[master] Fix npm audit #1743

nextcloud-command · 2024-08-01T10:16:38Z

Audit report

This audit fix resolves 6 of the total 10 vulnerabilities found in your project.

Updated dependencies

@testing-library/vue
@vue/test-utils
elliptic
fast-xml-parser
micromatch
vue-tsc

Fixed vulnerabilities

@testing-library/vue #

Caused by vulnerable dependency:
- @vue/test-utils
- vue-template-compiler
Affected versions: <=5.9.0
Package usage:
- node_modules/@testing-library/vue

@vue/test-utils #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=1.3.6
Package usage:
- node_modules/@vue/test-utils

elliptic #

Elliptic's EDDSA missing signature length check
Severity: low (CVSS 5.3)
Reference: GHSA-f7q4-pwc6-w24p
Affected versions: 2.0.0 - 6.5.6
Package usage:
- node_modules/elliptic

fast-xml-parser #

fast-xml-parser vulnerable to ReDOS at currency parsing
Severity: high (CVSS 7.5)
Reference: GHSA-mpg4-rc92-vx8v
Affected versions: <4.4.1
Package usage:
- node_modules/fast-xml-parser

micromatch #

Regular Expression Denial of Service (ReDoS) in micromatch
Severity: moderate
Reference: GHSA-952p-6rrq-rcjv
Affected versions: <4.0.8
Package usage:
- node_modules/micromatch

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc

cypress · 2024-08-01T10:32:28Z

Activity Run #1872

Run Properties: Failed #1872 • 4814aa9398: [master] Fix npm audit

Project	`Activity`
Branch Review	`automated/noid/master-fix-npm-audit`
Run status	`Failed #1872`
Run duration	`06m 09s`
Commit	`4814aa9398: [master] Fix npm audit`
Committer	`Nextcloud Command Bot`
View all properties for this run ↗︎

Test results
Failures	`3`
Flaky	`1`
Pending	`0`
Skipped	`0`
Passing	`7`
View all changes introduced in this branch ↗︎

Tests for review

cypress/e2e/sidebar.cy.ts • 3 failed tests • Run E2E

View Output

Test		Artifacts
Check activity listing in the sidebar > Has favorite activity		`Test Replay` `Screenshots`
Check activity listing in the sidebar > Has tag activity		`Test Replay` `Screenshots`
Check activity listing in the sidebar > Has comment activity		`Test Replay` `Screenshots`

cypress/e2e/sidebar.cy.ts • 1 flaky test • Run E2E

View Output

Test		Artifacts
Check activity listing in the sidebar > Has share activity		`Test Replay` `Screenshots`

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Aug 1, 2024

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 6752afb to 037a566 Compare August 4, 2024 03:11

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from ca1144a to 4e6bffb Compare August 18, 2024 03:07

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 4e6bffb to 4c118f1 Compare August 25, 2024 03:04

nextcloud-command closed this Sep 1, 2024

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 4c118f1 to 54a1756 Compare September 1, 2024 03:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[master] Fix npm audit #1743

[master] Fix npm audit #1743

nextcloud-command commented Aug 1, 2024 •

edited

Loading

cypress bot commented Aug 1, 2024 •

edited

Loading

[master] Fix npm audit #1743

[master] Fix npm audit #1743

Conversation

nextcloud-command commented Aug 1, 2024 • edited Loading

Audit report

Updated dependencies

Fixed vulnerabilities

@testing-library/vue #

@vue/test-utils #

elliptic #

fast-xml-parser #

micromatch #

vue-tsc #

cypress bot commented Aug 1, 2024 • edited Loading

Activity Run #1872

Tests for review

nextcloud-command commented Aug 1, 2024 •

edited

Loading

cypress bot commented Aug 1, 2024 •

edited

Loading