activity
activity copied to clipboard
nextcloud
[stable28] Fix npm audit
Audit report
This audit fix resolves 19 of the total 28 vulnerabilities found in your project.
Updated dependencies
- @nextcloud/dialogs
- @nextcloud/files
- @nextcloud/moment
- @nextcloud/vite-config
- @testing-library/vue
- @vitejs/plugin-vue2
- @vue/language-core
- @vue/test-utils
- axios
- braces
- elliptic
- micromatch
- rollup
- vite
- vite-plugin-dts
- vue-resize
- vue-template-compiler
- vue-tsc
- vuex
Fixed vulnerabilities
@nextcloud/dialogs #
- Caused by vulnerable dependency:
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/vue
- vue
- vue-frag
- Affected versions: >=2.0.0
- Package usage:
node_modules/@nextcloud/dialogs
@nextcloud/files #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/files
@nextcloud/moment #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- node-gettext
- Affected versions: >=1.1.1
- Package usage:
node_modules/@nextcloud/moment
@nextcloud/vite-config #
- Caused by vulnerable dependency:
- @vitejs/plugin-vue2
- vite-plugin-dts
- Affected versions: *
- Package usage:
node_modules/@nextcloud/vite-config
@testing-library/vue #
- Caused by vulnerable dependency:
- @vue/test-utils
- vue
- vue-template-compiler
- Affected versions: <=5.9.0
- Package usage:
node_modules/@testing-library/vue
@vitejs/plugin-vue2 #
- Caused by vulnerable dependency:
- vue
- Affected versions: *
- Package usage:
node_modules/@vitejs/plugin-vue2
@vue/language-core #
- Caused by vulnerable dependency:
- vue-template-compiler
- Affected versions: <=2.0.28
- Package usage:
node_modules/@vue/language-core
@vue/test-utils #
- Caused by vulnerable dependency:
- vue
- vue-template-compiler
- Affected versions: <=1.3.6
- Package usage:
node_modules/@vue/test-utils
axios #
- Server-Side Request Forgery in axios
- Severity: high
- Reference: https://github.com/advisories/GHSA-8hc4-vh64-cxmj
- Affected versions: 1.3.2 - 1.7.3
- Package usage:
node_modules/axios
braces #
- Uncontrolled resource consumption in braces
- Severity: high (CVSS 7.5)
- Reference: https://github.com/advisories/GHSA-grv7-fg5c-xmjg
- Affected versions: <3.0.3
- Package usage:
node_modules/braces
elliptic #
- Valid ECDSA signatures erroneously rejected in Elliptic
- Severity: low
- Reference: https://github.com/advisories/GHSA-fc9h-whq2-v747
- Affected versions: <=6.5.7
- Package usage:
node_modules/elliptic
micromatch #
- Regular Expression Denial of Service (ReDoS) in micromatch
- Severity: moderate (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-952p-6rrq-rcjv
- Affected versions: <4.0.8
- Package usage:
node_modules/micromatch
rollup #
- DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
- Severity: high (CVSS 6.4)
- Reference: https://github.com/advisories/GHSA-gcx4-mw62-g8wm
- Affected versions: 4.0.0 - 4.22.3
- Package usage:
node_modules/rollup
vite #
- Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
- Severity: moderate (CVSS 6.4)
- Reference: https://github.com/advisories/GHSA-64vr-g452-qvp3
- Affected versions: 5.4.0 - 5.4.5
- Package usage:
node_modules/vite
vite-plugin-dts #
- Caused by vulnerable dependency:
- @vue/language-core
- vue-tsc
- Affected versions: 3.0.0-beta.1 - 4.0.0-beta.2
- Package usage:
node_modules/vite-plugin-dts
vue-resize #
- Caused by vulnerable dependency:
- vue
- Affected versions: 0.4.0 - 1.0.1
- Package usage:
node_modules/vue-resize
vue-template-compiler #
- vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
- Severity: moderate (CVSS 4.2)
- Reference: https://github.com/advisories/GHSA-g3ch-rx76-35fx
- Affected versions: >=2.0.0
- Package usage:
node_modules/vue-template-compiler
vue-tsc #
- Caused by vulnerable dependency:
- @vue/language-core
- Affected versions: 1.7.0-alpha.0 - 2.0.28
- Package usage:
node_modules/vue-tsc
vuex #
- Caused by vulnerable dependency:
- vue
- Affected versions: 3.1.3 - 3.6.2
- Package usage:
node_modules/vuex
Activity
Run #2155
Run Properties:
Passed #2155
76d4985d55: [stable28] Fix npm audit
Passed #2155 76d4985d55: [stable28] Fix npm audit| Project |
Activity
|
| Branch Review |
automated/noid/stable28-fix-npm-audit
|
| Run status |
|
| Run duration | 01m 49s |
| Commit |
|
| Committer | Nextcloud Command Bot |
| View all properties for this run ↗︎ | |
| Test results | |
|---|---|
Failures
|
0
|
Flaky
|
0
|
Pending
|
3
|
Skipped
|
0
|
|
Passing
|
7
|
| View all changes introduced in this branch ↗︎ | |
![cypress[bot] avatar](https://avatars.githubusercontent.com/in/9078?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 29.68%. Comparing base (
9f1135f) to head (267fafe).
Additional details and impacted files
@@ Coverage Diff @@
## stable28 #1705 +/- ##
============================================
- Coverage 30.14% 29.68% -0.47%
============================================
Files 43 43
Lines 1675 1661 -14
Branches 109 109
============================================
- Hits 505 493 -12
+ Misses 1145 1143 -2
Partials 25 25
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
