Skip to content

[Snyk] Upgrade @nextcloud/auth from 2.4.0 to 2.5.2 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @nextcloud/auth from 2.4.0 to 2.5.2 #6

wants to merge 1 commit into from

Conversation

@lorenzorasmussen
Copy link
Owner

@lorenzorasmussen lorenzorasmussen commented Oct 26, 2025

snyk-top-banner

Snyk has created this PR to upgrade @nextcloud/auth from 2.4.0 to 2.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 3 versions ahead of your current version.

  • The recommended version was released 4 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-12613773		 452 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9292519		 452 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9403194		 452 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504		 452 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 452 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 452 Proof of Concept
low severity Cross-site Scripting (XSS)
SNYK-JS-DOMPURIFY-8722251		 452 Proof of Concept
critical severity Predictable Value Range from Previous Values
SNYK-JS-FORMDATA-10841150		 452 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-NODEGETTEXT-6100943		 452 Proof of Concept
critical severity Generation of Predictable Numbers or Identifiers
SNYK-JS-PBKDF2-10495496		 452 Proof of Concept
critical severity Generation of Predictable Numbers or Identifiers
SNYK-JS-PBKDF2-10495498		 452 No Known Exploit
critical severity Function Call With Incorrect Argument Type
SNYK-JS-SHAJS-12089400		 452 Proof of Concept
Release notes
Package name: @nextcloud/auth
  • 2.5.2 - 2025-07-07

    2.5.2 - 2025-07-07

    Fixed

    • fix(files_sharing): fallback self.crypto.randomUUID by @ skjnldsv in #822

    Changed

    • chore(deps-dev): Bump happy-dom from 17.4.6 to 17.4.7 in #805
    • chore(deps-dev): Bump @ vitest/coverage-v8 from 3.1.3 to 3.1.4 in #808
    • chore(deps-dev): Bump typedoc from 0.28.4 to 0.28.5 in #810
    • chore: fix date in CHANGELOG.md by @ nickvergessen in #807
    • chore(deps-dev): Bump happy-dom from 17.4.7 to 17.5.6 in #812
    • chore(deps-dev): Bump happy-dom from 17.5.6 to 17.6.3 in #814
    • chore(deps-dev): Bump @ vitest/coverage-v8 from 3.1.4 to 3.2.2 in #815
    • chore(deps-dev): Bump @ vitest/coverage-v8 from 3.2.2 to 3.2.3 in #816
    • chore(deps-dev): Bump eslint from 8.57.1 to 9.29.0 in #817
    • chore(deps-dev): Bump happy-dom from 17.6.3 to 18.0.1 in #819
    • chore(deps-dev): Bump @ vitest/coverage-v8 from 3.2.3 to 3.2.4 in #820
    • chore: update supported node versions by @ susnux in #823
  • 2.5.1 - 2025-05-13

    2.5.1 - 2025-08-123

    Fixed

  • 2.5.0 - 2025-05-12

    2.5.0 - 2025-05-12

    Added

    Fixed

    • fix: returns NextcloudUser instead of GuestUser by @ skjnldsv in #799

    Changed

    • chore: Update workflows by @ susnux in #678
    • chore(deps-dev): Bump @ nextcloud/eslint-config from 8.4.1 to 8.4.2 by @ dependabot
    • chore(deps-dev): Bump @ nextcloud/vite-config from 2.2.2 to 2.3.5 by @ dependabot
    • chore(deps-dev): Bump @ vitest/coverage-v8 from 2.0.5 to 2.1.8 by @ dependabot
    • chore(deps-dev): Bump elliptic from 6.5.5 to 6.6.0 by @ dependabot
    • chore(deps-dev): Bump eslint from 8.57.0 to 8.57.1 by @ dependabot
    • chore(deps-dev): Bump happy-dom from 14.12.3 to 17.4.4 by @ dependabot
    • chore(deps-dev): Bump typedoc from 0.26.10 to 0.28.4 by @ dependabot
    • chore(deps-dev): Bump typescript from 5.5.4 to 5.8.3 by @ dependabot
    • chore(deps-dev): Bump vite from 5.4.0 to 5.4.10 by @ dependabot
    • chore(deps): Bump @ nextcloud/event-bus from 3.3.1 to 3.3.2 by @ dependabot
    • chore(deps): Bump rollup from 4.21.0 to 4.22.4 by @ dependabot

    Full Changelog: v2.4.0...v2.5.0

  • 2.4.0 - 2024-08-13

    What's Changed

    New Contributors

    Full Changelog: v2.3.0...v2.4.0

from @nextcloud/auth GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @nextcloud/auth from 2.4.0 to 2.5.2
39ae7c2 
Snyk has created this PR to upgrade @nextcloud/auth from 2.4.0 to 2.5.2.

See this package in npm:
@nextcloud/auth

See this project in Snyk:
https://app.snyk.io/org/lorenzo.rasmussen/project/ed5bd8a4-9e28-46eb-b252-abb2e781ee0e?utm_source=github&utm_medium=referral&page=upgrade-pr
@lorenzorasmussen
Copy link
Owner Author

lorenzorasmussen commented Oct 26, 2025

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lorenzorasmussen @snyk-bot