Skip to content

[main] Fix npm audit#2493

Merged
AndyScherzinger merged 1 commit intomainfrom
automated/noid/main-fix-npm-audit
Apr 19, 2026
Merged

[main] Fix npm audit#2493
AndyScherzinger merged 1 commit intomainfrom
automated/noid/main-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Apr 19, 2026

Audit report

This audit fix resolves 1 of the total 22 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

dompurify #

  • DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation
  • Severity: moderate
  • Reference: GHSA-39q2-94rc-95cp
  • Affected versions: <=3.3.3
  • Package usage:
    • node_modules/dompurify

@nextcloud-command
build(deps): Fix npm audit
2375196 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Apr 19, 2026
@AndyScherzinger AndyScherzinger merged commit 34557fc into main Apr 19, 2026
56 of 58 checks passed
@AndyScherzinger AndyScherzinger deleted the automated/noid/main-fix-npm-audit branch April 19, 2026 13:48
@AndyScherzinger AndyScherzinger added this to the v2.1.0 milestone Apr 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@enjeck enjeck Awaiting requested review from enjeck enjeck is a code owner

@blizzz blizzz Awaiting requested review from blizzz blizzz is a code owner

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

v2.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @AndyScherzinger