Skip to content

[stable32] Fix npm audit#3164

Merged
susnux merged 11 commits intostable32from
automated/noid/stable32-fix-npm-audit
Jan 28, 2026
Merged

[stable32] Fix npm audit#3164
susnux merged 11 commits intostable32from
automated/noid/stable32-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Sep 4, 2025
edited
Loading

Audit report

This audit fix resolves 4 of the total 42 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@cypress/request #

  • Caused by vulnerable dependency:
  • Affected versions: <=3.0.9
  • Package usage:
    • node_modules/@cypress/request

@nextcloud/eslint-config #

  • Caused by vulnerable dependency:
  • Affected versions: 9.0.0-rc.0 - 9.0.0-rc.2
  • Package usage:
    • node_modules/@nextcloud/eslint-config

axios #

  • Axios is vulnerable to DoS attack through lack of data size check
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-4hjh-wcwx-xvwj
  • Affected versions: 1.0.0 - 1.11.0
  • Package usage:
    • node_modules/axios

qs #

  • qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-6rw7-vpxm-498p
  • Affected versions: <6.14.1
  • Package usage:
    • node_modules/@cypress/request/node_modules/qs
    • node_modules/qs

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Sep 4, 2025
@codecov
Copy link

codecov bot commented Sep 4, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 26e891d to 75a7644 Compare September 7, 2025 03:10
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 75a7644 to 7d41c6e Compare September 14, 2025 03:15
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from f914010 to 34521db Compare September 28, 2025 03:21
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 57b8e1e to e84a89f Compare October 12, 2025 03:22
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 755cc03 to 84822b8 Compare October 26, 2025 03:18
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 31b04ff to 850ffd3 Compare November 9, 2025 03:24
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 75597cf to 75babf7 Compare November 23, 2025 03:35
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 75babf7 to c4f88b1 Compare November 30, 2025 03:39
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 248f468 to 98cea5b Compare December 14, 2025 03:33
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 98cea5b to 00e18b8 Compare December 21, 2025 03:32
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 00e18b8 to 19bc889 Compare December 28, 2025 03:34
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 19bc889 to b38e9e3 Compare January 4, 2026 03:38
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 8b06c04 to efa883f Compare January 18, 2026 03:46
@nextcloud-command
fix(deps): Fix npm audit
2ccee77 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from efa883f to 2ccee77 Compare January 25, 2026 03:46
susnux added 5 commits January 28, 2026 17:27
@susnux
chore: align dependencies
31127a3 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: resolve
6973943 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: resolve vue/define-macros-order
6ec7b5d 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: resolve @nextcloud-l10n/non-breaking-space-vue
1e7ce6d 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: resolve vue/prefer-separate-static-class
f053701 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
susnux added 5 commits January 28, 2026 17:29
@susnux
chore: resolve antfu/top-level-function
0bfef40 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: resolve @stylistic/exp-list-style
96921a8 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: resolve @nextcloud/vue/no-deprecated-props
db692a8 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: ignore NcSelect::userSelect for now
244a693 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: compile assets
3b8fe83 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux susnux merged commit 1534e85 into stable32 Jan 28, 2026
44 of 46 checks passed
@susnux susnux deleted the automated/noid/stable32-fix-npm-audit branch January 28, 2026 16:43
@nextcloud-bot nextcloud-bot mentioned this pull request Feb 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @susnux