[#47699] - [6.1] npm audit fix 2026-04-27
- Fixed in Code Base
- 12 May 2026
- Medium
- Build: 6.1-dev
- # 47699
- Diff
- tecpromotion:6.1/maint/npm-audit-fix-260426
User tests: Successful: Unsuccessful:
- I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.
Summary of Changes
This pull request (PR) fixes 1 moderate severity security vulnerability in indirect NPM dependencies reported by npm audit by using npm audit fix.
Testing Instructions
.
Actual result BEFORE applying this Pull Request
# npm audit report
postcss <8.5.10
Severity: moderate
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output - https://github.com/advisories/GHSA-qx2v-qp2m-jg93
fix available via `npm audit fix`
node_modules/postcss
uuid <14.0.0
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install cypress@4.2.0, which is a breaking change
node_modules/uuid
@cypress/request *
Depends on vulnerable versions of uuid
node_modules/@cypress/request
cypress >=4.3.0
Depends on vulnerable versions of @cypress/request
node_modules/cypress
joomla-cypress >=1.1.0
Depends on vulnerable versions of cypress
node_modules/joomla-cypress
5 moderate severity vulnerabilities
Expected result AFTER applying this Pull Request
# npm audit report
uuid <14.0.0
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install cypress@4.2.0, which is a breaking change
node_modules/uuid
@cypress/request *
Depends on vulnerable versions of uuid
node_modules/@cypress/request
cypress >=4.3.0
Depends on vulnerable versions of @cypress/request
node_modules/cypress
joomla-cypress >=1.1.0
Depends on vulnerable versions of cypress
node_modules/joomla-cypress
4 moderate severity vulnerabilities
Link to documentations
Please select:
-
Documentation link for guide.joomla.org:
-
No documentation changes for guide.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | NPM Change |
I have tested this item ✅ successfully on 23b7833
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47699.
I have tested this item ✅ successfully on 23b7833
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47699.
I have tested this item ✅ successfully on 23b7833
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47699.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47699.
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47699.
@tecpromotion There are new fixes available meanwhile, so either you update this PR, or if it gets merged I can make a follow-up PR.
There are new fixes available meanwhile, so either you update this PR, or if it gets merged I can make a follow-up PR.
I'll take care of that for the 6.1-dev branch. Thank you very much.
| Labels |
Added:
RTC
NPM Resource Changed
PR-6.1-dev
|
||
HLeithner
- | Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2026-05-12 06:51:14 |
| Closed_By | ⇒ | HLeithner |
I have tested this item ✅ successfully on 23b7833
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47699.