[stable29] Fix npm audit #3349

nextcloud-command · 2024-10-13T03:29:22Z

Audit report

This audit fix resolves 12 of the total 14 vulnerabilities found in your project.

Updated dependencies

@nextcloud/files
@nextcloud/l10n
@nextcloud/password-confirmation
@nextcloud/vue
@vue/component-compiler-utils
@vue/test-utils
cookie
express
node-gettext
postcss
vue-loader
vue-template-compiler

Fixed vulnerabilities

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files/node_modules/@nextcloud/l10n
- node_modules/@nextcloud/l10n
- node_modules/@nextcloud/password-confirmation/node_modules/@nextcloud/l10n
- node_modules/@nextcloud/vue/node_modules/@nextcloud/l10n

@nextcloud/password-confirmation #

Caused by vulnerable dependency:
- @nextcloud/l10n
- @nextcloud/vue
Affected versions: >=3.0.0
Package usage:
- node_modules/@nextcloud/password-confirmation

@nextcloud/vue #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.4.0
Package usage:
- node_modules/@nextcloud/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

@vue/test-utils #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=1.3.6
Package usage:
- node_modules/@vue/test-utils

cookie #

cookie accepts cookie name, path, and domain with out of bounds characters
Severity: low
Reference: GHSA-pxg6-pf52-xh8x
Affected versions: <0.7.0
Package usage:
- node_modules/cookie

express #

Caused by vulnerable dependency:
- cookie
Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
Package usage:
- node_modules/express

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: moderate (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

76800df

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Items that need to be reviewed dependencies labels Oct 13, 2024

provokateurin merged commit 7179223 into stable29 Oct 13, 2024
44 checks passed

provokateurin deleted the automated/noid/stable29-fix-npm-audit branch October 13, 2024 06:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable29] Fix npm audit #3349

[stable29] Fix npm audit #3349

nextcloud-command commented Oct 13, 2024

[stable29] Fix npm audit #3349

[stable29] Fix npm audit #3349

Conversation

nextcloud-command commented Oct 13, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/password-confirmation #

@nextcloud/vue #

@vue/component-compiler-utils #

@vue/test-utils #

cookie #

express #

node-gettext #

postcss #

vue-loader #

vue-template-compiler #