New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[main] Fix npm audit #923

Open

nextcloud-command wants to merge 1 commit into main from automated/noid/main-fix-npm-audit

Contributor

nextcloud-command commented Oct 6, 2024

Audit report

This audit fix resolves 6 of the total 10 vulnerabilities found in your project.

Updated dependencies

cookie
engine.io
karma
karma-jasmine
socket.io
vue-tsc

Fixed vulnerabilities

cookie #

cookie accepts cookie name, path, and domain with out of bounds characters
Severity: low
Reference: GHSA-pxg6-pf52-xh8x
Affected versions: <0.7.0
Package usage:
- node_modules/cookie

engine.io #

Caused by vulnerable dependency:
- cookie
Affected versions: >=1.8.0
Package usage:
- node_modules/engine.io

karma #

Caused by vulnerable dependency:
- socket.io
Affected versions: >=1.4.0
Package usage:
- node_modules/karma

karma-jasmine #

Caused by vulnerable dependency:
- karma
Affected versions: >=5.0.0
Package usage:
- node_modules/karma-jasmine

socket.io #

Caused by vulnerable dependency:
- engine.io
Affected versions: >=1.6.0
Package usage:
- node_modules/socket.io

vue-tsc #

Caused by vulnerable dependency:
- @vue/language-core
Affected versions: 1.7.0-alpha.0 - 2.0.28
Package usage:
- node_modules/vue-tsc


fix(deps): Fix npm audit

0209d89

Signed-off-by: GitHub <noreply@github.com>

nextcloud-command requested review from hamza221 and st3iny as code owners

October 6, 2024 03:40

nextcloud-command added 3. to review dependencies labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review dependencies