[stable29] Fix npm audit #674

nextcloud-command · 2024-10-13T03:28:55Z

Audit report

This audit fix resolves 10 of the total 12 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/l10n
@nextcloud/vue
@vue/component-compiler-utils
cookie
express
node-gettext
postcss
vue-loader

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/vue #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.4.0
Package usage:
- node_modules/@nextcloud/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

cookie #

cookie accepts cookie name, path, and domain with out of bounds characters
Severity: low
Reference: GHSA-pxg6-pf52-xh8x
Affected versions: <0.7.0
Package usage:
- node_modules/cookie

express #

Caused by vulnerable dependency:
- cookie
Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
Package usage:
- node_modules/express

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: moderate (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

Signed-off-by: GitHub <noreply@github.com>

fix(deps): Fix npm audit

ce0a842

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command added 3. to review dependencies labels Oct 13, 2024

DorraJaouad merged commit a4b45b3 into stable29 Oct 13, 2024
29 checks passed

DorraJaouad deleted the automated/noid/stable29-fix-npm-audit branch October 13, 2024 19:07

Altahrim mentioned this pull request Oct 30, 2024

29.0.9 RC1 nextcloud/server#48995

Merged

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable29] Fix npm audit #674

[stable29] Fix npm audit #674

nextcloud-command commented Oct 13, 2024

[stable29] Fix npm audit #674

[stable29] Fix npm audit #674

Conversation

nextcloud-command commented Oct 13, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/vue #

@vue/component-compiler-utils #

cookie #

express #

node-gettext #

postcss #

vue-loader #