[stable28] Fix npm audit #425

nextcloud-command · 2024-11-17T03:24:16Z

Audit report

This audit fix resolves 10 of the total 10 vulnerabilities found in your project.

Updated dependencies

@nextcloud/files
@nextcloud/l10n
@nextcloud/vite-config
@vitejs/plugin-vue2
@vue/language-core
node-gettext
vite-plugin-dts
vue
vue-template-compiler
vue-tsc

Fixed vulnerabilities

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/vite-config #

Caused by vulnerable dependency:
- @vitejs/plugin-vue2
- vite-plugin-dts
Affected versions: *
Package usage:
- node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@vitejs/plugin-vue2

@vue/language-core #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=2.0.28
Package usage:
- node_modules/@vue/language-core

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: moderate (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

vite-plugin-dts #

Caused by vulnerable dependency:
- @vue/language-core
- vue-tsc
Affected versions: 3.0.0-beta.1 - 4.0.0-beta.2
Package usage:
- node_modules/vite-plugin-dts

vue #

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Severity: low (CVSS 3.7)
Reference: GHSA-5j4c-8p2g-v4jx
Affected versions: 2.0.0-alpha.1 - 2.7.16
Package usage:
- node_modules/vue

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc

Signed-off-by: GitHub <noreply@github.com>

fix(deps): Fix npm audit

702ab93

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Nov 17, 2024

juliusknorr approved these changes Nov 18, 2024

View reviewed changes

juliusknorr merged commit f656ef2 into stable28 Nov 18, 2024
28 checks passed

juliusknorr deleted the automated/noid/stable28-fix-npm-audit branch November 18, 2024 06:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable28] Fix npm audit #425

[stable28] Fix npm audit #425

nextcloud-command commented Nov 17, 2024

[stable28] Fix npm audit #425

[stable28] Fix npm audit #425

Conversation

nextcloud-command commented Nov 17, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/vite-config #

@vitejs/plugin-vue2 #

@vue/language-core #

node-gettext #

vite-plugin-dts #

vue #

vue-template-compiler #

vue-tsc #