Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[stable28] Fix npm audit #1397

Merged
merged 1 commit into from
Oct 12, 2024
Merged

[stable28] Fix npm audit #1397

merged 1 commit into from
Oct 12, 2024

Conversation

nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Oct 6, 2024
edited
Loading

Audit report

This audit fix resolves 8 of the total 10 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/l10n #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.0
  • Package usage:
    • node_modules/@nextcloud/l10n
    • node_modules/@nextcloud/vue/node_modules/@nextcloud/l10n

@nextcloud/vue #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.4.0
  • Package usage:
    • node_modules/@nextcloud/vue

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

cookie #

  • cookie accepts cookie name, path, and domain with out of bounds characters
  • Severity: low
  • Reference: GHSA-pxg6-pf52-xh8x
  • Affected versions: <0.7.0
  • Package usage:
    • node_modules/cookie

express #

  • Caused by vulnerable dependency:
  • Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
  • Package usage:
    • node_modules/express

node-gettext #

  • node-gettext vulnerable to Prototype Pollution
  • Severity: moderate (CVSS 5.9)
  • Reference: GHSA-g974-hxvm-x689
  • Affected versions: *
  • Package usage:
    • node_modules/node-gettext

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Oct 6, 2024
@nextcloud-command
fix(deps): Fix npm audit
f9e0a61 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable28-fix-npm-audit branch from 34055a2 to f9e0a61 Compare October 8, 2024 20:21
@szaimen szaimen added this to the Nextcloud 28.0.12 milestone Oct 12, 2024
@szaimen szaimen merged commit 9c76230 into stable28 Oct 12, 2024
37 of 38 checks passed
@szaimen szaimen deleted the automated/noid/stable28-fix-npm-audit branch October 12, 2024 10:43
@Altahrim Altahrim mentioned this pull request Oct 30, 2024
Merged
2 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@szaimen szaimen szaimen approved these changes

Assignees
No one assigned
Labels
3. to review dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
Nextcloud 28.0.12
Development

Successfully merging this pull request may close these issues.
2 participants
@nextcloud-command @szaimen