[stable30] Fix npm audit #3322

nextcloud-command · 2024-10-06T03:41:18Z

Audit report

This audit fix resolves 10 of the total 16 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/l10n
@nextcloud/password-confirmation
@nextcloud/vue
@vue/component-compiler-utils
@vue/test-utils
node-gettext
postcss
vue-loader

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/password-confirmation #

Caused by vulnerable dependency:
- @nextcloud/l10n
- @nextcloud/vue
Affected versions: >=3.0.0
Package usage:
- node_modules/@nextcloud/password-confirmation

@nextcloud/vue #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.4.0
Package usage:
- node_modules/@nextcloud/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

@vue/test-utils #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=1.3.6
Package usage:
- node_modules/@vue/test-utils

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: moderate (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

c0b9e66

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Items that need to be reviewed dependencies labels Oct 6, 2024

provokateurin merged commit 0606883 into stable30 Oct 6, 2024
45 checks passed

provokateurin deleted the automated/noid/stable30-fix-npm-audit branch October 6, 2024 12:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable30] Fix npm audit #3322

[stable30] Fix npm audit #3322

nextcloud-command commented Oct 6, 2024

[stable30] Fix npm audit #3322

[stable30] Fix npm audit #3322

Conversation

nextcloud-command commented Oct 6, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/password-confirmation #

@nextcloud/vue #

@vue/component-compiler-utils #

@vue/test-utils #

node-gettext #

postcss #

vue-loader #