recommendations icon indicating copy to clipboard operation
recommendations copied to clipboard
verified publisher icon nextcloud

[master] Fix npm audit

Open nextcloud-command opened this issue 1 year ago • 0 comments

Audit report

This audit fix resolves 9 of the total 18 vulnerabilities found in your project.

Updated dependencies

  • @nextcloud/files
  • @vue/component-compiler-utils
  • cookie
  • dompurify
  • express
  • micromatch
  • postcss
  • vue-loader
  • webpack

Fixed vulnerabilities

@nextcloud/files #

  • Caused by vulnerable dependency:
    • @nextcloud/l10n
  • Affected versions: >=1.1.0
  • Package usage:
    • node_modules/@nextcloud/files

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
    • postcss
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

cookie #

dompurify #

express #

  • Caused by vulnerable dependency:
    • cookie
  • Affected versions: 3.0.0-alpha1 - 4.21.0 || 5.0.0-alpha.1 - 5.0.0
  • Package usage:
    • node_modules/express

micromatch #

postcss #

vue-loader #

  • Caused by vulnerable dependency:
    • @vue/component-compiler-utils
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

webpack #

  • Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
  • Severity: moderate (CVSS 6.4)
  • Reference: https://github.com/advisories/GHSA-4vvj-4cpr-p986
  • Affected versions: 5.0.0-alpha.0 - 5.93.0
  • Package usage:
    • node_modules/webpack

nextcloud-command avatar Aug 25 '24 03:08 nextcloud-command