[master] Fix npm audit #47111

nextcloud-command · 2024-08-07T13:39:01Z

Audit report

This audit fix resolves 11 of the total 19 vulnerabilities found in your project.

Updated dependencies

@jimp/core
@jimp/custom
@testing-library/vue
@vue/component-compiler-utils
@vue/test-utils
create-ecdh
node-vibrant
phin
postcss
select2
vue-loader

Fixed vulnerabilities

@jimp/core #

Caused by vulnerable dependency:
- phin
Affected versions: <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Package usage:
- node_modules/@jimp/core

@jimp/custom #

Caused by vulnerable dependency:
- @jimp/core
Affected versions: <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Package usage:
- node_modules/@jimp/custom

@testing-library/vue #

Caused by vulnerable dependency:
- @vue/test-utils
- vue-template-compiler
Affected versions: <=5.9.0
Package usage:
- node_modules/@testing-library/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

@vue/test-utils #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=1.3.6
Package usage:
- node_modules/@vue/test-utils

create-ecdh #

Caused by vulnerable dependency:
- elliptic
Affected versions: >=4.0.0
Package usage:
- node_modules/create-ecdh

node-vibrant #

Caused by vulnerable dependency:
- @jimp/custom
Affected versions: 3.1.5 - 3.1.6
Package usage:
- node_modules/node-vibrant

phin #

phin may include sensitive headers in subsequent requests after redirect
Severity: moderate (CVSS 4.3)
Reference: GHSA-x565-32qp-m3vf
Affected versions: <3.7.1
Package usage:
- node_modules/phin

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

select2 #

Improper Neutralization of Input During Web Page Generation in Select2
Severity: moderate (CVSS 6.1)
Reference: GHSA-rf66-hmqf-q3fc
Affected versions: <4.0.6
Package usage:
- node_modules/select2

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

nextcloud-command added 3. to review Waiting for reviews dependencies labels Aug 7, 2024

AndyScherzinger added this to the Nextcloud 30 milestone Aug 7, 2024

nextcloud-command closed this Aug 7, 2024

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 9c92c2d to 495f454 Compare August 7, 2024 18:53

skjnldsv removed this from the Nextcloud 30 milestone Aug 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[master] Fix npm audit #47111

[master] Fix npm audit #47111

nextcloud-command commented Aug 7, 2024

[master] Fix npm audit #47111

[master] Fix npm audit #47111

Conversation

nextcloud-command commented Aug 7, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@jimp/core #

@jimp/custom #

@testing-library/vue #

@vue/component-compiler-utils #

@vue/test-utils #

create-ecdh #

node-vibrant #

phin #

postcss #

select2 #

vue-loader #