Skip to content

[stable32] Fix npm audit#8399

Closed
nextcloud-command wants to merge 1 commit into
stable32from
automated/noid/stable32-fix-npm-audit
Closed

[stable32] Fix npm audit#8399
nextcloud-command wants to merge 1 commit into
stable32from
automated/noid/stable32-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Collaborator

@nextcloud-command nextcloud-command commented Mar 22, 2026
edited
Loading

Audit report

This audit fix resolves 2 of the total 45 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

uuid #

  • uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
  • Severity: moderate
  • Reference: GHSA-w5hq-g745-h8pq
  • Affected versions: 11.0.0 - 11.1.0
  • Package usage:
    • node_modules/uuid

webdav #

  • Caused by vulnerable dependency:
  • Affected versions: 3.0.0 - 5.8.0
  • Package usage:
    • node_modules/webdav

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Mar 22, 2026
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 4c805f7 to a4d585c Compare April 5, 2026 03:52
@max-nextcloud
Copy link
Copy Markdown
Collaborator

max-nextcloud commented Apr 6, 2026

npm test error seems related:

Error: Directory import '/home/runner/work/text/text/node_modules/punycode/' is not supported resolving ES modules imported from /home/runner/work/text/text/node_modules/node-stdlib-browser/esm/proxy/url.js

@max-nextcloud max-nextcloud self-requested a review April 6, 2026 20:13
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from a4d585c to 70161c4 Compare April 12, 2026 04:01
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 70161c4 to 06ca76c Compare April 19, 2026 04:14
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 97b7a9b to 71e38c7 Compare May 3, 2026 04:12
@nextcloud-command
fix(deps): Fix npm audit
7dbc415 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 71e38c7 to 7dbc415 Compare May 10, 2026 04:11
@mejo- mejo- closed this May 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mejo- mejo- Awaiting requested review from mejo- mejo- is a code owner

@max-nextcloud max-nextcloud Awaiting requested review from max-nextcloud max-nextcloud is a code owner

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nextcloud-command @max-nextcloud @mejo-