[stable28] Fix npm audit

[nextcloud-command]

Audit report

This audit fix resolves 7 of the total 9 vulnerabilities found in your project.

Updated dependencies

• @vue/component-compiler-utils
• axios
• elliptic
• micromatch
• postcss
• vue-loader
• webpack

Fixed vulnerabilities

@vue/component-compiler-utils #

• Caused by vulnerable dependency:
  • postcss
• Affected versions: *
• Package usage:
  • node_modules/@vue/component-compiler-utils

axios #

• Server-Side Request Forgery in axios
• Severity: high
• Reference: GHSA-8hc4-vh64-cxmj
• Affected versions: 1.3.2 - 1.7.3
• Package usage:
  • node_modules/axios

elliptic #

• Elliptic's EDDSA missing signature length check
• Severity: low (CVSS 5.3)
• Reference: GHSA-f7q4-pwc6-w24p
• Affected versions: 2.0.0 - 6.5.6
• Package usage:
  • node_modules/elliptic

micromatch #

• Regular Expression Denial of Service (ReDoS) in micromatch
• Severity: moderate
• Reference: GHSA-952p-6rrq-rcjv
• Affected versions: <4.0.8
• Package usage:
  • node_modules/micromatch

postcss #

• PostCSS line return parsing error
• Severity: moderate (CVSS 5.3)
• Reference: GHSA-7fh5-64p2-3v2j
• Affected versions: <8.4.31
• Package usage:
  • node_modules/@vue/component-compiler-utils/node_modules/postcss

vue-loader #

• Caused by vulnerable dependency:
  • @vue/component-compiler-utils
• Affected versions: 15.0.0-beta.1 - 15.11.1
• Package usage:
  • node_modules/vue-loader

webpack #

• Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
• Severity: moderate (CVSS 6.4)
• Reference: GHSA-4vvj-4cpr-p986
• Affected versions: <5.94.0
• Package usage:
  • node_modules/webpack