recommendations icon indicating copy to clipboard operation
recommendations copied to clipboard
verified publisher icon nextcloud

[stable30] Fix npm audit

Open nextcloud-command opened this issue 10 months ago • 0 comments

Audit report

This audit fix resolves 9 of the total 27 vulnerabilities found in your project.

Updated dependencies

  • @babel/helpers
  • @nextcloud/webpack-vue-config
  • @vue/component-compiler-utils
  • dompurify
  • http-proxy-middleware
  • postcss
  • vue-loader
  • vue-template-compiler
  • vuex

Fixed vulnerabilities

@babel/helpers #

  • Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
  • Severity: moderate (CVSS 6.2)
  • Reference: https://github.com/advisories/GHSA-968p-4wvh-cqc8
  • Affected versions: <7.26.10
  • Package usage:
    • node_modules/@babel/helpers

@nextcloud/webpack-vue-config #

  • Caused by vulnerable dependency:
    • vue
    • vue-loader
    • vue-template-compiler
  • Affected versions: <=6.2.0
  • Package usage:
    • node_modules/@nextcloud/webpack-vue-config

@vue/component-compiler-utils #

  • Caused by vulnerable dependency:
    • postcss
  • Affected versions: *
  • Package usage:
    • node_modules/@vue/component-compiler-utils

dompurify #

http-proxy-middleware #

  • http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
  • Severity: moderate (CVSS 4)
  • Reference: https://github.com/advisories/GHSA-9gqv-wp59-fq42
  • Affected versions: 1.3.0 - 2.0.8
  • Package usage:
    • node_modules/http-proxy-middleware

postcss #

vue-loader #

  • Caused by vulnerable dependency:
    • @vue/component-compiler-utils
  • Affected versions: 15.0.0-beta.1 - 15.11.1
  • Package usage:
    • node_modules/vue-loader

vue-template-compiler #

vuex #

  • Caused by vulnerable dependency:
    • vue
  • Affected versions: 3.1.3 - 3.6.2
  • Package usage:
    • node_modules/vuex

nextcloud-command avatar Feb 16 '25 03:02 nextcloud-command