[stable31] Fix npm audit #1510

nextcloud-command · 2025-01-29T21:26:04Z

Audit report

This audit fix resolves 10 of the total 19 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/vite-config
@vitejs/plugin-vue2
@vue/language-core
cross-spawn
vite-plugin-dts
vue-resize
vue-template-compiler
vue-tsc

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/vite-config #

Caused by vulnerable dependency:
- @vitejs/plugin-vue2
- vite-plugin-dts
Affected versions: <=2.2.2
Package usage:
- node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@vitejs/plugin-vue2

@vue/language-core #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=2.0.28
Package usage:
- node_modules/@vue/language-core

cross-spawn #

Regular Expression Denial of Service (ReDoS) in cross-spawn
Severity: high (CVSS 7.5)
Reference: GHSA-3xgq-45jj-v275
Affected versions: 7.0.0 - 7.0.4
Package usage:
- node_modules/cross-spawn

vite-plugin-dts #

Caused by vulnerable dependency:
- @vue/language-core
- vue-tsc
Affected versions: 3.0.0-beta.1 - 4.0.0-beta.2
Package usage:
- node_modules/vite-plugin-dts

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue-template-compiler #

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Severity: moderate (CVSS 4.2)
Reference: GHSA-g3ch-rx76-35fx
Affected versions: >=2.0.0
Package usage:
- node_modules/vue-template-compiler

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc

Signed-off-by: GitHub <[email protected]>

AndyScherzinger

🐘

fix(deps): Fix npm audit

9dc97f5

Signed-off-by: GitHub <[email protected]>

nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from f365359 to 9dc97f5 Compare January 29, 2025 21:26

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Jan 29, 2025

AndyScherzinger added this to the Nextcloud 31 milestone Jan 29, 2025

AndyScherzinger requested review from Pytal, skjnldsv and susnux January 29, 2025 21:27

Pytal approved these changes Jan 29, 2025

View reviewed changes

AndyScherzinger approved these changes Jan 29, 2025

View reviewed changes

AndyScherzinger merged commit d1f5619 into stable31 Jan 29, 2025
40 of 41 checks passed

AndyScherzinger deleted the automated/noid/stable31-fix-npm-audit branch January 29, 2025 22:26

blizzz mentioned this pull request Jan 30, 2025

31.0.0 RC2 nextcloud/server#50538

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[stable31] Fix npm audit #1510

[stable31] Fix npm audit #1510

Uh oh!

nextcloud-command commented Jan 29, 2025

Uh oh!

AndyScherzinger left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

[stable31] Fix npm audit #1510

[stable31] Fix npm audit #1510

Uh oh!

Conversation

nextcloud-command commented Jan 29, 2025

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/vite-config #

@vitejs/plugin-vue2 #

@vue/language-core #

cross-spawn #

vite-plugin-dts #

vue-resize #

vue-template-compiler #

vue-tsc #

Uh oh!

AndyScherzinger left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants