[master] Fix npm audit #672

nextcloud-command · 2024-10-13T03:26:23Z

Audit report

This audit fix resolves 10 of the total 12 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/l10n
@nextcloud/vue
@vue/component-compiler-utils
cookie
express
node-gettext
postcss
vue-loader

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/vue #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.4.0
Package usage:
- node_modules/@nextcloud/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

cookie #

cookie accepts cookie name, path, and domain with out of bounds characters
Severity: low
Reference: GHSA-pxg6-pf52-xh8x
Affected versions: <0.7.0
Package usage:
- node_modules/cookie

express #

Caused by vulnerable dependency:
- cookie
Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
Package usage:
- node_modules/express

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: moderate (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

Signed-off-by: GitHub <noreply@github.com> Signed-off-by: DorraJaouad <dorra.jaoued7@gmail.com>

DorraJaouad · 2024-10-13T19:35:26Z

/compile /

Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>

nextcloud-command added 3. to review dependencies labels Oct 13, 2024

fix(deps): Fix npm audit

c33726c

Signed-off-by: GitHub <noreply@github.com> Signed-off-by: DorraJaouad <dorra.jaoued7@gmail.com>

DorraJaouad force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from becdc48 to c33726c Compare October 13, 2024 19:35

chore(assets): Recompile assets

a9ef04d

Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>

DorraJaouad approved these changes Oct 13, 2024

View reviewed changes

DorraJaouad merged commit 592815a into master Oct 13, 2024
29 checks passed

DorraJaouad deleted the automated/noid/master-fix-npm-audit branch October 13, 2024 19:43

skjnldsv mentioned this pull request Jan 7, 2025

31.0.0 beta 1 nextcloud/server#50066

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[master] Fix npm audit #672

[master] Fix npm audit #672

nextcloud-command commented Oct 13, 2024

DorraJaouad commented Oct 13, 2024

[master] Fix npm audit #672

[master] Fix npm audit #672

Conversation

nextcloud-command commented Oct 13, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/vue #

@vue/component-compiler-utils #

cookie #

express #

node-gettext #

postcss #

vue-loader #

DorraJaouad commented Oct 13, 2024