Skip to content

[stable0.8] Fix npm audit#1514

Merged
enjeck merged 7 commits intostable0.8from
automated/noid/stable0.8-fix-npm-audit
Feb 1, 2025
Merged

[stable0.8] Fix npm audit#1514
enjeck merged 7 commits intostable0.8from
automated/noid/stable0.8-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Dec 22, 2024

Audit report

This audit fix resolves 10 of the total 20 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.0
  • Package usage:
    • node_modules/@nextcloud/files

@nextcloud/moment #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.1
  • Package usage:
    • node_modules/@nextcloud/moment

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

vuex #

  • Caused by vulnerable dependency:
  • Affected versions: 3.1.3 - 3.6.2
  • Package usage:
    • node_modules/vuex

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Dec 22, 2024
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable0.8-fix-npm-audit branch from 061731c to dbb30b2 Compare December 29, 2024 03:14
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable0.8-fix-npm-audit branch 2 times, most recently from c84b38d to 7c2377d Compare January 19, 2025 03:18
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable0.8-fix-npm-audit branch from 7c2377d to d4315ac Compare January 26, 2025 03:17
@enjeck enjeck force-pushed the automated/noid/stable0.8-fix-npm-audit branch from d4315ac to 6c529b3 Compare January 31, 2025 02:00
@nextcloud-command @enjeck
fix(deps): Fix npm audit
f509178 
Signed-off-by: GitHub <noreply@github.com>
@enjeck enjeck force-pushed the automated/noid/stable0.8-fix-npm-audit branch from 6c529b3 to f509178 Compare January 31, 2025 13:09
enjeck and others added 3 commits January 31, 2025 18:19
@enjeck
enh(Cypress): improve some selectors
d6bf912 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
@enjeck
enh(Cypress): rename tables share test description
5b8f6a5 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
@enjeck
Merge pull request #1573 from nextcloud/backport/1572/stable0.8
022d203 
[stable0.8] enh(Cypress): improve some selectors
@enjeck enjeck self-requested a review January 31, 2025 18:36
@enjeck
fix: lint
d47b8cf 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
enjeck added 2 commits February 1, 2025 05:49
@enjeck
fix(Cypress): add data-cy attribute to ShareForm
4cbeb96 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
@enjeck
build(NC): bump max compatible NC version
fac3d7d 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
@enjeck enjeck requested a review from blizzz as a code owner February 1, 2025 05:50
@enjeck enjeck merged commit 54a0a91 into stable0.8 Feb 1, 2025
61 checks passed
@enjeck enjeck deleted the automated/noid/stable0.8-fix-npm-audit branch February 1, 2025 06:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliusknorr juliusknorr juliusknorr approved these changes

@enjeck enjeck Awaiting requested review from enjeck enjeck is a code owner

@blizzz blizzz Awaiting requested review from blizzz blizzz is a code owner

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nextcloud-command @juliusknorr @enjeck