[stable30] Fix npm audit #1067

nextcloud-command · 2024-10-13T03:33:28Z

Audit report

This audit fix resolves 11 of the total 18 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/files
@nextcloud/l10n
@nextcloud/vue
@vue/component-compiler-utils
cookie
express
node-gettext
pdfjs-dist
postcss
vue-loader

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=2.0.0
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/files #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/files

@nextcloud/l10n #

Caused by vulnerable dependency:
- node-gettext
Affected versions: >=1.1.0
Package usage:
- node_modules/@nextcloud/l10n

@nextcloud/vue #

Caused by vulnerable dependency:
- @nextcloud/l10n
Affected versions: >=1.4.0
Package usage:
- node_modules/@nextcloud/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

cookie #

cookie accepts cookie name, path, and domain with out of bounds characters
Severity: low
Reference: GHSA-pxg6-pf52-xh8x
Affected versions: <0.7.0
Package usage:
- node_modules/cookie

express #

Caused by vulnerable dependency:
- cookie
Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
Package usage:
- node_modules/express

node-gettext #

node-gettext vulnerable to Prototype Pollution
Severity: moderate (CVSS 5.9)
Reference: GHSA-g974-hxvm-x689
Affected versions: *
Package usage:
- node_modules/node-gettext

pdfjs-dist #

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Severity: high
Reference: GHSA-wgrm-67xf-hhpq
Affected versions: <=4.1.392
Package usage:
- node_modules/pdfjs-dist

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Oct 13, 2024

fix(deps): Fix npm audit

5a05964

Signed-off-by: GitHub <[email protected]>

nextcloud-command force-pushed the automated/noid/stable30-fix-npm-audit branch from bded9a9 to 5a05964 Compare October 20, 2024 03:27

szaimen added this to the Nextcloud 30.0.2 milestone Oct 21, 2024

szaimen approved these changes Oct 21, 2024

View reviewed changes

szaimen merged commit 8219e2d into stable30 Oct 21, 2024
37 checks passed

Altahrim mentioned this pull request Oct 30, 2024

30.0.2 RC1 nextcloud/server#48996

Merged

2 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[stable30] Fix npm audit #1067

[stable30] Fix npm audit #1067

Uh oh!

nextcloud-command commented Oct 13, 2024 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[stable30] Fix npm audit #1067

[stable30] Fix npm audit #1067

Uh oh!

Conversation

nextcloud-command commented Oct 13, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/files #

@nextcloud/l10n #

@nextcloud/vue #

@vue/component-compiler-utils #

cookie #

express #

node-gettext #

pdfjs-dist #

postcss #

vue-loader #

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

nextcloud-command commented Oct 13, 2024 •

edited

Loading