Skip to content

[stable5] Fix npm audit#1703

Closed
nextcloud-command wants to merge 1 commit intostable5from
automated/noid/stable5-fix-npm-audit
Closed

[stable5] Fix npm audit#1703
nextcloud-command wants to merge 1 commit intostable5from
automated/noid/stable5-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented Apr 6, 2025
edited
Loading

Audit report

This audit fix resolves 4 of the total 15 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@vue/test-utils #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.3.6
  • Package usage:
    • node_modules/@vue/test-utils

vite #

  • Vite has a server.fs.deny bypassed for inline and raw with ?import query
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-4r4m-qw57-chr8
  • Affected versions: 0.11.0 - 6.1.5 || 6.2.0 - 6.2.5
  • Package usage:
    • node_modules/vite
    • node_modules/vite-node/node_modules/vite
    • node_modules/vitest/node_modules/vite

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Apr 6, 2025
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5-fix-npm-audit branch from c286606 to d35ffc3 Compare April 13, 2025 04:16
@nextcloud-command
fix(deps): Fix npm audit
faf4637 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable5-fix-npm-audit branch from d35ffc3 to faf4637 Compare April 20, 2025 03:25
@susnux susnux closed this Apr 25, 2025
@susnux susnux deleted the automated/noid/stable5-fix-npm-audit branch April 25, 2025 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @susnux