Skip to content

[stable33] Fix npm audit#3163

Open
nextcloud-command wants to merge 1 commit into
stable33from
automated/noid/stable33-fix-npm-audit
Open

[stable33] Fix npm audit#3163
nextcloud-command wants to merge 1 commit into
stable33from
automated/noid/stable33-fix-npm-audit

Conversation

@nextcloud-command

@nextcloud-command nextcloud-command commented Apr 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Audit report

This audit fix resolves 3 of the total 44 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/cypress #

  • Caused by vulnerable dependency:
  • Affected versions:
  • Package usage:
    • node_modules/@nextcloud/cypress

dompurify #

  • DOMPurify: IN_PLACE mode trusts attacker-controlled nodeName on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects
  • Severity: low
  • Reference: GHSA-x4vx-rjvf-j5p4
  • Affected versions: <=3.4.10
  • Package usage:
    • node_modules/dompurify

vite #

  • launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
  • Severity: moderate
  • Reference: GHSA-v6wh-96g9-6wx3
  • Affected versions: 7.0.0 - 7.3.3
  • Package usage:
    • node_modules/vite

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Apr 26, 2026
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable33-fix-npm-audit branch 2 times, most recently from b678ae8 to 0f37258 Compare May 10, 2026 04:12
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable33-fix-npm-audit branch from 0f37258 to 39409b7 Compare May 17, 2026 04:17
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable33-fix-npm-audit branch 2 times, most recently from 70b2d5e to 2fb190b Compare May 31, 2026 04:19
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable33-fix-npm-audit branch 2 times, most recently from f36fe91 to 3b64498 Compare June 14, 2026 04:22
@nextcloud-command
fix(deps): Fix npm audit
e434c0a 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable33-fix-npm-audit branch from 3b64498 to e434c0a Compare June 21, 2026 04:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nextcloud-command