Skip to content

[main] Fix npm audit#1034

Merged
come-nc merged 1 commit into
mainfrom
automated/noid/main-fix-npm-audit
Jun 30, 2025
Merged

[main] Fix npm audit#1034
come-nc merged 1 commit into
mainfrom
automated/noid/main-fix-npm-audit

Conversation

@nextcloud-command

@nextcloud-command nextcloud-command commented Jun 29, 2025

Copy link
Copy Markdown
Contributor

Audit report

This audit fix resolves 5 of the total 12 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
  • Affected versions: 4.2.0-beta.1 - 6.3.1
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/vite-config #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.5.6
  • Package usage:
    • node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vitejs/plugin-vue2

pbkdf2 #

  • pbkdf2 silently disregards Uint8Array input, returning static keys
  • Severity: critical 🚨
  • Reference: GHSA-v62p-rq8g-8h59
  • Affected versions: <=3.1.2
  • Package usage:
    • node_modules/pbkdf2

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Jun 29, 2025
@nextcloud-command @come-nc
fix(deps): Fix npm audit
f684a6d 
Signed-off-by: GitHub <noreply@github.com>
@come-nc come-nc force-pushed the automated/noid/main-fix-npm-audit branch from d7100de to f684a6d Compare June 30, 2025 14:10
@come-nc come-nc merged commit 0f52daa into main Jun 30, 2025
25 checks passed
@come-nc come-nc deleted the automated/noid/main-fix-npm-audit branch June 30, 2025 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@come-nc come-nc come-nc approved these changes

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nextcloud-command @come-nc