New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[main] Fix npm audit #928

Open

nextcloud-command wants to merge 1 commit into main from automated/noid/main-fix-npm-audit

Contributor

nextcloud-command commented Nov 24, 2024 •

edited

Loading

Audit report

This audit fix resolves 3 of the total 7 vulnerabilities found in your project.

Updated dependencies

cross-spawn
nanoid
vue-tsc

Fixed vulnerabilities

cross-spawn #

Regular Expression Denial of Service (ReDoS) in cross-spawn
Severity: high (CVSS 7.5)
Reference: GHSA-3xgq-45jj-v275
Affected versions: 7.0.0 - 7.0.4
Package usage:
- node_modules/cross-spawn

nanoid #

Predictable results in nanoid generation when given non-integer values
Severity: moderate (CVSS 4.3)
Reference: GHSA-mwcw-c2x4-8c55
Affected versions: <3.3.8
Package usage:
- node_modules/nanoid

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc

nextcloud-command requested review from hamza221 and st3iny as code owners

November 24, 2024 03:24

nextcloud-command added 3. to review dependencies labels


          fix(deps): Fix npm audit

40336b6

Signed-off-by: GitHub <[email protected]>

nextcloud-command force-pushed the automated/noid/main-fix-npm-audit branch from 18bbb29 to 40336b6 Compare

December 15, 2024 03:31

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review dependencies