Skip to content

Comments

[stable31] Fix npm audit#3276

Merged
susnux merged 1 commit intostable31from
automated/noid/stable31-fix-npm-audit
Jan 28, 2026
Merged

[stable31] Fix npm audit#3276
susnux merged 1 commit intostable31from
automated/noid/stable31-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Nov 9, 2025
edited
Loading

Audit report

This audit fix resolves 4 of the total 41 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@cypress/request #

  • Caused by vulnerable dependency:
  • Affected versions: <=3.0.9
  • Package usage:
    • node_modules/@cypress/request

body-parser #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.20.3 || 2.0.0-beta.1 - 2.0.2
  • Package usage:
    • node_modules/body-parser

express #

  • Caused by vulnerable dependency:
  • Affected versions: 2.5.8 - 2.5.11 || 3.2.1 - 3.2.3 || 4.0.0-rc1 - 4.21.2 || 5.0.0-alpha.1 - 5.0.1
  • Package usage:
    • node_modules/express

qs #

  • qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-6rw7-vpxm-498p
  • Affected versions: <6.14.1
  • Package usage:
    • node_modules/@cypress/request/node_modules/qs
    • node_modules/body-parser/node_modules/qs
    • node_modules/express/node_modules/qs
    • node_modules/qs

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Nov 9, 2025
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch 2 times, most recently from c44cf23 to a6b4176 Compare November 23, 2025 03:27
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from a6b4176 to ea5fe54 Compare November 30, 2025 03:36
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch 2 times, most recently from cb18d95 to 692d2a5 Compare December 14, 2025 03:33
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch 2 times, most recently from 9497aff to 3b6752e Compare December 28, 2025 03:36
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from 3b6752e to cdbb26d Compare January 4, 2026 03:42
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch 2 times, most recently from 3705bf8 to b8ba5e0 Compare January 18, 2026 03:47
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from b8ba5e0 to 8044da9 Compare January 25, 2026 03:50
@susnux susnux merged commit 70e723f into stable31 Jan 28, 2026
47 checks passed
@susnux susnux deleted the automated/noid/stable31-fix-npm-audit branch January 28, 2026 16:44
@nextcloud-bot nextcloud-bot mentioned this pull request Feb 4, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @susnux