[stable28] Fix npm audit

[nextcloud-command]

Audit report

This audit fix resolves 8 of the total 10 vulnerabilities found in your project.

Updated dependencies

• @nextcloud/axios
• @nextcloud/vue
• @vue/component-compiler-utils
• axios
• micromatch
• postcss
• vue-loader
• webpack

Fixed vulnerabilities

@nextcloud/axios #

• Caused by vulnerable dependency:
  • axios
• Affected versions: <=2.3.0
• Package usage:
  • node_modules/@nextcloud/axios

@nextcloud/vue #

• Caused by vulnerable dependency:
  • @nextcloud/axios
• Affected versions: <=6.0.0-beta.8
• Package usage:
  • node_modules/@nextcloud/vue

@vue/component-compiler-utils #

• Caused by vulnerable dependency:
  • postcss
• Affected versions: *
• Package usage:
  • node_modules/@vue/component-compiler-utils

axios #

• Axios Cross-Site Request Forgery Vulnerability
• Severity: moderate (CVSS 6.5)
• Reference: GHSA-wf5p-g6vw-rhxx
• Affected versions: 0.8.1 - 0.27.2
• Package usage:
  • node_modules/axios

micromatch #

• Regular Expression Denial of Service (ReDoS) in micromatch
• Severity: moderate (CVSS 5.3)
• Reference: GHSA-952p-6rrq-rcjv
• Affected versions: <4.0.8
• Package usage:
  • node_modules/micromatch

postcss #

• PostCSS line return parsing error
• Severity: moderate (CVSS 5.3)
• Reference: GHSA-7fh5-64p2-3v2j
• Affected versions: <8.4.31
• Package usage:
  • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

• Caused by vulnerable dependency:
  • @vue/component-compiler-utils
• Affected versions: 15.0.0-beta.1 - 15.11.1
• Package usage:
  • node_modules/vue-loader

webpack #

• Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
• Severity: moderate (CVSS 6.4)
• Reference: GHSA-4vvj-4cpr-p986
• Affected versions: <5.94.0
• Package usage:
  • node_modules/webpack