Skip to content

chore[stable27] - audit dependencies #924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Antreesy merged 1 commit into from
Jul 10, 2023
Merged

chore[stable27] - audit dependencies #924

Antreesy merged 1 commit into from
Jul 10, 2023

Conversation

@Antreesy
Copy link
Collaborator

@Antreesy Antreesy commented Jul 7, 2023
edited
Loading

Smoke tested

4 moderate severity vulnerabilities are left from [email protected]. Same for [email protected], so nothing we could do until it's fixed upstream

Source:

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available

@Antreesy Antreesy added security dependencies Pull requests that update a dependency file javascript labels Jul 7, 2023
@Antreesy Antreesy added this to the Nextcloud 27.0.1 milestone Jul 7, 2023
@Antreesy Antreesy requested a review from icewind1991 July 7, 2023 10:12
@Antreesy Antreesy self-assigned this Jul 7, 2023
@Antreesy
Copy link
Collaborator Author

Antreesy commented Jul 7, 2023

/compile amend

@Antreesy @nextcloud-command
audit dependencies
3f466f3 
Signed-off-by: Maksim Sukharev <[email protected]>
Signed-off-by: nextcloud-command <[email protected]>
@nextcloud-command nextcloud-command force-pushed the chore/stable27/audit-dependencies branch from ec68bc1 to 3f466f3 Compare July 7, 2023 11:34
@blizzz blizzz mentioned this pull request Jul 10, 2023
Merged
@Antreesy Antreesy requested a review from skjnldsv July 10, 2023 20:01
@Antreesy Antreesy merged commit cab48c3 into stable27 Jul 10, 2023
@delete-merged-branch delete-merged-branch bot deleted the chore/stable27/audit-dependencies branch July 10, 2023 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Pytal Pytal Pytal approved these changes

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

Assignees

@Antreesy Antreesy

Labels

3. to review dependencies Pull requests that update a dependency file javascript security

Projects

None yet

Milestone

Nextcloud 27.0.1

Development

Successfully merging this pull request may close these issues.

4 participants

@Antreesy @Pytal @blizzz