[stable30] Fix npm audit #758

nextcloud-command · 2025-03-16T03:41:39Z

Audit report

This audit fix resolves 10 of the total 17 vulnerabilities found in your project.

Updated dependencies

@babel/helpers
@babel/runtime
@nextcloud/dialogs
@nextcloud/vite-config
@vitejs/plugin-vue2
axios
esbuild
rollup-plugin-esbuild-minify
vite
vue-resize

Fixed vulnerabilities

@babel/helpers #

Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
Severity: moderate (CVSS 6.2)
Reference: GHSA-968p-4wvh-cqc8
Affected versions: <7.26.10
Package usage:
- node_modules/@babel/helpers

@babel/runtime #

Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
Severity: moderate (CVSS 6.2)
Reference: GHSA-968p-4wvh-cqc8
Affected versions: <7.26.10
Package usage:
- node_modules/@babel/runtime

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=4.2.0-beta.1
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/vite-config #

Caused by vulnerable dependency:
- @vitejs/plugin-vue2
- rollup-plugin-esbuild-minify
Affected versions: *
Package usage:
- node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@vitejs/plugin-vue2

axios #

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
Severity: high
Reference: GHSA-jr5f-v2jv-69x6
Affected versions: <1.8.2
Package usage:
- node_modules/axios

esbuild #

esbuild enables any website to send any requests to the development server and read the response
Severity: moderate (CVSS 5.3)
Reference: GHSA-67mh-4wv8-2f99
Affected versions: <=0.24.2
Package usage:
- node_modules/esbuild
- node_modules/vite/node_modules/esbuild

rollup-plugin-esbuild-minify #

Caused by vulnerable dependency:
- esbuild
Affected versions: *
Package usage:
- node_modules/rollup-plugin-esbuild-minify

vite #

Caused by vulnerable dependency:
- esbuild
Affected versions: 0.11.0 - 6.1.1
Package usage:
- node_modules/vite

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

Signed-off-by: GitHub <[email protected]>

fix(deps): Fix npm audit

7b5f9ad

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review dependencies labels Mar 16, 2025

AndyScherzinger merged commit 9d7b9c4 into stable30 Mar 22, 2025
43 checks passed

AndyScherzinger deleted the automated/noid/stable30-fix-npm-audit branch March 22, 2025 10:45

Altahrim mentioned this pull request Apr 3, 2025

30.0.9 RC1 nextcloud/server#51903

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[stable30] Fix npm audit #758

[stable30] Fix npm audit #758

Uh oh!

nextcloud-command commented Mar 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[stable30] Fix npm audit #758

[stable30] Fix npm audit #758

Uh oh!

Conversation

nextcloud-command commented Mar 16, 2025

Audit report

Updated dependencies

Fixed vulnerabilities

@babel/helpers #

@babel/runtime #

@nextcloud/dialogs #

@nextcloud/vite-config #

@vitejs/plugin-vue2 #

axios #

esbuild #

rollup-plugin-esbuild-minify #

vite #

vue-resize #

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants