Skip to content

[stable33] Fix npm audit#2541

Open
nextcloud-command wants to merge 1 commit into
stable33from
automated/noid/stable33-fix-npm-audit
Open

[stable33] Fix npm audit#2541
nextcloud-command wants to merge 1 commit into
stable33from
automated/noid/stable33-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Apr 26, 2026
edited
Loading

Audit report

No fixable problems found (7 unfixable, 5 only fixable manually using --force)

Full npm audit report

# npm audit report

elliptic  *
Elliptic Uses a Cryptographic Primitive with a Risky Implementation - https://github.com/advisories/GHSA-848j-6mx2-7j84
No fix available
node_modules/elliptic
  browserify-sign  >=2.4.0
  Depends on vulnerable versions of elliptic
  node_modules/browserify-sign
    crypto-browserify  >=3.4.0
    Depends on vulnerable versions of browserify-sign
    Depends on vulnerable versions of create-ecdh
    node_modules/crypto-browserify
      node-stdlib-browser  *
      Depends on vulnerable versions of crypto-browserify
      node_modules/node-stdlib-browser
        vite-plugin-node-polyfills  >=0.3.0
        Depends on vulnerable versions of node-stdlib-browser
        node_modules/vite-plugin-node-polyfills
          @nextcloud/vite-config  *
          Depends on vulnerable versions of vite-plugin-node-polyfills
          node_modules/@nextcloud/vite-config
  create-ecdh  *
  Depends on vulnerable versions of elliptic
  node_modules/create-ecdh

7 low severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Node.js: v24.15.0 | npm: 11.14.1 | Branch: stable33

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Apr 26, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 26, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@cypress
Copy link
Copy Markdown

cypress Bot commented Apr 26, 2026
edited
Loading

Activity    Run #3735

Run Properties:  status check failed Failed #3735  •  git commit 534bb0a815: [stable33] Fix npm audit
Project Activity
Branch Review automated/noid/stable33-fix-npm-audit
Run status status check failed Failed #3735
Run duration 02m 23s
Commit git commit 534bb0a815: [stable33] Fix npm audit
Committer Nextcloud Command Bot
View all properties for this run ↗︎
Test results
Tests that failed  Failures 1
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 1
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 8
View all changes introduced in this branch ↗︎

Tests for review

Failed  cypress/e2e/sidebar.cy.ts • 1 failed test • Run E2E

View Output

Test Artifacts
Check activity listing in the sidebar > Has favorite activity Test Replay Screenshots

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable33-fix-npm-audit branch from 0056149 to 295a84e Compare May 3, 2026 04:11
@miaulalala miaulalala force-pushed the automated/noid/stable33-fix-npm-audit branch from 295a84e to 78c22d3 Compare May 5, 2026 20:32
@nextcloud-command
fix(deps): Fix npm audit
3c8bebe 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable33-fix-npm-audit branch from 78c22d3 to 3c8bebe Compare May 10, 2026 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@miaulalala miaulalala miaulalala approved these changes

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @miaulalala