[stable30] Fix npm audit #742

nextcloud-command · 2024-09-01T03:27:10Z

Audit report

This audit fix resolves 9 of the total 10 vulnerabilities found in your project.

Updated dependencies

@vue/component-compiler-utils
babel-plugin-transform-es2015-modules-commonjs
babel-template
babel-traverse
postcss
vue-jest
vue-loader
vue-template-compiler
webpack

Fixed vulnerabilities

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

babel-plugin-transform-es2015-modules-commonjs #

Caused by vulnerable dependency:
- babel-template
Affected versions: <=7.0.0-beta.0
Package usage:
- node_modules/babel-plugin-transform-es2015-modules-commonjs

babel-template #

Caused by vulnerable dependency:
- babel-traverse
Affected versions: *
Package usage:
- node_modules/babel-template

babel-traverse #

Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Severity: critical 🚨 (CVSS 9.4)
Reference: GHSA-67hx-6x53-jw92
Affected versions: *
Package usage:
- node_modules/babel-traverse

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-jest #

Caused by vulnerable dependency:
- babel-plugin-transform-es2015-modules-commonjs
- vue-template-compiler
Affected versions: 1.0.0 - 4.0.1
Package usage:
- node_modules/vue-jest

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

webpack #

Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
Severity: moderate (CVSS 6.4)
Reference: GHSA-4vvj-4cpr-p986
Affected versions: <5.94.0
Package usage:
- node_modules/webpack

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

74f0160

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Waiting for reviews dependencies labels Sep 1, 2024

artonge approved these changes Sep 2, 2024

View reviewed changes

artonge merged commit 5af06c5 into stable30 Sep 2, 2024
38 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable30] Fix npm audit #742

[stable30] Fix npm audit #742

nextcloud-command commented Sep 1, 2024

[stable30] Fix npm audit #742

[stable30] Fix npm audit #742

Conversation

nextcloud-command commented Sep 1, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@vue/component-compiler-utils #

babel-plugin-transform-es2015-modules-commonjs #

babel-template #

babel-traverse #

postcss #

vue-jest #

vue-loader #

vue-template-compiler #

webpack #