Skip to content

[master] Fix npm audit #46513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
susnux merged 1 commit into from
Jul 28, 2024
Merged

[master] Fix npm audit #46513

susnux merged 1 commit into from
Jul 28, 2024

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Jul 14, 2024
edited
Loading

Audit report

This audit fix resolves 12 of the total 15 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@jimp/core #

  • Caused by vulnerable dependency:
  • Affected versions: <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
  • Package usage:
    • node_modules/@jimp/core

@jimp/custom #

  • Caused by vulnerable dependency:
  • Affected versions: <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
  • Package usage:
    • node_modules/@jimp/custom

@testing-library/vue #

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

@vue/test-utils #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.3.6
  • Package usage:
    • node_modules/@vue/test-utils

load-bmfont #

  • Caused by vulnerable dependency:
  • Affected versions: 1.4.0 - 1.4.1
  • Package usage:
    • node_modules/load-bmfont

node-vibrant #

  • Caused by vulnerable dependency:
  • Affected versions: 3.1.5 - 3.1.6
  • Package usage:
    • node_modules/node-vibrant

phin #

  • phin may include sensitive headers in subsequent requests after redirect
  • Severity: moderate (CVSS 4.3)
  • Reference: GHSA-x565-32qp-m3vf
  • Affected versions: <3.7.1
  • Package usage:
    • node_modules/phin

postcss #

  • PostCSS line return parsing error
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-7fh5-64p2-3v2j
  • Affected versions: <8.4.31
  • Package usage:
    • node_modules/@vue/component-compiler-utils/node_modules/postcss

requirejs #

  • jrburke requirejs vulnerable to prototype pollution
  • Severity: high (CVSS 10)
  • Reference: GHSA-x3m3-4wpv-5vgc
  • Affected versions: <=2.3.6
  • Package usage:
    • node_modules/requirejs

select2 #

  • Improper Neutralization of Input During Web Page Generation in Select2
  • Severity: moderate (CVSS 6.1)
  • Reference: GHSA-rf66-hmqf-q3fc
  • Affected versions: <4.0.6
  • Package usage:
    • node_modules/select2

vue-loader #

  • Caused by vulnerable dependency:
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

@solracsf solracsf requested a review from a team July 15, 2024 13:49
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from f7d9722 to 43767d4 Compare July 25, 2024 18:40
@skjnldsv
Copy link
Member

skjnldsv commented Jul 27, 2024

/compile amend /dist

@skjnldsv skjnldsv requested review from a team, Pytal, nfebe, sorbaugh and susnux and removed request for a team July 27, 2024 14:30
@nextcloud-command
fix(deps): Fix npm audit
ff5f737 
Signed-off-by: GitHub <[email protected]>
Signed-off-by: nextcloud-command <[email protected]>
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 8b1e04d to ff5f737 Compare July 27, 2024 14:43
@susnux susnux merged commit c31ab2d into master Jul 28, 2024
@susnux susnux deleted the automated/noid/master-fix-npm-audit branch July 28, 2024 00:13
@blizzz blizzz mentioned this pull request Jul 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@nfebe nfebe Awaiting requested review from nfebe nfebe was automatically assigned from nextcloud/server-frontend

@Pytal Pytal Awaiting requested review from Pytal Pytal was automatically assigned from nextcloud/server-frontend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh was automatically assigned from nextcloud/server-frontend

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nextcloud-command @skjnldsv @susnux