[stable30] Fix npm audit #612

nextcloud-command · 2025-03-23T03:37:03Z

Audit report

This audit fix resolves 11 of the total 16 vulnerabilities found in your project.

Updated dependencies

@linusborg/vue-simple-portal
@nextcloud/dialogs
@nextcloud/vue
@nextcloud/vue-select
dockerode
floating-vue
tar-fs
vite
vue-frag
vue-resize
vue2-datepicker

Fixed vulnerabilities

@linusborg/vue-simple-portal #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@linusborg/vue-simple-portal

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: >=4.2.0-beta.1
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/vue #

Caused by vulnerable dependency:
Affected versions: <=8.25.1
Package usage:
- node_modules/@nextcloud/vue

@nextcloud/vue-select #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@nextcloud/vue-select

dockerode #

Caused by vulnerable dependency:
- tar-fs
Affected versions: 3.0.0 - 4.0.4
Package usage:
- node_modules/dockerode

floating-vue #

Caused by vulnerable dependency:
- vue
- vue-resize
Affected versions: <=1.0.0-beta.19
Package usage:
- node_modules/floating-vue

tar-fs #

tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
Severity: high (CVSS 7.5)
Reference: GHSA-pq67-2wwv-3xjx
Affected versions: 2.0.0 - 2.1.1
Package usage:
- node_modules/tar-fs

vite #

Vite bypasses server.fs.deny when using ?raw??
Severity: moderate (CVSS 5.3)
Reference: GHSA-x574-m823-4x7w
Affected versions: <=6.1.5
Package usage:
- node_modules/vite

vue-frag #

Caused by vulnerable dependency:
- vue
Affected versions: >=1.3.1
Package usage:
- node_modules/vue-frag

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

vue2-datepicker #

Caused by vulnerable dependency:
- vue
Affected versions: <=1.9.8 || 3.0.2 - 3.11.1
Package usage:
- node_modules/vue2-datepicker

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review dependencies Pull requests that update a dependency file labels Mar 23, 2025

nextcloud-command force-pushed the automated/noid/stable30-fix-npm-audit branch from 41e647b to 60eacf4 Compare March 30, 2025 03:33

nextcloud-command force-pushed the automated/noid/stable30-fix-npm-audit branch from 60eacf4 to e92c2f5 Compare April 6, 2025 03:35

nextcloud-command force-pushed the automated/noid/stable30-fix-npm-audit branch from e92c2f5 to baf31e7 Compare April 13, 2025 04:27

fix(deps): Fix npm audit

c16445e

Signed-off-by: GitHub <[email protected]>

nextcloud-command force-pushed the automated/noid/stable30-fix-npm-audit branch from baf31e7 to c16445e Compare April 20, 2025 03:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable30] Fix npm audit #612

[stable30] Fix npm audit #612

nextcloud-command commented Mar 23, 2025 •

edited

Loading

[stable30] Fix npm audit #612

Are you sure you want to change the base?

[stable30] Fix npm audit #612

Conversation

nextcloud-command commented Mar 23, 2025 • edited Loading

Audit report

Updated dependencies

Fixed vulnerabilities

@linusborg/vue-simple-portal #

@nextcloud/dialogs #

@nextcloud/vue #

@nextcloud/vue-select #

dockerode #

floating-vue #

tar-fs #

vite #

vue-frag #

vue-resize #

vue2-datepicker #

nextcloud-command commented Mar 23, 2025 •

edited

Loading