Skip to content

[main] Fix npm audit #928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
st3iny merged 1 commit into from
Feb 4, 2025
Merged

[main] Fix npm audit #928

st3iny merged 1 commit into from
Feb 4, 2025

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Nov 24, 2024
edited
Loading

Audit report

This audit fix resolves 7 of the total 7 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/vite-config #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.4.2 || 2.0.0 - 2.2.2
  • Package usage:
    • node_modules/@nextcloud/vite-config

@vue/language-core #

  • Caused by vulnerable dependency:
  • Affected versions: <=2.0.28
  • Package usage:
    • node_modules/@vue/language-core

cross-spawn #

  • Regular Expression Denial of Service (ReDoS) in cross-spawn
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-3xgq-45jj-v275
  • Affected versions: 7.0.0 - 7.0.4
  • Package usage:
    • node_modules/cross-spawn

nanoid #

  • Predictable results in nanoid generation when given non-integer values
  • Severity: moderate (CVSS 4.3)
  • Reference: GHSA-mwcw-c2x4-8c55
  • Affected versions: <3.3.8
  • Package usage:
    • node_modules/nanoid

vite-plugin-dts #

  • Caused by vulnerable dependency:
  • Affected versions: 3.0.0-beta.1 - 4.0.0-beta.2
  • Package usage:
    • node_modules/vite-plugin-dts

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

vue-tsc #

  • Caused by vulnerable dependency:
  • Affected versions: 1.7.0-alpha.0 - 2.0.28
  • Package usage:
    • node_modules/vue-tsc

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Nov 24, 2024
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 18bbb29 to 40336b6 Compare December 15, 2024 03:31
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 40336b6 to 80606e3 Compare January 5, 2025 03:06
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch 2 times, most recently from 5493ae7 to 0957839 Compare January 19, 2025 03:18
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 0957839 to c8b8bf8 Compare January 26, 2025 03:18
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from c8b8bf8 to cfdc175 Compare February 2, 2025 03:18
@st3iny st3iny merged commit ccff1c7 into main Feb 4, 2025
8 checks passed
@st3iny st3iny deleted the automated/noid/main-fix-npm-audit branch February 4, 2025 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@st3iny st3iny st3iny approved these changes

@hamza221 hamza221 Awaiting requested review from hamza221 hamza221 is a code owner

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @st3iny