Skip to content

[stable30] Fix npm audit#6887

Merged
elzody merged 1 commit intostable30from
automated/noid/stable30-fix-npm-audit
Apr 11, 2025
Merged

[stable30] Fix npm audit#6887
elzody merged 1 commit intostable30from
automated/noid/stable30-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Apr 6, 2025

Audit report

This audit fix resolves 15 of the total 26 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
  • Affected versions: >=4.2.0-beta.1
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/l10n #

  • Caused by vulnerable dependency:
  • Affected versions: 1.1.0 - 3.1.0
  • Package usage:
    • node_modules/@nextcloud/moment/node_modules/@nextcloud/l10n

@nextcloud/moment #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.1
  • Package usage:
    • node_modules/@nextcloud/moment

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

dockerode #

  • Caused by vulnerable dependency:
  • Affected versions: 3.0.0 - 4.0.4
  • Package usage:
    • node_modules/dockerode

node-gettext #

  • node-gettext vulnerable to Prototype Pollution
  • Severity: high (CVSS 5.9)
  • Reference: GHSA-g974-hxvm-x689
  • Affected versions: *
  • Package usage:
    • node_modules/node-gettext

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

tar-fs #

  • tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
  • Severity: high (CVSS 7.5)
  • Reference: GHSA-pq67-2wwv-3xjx
  • Affected versions: 2.0.0 - 2.1.1
  • Package usage:
    • node_modules/tar-fs

vue-at #

  • Caused by vulnerable dependency:
  • Affected versions: 0.0.0 || 2.0.0 - 2.5.1
  • Package usage:
    • node_modules/vue-at

vue-infinite-loading #

  • Caused by vulnerable dependency:
  • Affected versions: 2.0.0-rc.1 - 2.4.5
  • Package usage:
    • node_modules/vue-infinite-loading

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

vuex #

  • Caused by vulnerable dependency:
  • Affected versions: 3.1.3 - 3.6.2
  • Package usage:
    • node_modules/vuex

@nextcloud-command
fix(deps): Fix npm audit
021e9e3 
Signed-off-by: GitHub <noreply@github.com>
@elzody elzody merged commit a6b2d20 into stable30 Apr 11, 2025
30 checks passed
@elzody elzody deleted the automated/noid/stable30-fix-npm-audit branch April 11, 2025 20:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elzody elzody elzody approved these changes

Assignees

No one assigned

Labels

3. to review dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @elzody