Skip to content

[main] Fix npm audit#408

Merged
juliusknorr merged 1 commit into
mainfrom
automated/noid/main-fix-npm-audit
Jun 6, 2025
Merged

[main] Fix npm audit#408
juliusknorr merged 1 commit into
mainfrom
automated/noid/main-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Mar 16, 2025
edited
Loading

Audit report

This audit fix resolves 7 of the total 13 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
  • Affected versions: 4.2.0-beta.1 - 6.3.0
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/vite-config #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.5.6
  • Package usage:
    • node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vitejs/plugin-vue2

dockerode #

  • Caused by vulnerable dependency:
  • Affected versions: 3.0.0 - 4.0.4
  • Package usage:
    • node_modules/dockerode

tar-fs #

  • tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-pq67-2wwv-3xjx
  • Affected versions: 2.0.0 - 2.1.1
  • Package usage:
    • node_modules/tar-fs

vue #

  • ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
  • Severity: low (CVSS 3.7)
  • Reference: GHSA-5j4c-8p2g-v4jx
  • Affected versions: 2.0.0-alpha.1 - 2.7.16
  • Package usage:
    • node_modules/vue

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Mar 16, 2025
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from c4107f8 to 4d52119 Compare March 30, 2025 03:32
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 4d52119 to 1682f68 Compare April 6, 2025 03:40
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch 2 times, most recently from aca5753 to 417c2cb Compare April 20, 2025 03:39
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 417c2cb to f2470a4 Compare April 27, 2025 03:48
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch 2 times, most recently from 8bf52c6 to 683970c Compare May 11, 2025 03:43
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 683970c to 2c5d20d Compare May 18, 2025 03:41
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 2c5d20d to d7de882 Compare May 25, 2025 03:48
@nextcloud-command
fix(deps): Fix npm audit
b572598 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from d7de882 to b572598 Compare June 1, 2025 03:51
@juliusknorr juliusknorr merged commit f76b6de into main Jun 6, 2025
28 checks passed
@juliusknorr juliusknorr deleted the automated/noid/main-fix-npm-audit branch June 6, 2025 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliusknorr juliusknorr juliusknorr approved these changes

@hweihwang hweihwang Awaiting requested review from hweihwang hweihwang is a code owner

@grnd-alt grnd-alt Awaiting requested review from grnd-alt grnd-alt is a code owner

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @juliusknorr