[stable27] Fix npm audit

[nextcloud-command]

Audit report

This audit fix resolves 10 of the total 12 vulnerabilities found in your project.

Updated dependencies

• @nextcloud/vue
• @vue/component-compiler-utils
• browserify-sign
• create-ecdh
• crypto-browserify
• elliptic
• fast-xml-parser
• node-polyfill-webpack-plugin
• postcss
• vue-loader

  Fixed vulnerabilities

@nextcloud/vue #

• Caused by vulnerable dependency:
  • node-polyfill-webpack-plugin
• Affected versions: 7.6.1 - 8.3.0
• Package usage:
  • node_modules/@nextcloud/vue

@vue/component-compiler-utils #

• Caused by vulnerable dependency:
  • postcss
• Affected versions: *
• Package usage:
  • node_modules/@vue/component-compiler-utils

browserify-sign #

• Caused by vulnerable dependency:
  • elliptic
• Affected versions: >=3.0.2
• Package usage:
  • node_modules/browserify-sign

create-ecdh #

• Caused by vulnerable dependency:
  • elliptic
• Affected versions: >=2.0.1
• Package usage:
  • node_modules/create-ecdh

crypto-browserify #

• Caused by vulnerable dependency:
  • browserify-sign
  • create-ecdh
• Affected versions: >=3.11.0
• Package usage:
  • node_modules/crypto-browserify

elliptic #

• Elliptic's ECDSA missing check for whether leading bit of r and s is zero
• Severity: low (CVSS 5.3)
• Reference: https://github.com/advisories/GHSA-977x-g7h5-7qgw
• Affected versions: >=2.0.0
• Package usage:
  • node_modules/elliptic

fast-xml-parser #

• fast-xml-parser vulnerable to ReDOS at currency parsing
• Severity: high (CVSS 7.5)
• Reference: https://github.com/advisories/GHSA-mpg4-rc92-vx8v
• Affected versions: <4.4.1
• Package usage:
  • node_modules/fast-xml-parser

node-polyfill-webpack-plugin #

• Caused by vulnerable dependency:
  • crypto-browserify
• Affected versions: *
• Package usage:
  • node_modules/node-polyfill-webpack-plugin

postcss #

• PostCSS line return parsing error
• Severity: moderate (CVSS 5.3)
• Reference: https://github.com/advisories/GHSA-7fh5-64p2-3v2j
• Affected versions: <8.4.31
• Package usage:
  • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

• Caused by vulnerable dependency:
  • @vue/component-compiler-utils
• Affected versions: 15.0.0-beta.1 - 15.11.1
• Package usage:
  • node_modules/vue-loader