Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[stable28] Fix npm audit #1412

Merged
merged 1 commit into from
Oct 21, 2024
Merged

[stable28] Fix npm audit #1412

merged 1 commit into from
Oct 21, 2024

Conversation

nextcloud-command
Copy link
Contributor

Audit report

This audit fix resolves 6 of the total 13 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/l10n #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.0
  • Package usage:
    • node_modules/@nextcloud/l10n
    • node_modules/@nextcloud/vue/node_modules/@nextcloud/l10n

@nextcloud/vue #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.4.0
  • Package usage:
    • node_modules/@nextcloud/vue

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

node-gettext #

  • node-gettext vulnerable to Prototype Pollution
  • Severity: moderate (CVSS 5.9)
  • Reference: GHSA-g974-hxvm-x689
  • Affected versions: *
  • Package usage:
    • node_modules/node-gettext

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

@nextcloud-command
fix(deps): Fix npm audit
86b9d56 
Signed-off-by: GitHub <noreply@github.com>
@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Oct 20, 2024
@szaimen szaimen added this to the Nextcloud 28.0.12 milestone Oct 21, 2024
@szaimen szaimen merged commit 92264be into stable28 Oct 21, 2024
38 checks passed
@szaimen szaimen deleted the automated/noid/stable28-fix-npm-audit branch October 21, 2024 07:56
@Altahrim Altahrim mentioned this pull request Oct 30, 2024
Merged
2 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@szaimen szaimen szaimen approved these changes

Assignees
No one assigned
Labels
3. to review dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
Nextcloud 28.0.12
Development

Successfully merging this pull request may close these issues.
2 participants
@nextcloud-command @szaimen