[stable30] Fix npm audit #4218

nextcloud-command · 2024-11-10T03:18:41Z

Audit report

This audit fix resolves 9 of the total 18 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/moment
@nextcloud/webpack-vue-config
@vue/component-compiler-utils
postcss
vue-loader
vue-resize
vue-template-compiler

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/moment #

Caused by vulnerable dependency:
- @nextcloud/l10n
- node-gettext
Affected versions: >=1.1.1
Package usage:
- node_modules/@nextcloud/moment

@nextcloud/webpack-vue-config #

Caused by vulnerable dependency:
Affected versions: *
Package usage:
- node_modules/@nextcloud/webpack-vue-config

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

be676d3

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Ready to be reviewed dependencies Pull requests that update a dependency file labels Nov 10, 2024

elzody approved these changes Nov 13, 2024

View reviewed changes

elzody merged commit 6db7f86 into stable30 Nov 13, 2024
52 checks passed

elzody deleted the automated/noid/stable30-fix-npm-audit branch November 13, 2024 00:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable30] Fix npm audit #4218

[stable30] Fix npm audit #4218

nextcloud-command commented Nov 10, 2024

[stable30] Fix npm audit #4218

[stable30] Fix npm audit #4218

Conversation

nextcloud-command commented Nov 10, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/moment #

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

postcss #

vue-loader #

vue-resize #

vue-template-compiler #