[master] Fix npm audit #2796

nextcloud-command · 2025-04-06T03:28:58Z

Audit report

This audit fix resolves 10 of the total 17 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/vite-config
@vitejs/plugin-vue2
dockerode
esbuild
rollup-plugin-esbuild-minify
tar-fs
vite
vue-async-computed
vue-resize

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=4.2.0-beta.1
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/vite-config #

Caused by vulnerable dependency:
- @vitejs/plugin-vue2
- rollup-plugin-esbuild-minify
Affected versions: *
Package usage:
- node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@vitejs/plugin-vue2

dockerode #

Caused by vulnerable dependency:
- tar-fs
Affected versions: 3.0.0 - 4.0.4
Package usage:
- node_modules/dockerode

esbuild #

esbuild enables any website to send any requests to the development server and read the response
Severity: moderate (CVSS 5.3)
Reference: GHSA-67mh-4wv8-2f99
Affected versions: <=0.24.2
Package usage:
- node_modules/esbuild
- node_modules/vite/node_modules/esbuild

rollup-plugin-esbuild-minify #

Caused by vulnerable dependency:
- esbuild
Affected versions: *
Package usage:
- node_modules/rollup-plugin-esbuild-minify

tar-fs #

tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
Severity: high (CVSS 7.5)
Reference: GHSA-pq67-2wwv-3xjx
Affected versions: 2.0.0 - 2.1.1
Package usage:
- node_modules/tar-fs

vite #

Vite has a server.fs.deny bypassed for inline and raw with ?import query
Severity: moderate (CVSS 5.3)
Reference: GHSA-4r4m-qw57-chr8
Affected versions: 0.11.0 - 6.1.5
Package usage:
- node_modules/vite

vue-async-computed #

Caused by vulnerable dependency:
- vue
Affected versions: 2.0.0-rc.1 - 4.0.0-mixin.0
Package usage:
- node_modules/vue-async-computed

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Apr 6, 2025

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 44ed4a1 to d0192fb Compare April 13, 2025 04:28

fix(deps): Fix npm audit

afd5ee7

Signed-off-by: GitHub <[email protected]>

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from d0192fb to afd5ee7 Compare April 20, 2025 03:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[master] Fix npm audit #2796

[master] Fix npm audit #2796

nextcloud-command commented Apr 6, 2025 •

edited

Loading

[master] Fix npm audit #2796

Are you sure you want to change the base?

[master] Fix npm audit #2796

Conversation

nextcloud-command commented Apr 6, 2025 • edited Loading

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/vite-config #

@vitejs/plugin-vue2 #

dockerode #

esbuild #

rollup-plugin-esbuild-minify #

tar-fs #

vite #

vue-async-computed #

vue-resize #

nextcloud-command commented Apr 6, 2025 •

edited

Loading