files_lock icon indicating copy to clipboard operation
files_lock copied to clipboard
verified publisher icon nextcloud

[stable29] Fix npm audit

Open nextcloud-command opened this issue 7 months ago • 0 comments

Audit report

This audit fix resolves 13 of the total 13 vulnerabilities found in your project.

Updated dependencies

  • @linusborg/vue-simple-portal
  • @nextcloud/dialogs
  • @nextcloud/vite-config
  • @nextcloud/vue
  • @nextcloud/vue-select
  • @vitejs/plugin-vue2
  • esbuild
  • floating-vue
  • vite
  • vue
  • vue-frag
  • vue-resize
  • vue2-datepicker

Fixed vulnerabilities

@linusborg/vue-simple-portal #

  • Caused by vulnerable dependency:
    • vue
  • Affected versions: *
  • Package usage:
    • node_modules/@linusborg/vue-simple-portal

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
    • @nextcloud/vue
    • vue
    • vue-frag
  • Affected versions: 4.2.0-beta.1 - 6.3.0
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/vite-config #

  • Caused by vulnerable dependency:
    • @vitejs/plugin-vue2
  • Affected versions: <=1.5.6
  • Package usage:
    • node_modules/@nextcloud/vite-config

@nextcloud/vue #

  • Caused by vulnerable dependency:
    • @linusborg/vue-simple-portal
    • @nextcloud/vue-select
    • floating-vue
    • vue
    • vue-frag
    • vue2-datepicker
  • Affected versions: <=8.26.1
  • Package usage:
    • node_modules/@nextcloud/vue

@nextcloud/vue-select #

  • Caused by vulnerable dependency:
    • vue
  • Affected versions: *
  • Package usage:
    • node_modules/@nextcloud/vue-select

@vitejs/plugin-vue2 #

  • Caused by vulnerable dependency:
    • vue
  • Affected versions: *
  • Package usage:
    • node_modules/@vitejs/plugin-vue2

esbuild #

  • esbuild enables any website to send any requests to the development server and read the response
  • Severity: moderate (CVSS 5.3)
  • Reference: https://github.com/advisories/GHSA-67mh-4wv8-2f99
  • Affected versions: <=0.24.2
  • Package usage:
    • node_modules/vite/node_modules/esbuild

floating-vue #

  • Caused by vulnerable dependency:
    • vue
    • vue-resize
  • Affected versions: <=1.0.0-beta.19
  • Package usage:
    • node_modules/floating-vue

vite #

  • Caused by vulnerable dependency:
    • esbuild
  • Affected versions: 0.11.0 - 6.1.6
  • Package usage:
    • node_modules/vite

vue #

  • ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
  • Severity: low (CVSS 3.7)
  • Reference: https://github.com/advisories/GHSA-5j4c-8p2g-v4jx
  • Affected versions: 2.0.0-alpha.1 - 2.7.16
  • Package usage:
    • node_modules/vue

vue-frag #

  • Caused by vulnerable dependency:
    • vue
  • Affected versions: >=1.3.1
  • Package usage:
    • node_modules/vue-frag

vue-resize #

  • Caused by vulnerable dependency:
    • vue
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

vue2-datepicker #

  • Caused by vulnerable dependency:
    • vue
  • Affected versions: <=1.9.8 || 3.0.2 - 3.11.1
  • Package usage:
    • node_modules/vue2-datepicker

nextcloud-command avatar May 18 '25 03:05 nextcloud-command