Skip to content

[stable34] Fix npm audit#933

Merged
kyteinsky merged 1 commit into
stable34from
automated/noid/stable34-fix-npm-audit
Jul 10, 2026
Merged

[stable34] Fix npm audit#933
kyteinsky merged 1 commit into
stable34from
automated/noid/stable34-fix-npm-audit

Conversation

@nextcloud-command

Copy link
Copy Markdown
Contributor

Audit report

This audit fix resolves 2 of the total 32 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@vitest/coverage-istanbul #

  • Caused by vulnerable dependency:
  • Affected versions: 4.0.0-beta.1 - 4.1.0-beta.6
  • Package usage:
    • node_modules/@vitest/coverage-istanbul

vitest #

  • When Vitest UI server is listening, arbitrary file can be read and executed
  • Severity: critical 🚨 (CVSS 9.8)
  • Reference: GHSA-5xrq-8626-4rwp
  • Affected versions: >=4.0.0 <4.1.0
  • Package usage:
    • node_modules/vitest

Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Jul 10, 2026
@kyteinsky kyteinsky merged commit 12d104c into stable34 Jul 10, 2026
53 checks passed
@kyteinsky kyteinsky deleted the automated/noid/stable34-fix-npm-audit branch July 10, 2026 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants