[stable30] Fix npm audit #4192

nextcloud-command · 2024-11-03T03:32:32Z

Audit report

This audit fix resolves 11 of the total 20 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/moment
@nextcloud/webpack-vue-config
@vue/component-compiler-utils
elliptic
http-proxy-middleware
postcss
vue-loader
vue-resize
vue-template-compiler

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/moment #

Caused by vulnerable dependency:
- @nextcloud/l10n
- node-gettext
Affected versions: >=1.1.1
Package usage:
- node_modules/@nextcloud/moment

@nextcloud/webpack-vue-config #

Caused by vulnerable dependency:
Affected versions: *
Package usage:
- node_modules/@nextcloud/webpack-vue-config

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

elliptic #

Valid ECDSA signatures erroneously rejected in Elliptic
Severity: low
Reference: GHSA-fc9h-whq2-v747
Affected versions: <6.6.0
Package usage:
- node_modules/elliptic

http-proxy-middleware #

Denial of service in http-proxy-middleware
Severity: high (CVSS 7.5)
Reference: GHSA-c7qv-q95q-8v27
Affected versions: <2.0.7
Package usage:
- node_modules/http-proxy-middleware

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

c28dc50

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Ready to be reviewed dependencies Pull requests that update a dependency file labels Nov 3, 2024

juliusknorr approved these changes Nov 5, 2024

View reviewed changes

juliusknorr merged commit b1ab603 into stable30 Nov 5, 2024
52 checks passed

juliusknorr deleted the automated/noid/stable30-fix-npm-audit branch November 5, 2024 07:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable30] Fix npm audit #4192

[stable30] Fix npm audit #4192

nextcloud-command commented Nov 3, 2024

[stable30] Fix npm audit #4192

[stable30] Fix npm audit #4192

Conversation

nextcloud-command commented Nov 3, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/moment #

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

elliptic #

http-proxy-middleware #

postcss #

vue-loader #

vue-resize #

vue-template-compiler #