Skip to content

[stable5.6] Fix npm audit#12270

Open
nextcloud-command wants to merge 1 commit intostable5.6from
automated/noid/stable5.6-fix-npm-audit
Open

[stable5.6] Fix npm audit#12270
nextcloud-command wants to merge 1 commit intostable5.6from
automated/noid/stable5.6-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Jan 20, 2026
edited
Loading

Audit report

This audit fix resolves 1 of the total 97 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

dompurify #

  • DOMPurify contains a Cross-site Scripting vulnerability
  • Severity: moderate (CVSS 6.1)
  • Reference: GHSA-v2wj-7wpq-c8vv
  • Affected versions: 3.1.3 - 3.3.1
  • Package usage:
    • node_modules/dompurify

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.6-fix-npm-audit branch from 3b69b32 to 84c09fb Compare January 27, 2026 03:13
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.6-fix-npm-audit branch from 84c09fb to 8459465 Compare February 3, 2026 03:24
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.6-fix-npm-audit branch from 8459465 to d179e48 Compare February 10, 2026 03:34
ChristophWurst
ChristophWurst requested changes Feb 10, 2026
View reviewed changes
Comment thread package-lock.json
"version": "8.35.0",
"resolved": "https://registry.npmjs.org/@nextcloud/vue/-/vue-8.35.0.tgz",
"integrity": "sha512-qPm0aaPbnt7n694WQ97T+EMQTxCa3+RPKDzsBVD6vb01N4uGYwjvrEEOLVmBMlEWqkFy+ks3tpeOjkDPOoJbNA==",
"version": "8.36.0",
Copy link
Copy Markdown
Member

@ChristophWurst ChristophWurst Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The usual unrelated suspect

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.6-fix-npm-audit branch from d179e48 to 5f1426a Compare February 17, 2026 03:25
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.6-fix-npm-audit branch 2 times, most recently from de53a06 to 85e533b Compare March 3, 2026 03:24
@nextcloud-command
fix(deps): Fix npm audit
8ec7849 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.6-fix-npm-audit branch from 85e533b to 8ec7849 Compare March 10, 2026 03:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChristophWurst ChristophWurst ChristophWurst requested changes

@GretaD GretaD Awaiting requested review from GretaD GretaD is a code owner

@kesselb kesselb Awaiting requested review from kesselb kesselb is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

3. to review dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @ChristophWurst