Skip to content

[stable32] Fix npm audit#57975

Open
nextcloud-command wants to merge 1 commit intostable32from
automated/noid/stable32-fix-npm-audit
Open

[stable32] Fix npm audit#57975
nextcloud-command wants to merge 1 commit intostable32from
automated/noid/stable32-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Feb 1, 2026
edited
Loading

Audit report

This audit fix resolves 2 of the total 63 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/cypress #

  • Caused by vulnerable dependency:
  • Affected versions:
  • Package usage:
    • node_modules/@nextcloud/cypress

handlebars #

  • Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
  • Severity: high (CVSS 8.1)
  • Reference: GHSA-3mfm-83xf-c92r
  • Affected versions: 4.0.0 - 4.7.8
  • Package usage:
    • node_modules/handlebars

@nextcloud-command nextcloud-command requested review from a team as code owners February 1, 2026 04:04
@nextcloud-command nextcloud-command requested review from artonge, nfebe and susnux and removed request for a team February 1, 2026 04:04
@susnux
Copy link
Copy Markdown
Contributor

susnux commented Feb 4, 2026

/compile rebase

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from d332185 to 72a6fc9 Compare February 8, 2026 04:13
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 05ba8c1 to e65fef3 Compare February 22, 2026 03:46
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from afa5160 to bc01ea7 Compare March 1, 2026 03:50
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from bc01ea7 to 584b59b Compare March 8, 2026 03:31
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 3 times, most recently from d422e3b to 99acdec Compare March 22, 2026 03:50
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from 9d9d175 to 8315df1 Compare April 5, 2026 03:48
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch 2 times, most recently from e8b1c63 to e95ddcf Compare April 14, 2026 23:35
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from e95ddcf to 5b1af61 Compare April 19, 2026 04:12
@nextcloud-command
fix(deps): Fix npm audit
afaf723 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable32-fix-npm-audit branch from 5b1af61 to afaf723 Compare April 26, 2026 04:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

@artonge artonge Awaiting requested review from artonge artonge is a code owner automatically assigned from nextcloud/server-frontend

@nfebe nfebe Awaiting requested review from nfebe nfebe is a code owner automatically assigned from nextcloud/server-frontend

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nextcloud-command @susnux @joshtrichards