Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#47699] - [6.1] npm audit fix 2026-04-27

Pending

User tests: Successful: Unsuccessful:

avatar tecpromotion
tecpromotion
27 Apr 2026
  • I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.

Summary of Changes

This pull request (PR) fixes 1 moderate severity security vulnerability in indirect NPM dependencies reported by npm audit by using npm audit fix.

Testing Instructions

.

Actual result BEFORE applying this Pull Request

# npm audit report

postcss  <8.5.10
Severity: moderate
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output - https://github.com/advisories/GHSA-qx2v-qp2m-jg93
fix available via `npm audit fix`
node_modules/postcss

uuid  <14.0.0
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install cypress@4.2.0, which is a breaking change
node_modules/uuid
  @cypress/request  *
  Depends on vulnerable versions of uuid
  node_modules/@cypress/request
    cypress  >=4.3.0
    Depends on vulnerable versions of @cypress/request
    node_modules/cypress
      joomla-cypress  >=1.1.0
      Depends on vulnerable versions of cypress
      node_modules/joomla-cypress

5 moderate severity vulnerabilities

Expected result AFTER applying this Pull Request

# npm audit report

uuid  <14.0.0
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install cypress@4.2.0, which is a breaking change
node_modules/uuid
  @cypress/request  *
  Depends on vulnerable versions of uuid
  node_modules/@cypress/request
    cypress  >=4.3.0
    Depends on vulnerable versions of @cypress/request
    node_modules/cypress
      joomla-cypress  >=1.1.0
      Depends on vulnerable versions of cypress
      node_modules/joomla-cypress

4 moderate severity vulnerabilities

Link to documentations

Please select:

  • Documentation link for guide.joomla.org:

  • No documentation changes for guide.joomla.org needed

  • Pull Request link for manual.joomla.org:

  • No documentation changes for manual.joomla.org needed

avatar tecpromotion tecpromotion - open - 27 Apr 2026
avatar tecpromotion tecpromotion - change - 27 Apr 2026
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 27 Apr 2026
Category NPM Change

Add a Comment

Login with GitHub to post a comment