[stable30] Fix npm audit #1321

nextcloud-command · 2024-08-18T03:10:07Z

Audit report

This audit fix resolves 3 of the total 7 vulnerabilities found in your project.

Updated dependencies

axios
elliptic
vue-tsc

Fixed vulnerabilities

axios #

Server-Side Request Forgery in axios
Severity: high
Reference: GHSA-8hc4-vh64-cxmj
Affected versions: 1.3.2 - 1.7.3
Package usage:
- node_modules/axios

elliptic #

Elliptic's EDDSA missing signature length check
Severity: low (CVSS 5.3)
Reference: GHSA-f7q4-pwc6-w24p
Affected versions: 2.0.0 - 6.5.6
Package usage:
- node_modules/elliptic

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

266331f

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Aug 18, 2024

szaimen approved these changes Aug 18, 2024

View reviewed changes

szaimen added this to the Nextcloud 30 milestone Aug 18, 2024

szaimen merged commit 0bf05e0 into stable30 Aug 18, 2024

szaimen deleted the automated/noid/stable30-fix-npm-audit branch August 18, 2024 06:54

skjnldsv mentioned this pull request Aug 22, 2024

30.0.0 RC2 nextcloud/server#47411

Merged

44 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[stable30] Fix npm audit #1321

[stable30] Fix npm audit #1321

Uh oh!

nextcloud-command commented Aug 18, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[stable30] Fix npm audit #1321

[stable30] Fix npm audit #1321

Uh oh!

Conversation

nextcloud-command commented Aug 18, 2024

Audit report

Updated dependencies

Fixed vulnerabilities

axios #

elliptic #

vue-tsc #

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants