Skip to content

[stable32] Fix npm audit#3512

Open
nextcloud-command wants to merge 1 commit into
stable32from
automated/noid/stable32-fix-npm-audit
Open

[stable32] Fix npm audit#3512
nextcloud-command wants to merge 1 commit into
stable32from
automated/noid/stable32-fix-npm-audit

Conversation

@nextcloud-command

@nextcloud-command nextcloud-command commented May 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Audit report

This audit fix resolves 5 of the total 51 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@cypress/request #

  • Caused by vulnerable dependency:
  • Affected versions: <=4.0.0
  • Package usage:
    • node_modules/@cypress/request

@vitest/coverage-v8 #

  • Caused by vulnerable dependency:
  • Affected versions: <=3.2.5
  • Package usage:
    • node_modules/@vitest/coverage-v8

cypress #

  • Caused by vulnerable dependency:
  • Affected versions: 4.3.0 - 15.14.2
  • Package usage:
    • node_modules/cypress

qs #

  • qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-q8mj-m7cp-5q26
  • Affected versions: 6.11.1 - 6.15.1
  • Package usage:
    • node_modules/qs

vitest #

  • When Vitest UI server is listening, arbitrary file can be read and executed
  • Severity: critical 🚨 (CVSS 9.8)
  • Reference: GHSA-5xrq-8626-4rwp
  • Affected versions: <=4.1.0-beta.6
  • Package usage:
    • node_modules/vitest

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels May 10, 2026
@codecov

codecov Bot commented May 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 2b3d6fd to 552c955 Compare May 17, 2026 04:23
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from a503b8a to 6fc453d Compare May 31, 2026 04:23
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 6fc453d to bb5d615 Compare June 7, 2026 04:29
@nextcloud-command
fix(deps): Fix npm audit
52e5732 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from bb5d615 to 52e5732 Compare June 14, 2026 04:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nextcloud-command