[stable28] Fix npm audit #4266

nextcloud-command · 2024-11-24T03:31:39Z

Audit report

This audit fix resolves 10 of the total 18 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/moment
@nextcloud/webpack-vue-config
@vue/component-compiler-utils
cross-spawn
postcss
vue-loader
vue-resize
vue-template-compiler

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/dialogs/node_modules/@nextcloud/files
- node_modules/@nextcloud/files

@nextcloud/moment #

Caused by vulnerable dependency:
- @nextcloud/l10n
- node-gettext
Affected versions: >=1.1.1
Package usage:
- node_modules/@nextcloud/moment

@nextcloud/webpack-vue-config #

Caused by vulnerable dependency:
Affected versions: *
Package usage:
- node_modules/@nextcloud/webpack-vue-config

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

cross-spawn #

Regular Expression Denial of Service (ReDoS) in cross-spawn
Severity: high (CVSS 7.5)
Reference: GHSA-3xgq-45jj-v275
Affected versions: 7.0.0 - 7.0.4
Package usage:
- node_modules/cross-spawn

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

Signed-off-by: GitHub <noreply@github.com>

fix(deps): Fix npm audit

e0b5ac5

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command added 3. to review Ready to be reviewed dependencies Pull requests that update a dependency file labels Nov 24, 2024

juliusknorr approved these changes Nov 25, 2024

View reviewed changes

juliusknorr merged commit d7f64dc into stable28 Nov 25, 2024
43 checks passed

juliusknorr deleted the automated/noid/stable28-fix-npm-audit branch November 25, 2024 07:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable28] Fix npm audit #4266

[stable28] Fix npm audit #4266

nextcloud-command commented Nov 24, 2024

[stable28] Fix npm audit #4266

[stable28] Fix npm audit #4266

Conversation

nextcloud-command commented Nov 24, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/moment #

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

cross-spawn #

postcss #

vue-loader #

vue-resize #

vue-template-compiler #