[stable31] Fix npm audit #521

nextcloud-command · 2025-02-02T03:20:38Z

Audit report

This audit fix resolves 12 of the total 12 vulnerabilities found in your project.

Updated dependencies

@linusborg/vue-simple-portal
@nextcloud/dialogs
@nextcloud/files
@nextcloud/l10n
@nextcloud/vue
@nextcloud/vue-select
floating-vue
node-gettext
vue
vue-frag
vue-resize
vue2-datepicker

Fixed vulnerabilities

@linusborg/vue-simple-portal #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@linusborg/vue-simple-portal

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/vue #

Caused by vulnerable dependency:
Affected versions: *
Package usage:
- node_modules/@nextcloud/vue

@nextcloud/vue-select #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@nextcloud/vue-select

floating-vue #

Caused by vulnerable dependency:
- vue
- vue-resize
Affected versions: <=1.0.0-beta.19
Package usage:
- node_modules/floating-vue

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: high (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

vue #

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Severity: low (CVSS 3.7)
Reference: GHSA-5j4c-8p2g-v4jx
Affected versions: 2.0.0-alpha.1 - 2.7.16
Package usage:
- node_modules/vue

vue-frag #

Caused by vulnerable dependency:
- vue
Affected versions: >=1.3.1
Package usage:
- node_modules/vue-frag

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue2-datepicker #

Caused by vulnerable dependency:
- vue
Affected versions: <=1.9.8 || 3.0.2 - 3.11.1
Package usage:
- node_modules/vue2-datepicker

Signed-off-by: GitHub <[email protected]>

nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from 406cc22 to b081696 Compare February 2, 2025 03:20

nextcloud-command requested a review from juliusknorr as a code owner February 2, 2025 03:20

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Feb 2, 2025

nextcloud-command requested a review from max-nextcloud as a code owner February 2, 2025 03:20

fix(deps): Fix npm audit

994252e

Signed-off-by: GitHub <[email protected]>

nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from b081696 to 994252e Compare February 9, 2025 03:19

juliusknorr approved these changes Feb 12, 2025

View reviewed changes

juliusknorr merged commit 223b76b into stable31 Feb 12, 2025
43 checks passed

juliusknorr deleted the automated/noid/stable31-fix-npm-audit branch February 12, 2025 20:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable31] Fix npm audit #521

[stable31] Fix npm audit #521

nextcloud-command commented Feb 2, 2025

[stable31] Fix npm audit #521

[stable31] Fix npm audit #521

Conversation

nextcloud-command commented Feb 2, 2025

Audit report

Updated dependencies

Fixed vulnerabilities

@linusborg/vue-simple-portal #

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/vue #

@nextcloud/vue-select #

floating-vue #

node-gettext #

vue #

vue-frag #

vue-resize #

vue2-datepicker #