Skip to content

[stable29] Fix npm audit#6448

Merged
luka-nextcloud merged 1 commit intostable29from
automated/noid/stable29-fix-npm-audit
Nov 7, 2024
Merged

[stable29] Fix npm audit#6448
luka-nextcloud merged 1 commit intostable29from
automated/noid/stable29-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Oct 27, 2024
edited
Loading

Audit report

This audit fix resolves 14 of the total 27 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.0
  • Package usage:
    • node_modules/@nextcloud/files

@nextcloud/moment #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.1
  • Package usage:
    • node_modules/@nextcloud/moment

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

elliptic #

  • Valid ECDSA signatures erroneously rejected in Elliptic
  • Severity: low
  • Reference: GHSA-fc9h-whq2-v747
  • Affected versions: <6.6.0
  • Package usage:
    • node_modules/elliptic

http-proxy-middleware #

  • Denial of service in http-proxy-middleware
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-c7qv-q95q-8v27
  • Affected versions: <2.0.7
  • Package usage:
    • node_modules/http-proxy-middleware

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-at #

  • Caused by vulnerable dependency:
  • Affected versions: 0.0.0 || 2.0.0 - 2.5.1
  • Package usage:
    • node_modules/vue-at

vue-infinite-loading #

  • Caused by vulnerable dependency:
  • Affected versions: 2.0.0-rc.1 - 2.4.5
  • Package usage:
    • node_modules/vue-infinite-loading

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/floating-vue/node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

vuex #

  • Caused by vulnerable dependency:
  • Affected versions: 3.1.3 - 3.6.2
  • Package usage:
    • node_modules/vuex

@nextcloud-command
fix(deps): Fix npm audit
7ade15b 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable29-fix-npm-audit branch from c487f3f to 7ade15b Compare November 3, 2024 03:27
@luka-nextcloud luka-nextcloud merged commit 095b065 into stable29 Nov 7, 2024
@luka-nextcloud luka-nextcloud deleted the automated/noid/stable29-fix-npm-audit branch November 7, 2024 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luka-nextcloud luka-nextcloud luka-nextcloud approved these changes

Assignees

No one assigned

Labels

3. to review dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @luka-nextcloud