[main] Fix npm audit #1286

nextcloud-command · 2024-08-11T03:10:54Z

Audit report

This audit fix resolves 10 of the total 12 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/vue
@vue/component-compiler-utils
browserify-sign
create-ecdh
crypto-browserify
elliptic
node-polyfill-webpack-plugin
postcss
vue-loader

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
- @nextcloud/vue
Affected versions: 4.2.0-beta.1 - 4.2.7
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/vue #

Caused by vulnerable dependency:
- node-polyfill-webpack-plugin
Affected versions: 7.6.1 - 8.3.0
Package usage:
- node_modules/@nextcloud/dialogs/node_modules/@nextcloud/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

browserify-sign #

Caused by vulnerable dependency:
- elliptic
Affected versions: >=3.0.2
Package usage:
- node_modules/browserify-sign

create-ecdh #

Caused by vulnerable dependency:
- elliptic
Affected versions: >=2.0.1
Package usage:
- node_modules/create-ecdh

crypto-browserify #

Caused by vulnerable dependency:
- browserify-sign
- create-ecdh
Affected versions: >=3.11.0
Package usage:
- node_modules/crypto-browserify

elliptic #

Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Severity: low (CVSS 5.3)
Reference: GHSA-977x-g7h5-7qgw
Affected versions: >=2.0.0
Package usage:
- node_modules/elliptic

node-polyfill-webpack-plugin #

Caused by vulnerable dependency:
- crypto-browserify
Affected versions: *
Package usage:
- node_modules/@nextcloud/dialogs/node_modules/node-polyfill-webpack-plugin
- node_modules/node-polyfill-webpack-plugin

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

Signed-off-by: GitHub <noreply@github.com>

fix(deps): Fix npm audit

1be2514

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Aug 11, 2024

juliushaertl approved these changes Aug 12, 2024

View reviewed changes

juliushaertl merged commit b17135e into main Aug 12, 2024
47 checks passed

juliushaertl deleted the automated/noid/main-fix-npm-audit branch August 12, 2024 06:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[main] Fix npm audit #1286

[main] Fix npm audit #1286

nextcloud-command commented Aug 11, 2024

[main] Fix npm audit #1286

[main] Fix npm audit #1286

Conversation

nextcloud-command commented Aug 11, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/vue #

@vue/component-compiler-utils #

browserify-sign #

create-ecdh #

crypto-browserify #

elliptic #

node-polyfill-webpack-plugin #

postcss #

vue-loader #