Skip to content

[master] Fix npm audit #1709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AndyScherzinger merged 2 commits into from
Aug 1, 2024
Merged

[master] Fix npm audit #1709

AndyScherzinger merged 2 commits into from
Aug 1, 2024

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Jun 16, 2024
edited
Loading

Audit report

This audit fix resolves 4 of the total 8 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@testing-library/vue #

@vue/test-utils #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.3.6
  • Package usage:
    • node_modules/@vue/test-utils

braces #

  • Uncontrolled resource consumption in braces
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-grv7-fg5c-xmjg
  • Affected versions: <3.0.3
  • Package usage:
    • node_modules/braces

vue-tsc #

  • Caused by vulnerable dependency:
  • Affected versions: 1.7.0-alpha.0 - 2.0.28
  • Package usage:
    • node_modules/vue-tsc

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Jun 16, 2024
@cypress
Copy link

cypress bot commented Jun 16, 2024
edited
Loading


Test summary

10 0 0 0Flakiness 3

Run details
Project Activity
Status Passed
Commit a36e0e5
Started Aug 1, 2024 9:04 AM
Ended Aug 1, 2024 9:09 AM
Duration 04:59 💡
OS Linux Ubuntu -
Browser Electron 118

View run in Cypress Cloud ➡️

Flakiness

cypress/e2e/sidebar.cy.ts Flakiness
1 Check activity listing in the sidebar > Has favorite activity
2 Check activity listing in the sidebar > Has tag activity
3 Check activity listing in the sidebar > Has comment activity

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Cloud

@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 148a877 to 09b6c45 Compare June 23, 2024 03:05
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from 57ce4b2 to 22d71c2 Compare July 7, 2024 03:09
@AndyScherzinger AndyScherzinger force-pushed the automated/noid/master-fix-npm-audit branch from 22d71c2 to 3b93b31 Compare July 9, 2024 15:59
@AndyScherzinger
Copy link
Member

AndyScherzinger commented Jul 9, 2024

/compile /

@AndyScherzinger AndyScherzinger force-pushed the automated/noid/master-fix-npm-audit branch from 0880a48 to 7e0c29c Compare July 11, 2024 13:55
@AndyScherzinger
Copy link
Member

AndyScherzinger commented Jul 11, 2024

/compile /

@susnux susnux force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from 77d0ab1 to 8131fb5 Compare July 11, 2024 17:56
@AndyScherzinger AndyScherzinger added this to the Nextcloud 30 milestone Jul 11, 2024
@susnux
Copy link
Contributor

susnux commented Jul 11, 2024

Sorry to mess with this PR but it seems Cypress was red for quite some time because of a missing wait, lets see if it works now.

@AndyScherzinger
Copy link
Member

AndyScherzinger commented Jul 11, 2024

I am totally fine with messing with PRs 👍

@susnux susnux force-pushed the automated/noid/master-fix-npm-audit branch 5 times, most recently from d836e25 to a4e9a7d Compare July 12, 2024 01:49
@susnux
Copy link
Contributor

susnux commented Jul 12, 2024

It is super annoying, I fixed the node tests, fine.
But Cypress is flaky as hell and also for couple of versions...

I nearly rewrote them completely but still flaky...

@susnux susnux force-pushed the automated/noid/master-fix-npm-audit branch from a4e9a7d to 7be6f37 Compare July 12, 2024 13:10
@AndyScherzinger
Copy link
Member

AndyScherzinger commented Jul 12, 2024
edited
Loading

@susnux if we basically know they are flaky and false-positives we can also force merge. It is of course nice to have it fixed but also not a current focus point for us.

@susnux susnux force-pushed the automated/noid/master-fix-npm-audit branch 3 times, most recently from cb400a4 to b5d3a1c Compare July 12, 2024 16:38
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from b5d3a1c to 0b57a7a Compare July 14, 2024 03:31
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 0b57a7a to 6850fad Compare July 21, 2024 03:13
@AndyScherzinger AndyScherzinger disabled auto-merge July 21, 2024 06:32
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 6850fad to 897a5b1 Compare July 28, 2024 03:23
@AndyScherzinger
Copy link
Member

AndyScherzinger commented Jul 28, 2024

/compile /

@AndyScherzinger AndyScherzinger requested a review from artonge July 28, 2024 10:14
@blizzz blizzz mentioned this pull request Jul 30, 2024
Merged
@AndyScherzinger AndyScherzinger force-pushed the automated/noid/master-fix-npm-audit branch from 246d28c to 2a8eb3e Compare August 1, 2024 08:41
@blizzz blizzz mentioned this pull request Aug 1, 2024
Merged
@AndyScherzinger AndyScherzinger merged commit 24665d2 into master Aug 1, 2024
@AndyScherzinger AndyScherzinger deleted the automated/noid/master-fix-npm-audit branch August 1, 2024 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@susnux susnux susnux approved these changes

@artonge artonge Awaiting requested review from artonge

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

Nextcloud 30

Development

Successfully merging this pull request may close these issues.

4 participants

@nextcloud-command @AndyScherzinger @susnux