Skip to content

[stable30] Fix npm audit#356

Merged
blizzz merged 1 commit intostable30from
automated/noid/stable30-fix-npm-audit
Sep 5, 2024
Merged

[stable30] Fix npm audit#356
blizzz merged 1 commit intostable30from
automated/noid/stable30-fix-npm-audit

Conversation

@nextcloud-command
Copy link
Contributor

@nextcloud-command nextcloud-command commented Aug 18, 2024
edited
Loading

Audit report

This audit fix resolves 4 of the total 8 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

axios #

  • Server-Side Request Forgery in axios
  • Severity: high
  • Reference: GHSA-8hc4-vh64-cxmj
  • Affected versions: 1.3.2 - 1.7.3
  • Package usage:
    • node_modules/axios

elliptic #

  • Elliptic's EDDSA missing signature length check
  • Severity: low (CVSS 5.3)
  • Reference: GHSA-f7q4-pwc6-w24p
  • Affected versions: 2.0.0 - 6.5.6
  • Package usage:
    • node_modules/elliptic

micromatch #

  • Regular Expression Denial of Service (ReDoS) in micromatch
  • Severity: moderate (CVSS 5.3)
  • Reference: GHSA-952p-6rrq-rcjv
  • Affected versions: <4.0.8
  • Package usage:
    • node_modules/micromatch

vue-tsc #

  • Caused by vulnerable dependency:
  • Affected versions: 1.7.0-alpha.0 - 2.0.28
  • Package usage:
    • node_modules/vue-tsc

@nextcloud-command nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Aug 18, 2024
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable30-fix-npm-audit branch from 85a1a7b to b7a6c1f Compare August 25, 2024 02:58
@nextcloud-command nextcloud-command force-pushed the automated/noid/stable30-fix-npm-audit branch from b7a6c1f to 5fb7d01 Compare September 1, 2024 03:23
@AndyScherzinger AndyScherzinger added this to the Nextcloud 30 milestone Sep 2, 2024
@blizzz blizzz mentioned this pull request Sep 4, 2024
Merged
@blizzz blizzz merged commit 591c8f8 into stable30 Sep 5, 2024
@blizzz blizzz deleted the automated/noid/stable30-fix-npm-audit branch September 5, 2024 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@sorbaugh sorbaugh sorbaugh approved these changes

@susnux susnux Awaiting requested review from susnux

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

Nextcloud 30

Development

Successfully merging this pull request may close these issues.

4 participants

@nextcloud-command @AndyScherzinger @sorbaugh @blizzz