Skip to content

[master] Fix npm audit #771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Altahrim merged 1 commit into from
Aug 28, 2025
Merged

[master] Fix npm audit #771

Altahrim merged 1 commit into from
Aug 28, 2025

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Apr 6, 2025
edited
Loading

Audit report

This audit fix resolves 8 of the total 15 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

  • Caused by vulnerable dependency:
  • Affected versions: 4.2.0-beta.1 - 6.3.1
  • Package usage:
    • node_modules/@nextcloud/dialogs

@nextcloud/vite-config #

  • Caused by vulnerable dependency:
  • Affected versions: <=1.6.0
  • Package usage:
    • node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/@vitejs/plugin-vue2

brace-expansion #

  • brace-expansion Regular Expression Denial of Service vulnerability
  • Severity: low (CVSS 3.1)
  • Reference: GHSA-v6h2-p8h4-qcjw
  • Affected versions: 1.0.0 - 1.1.11 || 2.0.0 - 2.0.1
  • Package usage:
    • node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion
    • node_modules/@vue/language-core/node_modules/brace-expansion
    • node_modules/brace-expansion
    • node_modules/webdav/node_modules/brace-expansion

form-data #

  • form-data uses unsafe random function in form-data for choosing boundary
  • Severity: critical 🚨
  • Reference: GHSA-fjxv-7rqg-78g4
  • Affected versions: 4.0.0 - 4.0.3
  • Package usage:
    • node_modules/form-data

linkifyjs #

  • Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)
  • Severity: high
  • Reference: GHSA-95jq-xph2-cx9h
  • Affected versions: <4.3.2
  • Package usage:
    • node_modules/linkifyjs

sha.js #

  • sha.js is missing type checks leading to hash rewind and passing on crafted data
  • Severity: critical 🚨
  • Reference: GHSA-95m3-7q98-8xr5
  • Affected versions: <=2.4.11
  • Package usage:
    • node_modules/sha.js

vue-resize #

  • Caused by vulnerable dependency:
  • Affected versions: 0.4.0 - 1.0.1
  • Package usage:
    • node_modules/vue-resize

@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from ee54ff3 to f507cca Compare April 20, 2025 03:39
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from 3c657d7 to c60a5c7 Compare May 4, 2025 03:42
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from c60a5c7 to 08326cc Compare May 11, 2025 03:47
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from d800490 to 7a3e62f Compare May 25, 2025 03:47
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from 83488cd to ea21e88 Compare June 8, 2025 03:44
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from ea21e88 to d867a7b Compare June 15, 2025 03:52
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from ba384a8 to f6c5196 Compare July 6, 2025 03:52
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from f6c5196 to c7698b9 Compare July 13, 2025 04:01
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from c7698b9 to 8c5ed84 Compare July 20, 2025 04:02
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 8c5ed84 to f62d4cc Compare July 27, 2025 04:08
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from 139de1c to 6e5fc77 Compare August 10, 2025 04:01
@nextcloud-command nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch 2 times, most recently from c5f9842 to 907e8f3 Compare August 24, 2025 03:13
@nextcloud-command @Altahrim
fix(deps): Fix npm audit
b71031d 
Signed-off-by: GitHub <noreply@github.com>
@Altahrim Altahrim force-pushed the automated/noid/master-fix-npm-audit branch from 907e8f3 to b71031d Compare August 28, 2025 06:42
@Altahrim Altahrim merged commit 8a40228 into master Aug 28, 2025
42 checks passed
@Altahrim Altahrim deleted the automated/noid/master-fix-npm-audit branch August 28, 2025 06:45
@nextcloud-bot nextcloud-bot mentioned this pull request Aug 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Altahrim Altahrim Altahrim approved these changes

Assignees

No one assigned

Labels

3. to review dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nextcloud-command @Altahrim