Skip to content

[stable29] Fix npm audit#4785

Merged
juliusknorr merged 1 commit into
stable29from
automated/noid/stable29-fix-npm-audit
May 19, 2025
Merged

[stable29] Fix npm audit#4785
juliusknorr merged 1 commit into
stable29from
automated/noid/stable29-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Copy Markdown
Contributor

@nextcloud-command nextcloud-command commented May 18, 2025

Audit report

This audit fix resolves 10 of the total 17 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
  • Affected versions: 4.2.0-beta.1 - 6.3.0
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/l10n #

  • Caused by vulnerable dependency:
  • Affected versions: 1.1.0 - 3.1.0
  • Package usage:
    • node_modules/@nextcloud/l10n

@nextcloud/webpack-vue-config #

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

node-gettext #

  • node-gettext vulnerable to Prototype Pollution
  • Severity: high (CVSS 5.9)
  • Reference: GHSA-g974-hxvm-x689
  • Affected versions: *
  • Package usage:
    • node_modules/node-gettext

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

undici #

  • undici Denial of Service attack via bad certificate data
  • Severity: low (CVSS 3.1)
  • Reference: GHSA-cxrh-j4jr-qwg3
  • Affected versions: <5.29.0
  • Package usage:
    • node_modules/undici

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

@nextcloud-command
fix(deps): Fix npm audit
508054c 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command added 3. to review Ready to be reviewed dependencies Pull requests that update a dependency file labels May 18, 2025
@juliusknorr juliusknorr merged commit 51429a6 into stable29 May 19, 2025
44 checks passed
@juliusknorr juliusknorr deleted the automated/noid/stable29-fix-npm-audit branch May 19, 2025 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

3. to review Ready to be reviewed dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @juliusknorr