[stable29] Fix npm audit #4978

nextcloud-command · 2025-08-31T03:12:31Z

Audit report

This audit fix resolves 9 of the total 16 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/l10n
@nextcloud/webpack-vue-config
@vue/component-compiler-utils
node-gettext
postcss
vue-loader
vue-resize
vue-template-compiler

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: 4.2.0-beta.1 - 6.3.1
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: 1.1.0 - 3.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/webpack-vue-config #

Caused by vulnerable dependency:
Affected versions: <=6.2.0
Package usage:
- node_modules/@nextcloud/webpack-vue-config

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: high (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

Signed-off-by: GitHub <noreply@github.com>

fix(deps): Fix npm audit

0528244

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command added 3. to review Ready to be reviewed dependencies Pull requests that update a dependency file labels Aug 31, 2025

elzody approved these changes Sep 1, 2025

View reviewed changes

elzody merged commit 7b3b2f5 into stable29 Sep 1, 2025
44 checks passed

elzody deleted the automated/noid/stable29-fix-npm-audit branch September 1, 2025 20:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[stable29] Fix npm audit #4978

[stable29] Fix npm audit #4978

Uh oh!

nextcloud-command commented Aug 31, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[stable29] Fix npm audit #4978

[stable29] Fix npm audit #4978

Uh oh!

Conversation

nextcloud-command commented Aug 31, 2025

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/l10n #

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

node-gettext #

postcss #

vue-loader #

vue-resize #

vue-template-compiler #

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants