Skip to content

[stable29] Fix npm audit#6410

Merged
luka-nextcloud merged 1 commit intostable29from
automated/noid/stable29-fix-npm-audit
Oct 25, 2024
Merged

[stable29] Fix npm audit#6410
luka-nextcloud merged 1 commit intostable29from
automated/noid/stable29-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Oct 13, 2024
edited
Loading

Audit report

This audit fix resolves 12 of the total 22 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.0
  • Package usage:
    • node_modules/@nextcloud/files

@nextcloud/l10n #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.0
  • Package usage:
    • node_modules/@nextcloud/dialogs/node_modules/@nextcloud/l10n
    • node_modules/@nextcloud/files/node_modules/@nextcloud/l10n
    • node_modules/@nextcloud/l10n
    • node_modules/@nextcloud/vue/node_modules/@nextcloud/l10n

@nextcloud/moment #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.1
  • Package usage:
    • node_modules/@nextcloud/moment

@nextcloud/vue #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.4.0
  • Package usage:
    • node_modules/@nextcloud/vue

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

cookie #

  • cookie accepts cookie name, path, and domain with out of bounds characters
  • Severity: low
  • Reference: GHSA-pxg6-pf52-xh8x
  • Affected versions: <0.7.0
  • Package usage:
    • node_modules/cookie

express #

  • Caused by vulnerable dependency:
  • Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
  • Package usage:
    • node_modules/express

nextcloud-vue-collections #

  • Caused by vulnerable dependency:
  • Affected versions: >=0.8.0
  • Package usage:
    • node_modules/nextcloud-vue-collections

node-gettext #

  • node-gettext vulnerable to Prototype Pollution
  • Severity: moderate (CVSS 5.9)
  • Reference: GHSA-g974-hxvm-x689
  • Affected versions: *
  • Package usage:
    • node_modules/node-gettext

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

@nextcloud-command
fix(deps): Fix npm audit
8f95287 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable29-fix-npm-audit branch from a7dc0f2 to 8f95287 Compare October 20, 2024 03:24
@luka-nextcloud luka-nextcloud merged commit a6b4145 into stable29 Oct 25, 2024
@luka-nextcloud luka-nextcloud deleted the automated/noid/stable29-fix-npm-audit branch October 25, 2024 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luka-nextcloud luka-nextcloud luka-nextcloud approved these changes

Assignees

No one assigned

Labels

3. to review dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @luka-nextcloud