fix(core): Restore credential data deep copy in overwrites

[Joffcom]

Summary

Restores the deep copy behavior for credential data in CredentialsOverwrites.applyOverwrite().

PR #28573 changed CredentialsOverwrites.get() to return undefined instead of {} when no credential overwrites are configured. This caused applyOverwrite() to early-return the original credential data reference instead of a deepCopy().

In multi-main queue mode, multiple workflow executions run concurrently on the same process. The getDecrypted() method in CredentialsHelper has an await point at dynamicCredentialsProxy.resolveIfNeeded(). With the original reference being shared across concurrent requests, one execution could observe a partially-mutated credential object from another — resulting in an empty or corrupted token being passed to downstream API calls (e.g. Slack's not_authed error).

Fix: Change if (entries.length === 0) return undefined → if (entries.length === 0) return {}.

This restores the 2.17.2 path where applyOverwrite always calls deepCopy(data), giving each concurrent execution its own isolated copy. The skipTypes optional chaining safety fix from PR #28573 is preserved.

To test:

1. Deploy to a multi-main + Postgres + queue mode instance
2. Run a workflow using Slack API credential — should succeed without not_authed
3. Verify credential test still shows green for a valid Slack token

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/NODE-4869

Review / Merge checklist

• I have seen this code, I have run this code, and I take responsibility for this code.
• PR title and summary are descriptive. (conventions)
• Docs updated or follow-up ticket created.
• Tests included.
• PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)

🤖 PR Summary generated by AI

[github-actions]

Performance Comparison

Comparing current → latest master → 14-day baseline

Memory consumption baseline with starter plan resources

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
memory-rss-baseline	284.32 MB	288.44 MB	290.51 MB (σ 41.09)	-1.4%	-2.1%	✅
memory-heap-used-baseline	114.45 MB	114.39 MB	114.37 MB (σ 0.40)	+0.1%	+0.1%	✅

docker-stats

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
docker-image-size-runners	386.00 MB	412.00 MB	392.93 MB (σ 11.30)	-6.3%	-1.8%	✅
docker-image-size-n8n	1269.76 MB	1300.48 MB	1273.86 MB (σ 10.81)	-2.4%	-0.3%	✅

Idle baseline with Instance AI module loaded

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
instance-ai-rss-baseline	343.77 MB	386.52 MB	364.63 MB (σ 22.57)	-11.1%	-5.7%	✅
instance-ai-heap-used-baseline	186.83 MB	186.88 MB	186.42 MB (σ 0.27)	-0.0%	+0.2%	⚠️

How to read this table

• Current: This PR's value (or latest master if PR perf tests haven't run)
• Latest Master: Most recent nightly master measurement
• Baseline: Rolling 14-day average from master
• vs Master: PR impact (current vs latest master)
• vs Baseline: Drift from baseline (current vs rolling avg)
• Status: ✅ within 1σ | ⚠️ 1-2σ | 🔴 >2σ regression

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[cubic-dev-ai]

No issues found across 1 file

[Matsuuu]

The reasoning seems reasonable. Let's try this out tomorrow with a patch release

[Joffcom]

Closing as doesn't appear to be needed.