Skip to content

[stable30] Fix npm audit#4835

Merged
elzody merged 1 commit into
stable30from
automated/noid/stable30-fix-npm-audit
Jun 6, 2025
Merged

[stable30] Fix npm audit#4835
elzody merged 1 commit into
stable30from
automated/noid/stable30-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Jun 6, 2025

Audit report

This audit fix resolves 9 of the total 16 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
  • Affected versions: 4.2.0-beta.1 - 6.3.0
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

tar-fs #

  • tar-fs can extract outside the specified dir with a specific tarball
  • Severity: high
  • Reference: GHSA-8cj5-5rvv-wf4v
  • Affected versions: 2.0.0 - 2.1.2
  • Package usage:
    • node_modules/tar-fs

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

webpack-dev-server #

  • webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
  • Severity: moderate (CVSS 6.5)
  • Reference: GHSA-9jgg-88mc-972h
  • Affected versions: <=5.2.0
  • Package usage:
    • node_modules/webpack-dev-server

@nextcloud-command
fix(deps): Fix npm audit
3df7724 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command added 3. to review Ready to be reviewed dependencies Pull requests that update a dependency file labels Jun 6, 2025
@elzody
Copy link
Copy Markdown
Collaborator

elzody commented Jun 6, 2025

The Cypress failures would be fixed with #4831

@elzody elzody merged commit 50d32be into stable30 Jun 6, 2025
48 of 51 checks passed
@elzody elzody deleted the automated/noid/stable30-fix-npm-audit branch June 6, 2025 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elzody elzody elzody approved these changes

Assignees

No one assigned

Labels

3. to review Ready to be reviewed dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @elzody