Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore[stable27] - audit dependencies #924

Merged
merged 1 commit into from
Jul 10, 2023
Merged

chore[stable27] - audit dependencies #924

merged 1 commit into from
Jul 10, 2023

Conversation

Antreesy
Copy link
Collaborator

@Antreesy Antreesy commented Jul 7, 2023
edited
Loading

Smoke tested

4 moderate severity vulnerabilities are left from babel-loader@8.2.5. Same for babel-loader@9.1.2, so nothing we could do until it's fixed upstream

Source:

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available

@Antreesy Antreesy added security dependencies Pull requests that update a dependency file javascript labels Jul 7, 2023
@Antreesy Antreesy added this to the Nextcloud 27.0.1 milestone Jul 7, 2023
@Antreesy Antreesy requested a review from icewind1991 July 7, 2023 10:12
@Antreesy Antreesy self-assigned this Jul 7, 2023
@Antreesy
Copy link
Collaborator Author

Antreesy commented Jul 7, 2023

/compile amend

@Antreesy @nextcloud-command
audit dependencies
3f466f3 
Signed-off-by: Maksim Sukharev <antreesy.web@gmail.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
@nextcloud-command nextcloud-command force-pushed the chore/stable27/audit-dependencies branch from ec68bc1 to 3f466f3 Compare July 7, 2023 11:34
@blizzz blizzz mentioned this pull request Jul 10, 2023
Merged
@Antreesy Antreesy requested a review from skjnldsv July 10, 2023 20:01
@Antreesy Antreesy merged commit cab48c3 into stable27 Jul 10, 2023
@delete-merged-branch delete-merged-branch bot deleted the chore/stable27/audit-dependencies branch July 10, 2023 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pytal Pytal Pytal approved these changes

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

Assignees

@Antreesy Antreesy

Labels
3. to review dependencies Pull requests that update a dependency file javascript security
Projects
None yet
Milestone
Nextcloud 27.0.1
Development

Successfully merging this pull request may close these issues.
3 participants
@Antreesy @Pytal @blizzz