Skip to content

[stable5.9] Fix npm audit#13009

Open
nextcloud-command wants to merge 1 commit into
stable5.9from
automated/noid/stable5.9-fix-npm-audit
Open

[stable5.9] Fix npm audit#13009
nextcloud-command wants to merge 1 commit into
stable5.9from
automated/noid/stable5.9-fix-npm-audit

Conversation

@nextcloud-command

@nextcloud-command nextcloud-command commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Audit report

This audit fix resolves 2 of the total 35 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

dompurify #

  • DOMPurify: IN_PLACE mode trusts attacker-controlled nodeName on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects
  • Severity: low
  • Reference: GHSA-x4vx-rjvf-j5p4
  • Affected versions: <=3.4.10
  • Package usage:
    • node_modules/dompurify

vitest #

  • When Vitest UI server is listening, arbitrary file can be read and executed
  • Severity: critical 🚨 (CVSS 9.8)
  • Reference: GHSA-5xrq-8626-4rwp
  • Affected versions: <3.2.6
  • Package usage:
    • node_modules/vitest

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.9-fix-npm-audit branch from 1867b0d to a4a9efd Compare June 9, 2026 03:46
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.9-fix-npm-audit branch 2 times, most recently from e52e1d2 to 755ada8 Compare June 23, 2026 03:46
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.9-fix-npm-audit branch from 755ada8 to 80c7ca8 Compare June 30, 2026 03:46
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5.9-fix-npm-audit branch from 80c7ca8 to 9d92c30 Compare July 7, 2026 03:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant