This run took 117 seconds.
$ date
--- stdout ---
Tue Apr 2 13:23:21 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-services-mobileapps.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
7286317e60d9ff51756b93fbdf916fe3cdf8211e refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"microformat-node"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"debug": {
"name": "debug",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1096792,
"name": "debug",
"dependency": "debug",
"title": "Regular Expression Denial of Service in debug",
"url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=4.0.0 <4.3.1"
},
{
"source": 1096793,
"name": "debug",
"dependency": "debug",
"title": "Regular Expression Denial of Service in debug",
"url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=3.2.0 <3.2.7"
}
],
"effects": [
"mocha"
],
"range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0",
"nodes": [
"node_modules/gc-stats/node_modules/debug",
"node_modules/mocha/node_modules/debug"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"flat": {
"name": "flat",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089152,
"name": "flat",
"dependency": "flat",
"title": "flat vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<5.0.1"
}
],
"effects": [
"yargs-unparser"
],
"range": "<5.0.1",
"nodes": [
"node_modules/flat"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"ini": {
"name": "ini",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1093224,
"name": "ini",
"dependency": "ini",
"title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
"url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<1.3.6"
}
],
"effects": [],
"range": "<1.3.6",
"nodes": [
"node_modules/gc-stats/node_modules/ini"
],
"fixAvailable": true
},
"limitation": {
"name": "limitation",
"severity": "moderate",
"isDirect": false,
"via": [
"wikimedia-kad-fork"
],
"effects": [],
"range": ">=0.2.3",
"nodes": [
"node_modules/limitation"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096303,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"microformat-node": {
"name": "microformat-node",
"severity": "high",
"isDirect": true,
"via": [
"cheerio"
],
"effects": [],
"range": ">=2.0.1",
"nodes": [
"node_modules/microformat-node"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"mocha"
],
"range": "<3.0.5",
"nodes": [
"node_modules/gc-stats/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096465,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": ">=1.0.0 <1.2.3"
},
{
"source": 1096466,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<0.2.1"
},
{
"source": 1096548,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.2.4"
},
{
"source": 1096549,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [
"mkdirp"
],
"range": "<=0.2.3 || 1.0.0 - 1.2.5",
"nodes": [
"node_modules/gc-stats/node_modules/minimist",
"node_modules/gc-stats/node_modules/rc/node_modules/minimist"
],
"fixAvailable": true
},
"mkdirp": {
"name": "mkdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"minimist"
],
"effects": [],
"range": "0.4.1 - 0.5.1",
"nodes": [
"node_modules/gc-stats/node_modules/mkdirp"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "critical",
"isDirect": true,
"via": [
"debug",
"minimatch",
"yargs-unparser"
],
"effects": [],
"range": "5.1.0 - 9.2.1",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"ms": {
"name": "ms",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094419,
"name": "ms",
"dependency": "ms",
"title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.0"
}
],
"effects": [
"wikimedia-kad-fork"
],
"range": "<2.0.0",
"nodes": [
"node_modules/wikimedia-kad-fork/node_modules/ms"
],
"fixAvailable": true
},
"nodemon": {
"name": "nodemon",
"severity": "moderate",
"isDirect": true,
"via": [
"simple-update-notifier"
],
"effects": [],
"range": "2.0.19 - 2.0.22",
"nodes": [
"node_modules/nodemon"
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"sanitize-html"
],
"range": "<8.4.31",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": {
"name": "sanitize-html",
"version": "2.13.0",
"isSemVerMajor": true
}
},
"preq": {
"name": "preq",
"severity": "high",
"isDirect": true,
"via": [
"request",
"requestretry"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/preq"
],
"fixAvailable": false
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"preq",
"requestretry"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"requestretry": {
"name": "requestretry",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090420,
"name": "requestretry",
"dependency": "requestretry",
"title": "Cookie exposure in requestretry",
"url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<7.0.0"
},
"request"
],
"effects": [
"preq"
],
"range": "*",
"nodes": [
"node_modules/requestretry"
],
"fixAvailable": false
},
"sanitize-html": {
"name": "sanitize-html",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1089955,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "Improper Input Validation in sanitize-html",
"url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1091789,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "Improper Input Validation in sanitize-html",
"url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.1"
},
{
"source": 1096639,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "sanitize-html Information Exposure vulnerability",
"url": "https://github.com/advisories/GHSA-rm97-x556-q36h",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": "<2.12.1"
},
"postcss"
],
"effects": [],
"range": "<=2.12.0",
"nodes": [
"node_modules/sanitize-html"
],
"fixAvailable": {
"name": "sanitize-html",
"version": "2.13.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1096483,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.7.2"
}
],
"effects": [
"eslint-plugin-compat",
"simple-update-notifier"
],
"range": ">=7.0.0 <7.5.2 || <5.7.2",
"nodes": [
"node_modules/gc-stats/node_modules/semver",
"node_modules/semver",
"node_modules/simple-update-notifier/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"simple-update-notifier": {
"name": "simple-update-notifier",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"nodemon"
],
"range": "1.0.7 - 1.1.0",
"nodes": [
"node_modules/simple-update-notifier"
],
"fixAvailable": true
},
"swagger-ui-dist": {
"name": "swagger-ui-dist",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1088759,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Spoofing attack in swagger-ui-dist",
"url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
"severity": "moderate",
"cwe": [
"CWE-1021"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<4.1.3"
},
{
"source": 1092160,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Server side request forgery in SwaggerUI",
"url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<4.1.3"
}
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/swagger-ui-dist"
],
"fixAvailable": {
"name": "swagger-ui-dist",
"version": "5.13.0",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089684,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
"url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=4.0.0 <4.4.14"
},
{
"source": 1095117,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
"url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": "<4.4.18"
},
{
"source": 1096309,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
"url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-23",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=4.0.0 <4.4.15"
},
{
"source": 1096376,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=3.0.0 <4.4.16"
},
{
"source": 1096411,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=3.0.0 <4.4.18"
}
],
"effects": [],
"range": "<=4.4.17",
"nodes": [
"node_modules/gc-stats/node_modules/tar"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096643,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"wikimedia-kad-fork": {
"name": "wikimedia-kad-fork",
"severity": "moderate",
"isDirect": false,
"via": [
"ms"
],
"effects": [
"limitation"
],
"range": "*",
"nodes": [
"node_modules/wikimedia-kad-fork"
],
"fixAvailable": true
},
"yargs-unparser": {
"name": "yargs-unparser",
"severity": "critical",
"isDirect": false,
"via": [
"flat"
],
"effects": [
"mocha"
],
"range": "<=1.6.3",
"nodes": [
"node_modules/yargs-unparser"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 14,
"high": 10,
"critical": 4,
"total": 29
},
"dependencies": {
"prod": 276,
"dev": 454,
"optional": 82,
"peer": 0,
"peerOptional": 0,
"total": 806
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"microformat-node"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"debug": {
"name": "debug",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1096792,
"name": "debug",
"dependency": "debug",
"title": "Regular Expression Denial of Service in debug",
"url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=4.0.0 <4.3.1"
},
{
"source": 1096793,
"name": "debug",
"dependency": "debug",
"title": "Regular Expression Denial of Service in debug",
"url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=3.2.0 <3.2.7"
}
],
"effects": [
"mocha"
],
"range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0",
"nodes": [
"node_modules/gc-stats/node_modules/debug",
"node_modules/mocha/node_modules/debug"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"flat": {
"name": "flat",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089152,
"name": "flat",
"dependency": "flat",
"title": "flat vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<5.0.1"
}
],
"effects": [
"yargs-unparser"
],
"range": "<5.0.1",
"nodes": [
"node_modules/flat"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"ini": {
"name": "ini",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1093224,
"name": "ini",
"dependency": "ini",
"title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
"url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<1.3.6"
}
],
"effects": [],
"range": "<1.3.6",
"nodes": [
"node_modules/gc-stats/node_modules/ini"
],
"fixAvailable": true
},
"limitation": {
"name": "limitation",
"severity": "moderate",
"isDirect": false,
"via": [
"wikimedia-kad-fork"
],
"effects": [],
"range": ">=0.2.3",
"nodes": [
"node_modules/limitation"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096303,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"microformat-node": {
"name": "microformat-node",
"severity": "high",
"isDirect": true,
"via": [
"cheerio"
],
"effects": [],
"range": ">=2.0.1",
"nodes": [
"node_modules/microformat-node"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"mocha"
],
"range": "<3.0.5",
"nodes": [
"node_modules/gc-stats/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096465,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": ">=1.0.0 <1.2.3"
},
{
"source": 1096466,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<0.2.1"
},
{
"source": 1096548,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.2.4"
},
{
"source": 1096549,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [
"mkdirp"
],
"range": "<=0.2.3 || 1.0.0 - 1.2.5",
"nodes": [
"node_modules/gc-stats/node_modules/minimist",
"node_modules/gc-stats/node_modules/rc/node_modules/minimist"
],
"fixAvailable": true
},
"mkdirp": {
"name": "mkdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"minimist"
],
"effects": [],
"range": "0.4.1 - 0.5.1",
"nodes": [
"node_modules/gc-stats/node_modules/mkdirp"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "critical",
"isDirect": true,
"via": [
"debug",
"minimatch",
"yargs-unparser"
],
"effects": [],
"range": "5.1.0 - 9.2.1",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"ms": {
"name": "ms",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094419,
"name": "ms",
"dependency": "ms",
"title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.0"
}
],
"effects": [
"wikimedia-kad-fork"
],
"range": "<2.0.0",
"nodes": [
"node_modules/wikimedia-kad-fork/node_modules/ms"
],
"fixAvailable": true
},
"nodemon": {
"name": "nodemon",
"severity": "moderate",
"isDirect": true,
"via": [
"simple-update-notifier"
],
"effects": [],
"range": "2.0.19 - 2.0.22",
"nodes": [
"node_modules/nodemon"
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"sanitize-html"
],
"range": "<8.4.31",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": {
"name": "sanitize-html",
"version": "2.13.0",
"isSemVerMajor": true
}
},
"preq": {
"name": "preq",
"severity": "high",
"isDirect": true,
"via": [
"request",
"requestretry"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/preq"
],
"fixAvailable": false
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"preq",
"requestretry"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"requestretry": {
"name": "requestretry",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090420,
"name": "requestretry",
"dependency": "requestretry",
"title": "Cookie exposure in requestretry",
"url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<7.0.0"
},
"request"
],
"effects": [
"preq"
],
"range": "*",
"nodes": [
"node_modules/requestretry"
],
"fixAvailable": false
},
"sanitize-html": {
"name": "sanitize-html",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1089955,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "Improper Input Validation in sanitize-html",
"url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1091789,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "Improper Input Validation in sanitize-html",
"url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.1"
},
{
"source": 1096639,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "sanitize-html Information Exposure vulnerability",
"url": "https://github.com/advisories/GHSA-rm97-x556-q36h",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": "<2.12.1"
},
"postcss"
],
"effects": [],
"range": "<=2.12.0",
"nodes": [
"node_modules/sanitize-html"
],
"fixAvailable": {
"name": "sanitize-html",
"version": "2.13.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1096483,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.7.2"
}
],
"effects": [
"eslint-plugin-compat",
"simple-update-notifier"
],
"range": ">=7.0.0 <7.5.2 || <5.7.2",
"nodes": [
"node_modules/gc-stats/node_modules/semver",
"node_modules/semver",
"node_modules/simple-update-notifier/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"simple-update-notifier": {
"name": "simple-update-notifier",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"nodemon"
],
"range": "1.0.7 - 1.1.0",
"nodes": [
"node_modules/simple-update-notifier"
],
"fixAvailable": true
},
"swagger-ui-dist": {
"name": "swagger-ui-dist",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1088759,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Spoofing attack in swagger-ui-dist",
"url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
"severity": "moderate",
"cwe": [
"CWE-1021"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<4.1.3"
},
{
"source": 1092160,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Server side request forgery in SwaggerUI",
"url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<4.1.3"
}
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/swagger-ui-dist"
],
"fixAvailable": {
"name": "swagger-ui-dist",
"version": "5.13.0",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089684,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
"url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=4.0.0 <4.4.14"
},
{
"source": 1095117,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
"url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": "<4.4.18"
},
{
"source": 1096309,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
"url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-23",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=4.0.0 <4.4.15"
},
{
"source": 1096376,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=3.0.0 <4.4.16"
},
{
"source": 1096411,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=3.0.0 <4.4.18"
}
],
"effects": [],
"range": "<=4.4.17",
"nodes": [
"node_modules/gc-stats/node_modules/tar"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096643,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"wikimedia-kad-fork": {
"name": "wikimedia-kad-fork",
"severity": "moderate",
"isDirect": false,
"via": [
"ms"
],
"effects": [
"limitation"
],
"range": "*",
"nodes": [
"node_modules/wikimedia-kad-fork"
],
"fixAvailable": true
},
"yargs-unparser": {
"name": "yargs-unparser",
"severity": "critical",
"isDirect": false,
"via": [
"flat"
],
"effects": [
"mocha"
],
"range": "<=1.6.3",
"nodes": [
"node_modules/yargs-unparser"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 14,
"high": 10,
"critical": 4,
"total": 29
},
"dependencies": {
"prod": 276,
"dev": 454,
"optional": 82,
"peer": 0,
"peerOptional": 0,
"total": 806
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
--- stdout ---
{
"added": 740,
"removed": 0,
"changed": 0,
"audited": 807,
"funding": 74,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"microformat-node"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"debug": {
"name": "debug",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1096792,
"name": "debug",
"dependency": "debug",
"title": "Regular Expression Denial of Service in debug",
"url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=4.0.0 <4.3.1"
},
{
"source": 1096793,
"name": "debug",
"dependency": "debug",
"title": "Regular Expression Denial of Service in debug",
"url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=3.2.0 <3.2.7"
}
],
"effects": [
"mocha"
],
"range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0",
"nodes": [
"node_modules/gc-stats/node_modules/debug",
"node_modules/mocha/node_modules/debug"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"flat": {
"name": "flat",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089152,
"name": "flat",
"dependency": "flat",
"title": "flat vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<5.0.1"
}
],
"effects": [
"yargs-unparser"
],
"range": "<5.0.1",
"nodes": [
"node_modules/flat"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"ini": {
"name": "ini",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1093224,
"name": "ini",
"dependency": "ini",
"title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
"url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<1.3.6"
}
],
"effects": [],
"range": "<1.3.6",
"nodes": [
"node_modules/gc-stats/node_modules/ini"
],
"fixAvailable": true
},
"limitation": {
"name": "limitation",
"severity": "moderate",
"isDirect": false,
"via": [
"wikimedia-kad-fork"
],
"effects": [],
"range": ">=0.2.3",
"nodes": [
"node_modules/limitation"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096303,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"microformat-node": {
"name": "microformat-node",
"severity": "high",
"isDirect": true,
"via": [
"cheerio"
],
"effects": [],
"range": ">=2.0.1",
"nodes": [
"node_modules/microformat-node"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"mocha"
],
"range": "<3.0.5",
"nodes": [
"node_modules/gc-stats/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096465,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": ">=1.0.0 <1.2.3"
},
{
"source": 1096466,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<0.2.1"
},
{
"source": 1096548,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.2.4"
},
{
"source": 1096549,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [
"mkdirp"
],
"range": "<=0.2.3 || 1.0.0 - 1.2.5",
"nodes": [
"node_modules/gc-stats/node_modules/minimist",
"node_modules/gc-stats/node_modules/rc/node_modules/minimist"
],
"fixAvailable": true
},
"mkdirp": {
"name": "mkdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"minimist"
],
"effects": [],
"range": "0.4.1 - 0.5.1",
"nodes": [
"node_modules/gc-stats/node_modules/mkdirp"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "critical",
"isDirect": true,
"via": [
"debug",
"minimatch",
"yargs-unparser"
],
"effects": [],
"range": "5.1.0 - 9.2.1",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"ms": {
"name": "ms",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094419,
"name": "ms",
"dependency": "ms",
"title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.0"
}
],
"effects": [
"wikimedia-kad-fork"
],
"range": "<2.0.0",
"nodes": [
"node_modules/wikimedia-kad-fork/node_modules/ms"
],
"fixAvailable": true
},
"nodemon": {
"name": "nodemon",
"severity": "moderate",
"isDirect": true,
"via": [
"simple-update-notifier"
],
"effects": [],
"range": "2.0.19 - 2.0.22",
"nodes": [
"node_modules/nodemon"
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "microformat-node",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"sanitize-html"
],
"range": "<8.4.31",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": {
"name": "sanitize-html",
"version": "2.13.0",
"isSemVerMajor": true
}
},
"preq": {
"name": "preq",
"severity": "high",
"isDirect": true,
"via": [
"request",
"requestretry"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/preq"
],
"fixAvailable": false
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"preq",
"requestretry"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"requestretry": {
"name": "requestretry",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090420,
"name": "requestretry",
"dependency": "requestretry",
"title": "Cookie exposure in requestretry",
"url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<7.0.0"
},
"request"
],
"effects": [
"preq"
],
"range": "*",
"nodes": [
"node_modules/requestretry"
],
"fixAvailable": false
},
"sanitize-html": {
"name": "sanitize-html",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1089955,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "Improper Input Validation in sanitize-html",
"url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1091789,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "Improper Input Validation in sanitize-html",
"url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.1"
},
{
"source": 1096639,
"name": "sanitize-html",
"dependency": "sanitize-html",
"title": "sanitize-html Information Exposure vulnerability",
"url": "https://github.com/advisories/GHSA-rm97-x556-q36h",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": "<2.12.1"
},
"postcss"
],
"effects": [],
"range": "<=2.12.0",
"nodes": [
"node_modules/sanitize-html"
],
"fixAvailable": {
"name": "sanitize-html",
"version": "2.13.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1096483,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.7.2"
}
],
"effects": [
"eslint-plugin-compat",
"simple-update-notifier"
],
"range": ">=7.0.0 <7.5.2 || <5.7.2",
"nodes": [
"node_modules/gc-stats/node_modules/semver",
"node_modules/semver",
"node_modules/simple-update-notifier/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"simple-update-notifier": {
"name": "simple-update-notifier",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"nodemon"
],
"range": "1.0.7 - 1.1.0",
"nodes": [
"node_modules/simple-update-notifier"
],
"fixAvailable": true
},
"swagger-ui-dist": {
"name": "swagger-ui-dist",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1088759,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Spoofing attack in swagger-ui-dist",
"url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
"severity": "moderate",
"cwe": [
"CWE-1021"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<4.1.3"
},
{
"source": 1092160,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Server side request forgery in SwaggerUI",
"url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<4.1.3"
}
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/swagger-ui-dist"
],
"fixAvailable": {
"name": "swagger-ui-dist",
"version": "5.13.0",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089684,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
"url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=4.0.0 <4.4.14"
},
{
"source": 1095117,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
"url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": "<4.4.18"
},
{
"source": 1096309,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
"url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-23",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=4.0.0 <4.4.15"
},
{
"source": 1096376,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=3.0.0 <4.4.16"
},
{
"source": 1096411,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=3.0.0 <4.4.18"
}
],
"effects": [],
"range": "<=4.4.17",
"nodes": [
"node_modules/gc-stats/node_modules/tar"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096643,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"wikimedia-kad-fork": {
"name": "wikimedia-kad-fork",
"severity": "moderate",
"isDirect": false,
"via": [
"ms"
],
"effects": [
"limitation"
],
"range": "*",
"nodes": [
"node_modules/wikimedia-kad-fork"
],
"fixAvailable": true
},
"yargs-unparser": {
"name": "yargs-unparser",
"severity": "critical",
"isDirect": false,
"via": [
"flat"
],
"effects": [
"mocha"
],
"range": "<=1.6.3",
"nodes": [
"node_modules/yargs-unparser"
],
"fixAvailable": {
"name": "mocha",
"version": "10.4.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 14,
"high": 10,
"critical": 4,
"total": 29
},
"dependencies": {
"prod": 276,
"dev": 454,
"optional": 82,
"peer": 0,
"peerOptional": 0,
"total": 806
}
}
}
}
--- end ---
{"added": 740, "removed": 0, "changed": 0, "audited": 807, "funding": 74, "audit": {"auditReportVersion": 2, "vulnerabilities": {"cheerio": {"name": "cheerio", "severity": "high", "isDirect": false, "via": ["css-select", "lodash.pick"], "effects": ["microformat-node"], "range": "0.19.0 - 1.0.0-rc.3", "nodes": ["node_modules/cheerio"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "css-select": {"name": "css-select", "severity": "high", "isDirect": false, "via": ["nth-check"], "effects": ["cheerio"], "range": "<=3.1.0", "nodes": ["node_modules/css-select"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "debug": {"name": "debug", "severity": "low", "isDirect": false, "via": [{"source": 1096792, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.3.1"}, {"source": 1096793, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=3.2.0 <3.2.7"}], "effects": ["mocha"], "range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0", "nodes": ["node_modules/gc-stats/node_modules/debug", "node_modules/mocha/node_modules/debug"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint-plugin-compat"], "effects": [], "range": "0.18.0 - 0.21.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "eslint-plugin-compat": {"name": "eslint-plugin-compat", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["eslint-config-wikimedia"], "range": "3.6.0-0 - 4.1.4", "nodes": ["node_modules/eslint-plugin-compat"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "flat": {"name": "flat", "severity": "critical", "isDirect": false, "via": [{"source": 1089152, "name": "flat", "dependency": "flat", "title": "flat vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<5.0.1"}], "effects": ["yargs-unparser"], "range": "<5.0.1", "nodes": ["node_modules/flat"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "ini": {"name": "ini", "severity": "high", "isDirect": false, "via": [{"source": 1093224, "name": "ini", "dependency": "ini", "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<1.3.6"}], "effects": [], "range": "<1.3.6", "nodes": ["node_modules/gc-stats/node_modules/ini"], "fixAvailable": true}, "limitation": {"name": "limitation", "severity": "moderate", "isDirect": false, "via": ["wikimedia-kad-fork"], "effects": [], "range": ">=0.2.3", "nodes": ["node_modules/limitation"], "fixAvailable": true}, "lodash.pick": {"name": "lodash.pick", "severity": "high", "isDirect": false, "via": [{"source": 1096303, "name": "lodash.pick", "dependency": "lodash.pick", "title": "Prototype Pollution in lodash", "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw", "severity": "high", "cwe": ["CWE-770", "CWE-1321"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": ">=4.0.0 <=4.4.0"}], "effects": ["cheerio"], "range": ">=4.0.0", "nodes": ["node_modules/lodash.pick"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "microformat-node": {"name": "microformat-node", "severity": "high", "isDirect": true, "via": ["cheerio"], "effects": [], "range": ">=2.0.1", "nodes": ["node_modules/microformat-node"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["mocha"], "range": "<3.0.5", "nodes": ["node_modules/gc-stats/node_modules/minimatch", "node_modules/minimatch"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "minimist": {"name": "minimist", "severity": "critical", "isDirect": false, "via": [{"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, {"source": 1096548, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, {"source": 1096549, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}], "effects": ["mkdirp"], "range": "<=0.2.3 || 1.0.0 - 1.2.5", "nodes": ["node_modules/gc-stats/node_modules/minimist", "node_modules/gc-stats/node_modules/rc/node_modules/minimist"], "fixAvailable": true}, "mkdirp": {"name": "mkdirp", "severity": "moderate", "isDirect": false, "via": ["minimist"], "effects": [], "range": "0.4.1 - 0.5.1", "nodes": ["node_modules/gc-stats/node_modules/mkdirp"], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "critical", "isDirect": true, "via": ["debug", "minimatch", "yargs-unparser"], "effects": [], "range": "5.1.0 - 9.2.1", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "ms": {"name": "ms", "severity": "moderate", "isDirect": false, "via": [{"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}], "effects": ["wikimedia-kad-fork"], "range": "<2.0.0", "nodes": ["node_modules/wikimedia-kad-fork/node_modules/ms"], "fixAvailable": true}, "nodemon": {"name": "nodemon", "severity": "moderate", "isDirect": true, "via": ["simple-update-notifier"], "effects": [], "range": "2.0.19 - 2.0.22", "nodes": ["node_modules/nodemon"], "fixAvailable": true}, "nth-check": {"name": "nth-check", "severity": "high", "isDirect": false, "via": [{"source": 1095141, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["node_modules/nth-check"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["sanitize-html"], "range": "<8.4.31", "nodes": ["node_modules/postcss"], "fixAvailable": {"name": "sanitize-html", "version": "2.13.0", "isSemVerMajor": true}}, "preq": {"name": "preq", "severity": "high", "isDirect": true, "via": ["request", "requestretry"], "effects": [], "range": "*", "nodes": ["node_modules/preq"], "fixAvailable": false}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["preq", "requestretry"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "requestretry": {"name": "requestretry", "severity": "high", "isDirect": false, "via": [{"source": 1090420, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": ["CWE-200"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<7.0.0"}, "request"], "effects": ["preq"], "range": "*", "nodes": ["node_modules/requestretry"], "fixAvailable": false}, "sanitize-html": {"name": "sanitize-html", "severity": "moderate", "isDirect": true, "via": [{"source": 1089955, "name": "sanitize-html", "dependency": "sanitize-html", "title": "Improper Input Validation in sanitize-html", "url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, {"source": 1091789, "name": "sanitize-html", "dependency": "sanitize-html", "title": "Improper Input Validation in sanitize-html", "url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.1"}, {"source": 1096639, "name": "sanitize-html", "dependency": "sanitize-html", "title": "sanitize-html Information Exposure vulnerability", "url": "https://github.com/advisories/GHSA-rm97-x556-q36h", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": "<2.12.1"}, "postcss"], "effects": [], "range": "<=2.12.0", "nodes": ["node_modules/sanitize-html"], "fixAvailable": {"name": "sanitize-html", "version": "2.13.0", "isSemVerMajor": true}}, "semver": {"name": "semver", "severity": "moderate", "isDirect": false, "via": [{"source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=7.0.0 <7.5.2"}, {"source": 1096483, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<5.7.2"}], "effects": ["eslint-plugin-compat", "simple-update-notifier"], "range": ">=7.0.0 <7.5.2 || <5.7.2", "nodes": ["node_modules/gc-stats/node_modules/semver", "node_modules/semver", "node_modules/simple-update-notifier/node_modules/semver"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "simple-update-notifier": {"name": "simple-update-notifier", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["nodemon"], "range": "1.0.7 - 1.1.0", "nodes": ["node_modules/simple-update-notifier"], "fixAvailable": true}, "swagger-ui-dist": {"name": "swagger-ui-dist", "severity": "moderate", "isDirect": true, "via": [{"source": 1088759, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Spoofing attack in swagger-ui-dist", "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "severity": "moderate", "cwe": ["CWE-1021"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.1.3"}, {"source": 1092160, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Server side request forgery in SwaggerUI", "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<4.1.3"}], "effects": [], "range": "<=4.1.2", "nodes": ["node_modules/swagger-ui-dist"], "fixAvailable": {"name": "swagger-ui-dist", "version": "5.13.0", "isSemVerMajor": true}}, "tar": {"name": "tar", "severity": "high", "isDirect": false, "via": [{"source": 1089684, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.14"}, {"source": 1095117, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": "<4.4.18"}, {"source": 1096309, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "cwe": ["CWE-22", "CWE-23", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.15"}, {"source": 1096376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.16"}, {"source": 1096411, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.18"}], "effects": [], "range": "<=4.4.17", "nodes": ["node_modules/gc-stats/node_modules/tar"], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}, "wikimedia-kad-fork": {"name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": ["ms"], "effects": ["limitation"], "range": "*", "nodes": ["node_modules/wikimedia-kad-fork"], "fixAvailable": true}, "yargs-unparser": {"name": "yargs-unparser", "severity": "critical", "isDirect": false, "via": ["flat"], "effects": ["mocha"], "range": "<=1.6.3", "nodes": ["node_modules/yargs-unparser"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 14, "high": 10, "critical": 4, "total": 29}, "dependencies": {"prod": 276, "dev": 454, "optional": 82, "peer": 0, "peerOptional": 0, "total": 806}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated @types/long@5.0.0: This is a stub types definition. long provides its own type definitions, so you do not need this installed.
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@5.1.3: Please switch to @apidevtools/json-schema-ref-parser
npm WARN deprecated core-js@3.19.0: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 739 packages, and audited 806 packages in 12s
74 packages are looking for funding
run `npm fund` for details
# npm audit report
debug 3.2.0 - 3.2.6 || 4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/gc-stats/node_modules/debug
node_modules/mocha/node_modules/debug
mocha 5.1.0 - 9.2.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of yargs-unparser
node_modules/mocha
flat <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/flat
yargs-unparser <=1.6.3
Depends on vulnerable versions of flat
node_modules/yargs-unparser
ini <1.3.6
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/ini
lodash.pick >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install microformat-node@2.0.0, which is a breaking change
node_modules/lodash.pick
cheerio 0.19.0 - 1.0.0-rc.3
Depends on vulnerable versions of css-select
Depends on vulnerable versions of lodash.pick
node_modules/cheerio
microformat-node >=2.0.1
Depends on vulnerable versions of cheerio
node_modules/microformat-node
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/gc-stats/node_modules/minimatch
node_modules/minimatch
minimist <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/minimist
node_modules/gc-stats/node_modules/rc/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/gc-stats/node_modules/mkdirp
ms <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix`
node_modules/wikimedia-kad-fork/node_modules/ms
wikimedia-kad-fork *
Depends on vulnerable versions of ms
node_modules/wikimedia-kad-fork
limitation >=0.2.3
Depends on vulnerable versions of wikimedia-kad-fork
node_modules/limitation
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install microformat-node@2.0.0, which is a breaking change
node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install sanitize-html@2.13.0, which is a breaking change
node_modules/postcss
sanitize-html <=2.12.0
Depends on vulnerable versions of postcss
node_modules/sanitize-html
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
preq *
Depends on vulnerable versions of request
Depends on vulnerable versions of requestretry
node_modules/preq
requestretry *
Depends on vulnerable versions of request
node_modules/requestretry
semver >=7.0.0 <7.5.2 || <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install eslint-config-wikimedia@0.27.0, which is a breaking change
node_modules/gc-stats/node_modules/semver
node_modules/semver
node_modules/simple-update-notifier/node_modules/semver
eslint-plugin-compat 3.6.0-0 - 4.1.4
Depends on vulnerable versions of semver
node_modules/eslint-plugin-compat
eslint-config-wikimedia 0.18.0 - 0.21.0
Depends on vulnerable versions of eslint-plugin-compat
node_modules/eslint-config-wikimedia
simple-update-notifier 1.0.7 - 1.1.0
Depends on vulnerable versions of semver
node_modules/simple-update-notifier
nodemon 2.0.19 - 2.0.22
Depends on vulnerable versions of simple-update-notifier
node_modules/nodemon
swagger-ui-dist <=4.1.2
Severity: moderate
Spoofing attack in swagger-ui-dist - https://github.com/advisories/GHSA-6c9x-mj3g-h47x
Server side request forgery in SwaggerUI - https://github.com/advisories/GHSA-qrmm-w75w-3wpx
fix available via `npm audit fix --force`
Will install swagger-ui-dist@5.13.0, which is a breaking change
node_modules/swagger-ui-dist
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/tar
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
29 vulnerabilities (1 low, 14 moderate, 10 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @types/long@5.0.0: This is a stub types definition. long provides its own type definitions, so you do not need this installed.
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@5.1.3: Please switch to @apidevtools/json-schema-ref-parser
npm WARN deprecated core-js@3.19.0: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 739 packages, and audited 806 packages in 13s
74 packages are looking for funding
run `npm fund` for details
29 vulnerabilities (1 low, 14 moderate, 10 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at Context.<anonymous> (/src/repo/test/lib/metadata/parsoid-preprocessing.js:27:3)
at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
at /src/repo/node_modules/mocha/lib/runner.js:653:12
at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
at /src/repo/node_modules/mocha/lib/runner.js:457:7
at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at Context.<anonymous> (/src/repo/test/lib/metadata/parsoid-preprocessing.js:35:3)
at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
at /src/repo/node_modules/mocha/lib/runner.js:653:12
at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
at /src/repo/node_modules/mocha/lib/runner.js:457:7
at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at Context.<anonymous> (/src/repo/test/lib/metadata/parsoid-preprocessing.js:43:3)
at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
at /src/repo/node_modules/mocha/lib/runner.js:653:12
at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
at /src/repo/node_modules/mocha/lib/runner.js:457:7
at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at /src/repo/lib/summary.js:100:17
at tryCatcher (/src/repo/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/src/repo/node_modules/bluebird/js/release/promise.js:547:31)
at Promise._settlePromise (/src/repo/node_modules/bluebird/js/release/promise.js:604:18)
at Promise._settlePromise0 (/src/repo/node_modules/bluebird/js/release/promise.js:649:10)
at Promise._settlePromises (/src/repo/node_modules/bluebird/js/release/promise.js:729:18)
at _drainQueueStep (/src/repo/node_modules/bluebird/js/release/async.js:93:12)
at _drainQueue (/src/repo/node_modules/bluebird/js/release/async.js:86:9)
at Async._drainQueues (/src/repo/node_modules/bluebird/js/release/async.js:102:5)
at Async.drainQueues [as _onImmediate] (/src/repo/node_modules/bluebird/js/release/async.js:15:14)
at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at /src/repo/lib/summary.js:100:17
at tryCatcher (/src/repo/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/src/repo/node_modules/bluebird/js/release/promise.js:547:31)
at Promise._settlePromise (/src/repo/node_modules/bluebird/js/release/promise.js:604:18)
at Promise._settlePromise0 (/src/repo/node_modules/bluebird/js/release/promise.js:649:10)
at Promise._settlePromises (/src/repo/node_modules/bluebird/js/release/promise.js:729:18)
at _drainQueueStep (/src/repo/node_modules/bluebird/js/release/async.js:93:12)
at _drainQueue (/src/repo/node_modules/bluebird/js/release/async.js:86:9)
at Async._drainQueues (/src/repo/node_modules/bluebird/js/release/async.js:102:5)
at Async.drainQueues [as _onImmediate] (/src/repo/node_modules/bluebird/js/release/async.js:15:14)
at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at test (/src/repo/test/lib/transforms/transforms-test.js:114:11)
at Context.<anonymous> (/src/repo/test/lib/transforms/transforms-test.js:120:4)
at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
at /src/repo/node_modules/mocha/lib/runner.js:653:12
at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
at /src/repo/node_modules/mocha/lib/runner.js:457:7
at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at test (/src/repo/test/lib/transforms/transforms-test.js:114:11)
at Context.<anonymous> (/src/repo/test/lib/transforms/transforms-test.js:135:4)
at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
at /src/repo/node_modules/mocha/lib/runner.js:653:12
at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
at /src/repo/node_modules/mocha/lib/runner.js:457:7
at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
at /src/repo/lib/processing.js:40:27
at Array.forEach (<anonymous>)
at process (/src/repo/lib/processing.js:38:34)
at /src/repo/lib/processing.js:72:24
at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
at module.exports (/src/repo/lib/processing.js:72:9)
at test (/src/repo/test/lib/transforms/transforms-test.js:114:11)
at Context.<anonymous> (/src/repo/test/lib/transforms/transforms-test.js:140:4)
at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
at /src/repo/node_modules/mocha/lib/runner.js:653:12
at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
at /src/repo/node_modules/mocha/lib/runner.js:457:7
at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
at process.processImmediate (node:internal/timers:476:21)
--- stdout ---
> mobileapps@0.3.0 test
> PREQ_CONNECT_TIMEOUT=15 mocha 'test/{,!(diff)/**}/*.js' && npm run lint
express app
starting test server
✓ should get robots.txt
✓ should set CORS headers
✓ should set CSP headers
✓ should not follow redirects (557ms)
Swagger spec
✓ get the spec
✓ spec validation
validate responses against schema
✓ summary response should conform to schema (7743ms)
✓ media-list response should conform to schema (530ms)
validate spec examples
✓ spec from root
✓ retrieve service info
✓ Get base CSS
✓ Get CSS bundle from wikimedia-page-library
✓ Get site-specific CSS (59ms)
✓ Get i18n strings for the Page Content Service
✓ Get javascript bundle for page library
✓ retrieve en-wiktionary definitions for 'cat' (291ms)
✓ Get description for test page (147ms)
Expected:
true
Result:
false
- Get media list from test page
✓ Get offline resource links to accompany page content HTML for test page
✓ Get page content HTML for test page (164ms)
Expected:
true
Result:
false
- retrieve test page via mobile-sections
✓ Get summary for test page (433ms)
✓ Get structured talk page for enwiki Salt article (139ms)
✓ Get preview mobile HTML for test page (111ms)
Cache config
✓ should parse config and adapt ca value
Cached endpoints
starting test server
stopping test server
stopping test server
✓ should call cache get for cached summary output (138ms)
starting test server
stopping test server
✓ should call cache set for non-cached summary page (487ms)
starting test server
stopping test server
✓ should call cache get for cached mobile-html output (121ms)
starting test server
stopping test server
✓ should call cache set for non-cached mobile-html page (740ms)
definition
starting test server
✓ missing definitions (45ms)
✓ non-term page (232ms)
✓ unsupported language (114ms)
✓ non-English term on English Wiktionary returns valid results (1769ms)
✓ translingual term (83ms)
✓ sets content-language header (91ms)
description
✓ delete local description
GET
✓ missing description, enwiki (66ms)
✓ missing description, other wiki (65ms)
✓ ok description, enwiki (97ms)
✓ ok description, ru wiki (130ms)
PUT
✓ failed fetching token, central
✓ failed fetching token, local
✓ failed fetching page, local
✓ missing required parameter
✓ set central description: fail
✓ set central description
✓ set central description, variant
✓ set local description
DELETE
✓ failed fetching token, central
✓ failed fetching token, local
✓ failed fetching page, local
✓ delete description
service information
✓ should get the service name
✓ should get the service version
✓ should redirect to the service home page
✓ should get the service info
media
✓ Media-list resources should be the same on mobile-html (261ms)
transform/html/to/mobile-html
✓ simple html convertion should work properly (163ms)
✓ single html convertion should work properly (81ms)
✓ empty section with id=0 convertion should work properly (86ms)
mobile-html-offline-resources
✓ Response should be array with JS and CSS resources
mobile-html
✓ HTML should be sectioned (681ms)
✓ mobile-html headers not compatible with restbase output (177ms)
✓ mobile-html headers compatible with restbase output (171ms)
✓ mobile-html should have css links + viewport set (155ms)
✓ mobile-html should have lead paragraph moved up (9552ms)
✓ mobile-html should not have navboxes (619ms)
✓ mobile-html should have meta tags indicating page protection (162ms)
✓ mobile-html from mobileview should have meta tags indicating page protection (244ms)
✓ mobile-html should not enable edit talk page button by default (493ms)
mobile-sections-lead
✓ Sections/deep page should have a lead object with expected properties (113ms)
✓ en San Francisco should have a lead object with a geo property (850ms)
✓ es Savonlinna should have a lead object with a geo property (226ms)
✓ Wikivoyage en Paris should have a lead object with a geo property (419ms)
✓ es Gogland should not have a lead object with a geo property (95ms)
✓ Mare Tranquillitatis (lunar sea) should not have a geo property (181ms)
✓ Barack Obama should have a pronunciation (1053ms)
✓ Barack Obama infobox is part of the html (1007ms)
✓ Enwiki Uranus loads successfully (no pronunciation parsing TypeErrors) (622ms)
- Enwiki Odisha loads successfully (no pronunciation parsing TypeErrors)
✓ Enwiki Yazidis loads successfully (no pronunciation parsing TypeErrors) (583ms)
✓ ' in pronunciation file name does not cause parsing error) (245ms)
✓ Enwiki Lead_paragraph_move has the infobox moved after the lead paragraph (84ms)
✓ Enwiki hatnotes are promoted to the lead object (1937ms)
✓ Enwiki Multiple page issues are promoted to lead (113ms)
✓ Enwiki Pages with single issue have issue promoted to lead (87ms)
✓ Disambiguation pages are flagged. (85ms)
- Content model present in response for non-wikitext content
mobile-sections
✓ Mismatched title and revision id give 404 (4060ms)
✓ Malformed revision id gives bad request (46ms)
✓ Missing title should respond with 404 (139ms)
✓ Sections/deep page should have a lead object with expected properties (108ms)
✓ en Main page should have a lead object with expected properties (257ms)
✓ Description from local wiki should be used (91ms)
✓ Titles with special chars should not error out when parsing pronunciation files (163ms)
✓ Page with known past 'text-decoration' error should load successfully (1006ms)
✓ Page with irregular Spoken Wikipedia template usage should load correctly (432ms)
✓ Internal links should have title attribute (87ms)
✓ Any sections that contain references should have a reference flag (1023ms)
✓ The last section can be marked as a reference section (121ms)
✓ Page with math formulas should load without error (248ms)
summary
✓ should respond with expected properties in payload (803ms)
✓ should respond with content-language header (832ms)
✓ empty summary should be sent for empty page (144ms)
✓ main page should return empty summary and type should be 'mainpage' (227ms)
✓ main page in non-mainspace should also return type: 'mainpage' (208ms)
✓ summary should come from first real content paragraph (3082ms)
✓ Empty extracts should be returned for a file page
✓ Empty extracts should be returned for a talk page
✓ Empty extracts should be returned for a redirected page
Expected:
"no-extract"
Result:
"standard"
✓ timestamp should refer to the requested revision, not the latest revision (2008ms)
✓ 404 for a page that doesn't exist (200ms)
- 404 for a page with invalid title
✓ Description from local wiki should be used (158ms)
✓ Summary URLs do not contain un-encoded special characters (T216739) (282ms)
✓ Stray leading citation and template are stripped before parsing intro (T225474) (1243ms)
✓ Non wikitext content model should have timestamp in summary (125ms)
lib:apiUtil
✓ checkForQueryPagesInResponse should return 504 when query.pages are absent
✓ batching works correctly
✓ order is preserved when Array.reduce is called on resolved BBPromise.all batches
✓ MW API request expanded from template includes Accept-Language header
✓ Checks header for explicit parsoid backend exists and its false
✓ Checks header for explicit parsoid backend exists and its true
✓ Checks header for explicit parsoid backend true (case insensitive)
✓ Checks header for explicit parsoid backend doesnt exist
lib:core-api-compat unit tests
✓ should create a HTTPTitleRedirectError
✓ redirect middleware should redirect if configured
✓ redirect middleware should not redirect if error not matching
✓ redirect middleware should not redirect if not reverse url defined
PCS configured to redirect
starting test server
stopping test server
✓ mobile-html should redirect to the resolved page (430ms)
✓ mobile-html-offline-resources should not redirect to the resolved page
stopping test server
PCS configured to not redirect
starting test server
✓ mobile-html should not redirect and should parse the resolved response (308ms)
✓ should fixup missing content-language header (289ms)
stopping test server
lib:dateUtil
✓ getRequestedDate(2016-04-15) should return a valid Date object
✓ iso8601DateFromYYYYMMDD
✓ addDays positive
✓ addDays zero
✓ addDays negative
✓ addDays immutable
✓ formatYYYYMMDD
✓ isWithinLast3Days
✓ date format validation should reject invalid formats
lib:definitions
Level 2 headers
✓ extracts them to language code keys
parts of speech
✓ is set
language
✓ is set on each entry
examples
parsed
formatted with MediaWiki markup (#:/#::)
✓ extracts usage examples
formatted with microformats
✓ extracts usage examples
unparsed/old format
formatted with MediaWiki markup (#:/#::)
✓ extracts usage examples
formatted with microformats
✓ extracts usage examples
lib:definitions:parseExamples
formatted with microformats
✓ extracts usage examples
formatted with plain MediaWiki markup
✓ extracts usage examples
lib:definitions:parseMicroformats
✓ parses a simple microformat
✓ filters specific formats
Local description template editing
✓ Simple param, only template
✓ Simple param, in the beginning
✓ Simple param, in the middle
✓ Named param
✓ Unnamed param, multiple params, unnamed
✓ Unnamed param, multiple params, named
✓ named param, multiple params, unnamed
✓ named param, multiple params, named
✓ Empty wikitext
✓ Respects lowercase
✓ no template
lib:domUtil
isRTL
✓ isRTL should return false for LTR doc (83ms)
✓ isRTL should return true for RTL doc
getBaseUri()
✓ returns URL without protocol
getHttpsBaseUri()
✓ returns URL with https protocol
getParsoidPlainTitle
✓ getParsoidPlainTitle should return normalized title
getParsoidLinkTitle
✓ getParsoidLinkTitle should return DB title
✓ getParsoidLinkTitle should percent-decode title
lib:media expected items are included or excluded
✓ items should be found for expected selectors
✓ items should not be found for other selectors
✓ false positives should be filtered
lib:media metadata is correctly parsed from HTML
✓ all expected captions are present
✓ all expected data-mw properties are present
✓ all expected derivative properties are present
✓ media file derivative with no codecs in type attribute is parsed correctly
✓ spoken Wikipedia file is correctly identified
- pronunciation audio file is correctly identified
✓ section is correctly identified
✓ titles are decoded after parsing from HTML
- pronunciation titles are decoded after parsing from HTML
✓ items without imageinfo properties (e.g., deleted items) are filtered
lib:media parse structured artist info
✓ all info is parsed from common HTML structure
✓ 'html' and 'name' fields are returned from plain text input
✓ only html returned for site other than Commons
✓ only html returned if additional text is present
✓ only html returned if non-namespace portion of the title !== html.textContent
✓ parses html with lang from metadata object
✓ parses html with lang (non-English) from metadata object
✓ undefined result if input is an empty string
lib:media:getCodecs
✓ codecs are parsed from type attributes without errors
lib:media:getStructuredSrcSet
✓ should return structured srcset values
✓ should return structured srcset and src values
✓ should return 1x if no scale is present in the srcset values
✓ should return empty array if srcset is empty
lib:metadata buildTableOfContents
✓ should have same form as MediaWiki parser-generated TOC
lib:metadata
✓ augmentCategories handles undefined categories
augmentLangLinks
✓ handles undefined langlinks
✓ bails out if an empty title is found
✓ bails out if an empty title is found (and nonempty title exists)
✓ creates augmented langlink if input is good
metadata:preprocessing
✓ strips comments
✓ strips span[typeof=mw:FallbackId]
✓ strips span:empty
lib:mobile-util
✓ mwApiTrue handles formatversions 1 and 2
✓ domainForLangCode swaps in lang code if domain has >2 levels
✓ createDocument should accept an empty string
✓ createDocument should not block the event loop (269ms)
setLanguageHeaders
✓ passes through headers (lower-case names in original)
✓ passes through headers (upper-case names in original)
✓ strips 'accept' from vary value with other values present
✓ strips 'Accept' from vary value with other values present
✓ strips vary header if set to 'Accept' only
✓ strips vary header if set to 'accept' only
lib:mobile/mobile-request-util
✓ getOutputMode should return defaults when provided nonsense string
✓ getOutputMode should return defaults when provided undefined
✓ getOutputMode should return defaults when provided null
✓ getOutputMode should return the requested item when it is the first member of the array
✓ getOutputMode should return the requested item when it is a non-first member of the array
lib:MobileHTML
✓ does not block the event loop (575ms)
✓ detects mwids
✓ detects https
✓ detects header tags
✓ detects single bracket spans
✓ detects inline background styles
✓ detects infobox classes
✓ detects infobox exclusion classes
✓ detects new class
✓ detects images to exclude from widening class
✓ detects reference text
✓ detects forbidden element classes
✓ detects forbidden element class substrings
✓ detects forbidden div classes
✓ detects forbidden span classes
✓ detects forbidden element ids
✓ detects style overriding classes
✓ was worth it to write these regexes (250ms)
✓ truncates reference links properly
✓ detects text under divs with about attribute
✓ detects specific HTML structure when "notheme" class adding is to be skipped from <span> inside <th>
✓ detects all elements inside <div> with class "equation-box-elem"
lib:mobileview-html
buildSection
✓ section 0
✓ section 1
✓ Chinese heading
rewriteWikiLinks
✓ single link
wrapImagesInSpanElements
✓ single image
lib:mwapi:getFlaggedOrLatestRevision
✓ Test de.wikipedia.org with flagged revision extension (75ms)
✓ Test pt.wikipedia.org without flagged revision extension
✓ Test ta.wikinews.org with flagged revision extension (61ms)
✓ Test pl.wikinews.org without flagged revision extension
✓ Test de.wikiquote.org with flagged revision extension (50ms)
✓ Test pl.wikiquote.org without flagged revision extension
✓ Test pl.wikisource.org with flagged revision extension (70ms)
✓ Test en.wikisource.org without flagged revision extension
✓ Test is.wiktionary.org with flagged revision extension (71ms)
✓ Test en.wiktionary.org without flagged revision extension
✓ Test en.wikibooks.org with flagged revision extension (46ms)
✓ Test de.wikibooks.org without flagged revision extension
✓ Test non-flagged article from test2.wikipedia.org (107ms)
✓ Test pending change article from test2.wikipedia.org (185ms)
lib:mwapi:getPrimaryEarthCoordinates
✓ gets primary earth coordinates (single coordinate input)
✓ gets primary earth coordinates (multiple coordinate input)
✓ secondary coordinates are ignored
✓ non-earth coordinates are ignored
lib:mwapi
✓ scaled thumb URL returned if initial URL is a thumb URL and original width > desired width
lib:mwapi buildLeadImageUrls
✓ 2000px thumb should be resized for all widths
✓ 555px thumb should return 320 and 555 for rest
✓ 750px thumb should return 320, 640, and 750 for rest
✓ 200px thumb should return 200px URL for all thumb sizes
✓ should ignore non-thumbnail URLs
✓ should ignore 'thumb' when not a path segment
✓ should create thumb URLs correctly if width regex pattern is in original filename
✓ should handle edge case thumb filename patterns
✓ should handle edge case thumb filename patterns with width regex in original name
lib:mwapi:queryForMetadata
✓ ensure that displaytitle is always requested (123ms)
lib:mwapi:simplifyProtectionObject
✓ simplifyProtectionObject should simplify
✓ simplifyProtectionObject should remove duplicates
✓ simplifyProtectionObject should keep non-duplicates
✓ simplifyProtectionObject should return empty object for empty list
lib:parsePronunciation
✓ has pronunciation file v1
✓ has pronunciation file v2
✓ no pronunciation file
lib:parseSpokenWikipedia
✓ one spoken file
✓ multiple spoken files
✓ no spoken files
lib:parsoid-access etag handling
correctly parses and handles etags
✓ gets strong etag with no quotes
✓ strips prefix from weak etags
✓ gets revision from etag
✓ gets revision and tid from etag
✓ getEtagFromHeaders handles undefined input
✓ getRevisionFromEtag handles undefined input
✓ getRevAndTidFromEtag handles undefined input
parses modified timestamp
✓ parses timestamp from domino Document
lib:parsoid-sections (section elements)
✓ getSectionsText(empty) should produce an empty lead section
✓ getSectionsText() with just text should produce a lead section
✓ getSectionsText() with one h2 should produce two sections
✓ getSectionsText() with one h2 and h3 should produce three sections
✓ getSectionsText() with h2 inside lead should produce one section
✓ getSectionsText() with one h2 inside div should not produce another section
✓ getSectionsText() with one h3 inside div should not produce another section
✓ section inside lead section should not be part of lead section
✓ div/section inside lead section should be part of lead section
✓ should not warn for page containing only a lead section
✓ should warn for non-lead section without heading properties
✓ should not warn if id & anchor are found for all sections after the lead section
✓ should not warn for non-lead non-editable section without heading properties
✓ should not warn if a non-editable section precedes the true lead section
✓ should throw if sectionObj is invalid
✓ validatePreviousSection should log a warning if appropriate
✓ non-editable sections are flagged
justLeadSection
✓ should just return the first section
✓ should skip non-editable section
✓ should return empty string if no lead section exists
✓ should skip malformed section tag with no data-mw-section-id
✓ should ignore data-mw-section-id multiples of 10
lib:summary
buildExtracts
✓ Applies stripUnneededMarkup
✓ Don't select scribunto errors.
getSummaryType
✓ identifies main page
✓ identifies disambig page
✓ defaults to "standard"
✓ type for ns > 0 is no-extract
✓ type for non-wikitext content model is no-extract
✓ type for redirect is no-extract
lib:talk
parseUserTalkPageDocIntoTopicsWithReplies
✓ two h2 topics return first topic ID 1
✓ text before first h2 returns separate topic ID 0
✓ h3 section is given it's own topic
✓ empty h2 with title returns separate topic
✓ empty h2 without title is filtered out
✓ handles empty links
✓ removes figures
✓ does not block the event loop (41ms)
lib:escape + unescape parentheses
Latin parentheses escaping
✓ properly escapes Latin parentheses
✓ properly unescapes Latin parentheses
Non-Latin parentheses escaping
✓ properly escapes non-Latin parentheses
✓ properly unescapes non-Latin parentheses
lib:flattenElements
✓ replaces a with span, keeps class attribute
✓ replaces a with span, keeps style attribute
✓ replaces a tag with plain text if no attributes to keep
✓ retains HTML inside elements
✓ does not change the text content of the node
✓ drops `mw-redirect` class
✓ drops `new` class
✓ keeps `foo` class
extractHatnotes
✓ .hatnote element
✓ .dablink element
✓ hatnote not in lead section
✓ multiple hatnotes
✓ no hatnotes
✓ dewiki hatnotes
extractLeadIntroduction
✓ isEmptyChild
✓ matches the spec
✓ Trailing text content is escaped
extractPageIssues
✓ single issue
✓ multiple issues
✓ issue in non-lead section
✓ no issues
lib:addPageHeader
✓ addPageHeader should add header element with description (104ms)
✓ addPageHeader handles documents with no section elements
lib:pcsHideRedLinks
✓ hideRedLinks should drop <a> elements with class="new" (98ms)
lib:moveReferenceListStyles
✓ empty document
✓ one list, one template style
✓ style outside ref list stays
✓ one list, two template styles; +basic deduplication
✓ two lists, two template styles; +basic deduplication
lib:sanitizeSummary
regular expressions
✓ ANY_REGEX matches
✓ ANY_REGEX does not match
✓ DECIMAL_REGEX matches
✓ DECIMAL_REGEX does not match
✓ CSS_SIZE_REGEX matches
✓ CSS_SIZE_REGEX does not match
✓ SINGLE_STRING_REGEX matches
✓ SINGLE_STRING_REGEX does not match
✓ HEX_REGEX matches
✓ HEX_REGEX does not match
✓ RGB_REGEX matches
✓ RGB_REGEX does not match
✓ HSL_REGEX matches
✓ HSL_REGEX does not match
via sanitize-html
✓ removes anchor tags but keeps content (not in allowedTags list)
✓ removes script tags (in nonTextTags list)
✓ keeps blockquote
✓ but removes blockquote.cite attribute
✓ keeps abbr with .alt .aria-hidden and .class
✓ keeps span.style border
✓ removes audio tags
✓ removes video tags
✓ keeps img.src, .srcset, .width and .height attributes
✓ removes disallowed schemes
✓ removes background url"
lib:stripGermanIPA
✓ removes German IPA text (outer text)
✓ removes German IPA text (outer text, Placeholder)
✓ removes German IPA text (outer span)
lib:summarize follows spec
✓ keeps spaces before closing spans
✓ removes really all double spaces, even the ones caused due to unmatched tags
✓ removes spaces before commas
✓ flattens spans with ` ` -- removes extra spaces around it, too.
✓ flattens spans with multiple ` ` -- removes extra spaces around it, too.
✓ flattening spans before the `(` enables this parenthetical to be removed
✓ removes audio, video, and track tags
✓ ignores parens inside attributes by escaping them earlier
✓ ignores parens inside attributes by escaping them earlier (non-latin parentheses)
✓ reduces multiple spaces to single space
✓ removes problematic elements including their content
✓ removes unwanted attributes
✓ keeps white-listed attributes
✓ removes comments
✓ flattens empty nodes
✓ flattens links
✓ removes .noexcerpt elements
✓ removes .noprint elements
✓ keeps sup elements
✓ removes .mw-ref elements
✓ removes .reference elements - T176519
✓ removes math elements but any math images are shown
✓ keeps elements with style="display:none;"
✓ removes parentheticals
✓ removes multiple parentheticals
✓ keeps parentheticals without spaces
✓ keeps parentheticals without spaces even if there are spaces in the HTML syntax
✓ keeps parentheticals when they contain more complex formulas or links
✓ keeps all parentheticals when they contain complex formulas or links
✓ removes empty parentheticals also when nested parenthetical stripping is suspended
✓ keeps some nested parentheticals with formulas intact
✓ removes nested parentheticals without spaces
✓ removes nested parentheticals without other characters between the ()
✓ removes nested parentheticals with leading (or space)
✓ removes trailing spaces after punctuation before closing tag
✓ flattens nested empty spans
✓ removes some IPAs in nested partentheses
✓ ignores parentheticals inside a data-mw attribute
✓ removes content in parentheticals + double spaces
✓ removes birth and death dates inside parentheticals
✓ removes parentheticals contain '*' symbols
✓ removes content inside Chinese parentheticals
✓ removes content inside Japanese parentheticals
✓ removes content inside Cantonese parentheticals
✓ removes content inside parentheticals written in `wuu` language variant
✓ removes content inside parentheticals written in `gan` language variant
✓ keeps parentheticals if it doesn't include any spaces
✓ keeps parentheticals with single word and leading space inside and out
✓ removes parentheticals with multiple words and leading space inside and out
✓ removes empty parentheticals with leading comma
✓ removes parentheticals beginning and ending with spaces
✓ removes nested parentheticals for non-Latin parens
✓ removes parentheticals with multiple words and leading
✓ parentheticals stripping is not greedy
✓ full stops do not impact the summary length (T173640)
✓ keeps bold elements
✓ reduces multiple spaces to single space
✓ strip space before punctuation followed by tags
✓ keeps bold elementsa and regular text that contain parentheses
✓ keeps bold elements that contain parentheses
✓ keeps bold elements that contain parentheses and single quotes and spaces
lib:summarize regex fun
✓ detects complex chemical formulas
✓ detects single character with italic symbols inside parentheses
✓ but skips areas
lib:app-transforms
✓ fixVideoAnchor should skip video tags just holding audio
✓ fixVideoAnchor should transform actual videos
lib:size-transforms
✓ rmBracketSpans should remove the spans around brackets
✓ rmElements should remove the spans with style="display:none"
lib:transforms
✓ shortenPageInternalLinks should remove the title in the href
✓ shortenPageInternalLinks with single quote and space
✓ shortenPageInternalLinks with colon and single quote
✓ shortenPageInternalLinks with special chars
✓ shortenPageInternalLinks with double quote
✓ shortenPageInternalLinks with single quote and startsWith ./
summary:preprocessing
✓ removes IPA speaker symbols (de): IPA in span
✓ removes IPA speaker symbols (en): IPAc-en in span
✓ removes spans with style display:none
rmMwIdAttributes
✓ removes id attribute with -
✓ removes id attribute with _
✓ does not remove id attribute with id not starting with mw
✓ does not remove id attribute with id too long
lib:wikiLanguage
✓ parses accept language headers
✓ parses accept language headers without spaces
✓ parses accept language headers with inconsistent spaces
✓ returns relevant srwiki language codes
✓ returns relevant zhwiki language codes
✓ falls back on the provided language code
✓ removes duplicates
✓ handles invalid input
✓ handles legacy input
✓ identifies languages with variants
✓ parses the language code from a domain
✓ returns the right language variant from request object
✓ falls back to language code when accept-language invalid
✓ falls back to language code when no accept-language header sent
482 passing (57s)
7 pending
> mobileapps@0.3.0 lint
> eslint --max-warnings 0 .
--- end ---
{"1093224": {"source": 1093224, "name": "ini", "dependency": "ini", "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<1.3.6"}}
{"1094419": {"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}}
{"1096465": {"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, "1096466": {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, "1096548": {"source": 1096548, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, "1096549": {"source": 1096549, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}}
{"1096465": {"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, "1096466": {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, "1096548": {"source": 1096548, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, "1096549": {"source": 1096549, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}}
{"1094419": {"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}}
{}
{}
{"1089684": {"source": 1089684, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.14"}, "1095117": {"source": 1095117, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": "<4.4.18"}, "1096309": {"source": 1096309, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "cwe": ["CWE-22", "CWE-23", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.15"}, "1096376": {"source": 1096376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.16"}, "1096411": {"source": 1096411, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.18"}}
{"1094419": {"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp02zckihl
--- stderr ---
pre-commit:
pre-commit: No changes detected.
pre-commit: Skipping the pre-commit hook.
pre-commit:
--- stdout ---
On branch master
Your branch is up to date with 'origin/master'.
nothing to commit, working tree clean
--- end ---