Skip to content

[stable31] Fix npm audit #3276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nextcloud-command wants to merge 1 commit into
base: stable31
Choose a base branch
from
Open

[stable31] Fix npm audit #3276

nextcloud-command wants to merge 1 commit into from

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Nov 9, 2025
edited
Loading

Audit report

This audit fix resolves 4 of the total 46 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@cypress/request #

  • Caused by vulnerable dependency:
  • Affected versions: <=3.0.9
  • Package usage:
    • node_modules/@cypress/request

body-parser #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.20.3 || 2.0.0-beta.1 - 2.0.2
  • Package usage:
    • node_modules/body-parser

express #

  • Caused by vulnerable dependency:
  • Affected versions: 2.5.8 - 2.5.11 || 3.2.1 - 3.2.3 || 4.0.0-rc1 - 4.21.2 || 5.0.0-alpha.1 - 5.0.1
  • Package usage:
    • node_modules/express

qs #

  • qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-6rw7-vpxm-498p
  • Affected versions: <6.14.1
  • Package usage:
    • node_modules/@cypress/request/node_modules/qs
    • node_modules/body-parser/node_modules/qs
    • node_modules/express/node_modules/qs
    • node_modules/qs

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Nov 9, 2025
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch 2 times, most recently from c44cf23 to a6b4176 Compare November 23, 2025 03:27
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from a6b4176 to ea5fe54 Compare November 30, 2025 03:36
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch 2 times, most recently from cb18d95 to 692d2a5 Compare December 14, 2025 03:33
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch 2 times, most recently from 9497aff to 3b6752e Compare December 28, 2025 03:36
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from 3b6752e to cdbb26d Compare January 4, 2026 03:42
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from cdbb26d to 3705bf8 Compare January 11, 2026 03:53
@nextcloud-command
fix(deps): Fix npm audit
b8ba5e0 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from 3705bf8 to b8ba5e0 Compare January 18, 2026 03:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command