Skip to content

[main] Fix npm audit#1670

Merged
susnux merged 1 commit intomainfrom
automated/noid/main-fix-npm-audit
Mar 27, 2025
Merged

[main] Fix npm audit#1670
susnux merged 1 commit intomainfrom
automated/noid/main-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Mar 16, 2025

Audit report

This audit fix resolves 5 of the total 16 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@babel/helpers #

  • Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
  • Severity: moderate (CVSS 6.2)
  • Reference: GHSA-968p-4wvh-cqc8
  • Affected versions: <7.26.10
  • Package usage:
    • node_modules/@babel/helpers

@babel/runtime #

  • Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
  • Severity: moderate (CVSS 6.2)
  • Reference: GHSA-968p-4wvh-cqc8
  • Affected versions: <7.26.10
  • Package usage:
    • node_modules/@babel/runtime

@vue/test-utils #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.3.6
  • Package usage:
    • node_modules/@vue/test-utils

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Mar 16, 2025
@nextcloud-command
fix(deps): Fix npm audit
e258c2d 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 88313e3 to e258c2d Compare March 23, 2025 03:13
@susnux susnux merged commit 7abd134 into main Mar 27, 2025
13 checks passed
@susnux susnux deleted the automated/noid/main-fix-npm-audit branch March 27, 2025 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @susnux