Skip to content

Release: merge development into beta#83

Merged
rubenvdlinde merged 3 commits intobetafrom
development
May 1, 2026
Merged

Release: merge development into beta#83
rubenvdlinde merged 3 commits intobetafrom
development

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented May 1, 2026

Automated PR to sync development changes to beta for beta release.

Merging this PR will trigger the beta release workflow.

Reminder: Add a major, minor, or patch label to this PR to control the version bump. Default is patch.

github-actions Bot and others added 3 commits May 1, 2026 10:05
@github-actions @rubenvdlinde
chore: update SBOM (#82)
3094bac 
Co-authored-by: rubenvdlinde <4021899+rubenvdlinde@users.noreply.github.com>
@rubenvdlinde
chore(deps): npm audit fix — clear all 6 high-severity vulnerabilities (
9062bfc 
#81)

Lockfile-only update via `npm audit fix` (no --force, no
package.json changes, no major bumps). Resolves every high-severity
npm vulnerability flagged on the development branch:

- fast-xml-parser CVE chain (incl. Dependabot alerts #52, #70):
  4.5.4 → 4.5.6 (entity-expansion bypass + comment/CDATA injection)
- lodash prototype pollution
- node-forge prototype pollution
- path-to-regexp ReDoS
- picomatch ReDoS

As a side effect npm chose @conduction/nextcloud-vue 0.1.0-beta.15
(was beta.3), picking up the 12 intervening upstream releases
including all the recent CnAppNav/CnAppRoot work. The Nc* re-export
issue blocking eslint is unaffected — that lands when nextcloud-vue
PR #102 ships and a new beta is published.

Remaining: 12 moderate + 32 low. All require major-version bumps
(@nextcloud/webpack-vue-config v7, vue-loader v17, @vue/test-utils v2
which is Vue-3-only and would break the app, etc.) — out of scope
for an audit-fix sweep, deserve dedicated PRs with build/test
verification.

Verified locally:
- `npm run build` succeeds (35 webpack warnings, same baseline as dev)
- `npm run lint` no new errors (the 32 Nc* `import/named` errors are
  pre-existing, fixed by nextcloud-vue PR #102)
- `npm audit` reports 0 high-severity vulnerabilities (was 6)
@github-actions @rubenvdlinde
chore: update SBOM (#84)
cef6922 
Co-authored-by: rubenvdlinde <4021899+rubenvdlinde@users.noreply.github.com>
@rubenvdlinde rubenvdlinde merged commit 3eb5da8 into beta May 1, 2026
28 of 36 checks passed
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented May 1, 2026

Quality Report — ConductionNL/mydash @ a075098

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ❌ 1/498 denied
PHPUnit ⏭️
Newman ⏭️
Playwright ⏭️

❌ Denied npm licenses

Package Version License
apexcharts 5.10.6 Custom: https://apexcharts.com/media/apexcharts-logo.png

Quality workflow — 2026-05-01 08:08 UTC

Download the full PDF report from the workflow artifacts.

@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented May 1, 2026

Quality Report — ConductionNL/mydash @ 6ab0488

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ❌ 1/498 denied
PHPUnit ⏭️
Newman ⏭️
Playwright ⏭️

❌ Denied npm licenses

Package Version License
apexcharts 5.10.6 Custom: https://apexcharts.com/media/apexcharts-logo.png

Quality workflow — 2026-05-01 08:09 UTC

Download the full PDF report from the workflow artifacts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rubenvdlinde