[stable29] Fix npm audit #1422

nextcloud-command · 2024-10-27T03:27:57Z

Audit report

This audit fix resolves 10 of the total 19 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/vite-config
@vitejs/plugin-vue2
@vue/language-core
elliptic
vite-plugin-dts
vue-resize
vue-template-compiler
vue-tsc

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/vite-config #

Caused by vulnerable dependency:
- @vitejs/plugin-vue2
- vite-plugin-dts
Affected versions: *
Package usage:
- node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@vitejs/plugin-vue2

@vue/language-core #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=2.0.28
Package usage:
- node_modules/@vue/language-core

elliptic #

Valid ECDSA signatures erroneously rejected in Elliptic
Severity: low
Reference: GHSA-fc9h-whq2-v747
Affected versions: <=6.5.7
Package usage:
- node_modules/elliptic

vite-plugin-dts #

Caused by vulnerable dependency:
- @vue/language-core
- vue-tsc
Affected versions: 3.0.0-beta.1 - 4.0.0-beta.2
Package usage:
- node_modules/vite-plugin-dts

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

f832b74

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Oct 27, 2024

szaimen approved these changes Oct 27, 2024

View reviewed changes

szaimen added this to the Nextcloud 29.0.9 milestone Oct 27, 2024

szaimen merged commit 54ea42a into stable29 Oct 27, 2024
40 checks passed

szaimen deleted the automated/noid/stable29-fix-npm-audit branch October 27, 2024 07:45

Altahrim mentioned this pull request Oct 30, 2024

29.0.9 RC1 nextcloud/server#48995

Merged

4 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable29] Fix npm audit #1422

[stable29] Fix npm audit #1422

nextcloud-command commented Oct 27, 2024

[stable29] Fix npm audit #1422

[stable29] Fix npm audit #1422

Conversation

nextcloud-command commented Oct 27, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/vite-config #

@vitejs/plugin-vue2 #

@vue/language-core #

elliptic #

vite-plugin-dts #

vue-resize #

vue-template-compiler #

vue-tsc #