Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

Release: merge development into beta#83

Merged
rubenvdlinde merged 3 commits into
betafrom
development
May 1, 2026
Merged

Release: merge development into beta#83
rubenvdlinde merged 3 commits into
betafrom
development

Conversation

@github-actions

@github-actions github-actions Bot commented May 1, 2026

Copy link
Copy Markdown
Contributor

Automated PR to sync development changes to beta for beta release.

Merging this PR will trigger the beta release workflow.

Reminder: Add a major, minor, or patch label to this PR to control the version bump. Default is patch.

github-actions Bot and others added 3 commits May 1, 2026 10:05
Co-authored-by: rubenvdlinde <4021899+rubenvdlinde@users.noreply.github.com>
#81)

Lockfile-only update via `npm audit fix` (no --force, no
package.json changes, no major bumps). Resolves every high-severity
npm vulnerability flagged on the development branch:

- fast-xml-parser CVE chain (incl. Dependabot alerts #52, #70):
  4.5.4 → 4.5.6 (entity-expansion bypass + comment/CDATA injection)
- lodash prototype pollution
- node-forge prototype pollution
- path-to-regexp ReDoS
- picomatch ReDoS

As a side effect npm chose @conduction/nextcloud-vue 0.1.0-beta.15
(was beta.3), picking up the 12 intervening upstream releases
including all the recent CnAppNav/CnAppRoot work. The Nc* re-export
issue blocking eslint is unaffected — that lands when nextcloud-vue
PR #102 ships and a new beta is published.

Remaining: 12 moderate + 32 low. All require major-version bumps
(@nextcloud/webpack-vue-config v7, vue-loader v17, @vue/test-utils v2
which is Vue-3-only and would break the app, etc.) — out of scope
for an audit-fix sweep, deserve dedicated PRs with build/test
verification.

Verified locally:
- `npm run build` succeeds (35 webpack warnings, same baseline as dev)
- `npm run lint` no new errors (the 32 Nc* `import/named` errors are
  pre-existing, fixed by nextcloud-vue PR #102)
- `npm audit` reports 0 high-severity vulnerabilities (was 6)
Co-authored-by: rubenvdlinde <4021899+rubenvdlinde@users.noreply.github.com>
@rubenvdlinde rubenvdlinde merged commit 3eb5da8 into beta May 1, 2026
28 of 36 checks passed
@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/mydash @ a075098

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ❌ 1/498 denied
PHPUnit ⏭️
Newman ⏭️
Playwright ⏭️

❌ Denied npm licenses

Package Version License
apexcharts 5.10.6 Custom: https://apexcharts.com/media/apexcharts-logo.png

Quality workflow — 2026-05-01 08:08 UTC

Download the full PDF report from the workflow artifacts.

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/mydash @ 6ab0488

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ❌ 1/498 denied
PHPUnit ⏭️
Newman ⏭️
Playwright ⏭️

❌ Denied npm licenses

Package Version License
apexcharts 5.10.6 Custom: https://apexcharts.com/media/apexcharts-logo.png

Quality workflow — 2026-05-01 08:09 UTC

Download the full PDF report from the workflow artifacts.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant