[stable29] Fix npm audit #357

nextcloud-command · 2024-08-18T02:57:19Z

Audit report

This audit fix resolves 9 of the total 13 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/l10n
@nextcloud/vue
axios
elliptic
micromatch
node-gettext
vue-tsc

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/vue #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.4.0
Package usage:
- node_modules/@nextcloud/vue

axios #

Server-Side Request Forgery in axios
Severity: high
Reference: GHSA-8hc4-vh64-cxmj
Affected versions: 1.3.2 - 1.7.3
Package usage:
- node_modules/axios

elliptic #

Elliptic's EDDSA missing signature length check
Severity: low (CVSS 5.3)
Reference: GHSA-f7q4-pwc6-w24p
Affected versions: 2.0.0 - 6.5.6
Package usage:
- node_modules/elliptic

micromatch #

Regular Expression Denial of Service (ReDoS) in micromatch
Severity: moderate (CVSS 5.3)
Reference: GHSA-952p-6rrq-rcjv
Affected versions: <4.0.8
Package usage:
- node_modules/micromatch

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: moderate (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Aug 18, 2024

nextcloud-command force-pushed the automated/noid/stable29-fix-npm-audit branch from 1e61876 to 3dedb45 Compare August 25, 2024 02:56

nextcloud-command force-pushed the automated/noid/stable29-fix-npm-audit branch from 3dedb45 to 77b1a78 Compare September 1, 2024 03:23

nextcloud-command force-pushed the automated/noid/stable29-fix-npm-audit branch from 77b1a78 to 16eb24a Compare September 8, 2024 03:27

fix(deps): Fix npm audit

b762aea

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command force-pushed the automated/noid/stable29-fix-npm-audit branch from 16eb24a to b762aea Compare September 15, 2024 03:22

Pytal approved these changes Sep 20, 2024

View reviewed changes

Pytal merged commit 0ff3624 into stable29 Sep 20, 2024
22 checks passed

Pytal deleted the automated/noid/stable29-fix-npm-audit branch September 20, 2024 21:56

Altahrim mentioned this pull request Oct 1, 2024

29.0.8 RC1 nextcloud/server#48499

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable29] Fix npm audit #357

[stable29] Fix npm audit #357

nextcloud-command commented Aug 18, 2024 •

edited

Loading

[stable29] Fix npm audit #357

[stable29] Fix npm audit #357

Conversation

nextcloud-command commented Aug 18, 2024 • edited Loading

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/vue #

axios #

elliptic #

micromatch #

node-gettext #

vue-tsc #

nextcloud-command commented Aug 18, 2024 •

edited

Loading