activity
activity copied to clipboard
nextcloud
[stable29] Fix npm audit
Audit report
This audit fix resolves 21 of the total 30 vulnerabilities found in your project.
Updated dependencies
- @nextcloud/dialogs
- @nextcloud/files
- @nextcloud/moment
- @nextcloud/typings
- @nextcloud/vite-config
- @testing-library/vue
- @vitejs/plugin-vue2
- @vue/language-core
- @vue/test-utils
- axios
- braces
- dompurify
- elliptic
- micromatch
- rollup
- vite
- vite-plugin-dts
- vue-resize
- vue-template-compiler
- vue-tsc
- vuex
Fixed vulnerabilities
@nextcloud/dialogs #
- Caused by vulnerable dependency:
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/vue
- vue
- vue-frag
- Affected versions: >=2.0.0
- Package usage:
node_modules/@nextcloud/dialogs
@nextcloud/files #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/files
@nextcloud/moment #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- node-gettext
- Affected versions: >=1.1.1
- Package usage:
node_modules/@nextcloud/moment
@nextcloud/typings #
- Caused by vulnerable dependency:
- vue
- Affected versions: 1.7.0 - 1.8.0
- Package usage:
node_modules/@nextcloud/typings
@nextcloud/vite-config #
- Caused by vulnerable dependency:
- @vitejs/plugin-vue2
- vite-plugin-dts
- Affected versions: *
- Package usage:
node_modules/@nextcloud/vite-config
@testing-library/vue #
- Caused by vulnerable dependency:
- @vue/test-utils
- vue
- vue-template-compiler
- Affected versions: <=5.9.0
- Package usage:
node_modules/@testing-library/vue
@vitejs/plugin-vue2 #
- Caused by vulnerable dependency:
- vue
- Affected versions: *
- Package usage:
node_modules/@vitejs/plugin-vue2
@vue/language-core #
- Caused by vulnerable dependency:
- vue-template-compiler
- Affected versions: <=2.0.28
- Package usage:
node_modules/@vue/language-core
@vue/test-utils #
- Caused by vulnerable dependency:
- vue
- vue-template-compiler
- Affected versions: <=1.3.6
- Package usage:
node_modules/@vue/test-utils
axios #
- Server-Side Request Forgery in axios
- Severity: high
- Reference: https://github.com/advisories/GHSA-8hc4-vh64-cxmj
- Affected versions: 1.3.2 - 1.7.3
- Package usage:
node_modules/axios
braces #
- Uncontrolled resource consumption in braces
- Severity: high (CVSS 7.5)
- Reference: https://github.com/advisories/GHSA-grv7-fg5c-xmjg
- Affected versions: <3.0.3
- Package usage:
node_modules/braces
dompurify #
- DOMPurify allows tampering by prototype pollution
- Severity: high (CVSS 7)
- Reference: https://github.com/advisories/GHSA-mmhx-hmjr-r674
- Affected versions: 3.0.0 - 3.1.2
- Package usage:
node_modules/dompurify
elliptic #
- Elliptic's EDDSA missing signature length check
- Severity: low (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-f7q4-pwc6-w24p
- Affected versions: <=6.5.7
- Package usage:
node_modules/elliptic
micromatch #
- Regular Expression Denial of Service (ReDoS) in micromatch
- Severity: moderate (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-952p-6rrq-rcjv
- Affected versions: <4.0.8
- Package usage:
node_modules/micromatch
rollup #
- DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
- Severity: high (CVSS 6.4)
- Reference: https://github.com/advisories/GHSA-gcx4-mw62-g8wm
- Affected versions: 4.0.0 - 4.22.3
- Package usage:
node_modules/rollup
vite #
- Vite's
server.fs.denyis bypassed when using?import&raw - Severity: moderate (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-9cwx-2883-4wfx
- Affected versions: 5.2.0 - 5.2.13
- Package usage:
node_modules/vite
vite-plugin-dts #
- Caused by vulnerable dependency:
- @vue/language-core
- vue-tsc
- Affected versions: 3.0.0-beta.1 - 4.0.0-beta.2
- Package usage:
node_modules/vite-plugin-dts
vue-resize #
- Caused by vulnerable dependency:
- vue
- Affected versions: 0.4.0 - 1.0.1
- Package usage:
node_modules/vue-resize
vue-template-compiler #
- vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
- Severity: moderate (CVSS 4.2)
- Reference: https://github.com/advisories/GHSA-g3ch-rx76-35fx
- Affected versions: >=2.0.0
- Package usage:
node_modules/vue-template-compiler
vue-tsc #
- Caused by vulnerable dependency:
- @vue/language-core
- Affected versions: 1.7.0-alpha.0 - 2.0.28
- Package usage:
node_modules/vue-tsc
vuex #
- Caused by vulnerable dependency:
- vue
- Affected versions: 3.1.3 - 3.6.2
- Package usage:
node_modules/vuex
Activity
Run #2495
Run Properties:
Failed #2495
cf75d9c379: [stable29] Fix npm audit
Failed #2495 cf75d9c379: [stable29] Fix npm audit| Project |
Activity
|
| Branch Review |
automated/noid/stable29-fix-npm-audit
|
| Run status |
|
| Run duration | 03m 56s |
| Commit |
|
| Committer | Nextcloud Command Bot |
| View all properties for this run ↗︎ | |
| Test results | |
|---|---|
|
Failures
|
3
|
Flaky
|
0
|
Pending
|
0
|
Skipped
|
0
|
Passing
|
7
|
| View all changes introduced in this branch ↗︎ | |
Tests for review
cypress/e2e/sidebar.cy.ts • 3 failed tests • Run E2E
![cypress[bot] avatar](https://avatars.githubusercontent.com/in/9078?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 41.87%. Comparing base (
0a07d0a) to head (3a002dc). Report is 4 commits behind head on stable29.
Additional details and impacted files
@@ Coverage Diff @@
## stable29 #1710 +/- ##
=========================================
Coverage 41.87% 41.87%
=========================================
Files 43 43
Lines 3847 3847
Branches 110 110
=========================================
Hits 1611 1611
Misses 2210 2210
Partials 26 26
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}