wikimedia/portals: main (log #1221970)


This run took 2712 seconds.

$ date
--- stdout ---
Wed Apr  3 17:47:24 UTC 2024

--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config libraryupgrader
--- stdout ---

--- end ---
$ git config
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' ( registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
40af4e3a9184fc481c134e0e6871542656968c46 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@koa/cors": {
      "name": "@koa/cors",
      "severity": "high",
      "isDirect": false,
      "via": [
          "source": 1095223,
          "name": "@koa/cors",
          "dependency": "@koa/cors",
          "title": "Overly permissive origin policy",
          "url": "",
          "severity": "high",
          "cwe": [
          "cvss": {
            "score": 8.6,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"
          "range": "<5.0.0"
      "effects": [
      "range": "<5.0.0",
      "nodes": [
      "fixAvailable": true
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
    "axios": {
      "name": "axios",
      "severity": "moderate",
      "isDirect": false,
      "via": [
          "source": 1096525,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "",
          "severity": "moderate",
          "cwe": [
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          "range": ">=0.8.1 <0.28.0"
      "effects": [
      "range": "0.8.1 - 0.27.2",
      "nodes": [
      "fixAvailable": true
    "bundlesize": {
      "name": "bundlesize",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "0.3.0 - 0.18.1 || >=1.0.0-beta.1",
      "nodes": [
      "fixAvailable": true
    "cheerio": {
      "name": "cheerio",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "0.19.0 - 1.0.0-rc.3",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
    "color": {
      "name": "color",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=0.11.4",
      "nodes": [
      "fixAvailable": true
    "color-string": {
      "name": "color-string",
      "severity": "moderate",
      "isDirect": false,
      "via": [
          "source": 1089718,
          "name": "color-string",
          "dependency": "color-string",
          "title": "Regular Expression Denial of Service (ReDOS)",
          "url": "",
          "severity": "moderate",
          "cwe": [
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          "range": "<1.5.5"
      "effects": [
      "range": "<1.5.5",
      "nodes": [
      "fixAvailable": true
    "css-color-function": {
      "name": "css-color-function",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "*",
      "nodes": [
      "fixAvailable": true
    "css-declaration-sorter": {
      "name": "css-declaration-sorter",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=5.1.2",
      "nodes": [
      "fixAvailable": true
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=3.1.0",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
    "cssnano": {
      "name": "cssnano",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "<=4.1.11",
      "nodes": [
      "fixAvailable": {
        "name": "cssnano",
        "version": "6.1.2",
        "isSemVerMajor": true
    "cssnano-preset-default": {
      "name": "cssnano-preset-default",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=4.0.8",
      "nodes": [
      "fixAvailable": {
        "name": "cssnano",
        "version": "6.1.2",
        "isSemVerMajor": true
    "cssnano-util-raw-cache": {
      "name": "cssnano-util-raw-cache",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "*",
      "nodes": [
      "fixAvailable": true
    "es-dev-server": {
      "name": "es-dev-server",
      "severity": "high",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": ">=1.56.0",
      "nodes": [
      "fixAvailable": true
    "es5-ext": {
      "name": "es5-ext",
      "severity": "low",
      "isDirect": false,
      "via": [
          "source": 1096592,
          "name": "es5-ext",
          "dependency": "es5-ext",
          "title": "es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`",
          "url": "",
          "severity": "low",
          "cwe": [
          "cvss": {
            "score": 0,
            "vectorString": null
          "range": ">=0.10.0 <0.10.63"
      "effects": [],
      "range": "0.10.1 - 0.10.62",
      "nodes": [
      "fixAvailable": true
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "moderate",
      "isDirect": false,
      "via": [
          "source": 1096856,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "follow-redirects' Proxy-Authorization header kept across hosts",
          "url": "",
          "severity": "moderate",
          "cwe": [
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          "range": "<=1.15.5"
      "effects": [],
      "range": "<=1.15.5",
      "nodes": [
      "fixAvailable": true
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
          "source": 1095007,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "",
          "severity": "high",
          "cwe": [
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          "range": "<5.1.2"
      "effects": [
      "range": "<5.1.2",
      "nodes": [
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
    "glob-stream": {
      "name": "glob-stream",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "5.3.0 - 6.1.0",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
    "glob-watcher": {
      "name": "glob-watcher",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "3.0.0 - 5.0.5",
      "nodes": [
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
    "gulp": {
      "name": "gulp",
      "severity": "high",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "4.0.0 - 4.0.2",
      "nodes": [
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
    "gulp-inline": {
      "name": "gulp-inline",
      "severity": "high",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": ">=0.1.3",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
    "gulp-postcss": {
      "name": "gulp-postcss",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "<=8.0.0",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-postcss",
        "version": "10.0.0",
        "isSemVerMajor": true
    "gulp-svg-sprite": {
      "name": "gulp-svg-sprite",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "1.3.0 - 1.5.0",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
    "gulp-useref": {
      "name": "gulp-useref",
      "severity": "high",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": ">=3.1.4",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
    "lodash.pick": {
      "name": "lodash.pick",
      "severity": "high",
      "isDirect": false,
      "via": [
          "source": 1096303,
          "name": "lodash.pick",
          "dependency": "lodash.pick",
          "title": "Prototype Pollution in lodash",
          "url": "",
          "severity": "high",
          "cwe": [
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
          "range": ">=4.0.0 <=4.4.0"
      "effects": [
      "range": ">=4.0.0",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
    "nth-check": {
      "name": "nth-check",
      "severity": "high",
      "isDirect": false,
      "via": [
          "source": 1095141,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "",
          "severity": "high",
          "cwe": [
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          "range": "<2.0.1"
      "effects": [
      "range": "<2.0.1",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
    "phantomjs-prebuilt": {
      "name": "phantomjs-prebuilt",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "*",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
    "pixrem": {
      "name": "pixrem",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
      "fixAvailable": true
    "pleeease-filters": {
      "name": "pleeease-filters",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "*",
      "nodes": [
      "fixAvailable": true
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
          "source": 1093539,
          "name": "postcss",
          "dependency": "postcss",
          "title": "Regular Expression Denial of Service in postcss",
          "url": "",
          "severity": "moderate",
          "cwe": [
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          "range": "<7.0.36"
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "",
          "severity": "moderate",
          "cwe": [
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          "range": "<8.4.31"
      "effects": [
      "range": "<=8.4.30",
      "nodes": [
      "fixAvailable": {
        "name": "cssnano",
        "version": "6.1.2",
        "isSemVerMajor": true
    "postcss-apply": {
      "name": "postcss-apply",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=0.10.0",
      "nodes": [
      "fixAvailable": false
    "postcss-attribute-case-insensitive": {
      "name": "postcss-attribute-case-insensitive",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=3.0.1",
      "nodes": [
      "fixAvailable": false
    "postcss-calc": {
      "name": "postcss-calc",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "4.1.0 - 7.0.5",
      "nodes": [
      "fixAvailable": true
    "postcss-color-function": {
      "name": "postcss-color-function",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "*",
      "nodes": [
      "fixAvailable": true
    "postcss-color-gray": {
      "name": "postcss-color-gray",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "3.0.0 - 4.1.0",
      "nodes": [
      "fixAvailable": true
    "postcss-color-hex-alpha": {
      "name": "postcss-color-hex-alpha",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "1.3.0 - 3.0.0",
      "nodes": [
      "fixAvailable": true
    "postcss-color-hsl": {
      "name": "postcss-color-hsl",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "*",
      "nodes": [
      "fixAvailable": false
    "postcss-color-hwb": {
      "name": "postcss-color-hwb",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": ">=1.2.0",
      "nodes": [
      "fixAvailable": true
    "postcss-color-rebeccapurple": {
      "name": "postcss-color-rebeccapurple",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "1.2.0 - 3.1.0",
      "nodes": [
      "fixAvailable": true
    "postcss-color-rgb": {
      "name": "postcss-color-rgb",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "*",
      "nodes": [
      "fixAvailable": true
    "postcss-color-rgba-fallback": {
      "name": "postcss-color-rgba-fallback",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=3.0.0",
      "nodes": [
      "fixAvailable": true
    "postcss-colormin": {
      "name": "postcss-colormin",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.3",
      "nodes": [
      "fixAvailable": true
    "postcss-convert-values": {
      "name": "postcss-convert-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-cssnext": {
      "name": "postcss-cssnext",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "*",
      "nodes": [
      "fixAvailable": false
    "postcss-custom-media": {
      "name": "postcss-custom-media",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "4.0.0 - 6.0.0",
      "nodes": [
      "fixAvailable": true
    "postcss-custom-properties": {
      "name": "postcss-custom-properties",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "3.3.0 - 7.0.0",
      "nodes": [
      "fixAvailable": true
    "postcss-custom-selectors": {
      "name": "postcss-custom-selectors",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "2.3.0 - 4.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-discard-comments": {
      "name": "postcss-discard-comments",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-discard-duplicates": {
      "name": "postcss-discard-duplicates",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "1.1.0 - 4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-discard-empty": {
      "name": "postcss-discard-empty",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "1.1.0 - 4.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-discard-overridden": {
      "name": "postcss-discard-overridden",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-font-family-system-ui": {
      "name": "postcss-font-family-system-ui",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=3.0.0",
      "nodes": [
      "fixAvailable": false
    "postcss-font-variant": {
      "name": "postcss-font-variant",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
      "fixAvailable": true
    "postcss-image-set-polyfill": {
      "name": "postcss-image-set-polyfill",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=0.4.4",
      "nodes": [
      "fixAvailable": false
    "postcss-import": {
      "name": "postcss-import",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "<=12.0.1",
      "nodes": [
      "fixAvailable": {
        "name": "postcss-import",
        "version": "16.1.0",
        "isSemVerMajor": true
    "postcss-initial": {
      "name": "postcss-initial",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=2.0.0",
      "nodes": [
      "fixAvailable": false
    "postcss-less": {
      "name": "postcss-less",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=3.1.4",
      "nodes": [
      "fixAvailable": true
    "postcss-media-minmax": {
      "name": "postcss-media-minmax",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
      "fixAvailable": true
    "postcss-merge-longhand": {
      "name": "postcss-merge-longhand",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.11",
      "nodes": [
      "fixAvailable": true
    "postcss-merge-rules": {
      "name": "postcss-merge-rules",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.3",
      "nodes": [
      "fixAvailable": true
    "postcss-minify-font-values": {
      "name": "postcss-minify-font-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-minify-gradients": {
      "name": "postcss-minify-gradients",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-minify-params": {
      "name": "postcss-minify-params",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-minify-selectors": {
      "name": "postcss-minify-selectors",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-nesting": {
      "name": "postcss-nesting",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=6.0.0",
      "nodes": [
      "fixAvailable": false
    "postcss-normalize-charset": {
      "name": "postcss-normalize-charset",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-display-values": {
      "name": "postcss-normalize-display-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-positions": {
      "name": "postcss-normalize-positions",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-repeat-style": {
      "name": "postcss-normalize-repeat-style",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-string": {
      "name": "postcss-normalize-string",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-timing-functions": {
      "name": "postcss-normalize-timing-functions",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-unicode": {
      "name": "postcss-normalize-unicode",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-url": {
      "name": "postcss-normalize-url",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "1.1.0 - 4.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-normalize-whitespace": {
      "name": "postcss-normalize-whitespace",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-ordered-values": {
      "name": "postcss-ordered-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.1.2",
      "nodes": [
      "fixAvailable": true
    "postcss-pseudo-class-any-link": {
      "name": "postcss-pseudo-class-any-link",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=5.0.0",
      "nodes": [
      "fixAvailable": true
    "postcss-pseudoelements": {
      "name": "postcss-pseudoelements",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": ">=2.2.0",
      "nodes": [
      "fixAvailable": true
    "postcss-reduce-initial": {
      "name": "postcss-reduce-initial",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.3",
      "nodes": [
      "fixAvailable": true
    "postcss-reduce-transforms": {
      "name": "postcss-reduce-transforms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": true
    "postcss-replace-overflow-wrap": {
      "name": "postcss-replace-overflow-wrap",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=2.0.0",
      "nodes": [
      "fixAvailable": false
    "postcss-reporter": {
      "name": "postcss-reporter",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "<=6.0.1",
      "nodes": [
      "fixAvailable": {
        "name": "postcss-reporter",
        "version": "7.1.0",
        "isSemVerMajor": true
    "postcss-safe-parser": {
      "name": "postcss-safe-parser",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=4.0.2",
      "nodes": [
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
    "postcss-sass": {
      "name": "postcss-sass",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=0.4.4",
      "nodes": [
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
    "postcss-scss": {
      "name": "postcss-scss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=2.1.1",
      "nodes": [
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
    "postcss-selector-matches": {
      "name": "postcss-selector-matches",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-selector-not": {
      "name": "postcss-selector-not",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
      "fixAvailable": true
    "postcss-svgo": {
      "name": "postcss-svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=5.0.0-rc.2",
      "nodes": [
      "fixAvailable": true
    "postcss-unique-selectors": {
      "name": "postcss-unique-selectors",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
      "fixAvailable": true
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "",
          "severity": "moderate",
          "cwe": [
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          "range": "<=2.88.2"
      "effects": [
      "range": "*",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
    "stylehacks": {
      "name": "stylehacks",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=4.0.3",
      "nodes": [
      "fixAvailable": true
    "stylelint": {
      "name": "stylelint",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "0.1.0 - 13.13.1",
      "nodes": [
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
    "stylelint-config-wikimedia": {
      "name": "stylelint-config-wikimedia",
      "severity": "moderate",
      "isDirect": true,
      "via": [
      "effects": [],
      "range": "<=0.11.1",
      "nodes": [
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
    "sugarss": {
      "name": "sugarss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "<=2.0.0",
      "nodes": [
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
    "svg-sprite": {
      "name": "svg-sprite",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "1.3.0 - 1.5.4",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
    "svgo": {
      "name": "svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "1.0.0 - 1.3.2",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "",
          "severity": "moderate",
          "cwe": [
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          "range": "<4.1.3"
      "effects": [
      "range": "<4.1.3",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
    "vinyl-fs": {
      "name": "vinyl-fs",
      "severity": "high",
      "isDirect": false,
      "via": [
      "effects": [
      "range": "2.4.2 - 3.0.3",
      "nodes": [
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 80,
      "high": 17,
      "critical": 0,
      "total": 98
    "dependencies": {
      "prod": 1,
      "dev": 1820,
      "optional": 4,
      "peer": 1,
      "peerOptional": 0,
      "total": 1820

--- end ---
Upgrading n:stylelint-config-wikimedia from 0.10.3 -> 0.16.1
$ /usr/bin/npm install
--- stderr ---
npm WARN deprecated @types/browserslist@4.15.0: This is a stub types definition. browserslist provides its own type definitions, so you do not need this installed.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN:
npm WARN deprecated source-map-url@0.4.1: See
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated urix@0.1.0: Please see
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated resolve-url@0.2.1:
npm WARN deprecated source-map-resolve@0.5.3: See
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See for details.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated request@2.88.2: request has been deprecated, see
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---

added 1790 packages, and audited 1791 packages in 44s

149 packages are looking for funding
  run `npm fund` for details

91 vulnerabilities (1 low, 73 moderate, 17 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Source code is licensed under the AGPL.