[master] Fix npm audit #484

nextcloud-command · 2025-06-15T03:43:06Z

Audit report

This audit fix resolves 8 of the total 15 vulnerabilities found in your project.

Updated dependencies

@nextcloud/dialogs
@nextcloud/vite-config
@vitejs/plugin-vue2
brace-expansion
esbuild
pbkdf2
vite
vue-resize

Fixed vulnerabilities

@nextcloud/dialogs #

Caused by vulnerable dependency:
Affected versions: 4.2.0-beta.1 - 6.3.1
Package usage:
- node_modules/@nextcloud/dialogs

@nextcloud/vite-config #

Caused by vulnerable dependency:
- @vitejs/plugin-vue2
Affected versions: <=1.5.6
Package usage:
- node_modules/@nextcloud/vite-config

@vitejs/plugin-vue2 #

Caused by vulnerable dependency:
- vue
Affected versions: *
Package usage:
- node_modules/@vitejs/plugin-vue2

brace-expansion #

brace-expansion Regular Expression Denial of Service vulnerability
Severity: low (CVSS 3.1)
Reference: GHSA-v6h2-p8h4-qcjw
Affected versions: 1.0.0 - 1.1.11 || 2.0.0 - 2.0.1
Package usage:
- node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion
- node_modules/@vue/language-core/node_modules/brace-expansion
- node_modules/brace-expansion
- node_modules/typedoc/node_modules/brace-expansion
- node_modules/webdav/node_modules/brace-expansion

esbuild #

esbuild enables any website to send any requests to the development server and read the response
Severity: moderate (CVSS 5.3)
Reference: GHSA-67mh-4wv8-2f99
Affected versions: <=0.24.2
Package usage:
- node_modules/vite/node_modules/esbuild

pbkdf2 #

pbkdf2 silently disregards Uint8Array input, returning static keys
Severity: critical 🚨
Reference: GHSA-v62p-rq8g-8h59
Affected versions: <=3.1.2
Package usage:
- node_modules/pbkdf2

vite #

Caused by vulnerable dependency:
- esbuild
Affected versions: 0.11.0 - 6.1.6
Package usage:
- node_modules/vite

vue-resize #

Caused by vulnerable dependency:
- vue
Affected versions: 0.4.0 - 1.0.1
Package usage:
- node_modules/vue-resize

Signed-off-by: GitHub <[email protected]>

nextcloud-command added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Jun 15, 2025

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 320f990 to 9e16ff6 Compare June 29, 2025 03:49

nextcloud-command force-pushed the automated/noid/master-fix-npm-audit branch from 9e16ff6 to 7d12bd5 Compare July 6, 2025 03:49

fix(deps): Fix npm audit

2ed60b2

Signed-off-by: GitHub <[email protected]>

susnux force-pushed the automated/noid/master-fix-npm-audit branch from 7d12bd5 to 2ed60b2 Compare July 9, 2025 12:49

susnux approved these changes Jul 9, 2025

View reviewed changes

susnux merged commit 546dda3 into master Jul 9, 2025
23 checks passed

susnux deleted the automated/noid/master-fix-npm-audit branch July 9, 2025 13:01

skjnldsv mentioned this pull request Aug 19, 2025

32.0.0 beta 1 nextcloud/server#54502

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[master] Fix npm audit #484

[master] Fix npm audit #484

Uh oh!

nextcloud-command commented Jun 15, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[master] Fix npm audit #484

[master] Fix npm audit #484

Uh oh!

Conversation

nextcloud-command commented Jun 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Audit report

Updated dependencies

Fixed vulnerabilities

@nextcloud/dialogs #

@nextcloud/vite-config #

@vitejs/plugin-vue2 #

brace-expansion #

esbuild #

pbkdf2 #

vite #

vue-resize #

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

nextcloud-command commented Jun 15, 2025 •

edited

Loading