effects-in-computed-properties': 'warn',
--- a/packages/@n8n_io/eslint-config/package.json
+++ b/packages/@n8n_io/eslint-config/package.json
@ -6,7 +6,6 @@
    "@types/eslint": "^8.56.5",
    "@typescript-eslint/eslint-plugin": "^7.2.0",
    "@typescript-eslint/parser": "^7.2.0",
-    "@vue/eslint-config-prettier": "^9.0.0",
    "@vue/eslint-config-typescript": "^13.0.0",
    "eslint": "^8.57.0",
    "eslint-config-airbnb-typescript": "^18.0.0",
@ -15,7 +14,6 @@
    "eslint-plugin-import": "^2.29.1",
    "eslint-plugin-lodash": "^7.4.0",
    "eslint-plugin-n8n-local-rules": "^1.0.0",
-    "eslint-plugin-prettier": "^5.1.3",
    "eslint-plugin-unicorn": "^51.0.1",
    "eslint-plugin-unused-imports": "^3.1.0",
    "eslint-plugin-vue": "^9.23.0",
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@ -174,7 +174,7 @@
    "ws": "8.17.1",
    "xml2js": "catalog:",
    "xmllint-wasm": "3.0.1",
-    "xss": "^1.0.14",
+    "xss": "catalog:",
    "yamljs": "0.3.0",
    "zod": "catalog:"
  }
--- a/packages/cli/src/controllers/tests/me.controller.test.ts
+++ b/packages/cli/src/controllers/tests/me.controller.test.ts
@ -1,3 +1,4 @@
+import { UserUpdateRequestDTO } from '@n8n/api-types';
 import type { Response } from 'express';
 import { mock, anyObject } from 'jest-mock-extended';
 import jwt from 'jsonwebtoken';
@ -35,20 +36,6 @@ describe('MeController', () => {
 	const controller = Container.get(MeController);

 	describe('updateCurrentUser', () => {
-		it('should throw BadRequestError if email is missing in the payload', async () => {
-			const req = mock<MeRequest.UserUpdate>({});
-			await expect(controller.updateCurrentUser(req, mock())).rejects.toThrowError(
-				new BadRequestError('Email is mandatory'),
-			);
-		});
-
-		it('should throw BadRequestError if email is invalid', async () => {
-			const req = mock<MeRequest.UserUpdate>({ body: { email: 'invalid-email' } });
-			await expect(controller.updateCurrentUser(req, mock())).rejects.toThrowError(
-				new BadRequestError('Invalid email address'),
-			);
-		});
-
 		it('should update the user in the DB, and issue a new cookie', async () => {
 			const user = mock<User>({
 				id: '123',
@ -58,24 +45,24 @@ describe('MeController', () => {
 				role: 'global:owner',
 				mfaEnabled: false,
 			});
-			const req = mock<MeRequest.UserUpdate>({ user, browserId });
-			req.body = {
+			const payload = new UserUpdateRequestDTO({
 				email: 'valid@email.com',
 				firstName: 'John',
 				lastName: 'Potato',
-			};
+			});
+			const req = mock<AuthenticatedRequest>({ user, browserId });
 			const res = mock<Response>();
 			userRepository.findOneByOrFail.mockResolvedValue(user);
 			userRepository.findOneOrFail.mockResolvedValue(user);
 			jest.spyOn(jwt, 'sign').mockImplementation(() => 'signed-token');
 			userService.toPublic.mockResolvedValue({} as unknown as PublicUser);

-			await controller.updateCurrentUser(req, res);
+			await controller.updateCurrentUser(req, res, payload);

 			expect(externalHooks.run).toHaveBeenCalledWith('user.profile.beforeUpdate', [
 				user.id,
 				user.email,
-				req.body,
+				payload,
 			]);

 			expect(userService.update).toHaveBeenCalled();
@ -100,35 +87,6 @@ describe('MeController', () => {
 			]);
 		});

-		it('should not allow updating any other fields on a user besides email and name', async () => {
-			const user = mock<User>({
-				id: '123',
-				password: 'password',
-				authIdentities: [],
-				role: 'global:member',
-				mfaEnabled: false,
-			});
-			const req = mock<MeRequest.UserUpdate>({ user, browserId });
-			req.body = { email: 'valid@email.com', firstName: 'John', lastName: 'Potato' };
-			const res = mock<Response>();
-			userRepository.findOneOrFail.mockResolvedValue(user);
-			jest.spyOn(jwt, 'sign').mockImplementation(() => 'signed-token');
-
-			// Add invalid data to the request payload
-			Object.assign(req.body, { id: '0', role: 'global:owner' });
-
-			await controller.updateCurrentUser(req, res);
-
-			expect(userService.update).toHaveBeenCalled();
-
-			const updatePayload = userService.update.mock.calls[0][1];
-			expect(updatePayload.email).toBe(req.body.email);
-			expect(updatePayload.firstName).toBe(req.body.firstName);
-			expect(updatePayload.lastName).toBe(req.body.lastName);
-			expect(updatePayload.id).toBeUndefined();
-			expect(updatePayload.role).toBeUndefined();
-		});
-
 		it('should throw BadRequestError if beforeUpdate hook throws BadRequestError', async () => {
 			const user = mock<User>({
 				id: '123',
@ -137,9 +95,7 @@ describe('MeController', () => {
 				role: 'global:owner',
 				mfaEnabled: false,
 			});
-			const reqBody = { email: 'valid@email.com', firstName: 'John', lastName: 'Potato' };
-			const req = mock<MeRequest.UserUpdate>({ user, body: reqBody });
-			req.body = reqBody; // We don't want the body to be a mock object
+			const req = mock<AuthenticatedRequest>({ user });

 			externalHooks.run.mockImplementationOnce(async (hookName) => {
 				if (hookName === 'user.profile.beforeUpdate') {
@ -147,9 +103,13 @@ describe('MeController', () => {
 				}
 			});

-			await expect(controller.updateCurrentUser(req, mock())).rejects.toThrowError(
-				new BadRequestError('Invalid email address'),
-			);
+			await expect(
+				controller.updateCurrentUser(
+					req,
+					mock(),
+					mock({ email: 'valid@email.com', firstName: 'John', lastName: 'Potato' }),
+				),
+			).rejects.toThrowError(new BadRequestError('Invalid email address'));
 		});

 		describe('when mfa is enabled', () => {
@ -162,12 +122,19 @@ describe('MeController', () => {
 					role: 'global:owner',
 					mfaEnabled: true,
 				});
-				const req = mock<MeRequest.UserUpdate>({ user, browserId });
-				req.body = { email: 'new@email.com', firstName: 'John', lastName: 'Potato' };
+				const req = mock<AuthenticatedRequest>({ user, browserId });

-				await expect(controller.updateCurrentUser(req, mock())).rejects.toThrowError(
-					new BadRequestError('Two-factor code is required to change email'),
-				);
+				await expect(
+					controller.updateCurrentUser(
+						req,
+						mock(),
+						new UserUpdateRequestDTO({
+							email: 'new@email.com',
+							firstName: 'John',
+							lastName: 'Potato',
+						}),
+					),
+				).rejects.toThrowError(new BadRequestError('Two-factor code is required to change email'));
 			});

 			it('should throw InvalidMfaCodeError if mfa code is invalid', async () => {
@ -179,18 +146,21 @@ describe('MeController', () => {
 					role: 'global:owner',
 					mfaEnabled: true,
 				});
-				const req = mock<MeRequest.UserUpdate>({ user, browserId });
-				req.body = {
+				const req = mock<AuthenticatedRequest>({ user, browserId });
+				mockMfaService.validateMfa.mockResolvedValue(false);
+
+				await expect(
+					controller.updateCurrentUser(
+						req,
+						mock(),
+						mock({
 							email: 'new@email.com',
 							firstName: 'John',
 							lastName: 'Potato',
 							mfaCode: 'invalid',
-				};
-				mockMfaService.validateMfa.mockResolvedValue(false);
-
-				await expect(controller.updateCurrentUser(req, mock())).rejects.toThrow(
-					InvalidMfaCodeError,
-				);
+						}),
+					),
+				).rejects.toThrow(InvalidMfaCodeError);
 			});

 			it("should update the user's email if mfa code is valid", async () => {
@ -202,13 +172,7 @@ describe('MeController', () => {
 					role: 'global:owner',
 					mfaEnabled: true,
 				});
-				const req = mock<MeRequest.UserUpdate>({ user, browserId });
-				req.body = {
-					email: 'new@email.com',
-					firstName: 'John',
-					lastName: 'Potato',
-					mfaCode: '123456',
-				};
+				const req = mock<AuthenticatedRequest>({ user, browserId });
 				const res = mock<Response>();
 				userRepository.findOneByOrFail.mockResolvedValue(user);
 				userRepository.findOneOrFail.mockResolvedValue(user);
@ -216,7 +180,16 @@ describe('MeController', () => {
 				userService.toPublic.mockResolvedValue({} as unknown as PublicUser);
 				mockMfaService.validateMfa.mockResolvedValue(true);

-				const result = await controller.updateCurrentUser(req, res);
+				const result = await controller.updateCurrentUser(
+					req,
+					res,
+					mock({
+						email: 'new@email.com',
+						firstName: 'John',
+						lastName: 'Potato',
+						mfaCode: '123456',
+					}),
+				);

 				expect(result).toEqual({});
 			});
@ -227,51 +200,59 @@ describe('MeController', () => {
 		const passwordHash = '$2a$10$ffitcKrHT.Ls.m9FfWrMrOod76aaI0ogKbc3S96Q320impWpCbgj6'; // Hashed 'old_password'

 		it('should throw if the user does not have a password set', async () => {
-			const req = mock<MeRequest.Password>({
+			const req = mock<AuthenticatedRequest>({
 				user: mock({ password: undefined }),
-				body: { currentPassword: '', newPassword: '' },
 			});
-			await expect(controller.updatePassword(req, mock())).rejects.toThrowError(
-				new BadRequestError('Requesting user not set up.'),
-			);
+			await expect(
+				controller.updatePassword(req, mock(), mock({ currentPassword: '', newPassword: '' })),
+			).rejects.toThrowError(new BadRequestError('Requesting user not set up.'));
 		});

 		it("should throw if currentPassword does not match the user's password", async () => {
-			const req = mock<MeRequest.Password>({
+			const req = mock<AuthenticatedRequest>({
 				user: mock({ password: passwordHash }),
-				body: { currentPassword: 'not_old_password', newPassword: '' },
 			});
-			await expect(controller.updatePassword(req, mock())).rejects.toThrowError(
-				new BadRequestError('Provided current password is incorrect.'),
-			);
+			await expect(
+				controller.updatePassword(
+					req,
+					mock(),
+					mock({ currentPassword: 'not_old_password', newPassword: '' }),
+				),
+			).rejects.toThrowError(new BadRequestError('Provided current password is incorrect.'));
 		});

 		describe('should throw if newPassword is not valid', () => {
 			Object.entries(badPasswords).forEach(([newPassword, errorMessage]) => {
 				it(newPassword, async () => {
-					const req = mock<MeRequest.Password>({
+					const req = mock<AuthenticatedRequest>({
 						user: mock({ password: passwordHash }),
-						body: { currentPassword: 'old_password', newPassword },
 						browserId,
 					});
-					await expect(controller.updatePassword(req, mock())).rejects.toThrowError(
-						new BadRequestError(errorMessage),
-					);
+					await expect(
+						controller.updatePassword(
+							req,
+							mock(),
+							mock({ currentPassword: 'old_password', newPassword }),
+						),
+					).rejects.toThrowError(new BadRequestError(errorMessage));
 				});
 			});
 		});

 		it('should update the password in the DB, and issue a new cookie', async () => {
-			const req = mock<MeRequest.Password>({
+			const req = mock<AuthenticatedRequest>({
 				user: mock({ password: passwordHash, mfaEnabled: false }),
-				body: { currentPassword: 'old_password', newPassword: 'NewPassword123' },
 				browserId,
 			});
 			const res = mock<Response>();
 			userRepository.save.calledWith(req.user).mockResolvedValue(req.user);
 			jest.spyOn(jwt, 'sign').mockImplementation(() => 'new-signed-token');

-			await controller.updatePassword(req, res);
+			await controller.updatePassword(
+				req,
+				res,
+				mock({ currentPassword: 'old_password', newPassword: 'NewPassword123' }),
+			);

 			expect(req.user.password).not.toBe(passwordHash);

@ -299,34 +280,43 @@ describe('MeController', () => {

 		describe('mfa enabled', () => {
 			it('should throw BadRequestError if mfa code is missing', async () => {
-				const req = mock<MeRequest.Password>({
+				const req = mock<AuthenticatedRequest>({
 					user: mock({ password: passwordHash, mfaEnabled: true }),
-					body: { currentPassword: 'old_password', newPassword: 'NewPassword123' },
 				});

-				await expect(controller.updatePassword(req, mock())).rejects.toThrowError(
+				await expect(
+					controller.updatePassword(
+						req,
+						mock(),
+						mock({ currentPassword: 'old_password', newPassword: 'NewPassword123' }),
+					),
+				).rejects.toThrowError(
 					new BadRequestError('Two-factor code is required to change password.'),
 				);
 			});

 			it('should throw InvalidMfaCodeError if invalid mfa code is given', async () => {
-				const req = mock<MeRequest.Password>({
+				const req = mock<AuthenticatedRequest>({
 					user: mock({ password: passwordHash, mfaEnabled: true }),
-					body: { currentPassword: 'old_password', newPassword: 'NewPassword123', mfaCode: '123' },
 				});
 				mockMfaService.validateMfa.mockResolvedValue(false);

-				await expect(controller.updatePassword(req, mock())).rejects.toThrow(InvalidMfaCodeError);
+				await expect(
+					controller.updatePassword(
+						req,
+						mock(),
+						mock({
+							currentPassword: 'old_password',
+							newPassword: 'NewPassword123',
+							mfaCode: '123',
+						}),
+					),
+				).rejects.toThrow(InvalidMfaCodeError);
 			});

 			it('should succeed when mfa code is correct', async () => {
-				const req = mock<MeRequest.Password>({
+				const req = mock<AuthenticatedRequest>({
 					user: mock({ password: passwordHash, mfaEnabled: true }),
-					body: {
-						currentPassword: 'old_password',
-						newPassword: 'NewPassword123',
-						mfaCode: 'valid',
-					},
 					browserId,
 				});
 				const res = mock<Response>();
@ -334,7 +324,15 @@ describe('MeController', () => {
 				jest.spyOn(jwt, 'sign').mockImplementation(() => 'new-signed-token');
 				mockMfaService.validateMfa.mockResolvedValue(true);

-				const result = await controller.updatePassword(req, res);
+				const result = await controller.updatePassword(
+					req,
+					res,
+					mock({
+						currentPassword: 'old_password',
+						newPassword: 'NewPassword123',
+						mfaCode: 'valid',
+					}),
+				);

 				expect(result).toEqual({ success: true });
 				expect(req.user.password).not.toBe(passwordHash);
@ -411,18 +409,6 @@ describe('MeController', () => {
 		});
 	});

-	describe('updateCurrentUserSettings', () => {
-		it('should throw BadRequestError on XSS attempt', async () => {
-			const req = mock<AuthenticatedRequest>({
-				body: {
-					userActivated: '<script>alert("XSS")</script>',
-				},
-			});
-
-			await expect(controller.updateCurrentUserSettings(req)).rejects.toThrowError(BadRequestError);
-		});
-	});
-
 	describe('API Key methods', () => {
 		let req: AuthenticatedRequest;
 		beforeAll(() => {
--- a/packages/cli/src/controllers/tests/users.controller.test.ts
+++ b/packages/cli/src/controllers/tests/users.controller.test.ts
@ -3,7 +3,7 @@ import { mock } from 'jest-mock-extended';
 import type { User } from '@/databases/entities/user';
 import type { UserRepository } from '@/databases/repositories/user.repository';
 import type { EventService } from '@/events/event.service';
-import type { UserRequest } from '@/requests';
+import type { AuthenticatedRequest } from '@/requests';
 import type { ProjectService } from '@/services/project.service';

 import { UsersController } from '../users.controller';
@ -33,15 +33,18 @@ describe('UsersController', () => {

 	describe('changeGlobalRole', () => {
 		it('should emit event user-changed-role', async () => {
-			const request = mock<UserRequest.ChangeRole>({
+			const request = mock<AuthenticatedRequest>({
 				user: { id: '123' },
-				params: { id: '456' },
-				body: { newRoleName: 'global:member' },
 			});
-			userRepository.findOne.mockResolvedValue(mock<User>({ id: '456' }));
+			userRepository.findOneBy.mockResolvedValue(mock<User>({ id: '456' }));
 			projectService.getUserOwnedOrAdminProjects.mockResolvedValue([]);

-			await controller.changeGlobalRole(request);
+			await controller.changeGlobalRole(
+				request,
+				mock(),
+				mock({ newRoleName: 'global:member' }),
+				'456',
+			);

 			expect(eventService.emit).toHaveBeenCalledWith('user-changed-role', {
 				userId: '123',
--- a/packages/cli/src/controllers/me.controller.ts
+++ b/packages/cli/src/controllers/me.controller.ts
@ -1,12 +1,16 @@
+import {
+	PasswordUpdateRequestDTO,
+	SettingsUpdateRequestDTO,
+	UserUpdateRequestDTO,
+} from '@n8n/api-types';
 import { plainToInstance } from 'class-transformer';
 import { randomBytes } from 'crypto';
 import { type RequestHandler, Response } from 'express';
-import validator from 'validator';

 import { AuthService } from '@/auth/auth.service';
 import type { User } from '@/databases/entities/user';
 import { UserRepository } from '@/databases/repositories/user.repository';
-import { Delete, Get, Patch, Post, RestController } from '@/decorators';
+import { Body, Delete, Get, Patch, Post, RestController } from '@/decorators';
 import { BadRequestError } from '@/errors/response-errors/bad-request.error';
 import { InvalidMfaCodeError } from '@/errors/response-errors/invalid-mfa-code.error';
 import { EventService } from '@/events/event.service';
@ -16,12 +20,7 @@ import type { PublicUser } from '@/interfaces';
 import { Logger } from '@/logger';
 import { MfaService } from '@/mfa/mfa.service';
 import { isApiEnabled } from '@/public-api';
-import {
-	AuthenticatedRequest,
-	MeRequest,
-	UserSettingsUpdatePayload,
-	UserUpdatePayload,
-} from '@/requests';
+import { AuthenticatedRequest, MeRequest } from '@/requests';
 import { PasswordUtility } from '@/services/password.utility';
 import { UserService } from '@/services/user.service';
 import { isSamlLicensedAndEnabled } from '@/sso/saml/saml-helpers';
@ -55,30 +54,14 @@ export class MeController {
 	 * Update the logged-in user's properties, except password.
 	 */
 	@Patch('/')
-	async updateCurrentUser(req: MeRequest.UserUpdate, res: Response): Promise<PublicUser> {
+	async updateCurrentUser(
+		req: AuthenticatedRequest,
+		res: Response,
+		@Body payload: UserUpdateRequestDTO,
+	): Promise<PublicUser> {
 		const { id: userId, email: currentEmail, mfaEnabled } = req.user;

-		const payload = plainToInstance(UserUpdatePayload, req.body, { excludeExtraneousValues: true });
-
 		const { email } = payload;
-		if (!email) {
-			this.logger.debug('Request to update user email failed because of missing email in payload', {
-				userId,
-				payload,
-			});
-			throw new BadRequestError('Email is mandatory');
-		}
-
-		if (!validator.isEmail(email)) {
-			this.logger.debug('Request to update user email failed because of invalid email in payload', {
-				userId,
-				invalidEmail: email,
-			});
-			throw new BadRequestError('Invalid email address');
-		}
-
-		await validateEntity(payload);
-
 		const isEmailBeingChanged = email !== currentEmail;

 		// If SAML is enabled, we don't allow the user to change their email address
@ -134,9 +117,13 @@ export class MeController {
 	 * Update the logged-in user's password.
 	 */
 	@Patch('/password', { rateLimit: true })
-	async updatePassword(req: MeRequest.Password, res: Response) {
+	async updatePassword(
+		req: AuthenticatedRequest,
+		res: Response,
+		@Body payload: PasswordUpdateRequestDTO,
+	) {
 		const { user } = req;
-		const { currentPassword, newPassword, mfaCode } = req.body;
+		const { currentPassword, newPassword, mfaCode } = payload;

 		// If SAML is enabled, we don't allow the user to change their password
 		if (isSamlLicensedAndEnabled()) {
@ -270,13 +257,11 @@ export class MeController {
 	 * Update the logged-in user's settings.
 	 */
 	@Patch('/settings')
-	async updateCurrentUserSettings(req: MeRequest.UserSettingsUpdate): Promise<User['settings']> {
-		const payload = plainToInstance(UserSettingsUpdatePayload, req.body, {
-			excludeExtraneousValues: true,
-		});
-
-		await validateEntity(payload);
-
+	async updateCurrentUserSettings(
+		req: AuthenticatedRequest,
+		_: Response,
+		@Body payload: SettingsUpdateRequestDTO,
+	): Promise<User['settings']> {
 		const { id } = req.user;

 		await this.userService.updateSettings(id, payload);
--- a/packages/cli/src/controllers/users.controller.ts
+++ b/packages/cli/src/controllers/users.controller.ts
@ -1,4 +1,5 @@
-import { plainToInstance } from 'class-transformer';
+import { RoleChangeRequestDTO, SettingsUpdateRequestDTO } from '@n8n/api-types';
+import { Response } from 'express';

 import { AuthService } from '@/auth/auth.service';
 import { CredentialsService } from '@/credentials/credentials.service';
@ -9,22 +10,17 @@ import { ProjectRepository } from '@/databases/repositories/project.repository';
 import { SharedCredentialsRepository } from '@/databases/repositories/shared-credentials.repository';
 import { SharedWorkflowRepository } from '@/databases/repositories/shared-workflow.repository';
 import { UserRepository } from '@/databases/repositories/user.repository';
-import { GlobalScope, Delete, Get, RestController, Patch, Licensed } from '@/decorators';
+import { GlobalScope, Delete, Get, RestController, Patch, Licensed, Body } from '@/decorators';
+import { Param } from '@/decorators/args';
 import { BadRequestError } from '@/errors/response-errors/bad-request.error';
 import { ForbiddenError } from '@/errors/response-errors/forbidden.error';
 import { NotFoundError } from '@/errors/response-errors/not-found.error';
 import { EventService } from '@/events/event.service';
 import { ExternalHooks } from '@/external-hooks';
-import { validateEntity } from '@/generic-helpers';
 import type { PublicUser } from '@/interfaces';
 import { Logger } from '@/logger';
 import { listQueryMiddleware } from '@/middlewares';
-import {
-	ListQuery,
-	UserRequest,
-	UserRoleChangePayload,
-	UserSettingsUpdatePayload,
-} from '@/requests';
+import { AuthenticatedRequest, ListQuery, UserRequest } from '@/requests';
 import { ProjectService } from '@/services/project.service';
 import { UserService } from '@/services/user.service';
 import { WorkflowService } from '@/workflows/workflow.service';
@ -124,13 +120,12 @@ export class UsersController {

 	@Patch('/:id/settings')
 	@GlobalScope('user:update')
-	async updateUserSettings(req: UserRequest.UserSettingsUpdate) {
-		const payload = plainToInstance(UserSettingsUpdatePayload, req.body, {
-			excludeExtraneousValues: true,
-		});
-
-		const id = req.params.id;
-
+	async updateUserSettings(
+		_req: AuthenticatedRequest,
+		_res: Response,
+		@Body payload: SettingsUpdateRequestDTO,
+		@Param('id') id: string,
+	) {
 		await this.userService.updateSettings(id, payload);

 		const user = await this.userRepository.findOneOrFail({
@ -263,18 +258,16 @@ export class UsersController {
 	@Patch('/:id/role')
 	@GlobalScope('user:changeRole')
 	@Licensed('feat:advancedPermissions')
-	async changeGlobalRole(req: UserRequest.ChangeRole) {
+	async changeGlobalRole(
+		req: AuthenticatedRequest,
+		_: Response,
+		@Body payload: RoleChangeRequestDTO,
+		@Param('id') id: string,
+	) {
 		const { NO_ADMIN_ON_OWNER, NO_USER, NO_OWNER_ON_OWNER } =
 			UsersController.ERROR_MESSAGES.CHANGE_ROLE;

-		const payload = plainToInstance(UserRoleChangePayload, req.body, {
-			excludeExtraneousValues: true,
-		});
-		await validateEntity(payload);
-
-		const targetUser = await this.userRepository.findOne({
-			where: { id: req.params.id },
-		});
+		const targetUser = await this.userRepository.findOneBy({ id });
 		if (targetUser === null) {
 			throw new NotFoundError(NO_USER);
 		}
--- a/packages/cli/src/decorators/tests/controller.registry.test.ts
+++ b/packages/cli/src/decorators/tests/controller.registry.test.ts
@ -12,6 +12,8 @@ import { ControllerRegistry, Get, Licensed, RestController } from '@/decorators'
 import type { License } from '@/license';
 import type { SuperAgentTest } from '@test-integration/types';

+import { Param } from '../args';
+
 describe('ControllerRegistry', () => {
 	const license = mock<License>();
 	const authService = mock<AuthService>();
@ -114,4 +116,26 @@ describe('ControllerRegistry', () => {
 			expect(license.isFeatureEnabled).toHaveBeenCalled();
 		});
 	});
+
+	describe('Args', () => {
+		@RestController('/test')
+		// @ts-expect-error tsc complains about unused class
+		class TestController {
+			@Get('/args/:id')
+			args(req: express.Request, res: express.Response, @Param('id') id: string) {
+				res.setHeader('Testing', 'true');
+				return { url: req.url, id };
+			}
+		}
+
+		beforeEach(() => {
+			authService.authMiddleware.mockImplementation(async (_req, _res, next) => next());
+		});
+
+		it('should pass in correct args to the route handler', async () => {
+			const { headers, body } = await agent.get('/rest/test/args/1234').expect(200);
+			expect(headers.testing).toBe('true');
+			expect(body.data).toEqual({ url: '/args/1234', id: '1234' });
+		});
+	});
 });
--- a/packages/cli/src/decorators/args.ts
+++ b/packages/cli/src/decorators/args.ts
@ -0,0 +1,18 @@
+import { getRouteMetadata } from './controller.registry';
+import type { Arg, Controller } from './types';
+
+const ArgDecorator =
+	(arg: Arg): ParameterDecorator =>
+	(target, handlerName, parameterIndex) => {
+		const routeMetadata = getRouteMetadata(target.constructor as Controller, String(handlerName));
+		routeMetadata.args[parameterIndex] = arg;
+	};
+
+/** Injects the request body into the handler */
+export const Body = ArgDecorator({ type: 'body' });
+
+/** Injects the request query into the handler */
+export const Query = ArgDecorator({ type: 'query' });
+
+/** Injects a request parameter into the handler */
+export const Param = (key: string) => ArgDecorator({ type: 'param', key });
--- a/packages/cli/src/decorators/controller.registry.ts
+++ b/packages/cli/src/decorators/controller.registry.ts
@ -2,7 +2,9 @@ import { GlobalConfig } from '@n8n/config';
 import { Router } from 'express';
 import type { Application, Request, Response, RequestHandler } from 'express';
 import { rateLimit as expressRateLimit } from 'express-rate-limit';
+import { ApplicationError } from 'n8n-workflow';
 import { Container, Service } from 'typedi';
+import type { ZodClass } from 'zod-class';

 import { AuthService } from '@/auth/auth.service';
 import { inProduction, RESPONSE_ERROR_MESSAGES } from '@/constants';
@ -42,6 +44,7 @@ export const getRouteMetadata = (controllerClass: Controller, handlerName: Handl
 	let route = metadata.routes.get(handlerName);
 	if (!route) {
 		route = {} as RouteMetadata;
+		route.args = [];
 		metadata.routes.set(handlerName, route);
 	}
 	return route;
@ -76,8 +79,31 @@ export class ControllerRegistry {
 		);

 		for (const [handlerName, route] of metadata.routes) {
-			const handler = async (req: Request, res: Response) =>
-				await controller[handlerName](req, res);
+			const argTypes = Reflect.getMetadata(
+				'design:paramtypes',
+				controller,
+				handlerName,
+			) as unknown[];
+			// eslint-disable-next-line @typescript-eslint/no-loop-func
+			const handler = async (req: Request, res: Response) => {
+				const args: unknown[] = [req, res];
+				for (let index = 0; index < route.args.length; index++) {
+					const arg = route.args[index];
+					if (!arg) continue; // Skip args without any decorators
+					if (arg.type === 'param') args.push(req.params[arg.key]);
+					else if (['body', 'query'].includes(arg.type)) {
+						const paramType = argTypes[index] as ZodClass;
+						if (paramType && 'parse' in paramType) {
+							const output = paramType.safeParse(req[arg.type]);
+							if (output.success) args.push(output.data);
+							else {
+								return res.status(400).json(output.error.errors[0]);
+							}
+						}
+					} else throw new ApplicationError('Unknown arg type: ' + arg.type);
+				}
+				return await controller[handlerName](...args);
+			};

 			router[route.method](
 				route.path,
--- a/packages/cli/src/decorators/index.ts
+++ b/packages/cli/src/decorators/index.ts
@ -1,3 +1,4 @@
+export { Body } from './args';
 export { RestController } from './rest-controller';
 export { Get, Post, Put, Patch, Delete } from './route';
 export { Middleware } from './middleware';
--- a/packages/cli/src/decorators/types.ts
+++ b/packages/cli/src/decorators/types.ts
@ -6,6 +6,8 @@ import type { BooleanLicenseFeature } from '@/interfaces';

 export type Method = 'get' | 'post' | 'put' | 'patch' | 'delete';

+export type Arg = { type: 'body' | 'query' } | { type: 'param'; key: string };
+
 export interface RateLimit {
 	/**
 	 * The maximum number of requests to allow during the `window` before rate limiting the client.
@ -35,6 +37,7 @@ export interface RouteMetadata {
 	rateLimit?: boolean | RateLimit;
 	licenseFeature?: BooleanLicenseFeature;
 	accessScope?: AccessScope;
+	args: Arg[];
 }

 export interface ControllerMetadata {
--- a/packages/cli/src/generic-helpers.ts
+++ b/packages/cli/src/generic-helpers.ts
@ -5,11 +5,6 @@ import type { CredentialsEntity } from '@/databases/entities/credentials-entity'
 import type { TagEntity } from '@/databases/entities/tag-entity';
 import type { User } from '@/databases/entities/user';
 import type { WorkflowEntity } from '@/databases/entities/workflow-entity';
-import type {
-	UserRoleChangePayload,
-	UserSettingsUpdatePayload,
-	UserUpdatePayload,
-} from '@/requests';

 import type { PersonalizationSurveyAnswersV4 } from './controllers/survey-answers.dto';
 import { BadRequestError } from './errors/response-errors/bad-request.error';
@ -21,9 +16,6 @@ export async function validateEntity(
 		| TagEntity
 		| AnnotationTagEntity
 		| User
-		| UserUpdatePayload
-		| UserRoleChangePayload
-		| UserSettingsUpdatePayload
 		| PersonalizationSurveyAnswersV4,
 ): Promise<void> {
 	const errors = await validate(entity);
--- a/packages/cli/src/public-api/v1/handlers/users/users.handler.ee.ts
+++ b/packages/cli/src/public-api/v1/handlers/users/users.handler.ee.ts
@ -1,3 +1,4 @@
+import { RoleChangeRequestDTO } from '@n8n/api-types';
 import type express from 'express';
 import type { Response } from 'express';
 import { Container } from 'typedi';
@ -6,7 +7,7 @@ import { InvitationController } from '@/controllers/invitation.controller';
 import { UsersController } from '@/controllers/users.controller';
 import { ProjectRelationRepository } from '@/databases/repositories/project-relation.repository';
 import { EventService } from '@/events/event.service';
-import type { UserRequest } from '@/requests';
+import type { AuthenticatedRequest, UserRequest } from '@/requests';

 import { clean, getAllUsersAndCount, getUser } from './users.service.ee';
 import {
@ -19,7 +20,7 @@ import { encodeNextCursor } from '../../shared/services/pagination.service';

 type Create = UserRequest.Invite;
 type Delete = UserRequest.Delete;
-type ChangeRole = UserRequest.ChangeRole;
+type ChangeRole = AuthenticatedRequest<{ id: string }, {}, RoleChangeRequestDTO, {}>;

 export = {
 	getUser: [
@ -98,7 +99,19 @@ export = {
 		isLicensed('feat:advancedPermissions'),
 		globalScope('user:changeRole'),
 		async (req: ChangeRole, res: Response) => {
-			await Container.get(UsersController).changeGlobalRole(req);
+			const validation = RoleChangeRequestDTO.safeParse(req.body);
+			if (validation.error) {
+				return res.status(400).json({
+					message: validation.error.errors[0],
+				});
+			}
+
+			await Container.get(UsersController).changeGlobalRole(
+				req,
+				res,
+				validation.data,
+				req.params.id,
+			);

 			return res.status(204).send();
 		},
--- a/packages/cli/src/requests.ts
+++ b/packages/cli/src/requests.ts
@ -1,7 +1,5 @@
 import type { Scope } from '@n8n/permissions';
 import type { AiAssistantSDK } from '@n8n_io/ai-assistant-sdk';
-import { Expose } from 'class-transformer';
-import { IsBoolean, IsEmail, IsIn, IsOptional, IsString, Length } from 'class-validator';
 import type express from 'express';
 import type {
 	BannerName,
@ -18,61 +16,15 @@ import type {

 import type { CredentialsEntity } from '@/databases/entities/credentials-entity';
 import type { Project, ProjectType } from '@/databases/entities/project';
-import { AssignableRole } from '@/databases/entities/user';
-import type { GlobalRole, User } from '@/databases/entities/user';
+import type { AssignableRole, GlobalRole, User } from '@/databases/entities/user';
 import type { Variables } from '@/databases/entities/variables';
 import type { WorkflowEntity } from '@/databases/entities/workflow-entity';
 import type { WorkflowHistory } from '@/databases/entities/workflow-history';
 import type { PublicUser, SecretsProvider, SecretsProviderState } from '@/interfaces';
-import { NoUrl } from '@/validators/no-url.validator';
-import { NoXss } from '@/validators/no-xss.validator';

 import type { ProjectRole } from './databases/entities/project-relation';
 import type { ScopesField } from './services/role.service';

-export class UserUpdatePayload implements Pick<User, 'email' | 'firstName' | 'lastName'> {
-	@Expose()
-	@IsEmail()
-	email: string;
-
-	@Expose()
-	@NoXss()
-	@NoUrl()
-	@IsString({ message: 'First name must be of type string.' })
-	@Length(1, 32, { message: 'First name must be $constraint1 to $constraint2 characters long.' })
-	firstName: string;
-
-	@Expose()
-	@NoXss()
-	@NoUrl()
-	@IsString({ message: 'Last name must be of type string.' })
-	@Length(1, 32, { message: 'Last name must be $constraint1 to $constraint2 characters long.' })
-	lastName: string;
-
-	@IsOptional()
-	@Expose()
-	@IsString({ message: 'Two factor code must be a string.' })
-	mfaCode?: string;
-}
-
-export class UserSettingsUpdatePayload {
-	@Expose()
-	@IsBoolean({ message: 'userActivated should be a boolean' })
-	@IsOptional()
-	userActivated?: boolean;
-
-	@Expose()
-	@IsBoolean({ message: 'allowSSOManualLogin should be a boolean' })
-	@IsOptional()
-	allowSSOManualLogin?: boolean;
-}
-
-export class UserRoleChangePayload {
-	@Expose()
-	@IsIn(['global:admin', 'global:member'])
-	newRoleName: AssignableRole;
-}
-
 export type APIRequest<
 	RouteParams = {},
 	ResponseBody = {},
@ -230,13 +182,6 @@ export declare namespace CredentialRequest {
 // ----------------------------------

 export declare namespace MeRequest {
-	export type UserSettingsUpdate = AuthenticatedRequest<{}, {}, UserSettingsUpdatePayload>;
-	export type UserUpdate = AuthenticatedRequest<{}, {}, UserUpdatePayload>;
-	export type Password = AuthenticatedRequest<
-		{},
-		{},
-		{ currentPassword: string; newPassword: string; mfaCode?: string }
-	>;
 	export type SurveyAnswers = AuthenticatedRequest<{}, {}, IPersonalizationSurveyAnswersV4>;
 }

@ -311,8 +256,6 @@ export declare namespace UserRequest {
 		{ transferId?: string; includeRole: boolean }
 	>;

-	export type ChangeRole = AuthenticatedRequest<{ id: string }, {}, UserRoleChangePayload, {}>;
-
 	export type Get = AuthenticatedRequest<
 		{ id: string; email: string; identifier: string },
 		{},
@ -322,12 +265,6 @@ export declare namespace UserRequest {

 	export type PasswordResetLink = AuthenticatedRequest<{ id: string }, {}, {}, {}>;

-	export type UserSettingsUpdate = AuthenticatedRequest<
-		{ id: string },
-		{},
-		UserSettingsUpdatePayload
-	>;
-
 	export type Reinvite = AuthenticatedRequest<{ id: string }>;

 	export type Update = AuthlessRequest<
--- a/packages/cli/test/integration/public-api/users.test.ts
+++ b/packages/cli/test/integration/public-api/users.test.ts
@ -225,6 +225,29 @@ describe('Users in Public API', () => {
 			expect(response.body).toHaveProperty('message', 'Forbidden');
 		});

+		it('should return a 400 on invalid payload', async () => {
+			/**
+			 * Arrange
+			 */
+			testServer.license.enable('feat:advancedPermissions');
+			const owner = await createOwner({ withApiKey: true });
+			const member = await createMember();
+			const payload = { newRoleName: 'invalid' };
+
+			/**
+			 * Act
+			 */
+			const response = await testServer
+				.publicApiAgentFor(owner)
+				.patch(`/users/${member.id}/role`)
+				.send(payload);
+
+			/**
+			 * Assert
+			 */
+			expect(response.status).toBe(400);
+		});
+
 		it("should change a user's role", async () => {
 			/**
 			 * Arrange
--- a/packages/cli/test/integration/saml/saml.api.test.ts
+++ b/packages/cli/test/integration/saml/saml.api.test.ts
@ -22,9 +22,11 @@ const testServer = utils.setupTestServer({
 	enabledFeatures: ['feat:saml'],
 });

+const memberPassword = randomValidPassword();
+
 beforeAll(async () => {
 	owner = await createOwner();
-	someUser = await createUser();
+	someUser = await createUser({ password: memberPassword });
 	authOwnerAgent = testServer.authAgentFor(owner);
 	authMemberAgent = testServer.authAgentFor(someUser);
 });
@ -60,10 +62,11 @@ describe('Instance owner', () => {
 	describe('PATCH /password', () => {
 		test('should throw BadRequestError if password is changed when SAML is enabled', async () => {
 			await enableSaml(true);
-			await authOwnerAgent
+			await authMemberAgent
 				.patch('/me/password')
 				.send({
-					password: randomValidPassword(),
+					currentPassword: memberPassword,
+					newPassword: randomValidPassword(),
 				})
 				.expect(400, {
 					code: 400,
--- a/packages/cli/test/integration/users.api.test.ts
+++ b/packages/cli/test/integration/users.api.test.ts
@ -672,9 +672,6 @@ describe('PATCH /users/:id/role', () => {
 		])('%s', async (_, payload) => {
 			const response = await adminAgent.patch(`/users/${member.id}/role`).send(payload);
 			expect(response.statusCode).toBe(400);
-			expect(response.body.message).toBe(
-				'newRoleName must be one of the following values: global:admin, global:member',
-			);
 		});
 	});

--- a/packages/design-system/package.json
+++ b/packages/design-system/package.json
@ -54,6 +54,6 @@
    "vue": "catalog:frontend",
    "vue-boring-avatars": "^1.3.0",
    "vue-router": "^4.2.2",
-    "xss": "^1.0.14"
+    "xss": "catalog:"
  }
 }
--- a/packages/design-system/src/components/AskAssistantLoadingMessage/AssistantLoadingMessage.vue
+++ b/packages/design-system/src/components/AskAssistantLoadingMessage/AssistantLoadingMessage.vue
@ -1,6 +1,4 @@
 <script setup lang="ts">
-import { defineProps, withDefaults } from 'vue';
-
 import AssistantAvatar from '../AskAssistantAvatar/AssistantAvatar.vue';

 withDefaults(
--- a/packages/editor-ui/package.json
+++ b/packages/editor-ui/package.json
@ -63,7 +63,7 @@
    "n8n-design-system": "workspace:*",
    "n8n-workflow": "workspace:*",
    "pinia": "^2.1.6",
-    "prettier": "^3.1.0",
+    "prettier": "^3.3.3",
    "qrcode.vue": "^3.3.4",
    "stream-browserify": "^3.0.0",
    "timeago.js": "^4.0.2",
@ -77,7 +77,7 @@
    "vue-markdown-render": "catalog:frontend",
    "vue-router": "^4.2.2",
    "vue3-touch-events": "^4.1.3",
-    "xss": "^1.0.14"
+    "xss": "catalog:"
  },
  "devDependencies": {
    "@faker-js/faker": "^8.0.2",
--- a/packages/editor-ui/src/api/users.ts
+++ b/packages/editor-ui/src/api/users.ts
@ -1,3 +1,8 @@
+import type {
+	PasswordUpdateRequestDTO,
+	SettingsUpdateRequestDTO,
+	UserUpdateRequestDTO,
+} from '@n8n/api-types';
 import type {
 	CurrentUserResponse,
 	IPersonalizationLatestVersion,
@ -8,11 +13,6 @@ import type {
 import type { IDataObject, IUserSettings } from 'n8n-workflow';
 import { makeRestApiRequest } from '@/utils/apiUtils';

-export interface IUpdateUserSettingsReqPayload {
-	allowSSOManualLogin?: boolean;
-	userActivated?: boolean;
-}
-
 export async function loginCurrentUser(
 	context: IRestApiContext,
 ): Promise<CurrentUserResponse | null> {
@ -89,23 +89,16 @@ export async function changePassword(
 	await makeRestApiRequest(context, 'POST', '/change-password', params);
 }

-export type UpdateCurrentUserParams = {
-	firstName?: string;
-	lastName?: string;
-	email: string;
-	mfaCode?: string;
-};
-
 export async function updateCurrentUser(
 	context: IRestApiContext,
-	params: UpdateCurrentUserParams,
+	params: UserUpdateRequestDTO,
 ): Promise<IUserResponse> {
 	return await makeRestApiRequest(context, 'PATCH', '/me', params);
 }

 export async function updateCurrentUserSettings(
 	context: IRestApiContext,
-	settings: IUpdateUserSettingsReqPayload,
+	settings: SettingsUpdateRequestDTO,
 ): Promise<IUserSettings> {
 	return await makeRestApiRequest(context, 'PATCH', '/me/settings', settings);
 }
@ -113,20 +106,14 @@ export async function updateCurrentUserSettings(
 export async function updateOtherUserSettings(
 	context: IRestApiContext,
 	userId: string,
-	settings: IUpdateUserSettingsReqPayload,
+	settings: SettingsUpdateRequestDTO,
 ): Promise<IUserSettings> {
 	return await makeRestApiRequest(context, 'PATCH', `/users/${userId}/settings`, settings);
 }

-export type UpdateUserPasswordParams = {
-	newPassword: string;
-	currentPassword: string;
-	mfaCode?: string;
-};
-
 export async function updateCurrentUserPassword(
 	context: IRestApiContext,
-	params: UpdateUserPasswordParams,
+	params: PasswordUpdateRequestDTO,
 ): Promise<void> {
 	return await makeRestApiRequest(context, 'PATCH', '/me/password', params);
 }
--- a/packages/editor-ui/src/components/AnnotationTagsContainer.vue
+++ b/packages/editor-ui/src/components/AnnotationTagsContainer.vue
@ -1,5 +1,5 @@
 <script lang="ts" setup>
-import { computed, defineProps, defineEmits } from 'vue';
+import { computed } from 'vue';
 import TagsContainer from './TagsContainer.vue';
 import { useAnnotationTagsStore } from '@/stores/tags.store';
 import type { ITag } from '@/Interface';
--- a/packages/editor-ui/src/components/Draggable.vue
+++ b/packages/editor-ui/src/components/Draggable.vue
@ -77,7 +77,7 @@ const onDrag = (event: MouseEvent) => {
 	if (!isDragging.value && draggingElement.value) {
 		isDragging.value = true;

-		const data = props.targetDataKey ? draggingElement.value.dataset.value : props.data ?? '';
+		const data = props.targetDataKey ? draggingElement.value.dataset.value : (props.data ?? '');

 		ndvStore.draggableStartDragging({
 			type: props.type,
--- a/packages/editor-ui/src/components/InputPanel.vue
+++ b/packages/editor-ui/src/components/InputPanel.vue
@ -417,7 +417,7 @@ export default defineComponent({
 						type="secondary"
 						hide-icon
 						:transparent="true"
-						:node-name="isActiveNodeConfig ? rootNode : currentNodeName ?? ''"
+						:node-name="isActiveNodeConfig ? rootNode : (currentNodeName ?? '')"
 						:label="$locale.baseText('ndv.input.noOutputData.executePrevious')"
 						telemetry-source="inputs"
 						data-test-id="execute-previous-node"
--- a/packages/editor-ui/src/components/NodeExecuteButton.vue
+++ b/packages/editor-ui/src/components/NodeExecuteButton.vue
@ -1,5 +1,5 @@
 <script lang="ts" setup>
-import { withDefaults, defineProps, defineEmits, ref, computed } from 'vue';
+import { ref, computed } from 'vue';
 import {
 	WEBHOOK_NODE_TYPE,
 	MANUAL_TRIGGER_NODE_TYPE,
--- a/packages/editor-ui/src/components/Projects/ProjectSharing.vue
+++ b/packages/editor-ui/src/components/Projects/ProjectSharing.vue
@ -26,7 +26,7 @@ const emit = defineEmits<{
 	projectRemoved: [value: ProjectSharingData];
 }>();

-const selectedProject = ref(Array.isArray(model.value) ? '' : model.value?.id ?? '');
+const selectedProject = ref(Array.isArray(model.value) ? '' : (model.value?.id ?? ''));
 const filter = ref('');
 const selectPlaceholder = computed(
 	() => props.placeholder ?? locale.baseText('projects.sharing.select.placeholder'),
--- a/packages/editor-ui/src/components/RBAC.vue
+++ b/packages/editor-ui/src/components/RBAC.vue
@ -41,7 +41,7 @@ export default defineComponent({
 			const projectId = props.projectId ?? inferProjectIdFromRoute(route);
 			const resourceType = props.resourceType ?? inferResourceTypeFromRoute(route);
 			const resourceId = resourceType
-				? props.resourceId ?? inferResourceIdFromRoute(route)
+				? (props.resourceId ?? inferResourceIdFromRoute(route))
 				: undefined;

 			return rbacStore.hasScope(
--- a/packages/editor-ui/src/components/RunDataJson.vue
+++ b/packages/editor-ui/src/components/RunDataJson.vue
@ -14,6 +14,7 @@ import { nonExistingJsonPath } from '@/constants';
 import { useExternalHooks } from '@/composables/useExternalHooks';
 import TextWithHighlights from './TextWithHighlights.vue';
 import { useTelemetry } from '@/composables/useTelemetry';
+import { useElementSize } from '@vueuse/core';

 const LazyRunDataJsonActions = defineAsyncComponent(
 	async () => await import('@/components/RunDataJsonActions.vue'),
@ -45,6 +46,9 @@ const telemetry = useTelemetry();
 const selectedJsonPath = ref(nonExistingJsonPath);
 const draggingPath = ref<null | string>(null);
 const displayMode = ref('json');
+const jsonDataContainer = ref(null);
+
+const { height } = useElementSize(jsonDataContainer);

 const jsonData = computed(() => executionDataToJson(props.inputData));

@ -110,7 +114,7 @@ const getListItemName = (path: string) => {
 </script>

 <template>
-	<div :class="[$style.jsonDisplay, { [$style.highlight]: highlight }]">
+	<div ref="jsonDataContainer" :class="[$style.jsonDisplay, { [$style.highlight]: highlight }]">
 		<Suspense>
 			<LazyRunDataJsonActions
 				v-if="!editMode.enabled"
@ -141,6 +145,8 @@ const getListItemName = (path: string) => {
 				root-path=""
 				selectable-type="single"
 				class="json-data"
+				:virtual="true"
+				:height="height"
 				@update:selected-value="selectedJsonPath = $event"
 			>
 				<template #renderNodeKey="{ node }">
@ -192,11 +198,10 @@ const getListItemName = (path: string) => {
 	left: 0;
 	padding-left: var(--spacing-s);
 	right: 0;
-	overflow-y: auto;
+	overflow-y: hidden;
 	line-height: 1.5;
 	word-break: normal;
 	height: 100%;
-	padding-bottom: var(--spacing-3xl);

 	&:hover {
 		/* Shows .actionsGroup element from <run-data-json-actions /> child component */
@ -299,4 +304,8 @@ const getListItemName = (path: string) => {
 .vjs-tree .vjs-tree__content.has-line {
 	border-left: 1px dotted var(--color-json-line);
 }
+
+.vjs-tree .vjs-tree-list-holder-inner {
+	padding-bottom: var(--spacing-3xl);
+}
 </style>
--- a/packages/editor-ui/src/components/SaveButton.vue
+++ b/packages/editor-ui/src/components/SaveButton.vue
@ -25,7 +25,7 @@ const i18n = useI18n();

 const saveButtonLabel = computed(() => {
 	return props.isSaving
-		? props.savingLabel ?? i18n.baseText('saveButton.saving')
+		? (props.savingLabel ?? i18n.baseText('saveButton.saving'))
 		: i18n.baseText('saveButton.save');
 });

--- a/packages/editor-ui/src/components/WorkflowSelectorParameterInput/WorkflowSelectorParameterInput.vue
+++ b/packages/editor-ui/src/components/WorkflowSelectorParameterInput/WorkflowSelectorParameterInput.vue
@ -87,7 +87,7 @@ const valueToDisplay = computed<NodeParameterValue>(() => {
 	}

 	if (isListMode.value) {
-		return props.modelValue ? props.modelValue.cachedResultName ?? props.modelValue.value : '';
+		return props.modelValue ? (props.modelValue.cachedResultName ?? props.modelValue.value) : '';
 	}

 	return props.modelValue ? props.modelValue.value : '';
--- a/packages/editor-ui/src/components/tests/RunDataJson.test.ts
+++ b/packages/editor-ui/src/components/tests/RunDataJson.test.ts
@ -2,6 +2,22 @@ import { createTestingPinia } from '@pinia/testing';
 import { screen, cleanup } from '@testing-library/vue';
 import RunDataJson from '@/components/RunDataJson.vue';
 import { createComponentRenderer } from '@/__tests__/render';
+import { useElementSize } from '@vueuse/core'; // Import the composable to mock
+
+vi.mock('@vueuse/core', async () => {
+	// eslint-disable-next-line @typescript-eslint/consistent-type-imports
+	const originalModule = await vi.importActual<typeof import('@vueuse/core')>('@vueuse/core');
+
+	return {
+		...originalModule, // Keep all original exports
+		useElementSize: vi.fn(), // Mock useElementSize
+	};
+});
+
+(useElementSize as jest.Mock).mockReturnValue({
+	height: 500, // Mocked height value
+	width: 300, // Mocked width value
+});

 const renderComponent = createComponentRenderer(RunDataJson, {
 	props: {
@ -34,18 +50,6 @@ const renderComponent = createComponentRenderer(RunDataJson, {
 			disabled: false,
 		},
 	},
-	global: {
-		mocks: {
-			$locale: {
-				baseText() {
-					return '';
-				},
-			},
-			$store: {
-				getters: {},
-			},
-		},
-	},
 });

 describe('RunDataJson.vue', () => {
--- a/packages/editor-ui/src/components/tests/snapshots/RunDataJson.test.ts.snap
+++ b/packages/editor-ui/src/components/tests/snapshots/RunDataJson.test.ts.snap
@ -11,7 +11,19 @@ exports[`RunDataJson.vue > renders json values properly 1`] = `
    >
      
      <div
-        class="vjs-tree json-data"
+        class="vjs-tree is-virtual json-data"
+      >
+        <div
+          class="vjs-tree-list"
+          style="height: 500px;"
+        >
+          <div
+            class="vjs-tree-list-holder"
+            style="height: 340px;"
+          >
+            <div
+              class="vjs-tree-list-holder-inner"
+              style="transform: translateY(0px);"
            >
              
              <div
@ -828,6 +840,9 @@ exports[`RunDataJson.vue > renders json values properly 1`] = `
              </div>
              
            </div>
+          </div>
+        </div>
+      </div>
      
      <!--teleport start-->
      <!--teleport end-->
--- a/packages/editor-ui/src/components/canvas/elements/handles/render-types/CanvasHandleMainOutput.vue
+++ b/packages/editor-ui/src/components/canvas/elements/handles/render-types/CanvasHandleMainOutput.vue
@ -37,7 +37,7 @@ const plusLineSize = computed(
 			small: 46,
 			medium: 66,
 			large: 80,
-		})[renderOptions.value.outputs?.labelSize ?? runData.value ? 'large' : 'small'],
+		})[(renderOptions.value.outputs?.labelSize ?? runData.value) ? 'large' : 'small'],
 );

 function onMouseEnter() {
--- a/packages/editor-ui/src/components/executions/ExecutionsTime.vue
+++ b/packages/editor-ui/src/components/executions/ExecutionsTime.vue
@ -1,5 +1,5 @@
 <script setup lang="ts">
-import { ref, computed, onMounted, onBeforeUnmount, defineProps } from 'vue';
+import { ref, computed, onMounted, onBeforeUnmount } from 'vue';
 import { useI18n } from '@/composables/useI18n';

 const props = defineProps<{
--- a/packages/editor-ui/src/components/executions/workflow/VoteButtons.vue
+++ b/packages/editor-ui/src/components/executions/workflow/VoteButtons.vue
@ -1,5 +1,4 @@
 <script setup lang="ts">
-import { defineProps, defineEmits } from 'vue';
 import type { AnnotationVote } from 'n8n-workflow';

 defineProps<{
--- a/packages/editor-ui/src/components/executions/workflow/WorkflowExecutionsList.vue
+++ b/packages/editor-ui/src/components/executions/workflow/WorkflowExecutionsList.vue
@ -39,7 +39,7 @@ const router = useRouter();
 const temporaryExecution = computed<ExecutionSummary | undefined>(() =>
 	props.executions.find((execution) => execution.id === props.execution?.id)
 		? undefined
-		: props.execution ?? undefined,
+		: (props.execution ?? undefined),
 );

 const hidePreview = computed(() => {
--- a/packages/editor-ui/src/stores/assistant.store.ts
+++ b/packages/editor-ui/src/stores/assistant.store.ts
@ -356,9 +356,9 @@ export const useAssistantStore = defineStore(STORES.ASSISTANT, () => {
 		resetAssistantChat();
 		chatSessionTask.value = credentialType ? 'credentials' : 'support';
 		chatSessionCredType.value = credentialType;
-		chatWindowOpen.value = true;
 		addUserMessage(userMessage, id);
 		addLoadingAssistantMessage(locale.baseText('aiAssistant.thinkingSteps.thinking'));
+		openChat();
 		streaming.value = true;

 		let payload: ChatRequest.InitSupportChat | ChatRequest.InitCredHelp = {
--- a/packages/editor-ui/src/stores/logStreaming.store.ts
+++ b/packages/editor-ui/src/stores/logStreaming.store.ts
@ -7,8 +7,9 @@ import {
 	hasDestinationId,
 	saveDestinationToDb,
 	sendTestMessageToDestination,
-} from '../api/eventbus.ee';
+} from '@/api/eventbus.ee';
 import { useRootStore } from './root.store';
+import { ref } from 'vue';

 export interface EventSelectionItem {
 	selected: boolean;
@ -32,80 +33,142 @@ export interface DestinationSettingsStore {
 	[key: string]: DestinationStoreItem;
 }

-export const useLogStreamingStore = defineStore('logStreaming', {
-	state: () => ({
-		items: {} as DestinationSettingsStore,
-		eventNames: new Set<string>(),
-	}),
-	getters: {},
-	actions: {
-		addDestination(destination: MessageEventBusDestinationOptions) {
-			if (destination.id && this.items[destination.id]) {
-				this.items[destination.id].destination = destination;
+export const useLogStreamingStore = defineStore('logStreaming', () => {
+	const items = ref<DestinationSettingsStore>({});
+	const eventNames = ref(new Set<string>());
+
+	const rootStore = useRootStore();
+
+	const addDestination = (destination: MessageEventBusDestinationOptions) => {
+		if (destination.id && items.value[destination.id]) {
+			items.value[destination.id].destination = destination;
 		} else {
-				this.setSelectionAndBuildItems(destination);
+			setSelectionAndBuildItems(destination);
 		}
-		},
-		getDestination(destinationId: string): MessageEventBusDestinationOptions | undefined {
-			if (this.items[destinationId]) {
-				return this.items[destinationId].destination;
+	};
+
+	const setSelectionAndBuildItems = (destination: MessageEventBusDestinationOptions) => {
+		if (destination.id) {
+			if (!items.value[destination.id]) {
+				items.value[destination.id] = {
+					destination,
+					selectedEvents: new Set<string>(),
+					eventGroups: [],
+					isNew: false,
+				} as DestinationStoreItem;
+			}
+			items.value[destination.id]?.selectedEvents?.clear();
+			if (destination.subscribedEvents) {
+				for (const eventName of destination.subscribedEvents) {
+					items.value[destination.id]?.selectedEvents?.add(eventName);
+				}
+			}
+			items.value[destination.id].eventGroups = eventGroupsFromStringList(
+				eventNames.value,
+				items.value[destination.id]?.selectedEvents,
+			);
+		}
+	};
+
+	const getDestination = (destinationId: string) => {
+		if (items.value[destinationId]) {
+			return items.value[destinationId].destination;
 		} else {
 			return;
 		}
-		},
-		getAllDestinations(): MessageEventBusDestinationOptions[] {
+	};
+
+	const getAllDestinations = () => {
 		const destinations: MessageEventBusDestinationOptions[] = [];
-			for (const key of Object.keys(this.items)) {
-				destinations.push(this.items[key].destination);
+		for (const key of Object.keys(items)) {
+			destinations.push(items.value[key].destination);
 		}
 		return destinations;
-		},
-		updateDestination(destination: MessageEventBusDestinationOptions) {
-			if (destination.id && this.items[destination.id]) {
-				this.$patch((state) => {
-					if (destination.id && this.items[destination.id]) {
-						state.items[destination.id].destination = destination;
+	};
+
+	const clearDestinations = () => {
+		items.value = {};
+	};
+
+	const addEventName = (name: string) => {
+		eventNames.value.add(name);
+	};
+
+	const removeEventName = (name: string) => {
+		eventNames.value.delete(name);
+	};
+
+	const clearEventNames = () => {
+		eventNames.value.clear();
+	};
+
+	const addSelectedEvent = (id: string, name: string) => {
+		items.value[id]?.selectedEvents?.add(name);
+		setSelectedInGroup(id, name, true);
+	};
+
+	const removeSelectedEvent = (id: string, name: string) => {
+		items.value[id]?.selectedEvents?.delete(name);
+		setSelectedInGroup(id, name, false);
+	};
+
+	const setSelectedInGroup = (destinationId: string, name: string, isSelected: boolean) => {
+		if (items.value[destinationId]) {
+			const groupName = eventGroupFromEventName(name);
+			const groupIndex = items.value[destinationId].eventGroups.findIndex(
+				(e) => e.name === groupName,
+			);
+
+			if (groupIndex > -1) {
+				if (groupName === name) {
+					items.value[destinationId].eventGroups[groupIndex].selected = isSelected;
+				} else {
+					const eventIndex = items.value[destinationId].eventGroups[groupIndex].children.findIndex(
+						(e) => e.name === name,
+					);
+					if (eventIndex > -1) {
+						items.value[destinationId].eventGroups[groupIndex].children[eventIndex].selected =
+							isSelected;
+						if (isSelected) {
+							items.value[destinationId].eventGroups[groupIndex].indeterminate = isSelected;
+						} else {
+							let anySelected = false;
+							for (
+								let i = 0;
+								i < items.value[destinationId].eventGroups[groupIndex].children.length;
+								i++
+							) {
+								anySelected =
+									anySelected ||
+									items.value[destinationId].eventGroups[groupIndex].children[i].selected;
 							}
-					// to trigger refresh
-					state.items = { ...state.items };
-				});
+							items.value[destinationId].eventGroups[groupIndex].indeterminate = anySelected;
 						}
-		},
-		removeDestination(destinationId: string) {
+					}
+				}
+			}
+		}
+	};
+
+	const removeDestinationItemTree = (id: string) => {
+		delete items.value[id];
+	};
+
+	const updateDestination = (destination: MessageEventBusDestinationOptions) => {
+		if (destination.id && items.value[destination.id]) {
+			items.value[destination.id].destination = destination;
+		}
+	};
+
+	const removeDestination = (destinationId: string) => {
 		if (!destinationId) return;
-			delete this.items[destinationId];
-			if (this.items[destinationId]) {
-				this.$patch({
-					items: {
-						...this.items,
-					},
-				});
-			}
-		},
-		clearDestinations() {
-			this.items = {};
-		},
-		addEventName(name: string) {
-			this.eventNames.add(name);
-		},
-		removeEventName(name: string) {
-			this.eventNames.delete(name);
-		},
-		clearEventNames() {
-			this.eventNames.clear();
-		},
-		addSelectedEvent(id: string, name: string) {
-			this.items[id]?.selectedEvents?.add(name);
-			this.setSelectedInGroup(id, name, true);
-		},
-		removeSelectedEvent(id: string, name: string) {
-			this.items[id]?.selectedEvents?.delete(name);
-			this.setSelectedInGroup(id, name, false);
-		},
-		getSelectedEvents(destinationId: string): string[] {
+		delete items.value[destinationId];
+	};
+
+	const getSelectedEvents = (destinationId: string): string[] => {
 		const selectedEvents: string[] = [];
-			if (this.items[destinationId]) {
-				for (const group of this.items[destinationId].eventGroups) {
+		if (items.value[destinationId]) {
+			for (const group of items.value[destinationId].eventGroups) {
 				if (group.selected) {
 					selectedEvents.push(group.name);
 				}
@ -117,136 +180,95 @@ export const useLogStreamingStore = defineStore('logStreaming', {
 			}
 		}
 		return selectedEvents;
-		},
-		setSelectedInGroup(destinationId: string, name: string, isSelected: boolean) {
-			if (this.items[destinationId]) {
-				const groupName = eventGroupFromEventName(name);
-				const groupIndex = this.items[destinationId].eventGroups.findIndex(
-					(e) => e.name === groupName,
-				);
-				if (groupIndex > -1) {
-					if (groupName === name) {
-						this.$patch((state) => {
-							state.items[destinationId].eventGroups[groupIndex].selected = isSelected;
-						});
-					} else {
-						const eventIndex = this.items[destinationId].eventGroups[groupIndex].children.findIndex(
-							(e) => e.name === name,
-						);
-						if (eventIndex > -1) {
-							this.$patch((state) => {
-								state.items[destinationId].eventGroups[groupIndex].children[eventIndex].selected =
-									isSelected;
-								if (isSelected) {
-									state.items[destinationId].eventGroups[groupIndex].indeterminate = isSelected;
-								} else {
-									let anySelected = false;
-									for (
-										let i = 0;
-										i < state.items[destinationId].eventGroups[groupIndex].children.length;
-										i++
-									) {
-										anySelected =
-											anySelected ||
-											state.items[destinationId].eventGroups[groupIndex].children[i].selected;
-									}
-									state.items[destinationId].eventGroups[groupIndex].indeterminate = anySelected;
-								}
-							});
-						}
-					}
-				}
-			}
-		},
-		removeDestinationItemTree(id: string) {
-			delete this.items[id];
-		},
-		clearDestinationItemTrees() {
-			this.items = {} as DestinationSettingsStore;
-		},
-		setSelectionAndBuildItems(destination: MessageEventBusDestinationOptions) {
-			if (destination.id) {
-				if (!this.items[destination.id]) {
-					this.items[destination.id] = {
-						destination,
-						selectedEvents: new Set<string>(),
-						eventGroups: [],
-						isNew: false,
-					} as DestinationStoreItem;
-				}
-				this.items[destination.id]?.selectedEvents?.clear();
-				if (destination.subscribedEvents) {
-					for (const eventName of destination.subscribedEvents) {
-						this.items[destination.id]?.selectedEvents?.add(eventName);
-					}
-				}
-				this.items[destination.id].eventGroups = eventGroupsFromStringList(
-					this.eventNames,
-					this.items[destination.id]?.selectedEvents,
-				);
-			}
-		},
-		async saveDestination(destination: MessageEventBusDestinationOptions): Promise<boolean> {
+	};
+
+	const saveDestination = async (
+		destination: MessageEventBusDestinationOptions,
+	): Promise<boolean> => {
 		if (!hasDestinationId(destination)) {
 			return false;
 		}

-			const rootStore = useRootStore();
-			const selectedEvents = this.getSelectedEvents(destination.id);
+		const selectedEvents = getSelectedEvents(destination.id);
 		try {
 			await saveDestinationToDb(rootStore.restApiContext, destination, selectedEvents);
-				this.updateDestination(destination);
+			updateDestination(destination);
 			return true;
 		} catch (e) {
 			return false;
 		}
-		},
-		async sendTestMessage(destination: MessageEventBusDestinationOptions): Promise<boolean> {
+	};
+
+	const sendTestMessage = async (
+		destination: MessageEventBusDestinationOptions,
+	): Promise<boolean> => {
 		if (!hasDestinationId(destination)) {
 			return false;
 		}

-			const rootStore = useRootStore();
 		const testResult = await sendTestMessageToDestination(rootStore.restApiContext, destination);
 		return testResult;
-		},
-		async fetchEventNames(): Promise<string[]> {
-			const rootStore = useRootStore();
+	};
+
+	const fetchEventNames = async () => {
 		return await getEventNamesFromBackend(rootStore.restApiContext);
-		},
-		async fetchDestinations(): Promise<MessageEventBusDestinationOptions[]> {
-			const rootStore = useRootStore();
+	};
+
+	const fetchDestinations = async (): Promise<MessageEventBusDestinationOptions[]> => {
 		return await getDestinationsFromBackend(rootStore.restApiContext);
-		},
-		async deleteDestination(destinationId: string) {
-			const rootStore = useRootStore();
+	};
+
+	const deleteDestination = async (destinationId: string) => {
 		await deleteDestinationFromDb(rootStore.restApiContext, destinationId);
-			this.removeDestination(destinationId);
-		},
-	},
+		removeDestination(destinationId);
+	};
+
+	return {
+		addDestination,
+		setSelectionAndBuildItems,
+		getDestination,
+		getAllDestinations,
+		clearDestinations,
+		addEventName,
+		removeEventName,
+		clearEventNames,
+		addSelectedEvent,
+		removeSelectedEvent,
+		setSelectedInGroup,
+		removeDestinationItemTree,
+		updateDestination,
+		removeDestination,
+		getSelectedEvents,
+		saveDestination,
+		sendTestMessage,
+		fetchEventNames,
+		fetchDestinations,
+		deleteDestination,
+		items,
+	};
 });

-export function eventGroupFromEventName(eventName: string): string | undefined {
+export const eventGroupFromEventName = (eventName: string): string | undefined => {
 	const matches = eventName.match(/^[\w\s]+\.[\w\s]+/);
 	if (matches && matches?.length > 0) {
 		return matches[0];
 	}
 	return undefined;
-}
+};

-function prettifyEventName(label: string, group = ''): string {
+const prettifyEventName = (label: string, group = ''): string => {
 	label = label.replace(group + '.', '');
 	if (label.length > 0) {
 		label = label[0].toUpperCase() + label.substring(1);
 		label = label.replaceAll('.', ' ');
 	}
 	return label;
-}
+};

-export function eventGroupsFromStringList(
+export const eventGroupsFromStringList = (
 	dottedList: Set<string>,
 	selectionList: Set<string> = new Set(),
-) {
+) => {
 	const result = [] as EventSelectionGroup[];
 	const eventNameArray = Array.from(dottedList.values());

@ -287,4 +309,4 @@ export function eventGroupsFromStringList(
 		result.push(collection);
 	}
 	return result;
-}
+};
--- a/packages/editor-ui/src/stores/users.store.ts
+++ b/packages/editor-ui/src/stores/users.store.ts
@ -1,4 +1,9 @@
-import type { IUpdateUserSettingsReqPayload, UpdateGlobalRolePayload } from '@/api/users';
+import type {
+	PasswordUpdateRequestDTO,
+	SettingsUpdateRequestDTO,
+	UserUpdateRequestDTO,
+} from '@n8n/api-types';
+import type { UpdateGlobalRolePayload } from '@/api/users';
 import * as usersApi from '@/api/users';
 import { BROWSER_ID_STORAGE_KEY, PERSONALIZATION_MODAL_KEY, STORES, ROLE } from '@/constants';
 import type {
@ -226,12 +231,12 @@ export const useUsersStore = defineStore(STORES.USERS, () => {
 		await usersApi.changePassword(rootStore.restApiContext, params);
 	};

-	const updateUser = async (params: usersApi.UpdateCurrentUserParams) => {
+	const updateUser = async (params: UserUpdateRequestDTO) => {
 		const user = await usersApi.updateCurrentUser(rootStore.restApiContext, params);
 		addUsers([user]);
 	};

-	const updateUserSettings = async (settings: IUpdateUserSettingsReqPayload) => {
+	const updateUserSettings = async (settings: SettingsUpdateRequestDTO) => {
 		const updatedSettings = await usersApi.updateCurrentUserSettings(
 			rootStore.restApiContext,
 			settings,
@ -242,10 +247,7 @@ export const useUsersStore = defineStore(STORES.USERS, () => {
 		}
 	};

-	const updateOtherUserSettings = async (
-		userId: string,
-		settings: IUpdateUserSettingsReqPayload,
-	) => {
+	const updateOtherUserSettings = async (userId: string, settings: SettingsUpdateRequestDTO) => {
 		const updatedSettings = await usersApi.updateOtherUserSettings(
 			rootStore.restApiContext,
 			userId,
@ -255,7 +257,7 @@ export const useUsersStore = defineStore(STORES.USERS, () => {
 		addUsers([usersById.value[userId]]);
 	};

-	const updateCurrentUserPassword = async (params: usersApi.UpdateUserPasswordParams) => {
+	const updateCurrentUserPassword = async (params: PasswordUpdateRequestDTO) => {
 		await usersApi.updateCurrentUserPassword(rootStore.restApiContext, params);
 	};

--- a/packages/editor-ui/src/views/NodeView.v2.vue
+++ b/packages/editor-ui/src/views/NodeView.v2.vue
@ -935,7 +935,7 @@ const workflowPermissions = computed(() => {
 const projectPermissions = computed(() => {
 	const project = route.query?.projectId
 		? projectsStore.myProjects.find((p) => p.id === route.query.projectId)
-		: projectsStore.currentProject ?? projectsStore.personalProject;
+		: (projectsStore.currentProject ?? projectsStore.personalProject);
 	return getResourcePermissions(project?.scopes);
 });

--- a/packages/editor-ui/src/views/NodeView.vue
+++ b/packages/editor-ui/src/views/NodeView.vue
@ -507,7 +507,7 @@ export default defineComponent({
 		projectPermissions() {
 			const project = this.$route.query?.projectId
 				? this.projectsStore.myProjects.find((p) => p.id === this.$route.query.projectId)
-				: this.projectsStore.currentProject ?? this.projectsStore.personalProject;
+				: (this.projectsStore.currentProject ?? this.projectsStore.personalProject);
 			return getResourcePermissions(project?.scopes);
 		},
 	},
--- a/packages/editor-ui/src/views/SettingsLogStreamingView.vue
+++ b/packages/editor-ui/src/views/SettingsLogStreamingView.vue
@ -95,7 +95,7 @@ export default defineComponent({
 		},
 		async getDestinationDataFromBackend(): Promise<void> {
 			this.logStreamingStore.clearEventNames();
-			this.logStreamingStore.clearDestinationItemTrees();
+			this.logStreamingStore.clearDestinations();
 			this.allDestinations = [];
 			const eventNamesData = await this.logStreamingStore.fetchEventNames();
 			if (eventNamesData) {
--- a/packages/editor-ui/src/views/VariablesView.vue
+++ b/packages/editor-ui/src/views/VariablesView.vue
@ -124,7 +124,7 @@ function resetNewVariablesList() {
 const resourceToEnvironmentVariable = (data: IResource): EnvironmentVariable => ({
 	id: data.id,
 	key: data.name,
-	value: 'value' in data ? data.value ?? '' : '',
+	value: 'value' in data ? (data.value ?? '') : '',
 });

 const environmentVariableToResource = (data: EnvironmentVariable): IResource => ({
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -54,6 +54,9 @@ catalogs:
    xml2js:
      specifier: 0.6.2
      version: 0.6.2
+    xss:
+      specifier: 1.0.15
+      version: 1.0.15
    zod:
      specifier: 3.23.8
      version: 3.23.8
@ -88,7 +91,6 @@ overrides:
  chokidar: 3.5.2
  esbuild: ^0.20.2
  formidable: 3.5.1
-  prettier: ^3.2.5
  pug: ^3.0.3
  semver: ^7.5.4
  tslib: ^2.6.2
@ -231,6 +233,16 @@ importers:
        version: link:../packages/workflow

  packages/@n8n/api-types:
+    dependencies:
+      xss:
+        specifier: 'catalog:'
+        version: 1.0.15
+      zod:
+        specifier: 'catalog:'
+        version: 3.23.8
+      zod-class:
+        specifier: 0.0.15
+        version: 0.0.15(zod@3.23.8)
    devDependencies:
      n8n-workflow:
        specifier: workspace:*
@ -623,9 +635,6 @@ importers:
      '@typescript-eslint/parser':
        specifier: ^7.2.0
        version: 7.2.0(eslint@8.57.0)(typescript@5.6.2)
-      '@vue/eslint-config-prettier':
-        specifier: ^9.0.0
-        version: 9.0.0(@types/eslint@8.56.5)(eslint@8.57.0)(prettier@3.2.5)
      '@vue/eslint-config-typescript':
        specifier: ^13.0.0
        version: 13.0.0(eslint-plugin-vue@9.23.0(eslint@8.57.0))(eslint@8.57.0)(typescript@5.6.2)
@ -650,9 +659,6 @@ importers:
      eslint-plugin-n8n-local-rules:
        specifier: ^1.0.0
        version: 1.0.0
-      eslint-plugin-prettier:
-        specifier: ^5.1.3
-        version: 5.1.3(@types/eslint@8.56.5)(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.2.5)
      eslint-plugin-unicorn:
        specifier: ^51.0.1
        version: 51.0.1(eslint@8.57.0)
@ -942,8 +948,8 @@ importers:
        specifier: 3.0.1
        version: 3.0.1
      xss:
-        specifier: ^1.0.14
-        version: 1.0.14
+        specifier: 'catalog:'
+        version: 1.0.15
      yamljs:
        specifier: 0.3.0
        version: 0.3.0
@ -1175,8 +1181,8 @@ importers:
        specifier: ^4.2.2
        version: 4.2.2(vue@3.4.21(typescript@5.6.2))
      xss:
-        specifier: ^1.0.14
-        version: 1.0.14
+        specifier: 'catalog:'
+        version: 1.0.15
    devDependencies:
      '@n8n/storybook':
        specifier: workspace:*
@ -1392,8 +1398,8 @@ importers:
        specifier: ^2.1.6
        version: 2.1.6(typescript@5.6.2)(vue@3.4.21(typescript@5.6.2))
      prettier:
-        specifier: ^3.2.5
-        version: 3.2.5
+        specifier: ^3.3.3
+        version: 3.3.3
      qrcode.vue:
        specifier: ^3.3.4
        version: 3.3.4(vue@3.4.21(typescript@5.6.2))
@ -1434,8 +1440,8 @@ importers:
        specifier: ^4.1.3
        version: 4.1.3
      xss:
-        specifier: ^1.0.14
-        version: 1.0.14
+        specifier: 'catalog:'
+        version: 1.0.15
    devDependencies:
      '@faker-js/faker':
        specifier: ^8.0.2
@ -3819,10 +3825,6 @@ packages:
    resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
    engines: {node: '>=14'}

-  '@pkgr/core@0.1.1':
-    resolution: {integrity: sha512-cq8o4cWH0ibXh9VGi5P20Tu9XF/0fFXl9EUinr9QfTM7a7p0oTA4iJRCQWppXR1Pg8dSM0UCItCkPwsk9qWWYA==}
-    engines: {node: ^12.20.0 || ^14.18.0 || >=16.0.0}
-
  '@protobufjs/aspromise@1.1.2':
    resolution: {integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==}

@ -5435,12 +5437,6 @@ packages:
  '@vue/devtools-api@6.5.0':
    resolution: {integrity: sha512-o9KfBeaBmCKl10usN4crU53fYtC1r7jJwdGKjPT24t348rHxgfpZ0xL3Xm/gLUYnc0oTp8LAmrxOeLyu6tbk2Q==}

-  '@vue/eslint-config-prettier@9.0.0':
-    resolution: {integrity: sha512-z1ZIAAUS9pKzo/ANEfd2sO+v2IUalz7cM/cTLOZ7vRFOPk5/xuRKQteOu1DErFLAh/lYGXMVZ0IfYKlyInuDVg==}
-    peerDependencies:
-      eslint: '>= 8.0.0'
-      prettier: ^3.2.5
-
  '@vue/eslint-config-typescript@13.0.0':
    resolution: {integrity: sha512-MHh9SncG/sfqjVqjcuFLOLD6Ed4dRAis4HNt0dXASeAuLqIAx4YMB1/m2o4pUKK1vCt8fUvYG8KKX2Ot3BVZTg==}
    engines: {node: ^18.18.0 || >=20.0.0}
@ -7171,20 +7167,6 @@ packages:
    resolution: {integrity: sha512-Qj8S+YgymYkt/5Fr1buwOTjl0jAERJBp3MA5V8M6NR1HYfErKazVjpOPEy5+04c0vAQZO1mPLGAzanxqqNUIng==}
    engines: {node: '>=20.15', pnpm: '>=9.6'}

-  eslint-plugin-prettier@5.1.3:
-    resolution: {integrity: sha512-C9GCVAs4Eq7ZC/XFQHITLiHJxQngdtraXaM+LoUFoFp/lHNl2Zn8f3WQbe9HvTBBQ9YnKFB0/2Ajdqwo5D1EAw==}
-    engines: {node: ^14.18.0 || >=16.0.0}
-    peerDependencies:
-      '@types/eslint': '>=8.0.0'
-      eslint: '>=8.0.0'
-      eslint-config-prettier: '*'
-      prettier: ^3.2.5
-    peerDependenciesMeta:
-      '@types/eslint':
-        optional: true
-      eslint-config-prettier:
-        optional: true
-
  eslint-plugin-unicorn@51.0.1:
    resolution: {integrity: sha512-MuR/+9VuB0fydoI0nIn2RDA5WISRn4AsJyNSaNKLVwie9/ONvQhxOBbkfSICBPnzKrB77Fh6CZZXjgTt/4Latw==}
    engines: {node: '>=16'}
@ -7388,9 +7370,6 @@ packages:
  fast-deep-equal@3.1.3:
    resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}

-  fast-diff@1.2.0:
-    resolution: {integrity: sha512-xJuoT5+L99XlZ8twedaRf6Ax2TgQVxvgZOYoPKqZufmJib0tL2tegPBOZb1pVNgIhlqDlA0eO0c3wBvQcmzx4w==}
-
  fast-glob@3.2.12:
    resolution: {integrity: sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w==}
    engines: {node: '>=8.6.0'}
@ -10440,12 +10419,8 @@ packages:
  pretender@3.4.7:
    resolution: {integrity: sha512-jkPAvt1BfRi0RKamweJdEcnjkeu7Es8yix3bJ+KgBC5VpG/Ln4JE3hYN6vJym4qprm8Xo5adhWpm3HCoft1dOw==}

-  prettier-linter-helpers@1.0.0:
-    resolution: {integrity: sha512-GbK2cP9nraSSUF9N2XwUwqfzlAFlMNYYl+ShE/V+H8a9uNl/oUqB1w2EL54Jh0OlyRSd8RfWYJ3coVS4TROP2w==}
-    engines: {node: '>=6.0.0'}
-
-  prettier@3.2.5:
-    resolution: {integrity: sha512-3/GWa9aOC0YeD7LUfvOG2NiDyhOWRvt1k+rcKhOuYnMY24iiCphgneUfJDyFXd6rZCAnuLBv6UeAULtrhT/F4A==}
+  prettier@3.3.3:
+    resolution: {integrity: sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==}
    engines: {node: '>=14'}
    hasBin: true

@ -11516,10 +11491,6 @@ packages:
  symbol-tree@3.2.4:
    resolution: {integrity: sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==}

-  synckit@0.8.8:
-    resolution: {integrity: sha512-HwOKAP7Wc5aRGYdKH+dw0PRRpbO841v2DENBtjnR5HFWoiNByAl7vrx3p0G/rCyYXQsrxqtX48TImFtPcIHSpQ==}
-    engines: {node: ^14.18.0 || >=16.0.0}
-
  syslog-client@1.1.1:
    resolution: {integrity: sha512-c3qKw8JzCuHt0mwrzKQr8eqOc3RB28HgOpFuwGMO3GLscVpfR+0ECevWLZq/yIJTbx3WTb3QXBFVpTFtKAPDrw==}

@ -11889,6 +11860,10 @@ packages:
    resolution: {integrity: sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==}
    engines: {node: '>=12.20'}

+  type-fest@4.26.1:
+    resolution: {integrity: sha512-yOGpmOAL7CkKe/91I5O3gPICmJNLJ1G4zFYVAsRHg7M64biSnPtRj0WNQt++bRkjYOqjWXrhnUw1utzmVErAdg==}
+    engines: {node: '>=16'}
+
  type-is@1.6.18:
    resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==}
    engines: {node: '>= 0.6'}
@ -12570,8 +12545,8 @@ packages:
  xregexp@2.0.0:
    resolution: {integrity: sha512-xl/50/Cf32VsGq/1R8jJE5ajH1yMCQkpmoS10QbFZWl2Oor4H0Me64Pu2yxvsRWK3m6soJbmGfzSR7BYmDcWAA==}

-  xss@1.0.14:
-    resolution: {integrity: sha512-og7TEJhXvn1a7kzZGQ7ETjdQVS2UfZyTlsEdDOqvQF7GoxNfY+0YLCzBy1kPdsDDx4QuNAonQPddpsn6Xl/7sw==}
+  xss@1.0.15:
+    resolution: {integrity: sha512-FVdlVVC67WOIPvfOwhoMETV72f6GbW7aOabBC3WxN/oUdoEMDyLz4OgRv5/gck2ZeNqEQu+Tb0kloovXOfpYVg==}
    engines: {node: '>= 0.10.0'}
    hasBin: true

@ -12655,6 +12630,11 @@ packages:
    engines: {node: '>=8.0.0'}
    hasBin: true

+  zod-class@0.0.15:
+    resolution: {integrity: sha512-CD5B4e9unKPj1hiy7JOSwRV01WqbEBkFOlhws0C9s9wB0FSpECOnlKXOAkjo9tKYX2enQsXWyyOIBNPPNUHWRA==}
+    peerDependencies:
+      zod: ^3
+
  zod-to-json-schema@3.23.2:
    resolution: {integrity: sha512-uSt90Gzc/tUfyNqxnjlfBs8W6WSGpNBv0rVsNxP/BVSMHMKGdthPYff4xtCHYloJGM0CFxFsb3NbC0eqPhfImw==}
    peerDependencies:
@ -15578,8 +15558,6 @@ snapshots:
  '@pkgjs/parseargs@0.11.0':
    optional: true

-  '@pkgr/core@0.1.1': {}
-
  '@protobufjs/aspromise@1.1.2': {}

  '@protobufjs/base64@1.1.2': {}
@ -17814,15 +17792,6 @@ snapshots:

  '@vue/devtools-api@6.5.0': {}

-  '@vue/eslint-config-prettier@9.0.0(@types/eslint@8.56.5)(eslint@8.57.0)(prettier@3.2.5)':
-    dependencies:
-      eslint: 8.57.0
-      eslint-config-prettier: 9.1.0(eslint@8.57.0)
-      eslint-plugin-prettier: 5.1.3(@types/eslint@8.56.5)(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.2.5)
-      prettier: 3.2.5
-    transitivePeerDependencies:
-      - '@types/eslint'
-
  '@vue/eslint-config-typescript@13.0.0(eslint-plugin-vue@9.23.0(eslint@8.57.0))(eslint@8.57.0)(typescript@5.6.2)':
    dependencies:
      '@typescript-eslint/eslint-plugin': 7.2.0(@typescript-eslint/parser@7.2.0(eslint@8.57.0)(typescript@5.6.2))(eslint@8.57.0)(typescript@5.6.2)
@ -19909,16 +19878,6 @@ snapshots:
      - supports-color
      - typescript

-  eslint-plugin-prettier@5.1.3(@types/eslint@8.56.5)(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.2.5):
-    dependencies:
-      eslint: 8.57.0
-      prettier: 3.2.5
-      prettier-linter-helpers: 1.0.0
-      synckit: 0.8.8
-    optionalDependencies:
-      '@types/eslint': 8.56.5
-      eslint-config-prettier: 9.1.0(eslint@8.57.0)
-
  eslint-plugin-unicorn@51.0.1(eslint@8.57.0):
    dependencies:
      '@babel/helper-validator-identifier': 7.22.20
@ -20233,8 +20192,6 @@ snapshots:

  fast-deep-equal@3.1.3: {}

-  fast-diff@1.2.0: {}
-
  fast-glob@3.2.12:
    dependencies:
      '@nodelib/fs.stat': 2.0.5
@ -23882,11 +23839,7 @@ snapshots:
      fake-xml-http-request: 2.1.2
      route-recognizer: 0.3.4

-  prettier-linter-helpers@1.0.0:
-    dependencies:
-      fast-diff: 1.2.0
-
-  prettier@3.2.5: {}
+  prettier@3.3.3: {}

  pretty-bytes@5.6.0: {}

@ -25252,11 +25205,6 @@ snapshots:

  symbol-tree@3.2.4: {}

-  synckit@0.8.8:
-    dependencies:
-      '@pkgr/core': 0.1.1
-      tslib: 2.6.2
-
  syslog-client@1.1.1: {}

  tailwindcss@3.4.3(ts-node@10.9.2(@types/node@18.16.16)(typescript@5.6.2)):
@ -25630,6 +25578,8 @@ snapshots:

  type-fest@2.19.0: {}

+  type-fest@4.26.1: {}
+
  type-is@1.6.18:
    dependencies:
      media-typer: 0.3.0
@ -26357,7 +26307,7 @@ snapshots:

  xregexp@2.0.0: {}

-  xss@1.0.14:
+  xss@1.0.15:
    dependencies:
      commander: 2.20.3
      cssfilter: 0.0.10
@ -26457,6 +26407,11 @@ snapshots:
    optionalDependencies:
      commander: 9.4.1

+  zod-class@0.0.15(zod@3.23.8):
+    dependencies:
+      type-fest: 4.26.1
+      zod: 3.23.8
+
  zod-to-json-schema@3.23.2(zod@3.23.8):
    dependencies:
      zod: 3.23.8
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@ -20,6 +20,7 @@ catalog:
  typedi: 0.10.0
  uuid: 10.0.0
  xml2js: 0.6.2
+  xss: 1.0.15
  zod: 3.23.8
  '@langchain/core': 0.2.31
Author	SHA1	Message	Date
कारतोफ्फेलस्क्रिप्ट™	0adfca8f17	Merge `d2e178a677` into `48294e7ec1`	2024-09-19 16:45:06 -04:00
Ricardo Espinoza	48294e7ec1	refactor(editor): Stop importing Vue compiler macros (#10890 ) Some checks are pending Test Master / install-and-build (push) Waiting to run Details Test Master / Unit tests (18.x) (push) Blocked by required conditions Details Test Master / Unit tests (20.x) (push) Blocked by required conditions Details Test Master / Unit tests (22.4) (push) Blocked by required conditions Details Test Master / Lint (push) Blocked by required conditions Details Test Master / Notify Slack on failure (push) Blocked by required conditions Details Benchmark Docker Image CI / build (push) Waiting to run Details	2024-09-19 13:53:23 -04:00
कारतोफ्फेलस्क्रिप्ट™	d2e178a677	fix the TODO	2024-09-19 17:58:55 +02:00
कारतोफ्फेलस्क्रिप्ट™	eb6a74fa24	Merge remote-tracking branch 'origin/master' into validatable-dtos	2024-09-19 17:39:17 +02:00
कारतोफ्फेलस्क्रिप्ट™	fdef6c9f0d	ci: Remove eslint-plugin-prettier again (no-changelog) (#10876 )	2024-09-19 16:29:04 +02:00
कारतोफ्फेलस्क्रिप्ट™	220e1b60ee	refactor(core): Move some request DTOs to @n8n/api-types (no-changelog)	2024-09-19 15:25:49 +02:00
Tomi Turtiainen	8fb31e8459	fix(benchmark): Simplify binary data scenario setup and use larger binary file (#10879 )	2024-09-19 16:21:55 +03:00
Ricardo Espinoza	cee57b6504	refactor(editor): Migrate `LogStreaming.store.ts` to composition API (#10719 ) Some checks are pending Test Master / install-and-build (push) Waiting to run Details Test Master / Unit tests (18.x) (push) Blocked by required conditions Details Test Master / Unit tests (20.x) (push) Blocked by required conditions Details Test Master / Unit tests (22.4) (push) Blocked by required conditions Details Test Master / Lint (push) Blocked by required conditions Details Test Master / Notify Slack on failure (push) Blocked by required conditions Details Benchmark Docker Image CI / build (push) Waiting to run Details	2024-09-19 09:15:01 -04:00
Ricardo Espinoza	f5474ff791	perf(editor): Use virtual scrolling in `RunDataJson.vue` (#10838 )	2024-09-19 08:43:09 -04:00
Milorad FIlipović	b86fd80fc9	fix(editor): Update gird size when opening credentials support chat (#10882 )	2024-09-19 14:06:14 +02:00