[stable28] Fix npm audit #3501

nextcloud-command · 2024-12-22T03:17:11Z

Audit report

This audit fix resolves 9 of the total 18 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/password-confirmation
@nextcloud/webpack-vue-config
@vue/component-compiler-utils
postcss
vue-loader
vue-resize
vue-template-compiler

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/password-confirmation #

Caused by vulnerable dependency:
Affected versions: >=3.0.0
Package usage:
- node_modules/@nextcloud/password-confirmation

@nextcloud/webpack-vue-config #

Caused by vulnerable dependency:
Affected versions: *
Package usage:
- node_modules/@nextcloud/webpack-vue-config

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

4b328ee

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Items that need to be reviewed dependencies labels Dec 22, 2024

provokateurin merged commit 942f006 into stable28 Dec 22, 2024
39 checks passed

provokateurin deleted the automated/noid/stable28-fix-npm-audit branch December 22, 2024 10:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable28] Fix npm audit #3501

[stable28] Fix npm audit #3501

nextcloud-command commented Dec 22, 2024

[stable28] Fix npm audit #3501

[stable28] Fix npm audit #3501

Conversation

nextcloud-command commented Dec 22, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/password-confirmation #

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

postcss #

vue-loader #

vue-resize #

vue-template-compiler #