[stable29] Fix npm audit #47018

nextcloud-command · 2024-08-04T02:49:53Z

Audit report

This audit fix resolves 11 of the total 19 vulnerabilities found in your project.

Updated dependencies

@jimp/core
@jimp/custom
@testing-library/vue
@vue/component-compiler-utils
@vue/test-utils
browserify-sign
node-vibrant
phin
postcss
select2
vue-loader

Fixed vulnerabilities

@jimp/core #

Caused by vulnerable dependency:
- phin
Affected versions: <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Package usage:
- node_modules/@jimp/core

@jimp/custom #

Caused by vulnerable dependency:
- @jimp/core
Affected versions: <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Package usage:
- node_modules/@jimp/custom

@testing-library/vue #

Caused by vulnerable dependency:
- @vue/test-utils
- vue-template-compiler
Affected versions: <=5.9.0
Package usage:
- node_modules/@testing-library/vue

@vue/component-compiler-utils #

Caused by vulnerable dependency:
- postcss
Affected versions: *
Package usage:
- node_modules/@vue/component-compiler-utils

@vue/test-utils #

Caused by vulnerable dependency:
- vue-template-compiler
Affected versions: <=1.3.6
Package usage:
- node_modules/@vue/test-utils

browserify-sign #

Caused by vulnerable dependency:
- elliptic
Affected versions: >=4.0.0
Package usage:
- node_modules/browserify-sign

node-vibrant #

Caused by vulnerable dependency:
- @jimp/custom
Affected versions: 3.1.5 - 3.1.6
Package usage:
- node_modules/node-vibrant

phin #

phin may include sensitive headers in subsequent requests after redirect
Severity: moderate (CVSS 4.3)
Reference: GHSA-x565-32qp-m3vf
Affected versions: <3.7.1
Package usage:
- node_modules/phin

postcss #

PostCSS line return parsing error
Severity: moderate (CVSS 5.3)
Reference: GHSA-7fh5-64p2-3v2j
Affected versions: <8.4.31
Package usage:
- node_modules/@vue/component-compiler-utils/node_modules/postcss

select2 #

Improper Neutralization of Input During Web Page Generation in Select2
Severity: moderate (CVSS 6.1)
Reference: GHSA-rf66-hmqf-q3fc
Affected versions: <4.0.6
Package usage:
- node_modules/select2

vue-loader #

Caused by vulnerable dependency:
- @vue/component-compiler-utils
Affected versions: 15.0.0-beta.1 - 15.11.1
Package usage:
- node_modules/vue-loader

susnux · 2024-08-09T21:15:24Z

/compile amend/

Signed-off-by: GitHub <[email protected]>

skjnldsv · 2024-08-10T10:28:44Z

/compile amend /

skjnldsv · 2024-08-10T13:02:58Z

/compile /

Signed-off-by: nextcloud-command <[email protected]>

nextcloud-command added 3. to review Waiting for reviews dependencies labels Aug 4, 2024

nextcloud-command force-pushed the automated/noid/stable29-fix-npm-audit branch from e5541c1 to 3d8c98e Compare August 7, 2024 13:38

AndyScherzinger added this to the Nextcloud 29.0.5 milestone Aug 8, 2024

Altahrim mentioned this pull request Aug 8, 2024

29.0.5 RC1 #47131

Merged

9 tasks

susnux force-pushed the automated/noid/stable29-fix-npm-audit branch from 3d8c98e to ce7a2ce Compare August 9, 2024 21:10

susnux requested review from sorbaugh, a team, Fenn-CS and szaimen and removed request for a team August 9, 2024 21:15

fix(deps): Fix npm audit

f919907

Signed-off-by: GitHub <[email protected]>

skjnldsv force-pushed the automated/noid/stable29-fix-npm-audit branch from ce7a2ce to f919907 Compare August 10, 2024 10:28

skjnldsv approved these changes Aug 10, 2024

View reviewed changes

skjnldsv enabled auto-merge August 10, 2024 13:03

chore(assets): Recompile assets

f632c80

Signed-off-by: nextcloud-command <[email protected]>

skjnldsv disabled auto-merge August 10, 2024 15:02

skjnldsv closed this Aug 10, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable29] Fix npm audit #47018

[stable29] Fix npm audit #47018

nextcloud-command commented Aug 4, 2024 •

edited

Loading

susnux commented Aug 9, 2024

skjnldsv commented Aug 10, 2024

skjnldsv commented Aug 10, 2024

[stable29] Fix npm audit #47018

[stable29] Fix npm audit #47018

Conversation

nextcloud-command commented Aug 4, 2024 • edited Loading

Audit report

Updated dependencies

Fixed vulnerabilities

@jimp/core #

@jimp/custom #

@testing-library/vue #

@vue/component-compiler-utils #

@vue/test-utils #

browserify-sign #

node-vibrant #

phin #

postcss #

select2 #

vue-loader #

susnux commented Aug 9, 2024

skjnldsv commented Aug 10, 2024

skjnldsv commented Aug 10, 2024

nextcloud-command commented Aug 4, 2024 •

edited

Loading