[stable33] Fix npm audit

[nextcloud-command]

Audit report

This audit fix resolves 1 of the total 23 vulnerabilities found in your project.

Updated dependencies

• @nextcloud/cypress

Fixed vulnerabilities

@nextcloud/cypress #

• Caused by vulnerable dependency:
  • cypress
• Affected versions:
• Package usage:
  • node_modules/@nextcloud/cypress

Full npm audit report

# npm audit report

elliptic  *
Elliptic Uses a Cryptographic Primitive with a Risky Implementation - https://github.com/advisories/GHSA-848j-6mx2-7j84
No fix available
node_modules/elliptic
  browserify-sign  >=2.4.0
  Depends on vulnerable versions of elliptic
  node_modules/browserify-sign
    crypto-browserify  >=3.4.0
    Depends on vulnerable versions of browserify-sign
    Depends on vulnerable versions of create-ecdh
    node_modules/crypto-browserify
      node-stdlib-browser  *
      Depends on vulnerable versions of crypto-browserify
      node_modules/node-stdlib-browser
        vite-plugin-node-polyfills  >=0.3.0
        Depends on vulnerable versions of node-stdlib-browser
        node_modules/vite-plugin-node-polyfills
          @nextcloud/vite-config  *
          Depends on vulnerable versions of vite-plugin-node-polyfills
          node_modules/@nextcloud/vite-config
  create-ecdh  *
  Depends on vulnerable versions of elliptic
  node_modules/create-ecdh

qs  6.11.1 - 6.15.1
Severity: moderate
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set - https://github.com/advisories/GHSA-q8mj-m7cp-5q26
fix available via `npm audit fix`
node_modules/qs
  @cypress/request  *
  Depends on vulnerable versions of qs
  Depends on vulnerable versions of uuid
  node_modules/@cypress/request
    cypress  4.3.0 - 15.14.2
    Depends on vulnerable versions of @cypress/request
    node_modules/cypress
      @nextcloud/cypress  
      Depends on vulnerable versions of cypress
      node_modules/@nextcloud/cypress

uuid  <11.1.1
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install dockerode@5.0.0, which is a breaking change
node_modules/dockerode/node_modules/uuid
node_modules/uuid
  dockerode  4.0.3 - 4.0.12
  Depends on vulnerable versions of uuid
  node_modules/dockerode

13 vulnerabilities (7 low, 6 moderate)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Node.js: v24.16.0 | npm: 11.15.0 | Branch: stable33

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[cypress]

Activity    Run #3835

Run Properties:   Failed #3835  •  8e762d68a1: [stable33] Fix npm audit

Project	Activity
Branch Review	automated/noid/stable33-fix-npm-audit
Run status	Failed #3835
Run duration	02m 21s
Commit	8e762d68a1: [stable33] Fix npm audit
Committer	Nextcloud Command Bot
View all properties for this run ↗︎

---

Test results
Failures	1
Flaky	0
Pending	1
Skipped	0
Passing	8
View all changes introduced in this branch ↗︎

---

Tests for review

  cypress/e2e/sidebar.cy.ts • 1 failed test • Run E2E

View Output

Test		Artifacts
Check activity listing in the sidebar > Has favorite activity		Test Replay Screenshots