Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable5.5] Fix npm audit #3931

Merged
merged 3 commits into from
May 29, 2024
Merged

[stable5.5] Fix npm audit #3931

merged 3 commits into from
May 29, 2024

Conversation

nextcloud-command
Copy link
Contributor

Audit report

This audit fix resolves 8 of the total 13 vulnerabilities found in your project.

Updated dependencies

Fixed vulnerabilities

@nextcloud/capabilities #

babel-helper-function-name #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/babel-helper-function-name

babel-plugin-transform-class-properties #

babel-template #

  • Caused by vulnerable dependency:
  • Affected versions: *
  • Package usage:
    • node_modules/babel-template

babel-traverse #

  • Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
  • Severity: critical 馃毃 (CVSS 9.4)
  • Reference: GHSA-67hx-6x53-jw92
  • Affected versions: *
  • Package usage:
    • node_modules/babel-traverse

express #

  • Express.js Open Redirect in malformed URLs
  • Severity: moderate (CVSS 6.1)
  • Reference: GHSA-rv95-896h-c2vc
  • Affected versions: <4.19.2
  • Package usage:
    • node_modules/express

follow-redirects #

  • Follow Redirects improperly handles URLs in the url.parse() function
  • Severity: moderate (CVSS 6.1)
  • Reference: GHSA-jchw-25xp-jwwc
  • Affected versions: <=1.15.5
  • Package usage:
    • node_modules/follow-redirects

webpack-dev-middleware #

  • Path traversal in webpack-dev-middleware
  • Severity: high (CVSS 7.4)
  • Reference: GHSA-wr3j-pwj9-hqq6
  • Affected versions: <=5.3.3
  • Package usage:
    • node_modules/webpack-dev-middleware

@nextcloud-command
fix(deps): fix npm audit
bb32d6d 
Signed-off-by: GitHub <noreply@github.com>
@st3iny
ci(phpunit): update server versions
f45d399 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
@st3iny
ci(phpunit): add summary job
8b8bc66 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
@st3iny st3iny enabled auto-merge May 29, 2024 07:32
@st3iny st3iny merged commit 1d0dc7a into stable5.5 May 29, 2024
26 checks passed
@st3iny st3iny deleted the automated/noid/stable5.5-fix-npm-audit branch May 29, 2024 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@st3iny st3iny st3iny approved these changes

Assignees
No one assigned
Labels
3. to review Waiting for reviews dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nextcloud-command @st3iny