[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	416/1000 Why? Recently disclosed, Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nextcloud/axios

The new version differs by 193 commits.

• edd535c 1.4.0
• 2ba50da Update changelog
• e7c71a3 Merge pull request fix references to ownCloud in the federations app nextcloud/server#166 from nextcloud/dependabot/npm_and_yarn/axios-0.20.0
• f6282df Bump axios from 0.19.2 to 0.20.0
• b01a44e Merge pull request New Created Users can NOT ACCESS shared & system example files after upgrade OC902 to NC905 nextcloud/server#169 from nextcloud/dependabot/npm_and_yarn/typedoc-0.19.0
• 6bab8a1 Merge pull request no need to mention ownCloud explicitely in the versions and trash bin app nextcloud/server#168 from nextcloud/dependabot/npm_and_yarn/jest-26.4.2
• 55508e3 Bump typedoc from 0.18.0 to 0.19.0
• c46a9c1 Bump jest from 26.4.1 to 26.4.2
• 54adc76 Merge pull request Feature request: Select multiple files in one go nextcloud/server#167 from nextcloud/dependabot/npm_and_yarn/jest-26.4.1
• 1a8aa61 Merge pull request fix references to ownCloud in the federated files sharing app nextcloud/server#165 from nextcloud/dependabot/npm_and_yarn/babel/core-7.11.4
• 4cea046 Bump jest from 26.4.0 to 26.4.1
• 0e59ef1 Merge pull request don't try to log the currently logged in user, this fails on cronjobs… nextcloud/server#164 from nextcloud/dependabot/npm_and_yarn/typescript-4.0.2
• d35372f Bump @ babel/core from 7.11.1 to 7.11.4
• 0716020 Bump typescript from 3.9.7 to 4.0.2
• 57ce421 Merge pull request make loading spinner thicker and color lighter nextcloud/server#163 from nextcloud/dependabot/npm_and_yarn/babel-jest-26.3.0
• a812c63 Bump babel-jest from 26.2.2 to 26.3.0
• 6602291 Merge pull request Fix references nextcloud/server#162 from nextcloud/dependabot/npm_and_yarn/jest-26.4.0
• e642ce4 Bump jest from 26.2.2 to 26.4.0
• 6e27e6e Merge pull request [stable9] fix translations nextcloud/server#161 from nextcloud/dependabot/npm_and_yarn/typedoc-0.18.0
• 0dc919d Bump typedoc from 0.17.8 to 0.18.0
• 9be8f02 Merge pull request rename owncloud to nextcloud in Official apps button popup nextcloud/server#160 from nextcloud/dependabot/npm_and_yarn/babel/core-7.11.1
• 622109a Bump @ babel/core from 7.11.0 to 7.11.1
• 9ab4a6a Merge pull request Remove obsolete contacts_cards_properties table nextcloud/server#157 from nextcloud/dependabot/npm_and_yarn/jest-26.2.2
• f8368f7 Merge pull request [stable9] Reintroduce HackerOne into CONTRIBUTING.md nextcloud/server#159 from nextcloud/dependabot/npm_and_yarn/babel/core-7.11.0

See the full diff

Package name: nextcloud-vue-collections

The new version differs by 108 commits.

• 21b1a0a 0.7.2
• da4e82f 0.7.1
• ac40583 Merge pull request Improve FileTest nextcloud/server#351 from juliushaertl/dependabot/npm_and_yarn/eslint-plugin-import-2.20.1
• 6248969 Merge pull request fix check if the certificate bundle needs to be updated nextcloud/server#350 from juliushaertl/dependabot/npm_and_yarn/rollup-1.31.0
• 3cc60b1 Bump eslint-plugin-import from 2.20.0 to 2.20.1
• 66fb720 Bump rollup from 1.30.1 to 1.31.0
• 58f538a Merge pull request add groupOfUniqueNames as valid group object class nextcloud/server#349 from juliushaertl/dependabot/npm_and_yarn/babel/preset-env-7.8.4
• 36ca613 Merge pull request CI exclude ObjectStore tests on normal runs nextcloud/server#348 from juliushaertl/dependabot/npm_and_yarn/babel/core-7.8.4
• 7c21d3b Bump @ babel/preset-env from 7.8.3 to 7.8.4
• c2a82ca Bump @ babel/core from 7.8.3 to 7.8.4
• a668452 Merge pull request Theming: aspect ratio of logo nextcloud/server#344 from juliushaertl/dependabot/npm_and_yarn/nextcloud/vue-1.3.0
• 894dba5 Merge pull request Remove unneeded checks if it runs on a Windows machine nextcloud/server#347 from juliushaertl/dependabot/npm_and_yarn/stylelint-13.0.0
• cde5cbb Bump stylelint from 12.0.1 to 13.0.0
• 5d798f5 Merge pull request Copy Links at a mobile device nextcloud/server#346 from juliushaertl/dependabot/npm_and_yarn/stylelint-scss-3.14.2
• 1ce59c7 Bump stylelint-scss from 3.14.0 to 3.14.2
• 1ab45d9 Merge pull request Sanitize more config options and stack traces nextcloud/server#345 from juliushaertl/dependabot/npm_and_yarn/stylelint-config-recommended-scss-4.2.0
• 5706840 Bump stylelint-config-recommended-scss from 4.1.0 to 4.2.0
• 2e542f2 Bump @ nextcloud/vue from 1.2.8 to 1.3.0
• 7257fb9 Merge pull request Implement better encryption / Libsodium nextcloud/server#343 from juliushaertl/dependabot/npm_and_yarn/stylelint-scss-3.14.0
• 1fb973b Merge pull request [download with android] too many redirects nextcloud/server#342 from juliushaertl/dependabot/npm_and_yarn/nextcloud/vue-1.2.8
• bd5a991 Bump stylelint-scss from 3.13.0 to 3.14.0
• dfd0e80 Merge pull request Theming app: Change page title to configured name nextcloud/server#341 from juliushaertl/dependabot/npm_and_yarn/rollup-1.30.1
• 2f4fe00 Bump @ nextcloud/vue from 1.2.7 to 1.2.8
• 3207426 Bump rollup from 1.29.1 to 1.30.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[commit-lint]

Bug Fixes

• package.json & package-lock.json to reduce vulnerabilities (6674b50)

Contributors

snyk-bot

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR:

• @Commit-Lint merge patch will merge dependabot PR on "patch" versions (X.X.Y - Y change)
• @Commit-Lint merge minor will merge dependabot PR on "minor" versions (X.Y.Y - Y change)
• @Commit-Lint merge major will merge dependabot PR on "major" versions (Y.Y.Y - Y change)
• @Commit-Lint merge disable will desactivate merge dependabot PR
• @Commit-Lint review will approve dependabot PR
• @Commit-Lint stop review will stop approve dependabot PR