end_to_end_encryption
end_to_end_encryption copied to clipboard
nextcloud
[stable28] Fix npm audit
Audit report
This audit fix resolves 17 of the total 24 vulnerabilities found in your project.
Updated dependencies
- @nextcloud/axios
- @nextcloud/dialogs
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/vue
- @vue/component-compiler-utils
- @vue/test-utils
- axios
- babel-plugin-transform-es2015-modules-commonjs
- babel-template
- babel-traverse
- cookie
- express
- node-gettext
- postcss
- vue-jest
- vue-loader
Fixed vulnerabilities
@nextcloud/axios #
- Caused by vulnerable dependency:
- axios
- Affected versions: <=2.3.0
- Package usage:
node_modules/@nextcloud/axios
@nextcloud/dialogs #
- Caused by vulnerable dependency:
- @nextcloud/files
- @nextcloud/l10n
- @nextcloud/vue
- Affected versions: >=2.0.0
- Package usage:
node_modules/@nextcloud/dialogsnode_modules/@nextcloud/vue/node_modules/@nextcloud/dialogs
@nextcloud/files #
- Caused by vulnerable dependency:
- @nextcloud/l10n
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/files
@nextcloud/l10n #
- Caused by vulnerable dependency:
- node-gettext
- Affected versions: >=1.1.0
- Package usage:
node_modules/@nextcloud/files/node_modules/@nextcloud/l10nnode_modules/@nextcloud/l10nnode_modules/@nextcloud/vue/node_modules/@nextcloud/l10n
@nextcloud/vue #
- Caused by vulnerable dependency:
- @nextcloud/dialogs
- @nextcloud/l10n
- node-polyfill-webpack-plugin
- Affected versions: >=1.4.0
- Package usage:
node_modules/@nextcloud/vue
@vue/component-compiler-utils #
- Caused by vulnerable dependency:
- postcss
- Affected versions: *
- Package usage:
node_modules/@vue/component-compiler-utils
@vue/test-utils #
- Caused by vulnerable dependency:
- vue-template-compiler
- Affected versions: <=1.3.6
- Package usage:
node_modules/@vue/test-utils
axios #
- Axios Cross-Site Request Forgery Vulnerability
- Severity: moderate (CVSS 6.5)
- Reference: https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
- Affected versions: 0.8.1 - 0.27.2
- Package usage:
node_modules/axios
babel-plugin-transform-es2015-modules-commonjs #
- Caused by vulnerable dependency:
- babel-template
- Affected versions: <=7.0.0-beta.0
- Package usage:
node_modules/babel-plugin-transform-es2015-modules-commonjs
babel-template #
- Caused by vulnerable dependency:
- babel-traverse
- Affected versions: *
- Package usage:
node_modules/babel-template
babel-traverse #
- Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
- Severity: critical 🚨 (CVSS 9.4)
- Reference: https://github.com/advisories/GHSA-67hx-6x53-jw92
- Affected versions: *
- Package usage:
node_modules/babel-traverse
cookie #
- cookie accepts cookie name, path, and domain with out of bounds characters
- Severity: low
- Reference: https://github.com/advisories/GHSA-pxg6-pf52-xh8x
- Affected versions: <0.7.0
- Package usage:
node_modules/cookie
express #
- Caused by vulnerable dependency:
- cookie
- Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
- Package usage:
node_modules/express
node-gettext #
- node-gettext vulnerable to Prototype Pollution
- Severity: moderate (CVSS 5.9)
- Reference: https://github.com/advisories/GHSA-g974-hxvm-x689
- Affected versions: *
- Package usage:
node_modules/node-gettext
postcss #
- PostCSS line return parsing error
- Severity: moderate (CVSS 5.3)
- Reference: https://github.com/advisories/GHSA-7fh5-64p2-3v2j
- Affected versions: <8.4.31
- Package usage:
node_modules/@vue/component-compiler-utils/node_modules/postcss
vue-jest #
- Caused by vulnerable dependency:
- babel-plugin-transform-es2015-modules-commonjs
- vue-template-compiler
- Affected versions: 1.0.0 - 4.0.1
- Package usage:
node_modules/vue-jest
vue-loader #
- Caused by vulnerable dependency:
- @vue/component-compiler-utils
- Affected versions: 15.0.0-beta.1 - 15.11.1
- Package usage:
node_modules/vue-loader
