This run took 40 seconds.
$ date --- stdout --- Sun Apr 7 17:33:28 UTC 2024 --- end --- $ git clone file:///srv/git/oojs-core.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- da07a1067b09a7b6614394aa3172b428128ed18b refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "bin-version": { "name": "bin-version", "severity": "high", "isDirect": false, "via": [ "find-versions" ], "effects": [ "bin-version-check" ], "range": "<=4.0.0", "nodes": [ "node_modules/bin-version" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "bin-version-check": { "name": "bin-version-check", "severity": "high", "isDirect": false, "via": [ "bin-version" ], "effects": [ "bin-wrapper" ], "range": "<=4.0.0", "nodes": [ "node_modules/bin-version-check" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "bin-wrapper": { "name": "bin-wrapper", "severity": "high", "isDirect": false, "via": [ "bin-version-check", "download" ], "effects": [ "saucelabs" ], "range": ">=0.4.0", "nodes": [ "node_modules/bin-wrapper" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "cacheable-request": { "name": "cacheable-request", "severity": "high", "isDirect": false, "via": [ "http-cache-semantics" ], "effects": [ "got" ], "range": "0.1.0 - 2.1.4", "nodes": [ "node_modules/download/node_modules/cacheable-request" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "download": { "name": "download", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "bin-wrapper" ], "range": ">=4.0.0", "nodes": [ "node_modules/download" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "find-versions": { "name": "find-versions", "severity": "high", "isDirect": false, "via": [ "semver-regex" ], "effects": [ "bin-version" ], "range": "<=3.2.0", "nodes": [ "node_modules/find-versions" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "got": { "name": "got", "severity": "high", "isDirect": false, "via": [ { "source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<11.8.5" }, "cacheable-request" ], "effects": [ "download" ], "range": "<=11.8.3", "nodes": [ "node_modules/download/node_modules/got" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "http-cache-semantics": { "name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [ { "source": 1092316, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.1.1" } ], "effects": [ "cacheable-request" ], "range": "<4.1.1", "nodes": [ "node_modules/download/node_modules/http-cache-semantics" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "jsdoc-wmf-theme": { "name": "jsdoc-wmf-theme", "severity": "high", "isDirect": true, "via": [ "taffydb" ], "effects": [], "range": "<=0.0.12", "nodes": [ "node_modules/jsdoc-wmf-theme" ], "fixAvailable": { "name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true } }, "karma-sauce-launcher": { "name": "karma-sauce-launcher", "severity": "moderate", "isDirect": true, "via": [ "saucelabs" ], "effects": [], "range": ">=4.1.5", "nodes": [ "node_modules/karma-sauce-launcher" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "meow": { "name": "meow", "severity": "high", "isDirect": false, "via": [ "trim-newlines" ], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": [ "node_modules/meow" ], "fixAvailable": true }, "saucelabs": { "name": "saucelabs", "severity": "moderate", "isDirect": false, "via": [ "bin-wrapper" ], "effects": [ "karma-sauce-launcher" ], "range": "4.1.0 - 7.1.2", "nodes": [ "node_modules/saucelabs" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "semver-regex": { "name": "semver-regex", "severity": "high", "isDirect": false, "via": [ { "source": 1092475, "name": "semver-regex", "dependency": "semver-regex", "title": "semver-regex Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.1.3" }, { "source": 1092605, "name": "semver-regex", "dependency": "semver-regex", "title": "Regular expression denial of service in semver-regex", "url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch", "severity": "low", "cwe": [ "CWE-1333" ], "cvss": { "score": 0, "vectorString": null }, "range": "<3.1.4" } ], "effects": [ "find-versions" ], "range": "<=3.1.3", "nodes": [ "node_modules/semver-regex" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "taffydb": { "name": "taffydb", "severity": "high", "isDirect": false, "via": [ { "source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": [ "CWE-20", "CWE-668" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=2.7.3" } ], "effects": [ "jsdoc-wmf-theme" ], "range": "*", "nodes": [ "node_modules/taffydb" ], "fixAvailable": { "name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true } }, "trim-newlines": { "name": "trim-newlines", "severity": "high", "isDirect": false, "via": [ { "source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.1" } ], "effects": [ "meow" ], "range": "<3.0.1", "nodes": [ "node_modules/trim-newlines" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 12, "critical": 0, "total": 15 }, "dependencies": { "prod": 1, "dev": 932, "optional": 3, "peer": 1, "peerOptional": 0, "total": 932 } } } --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "bin-version": { "name": "bin-version", "severity": "high", "isDirect": false, "via": [ "find-versions" ], "effects": [ "bin-version-check" ], "range": "<=4.0.0", "nodes": [ "node_modules/bin-version" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "bin-version-check": { "name": "bin-version-check", "severity": "high", "isDirect": false, "via": [ "bin-version" ], "effects": [ "bin-wrapper" ], "range": "<=4.0.0", "nodes": [ "node_modules/bin-version-check" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "bin-wrapper": { "name": "bin-wrapper", "severity": "high", "isDirect": false, "via": [ "bin-version-check", "download" ], "effects": [ "saucelabs" ], "range": ">=0.4.0", "nodes": [ "node_modules/bin-wrapper" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "cacheable-request": { "name": "cacheable-request", "severity": "high", "isDirect": false, "via": [ "http-cache-semantics" ], "effects": [ "got" ], "range": "0.1.0 - 2.1.4", "nodes": [ "node_modules/download/node_modules/cacheable-request" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "download": { "name": "download", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "bin-wrapper" ], "range": ">=4.0.0", "nodes": [ "node_modules/download" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "find-versions": { "name": "find-versions", "severity": "high", "isDirect": false, "via": [ "semver-regex" ], "effects": [ "bin-version" ], "range": "<=3.2.0", "nodes": [ "node_modules/find-versions" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "got": { "name": "got", "severity": "high", "isDirect": false, "via": [ { "source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<11.8.5" }, "cacheable-request" ], "effects": [ "download" ], "range": "<=11.8.3", "nodes": [ "node_modules/download/node_modules/got" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "http-cache-semantics": { "name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [ { "source": 1092316, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.1.1" } ], "effects": [ "cacheable-request" ], "range": "<4.1.1", "nodes": [ "node_modules/download/node_modules/http-cache-semantics" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "jsdoc-wmf-theme": { "name": "jsdoc-wmf-theme", "severity": "high", "isDirect": true, "via": [ "taffydb" ], "effects": [], "range": "<=0.0.12", "nodes": [ "node_modules/jsdoc-wmf-theme" ], "fixAvailable": { "name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true } }, "karma-sauce-launcher": { "name": "karma-sauce-launcher", "severity": "moderate", "isDirect": true, "via": [ "saucelabs" ], "effects": [], "range": ">=4.1.5", "nodes": [ "node_modules/karma-sauce-launcher" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "meow": { "name": "meow", "severity": "high", "isDirect": false, "via": [ "trim-newlines" ], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": [ "node_modules/meow" ], "fixAvailable": true }, "saucelabs": { "name": "saucelabs", "severity": "moderate", "isDirect": false, "via": [ "bin-wrapper" ], "effects": [ "karma-sauce-launcher" ], "range": "4.1.0 - 7.1.2", "nodes": [ "node_modules/saucelabs" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "semver-regex": { "name": "semver-regex", "severity": "high", "isDirect": false, "via": [ { "source": 1092475, "name": "semver-regex", "dependency": "semver-regex", "title": "semver-regex Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.1.3" }, { "source": 1092605, "name": "semver-regex", "dependency": "semver-regex", "title": "Regular expression denial of service in semver-regex", "url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch", "severity": "low", "cwe": [ "CWE-1333" ], "cvss": { "score": 0, "vectorString": null }, "range": "<3.1.4" } ], "effects": [ "find-versions" ], "range": "<=3.1.3", "nodes": [ "node_modules/semver-regex" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "taffydb": { "name": "taffydb", "severity": "high", "isDirect": false, "via": [ { "source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": [ "CWE-20", "CWE-668" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=2.7.3" } ], "effects": [ "jsdoc-wmf-theme" ], "range": "*", "nodes": [ "node_modules/taffydb" ], "fixAvailable": { "name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true } }, "trim-newlines": { "name": "trim-newlines", "severity": "high", "isDirect": false, "via": [ { "source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.1" } ], "effects": [ "meow" ], "range": "<3.0.1", "nodes": [ "node_modules/trim-newlines" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 12, "critical": 0, "total": 15 }, "dependencies": { "prod": 1, "dev": 932, "optional": 3, "peer": 1, "peerOptional": 0, "total": 932 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- { "added": 932, "removed": 0, "changed": 0, "audited": 933, "funding": 93, "audit": { "auditReportVersion": 2, "vulnerabilities": { "bin-version": { "name": "bin-version", "severity": "high", "isDirect": false, "via": [ "find-versions" ], "effects": [ "bin-version-check" ], "range": "<=4.0.0", "nodes": [ "node_modules/bin-version" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "bin-version-check": { "name": "bin-version-check", "severity": "high", "isDirect": false, "via": [ "bin-version" ], "effects": [ "bin-wrapper" ], "range": "<=4.0.0", "nodes": [ "node_modules/bin-version-check" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "bin-wrapper": { "name": "bin-wrapper", "severity": "high", "isDirect": false, "via": [ "bin-version-check", "download" ], "effects": [ "saucelabs" ], "range": ">=0.4.0", "nodes": [ "node_modules/bin-wrapper" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "cacheable-request": { "name": "cacheable-request", "severity": "high", "isDirect": false, "via": [ "http-cache-semantics" ], "effects": [ "got" ], "range": "0.1.0 - 2.1.4", "nodes": [ "node_modules/download/node_modules/cacheable-request" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "download": { "name": "download", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "bin-wrapper" ], "range": ">=4.0.0", "nodes": [ "node_modules/download" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "find-versions": { "name": "find-versions", "severity": "high", "isDirect": false, "via": [ "semver-regex" ], "effects": [ "bin-version" ], "range": "<=3.2.0", "nodes": [ "node_modules/find-versions" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "got": { "name": "got", "severity": "high", "isDirect": false, "via": [ { "source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<11.8.5" }, "cacheable-request" ], "effects": [ "download" ], "range": "<=11.8.3", "nodes": [ "node_modules/download/node_modules/got" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "http-cache-semantics": { "name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [ { "source": 1092316, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.1.1" } ], "effects": [ "cacheable-request" ], "range": "<4.1.1", "nodes": [ "node_modules/download/node_modules/http-cache-semantics" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "jsdoc-wmf-theme": { "name": "jsdoc-wmf-theme", "severity": "high", "isDirect": true, "via": [ "taffydb" ], "effects": [], "range": "<=0.0.12", "nodes": [ "node_modules/jsdoc-wmf-theme" ], "fixAvailable": { "name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true } }, "karma-sauce-launcher": { "name": "karma-sauce-launcher", "severity": "moderate", "isDirect": true, "via": [ "saucelabs" ], "effects": [], "range": ">=4.1.5", "nodes": [ "node_modules/karma-sauce-launcher" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "meow": { "name": "meow", "severity": "high", "isDirect": false, "via": [ "trim-newlines" ], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": [ "node_modules/meow" ], "fixAvailable": true }, "saucelabs": { "name": "saucelabs", "severity": "moderate", "isDirect": false, "via": [ "bin-wrapper" ], "effects": [ "karma-sauce-launcher" ], "range": "4.1.0 - 7.1.2", "nodes": [ "node_modules/saucelabs" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "semver-regex": { "name": "semver-regex", "severity": "high", "isDirect": false, "via": [ { "source": 1092475, "name": "semver-regex", "dependency": "semver-regex", "title": "semver-regex Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.1.3" }, { "source": 1092605, "name": "semver-regex", "dependency": "semver-regex", "title": "Regular expression denial of service in semver-regex", "url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch", "severity": "low", "cwe": [ "CWE-1333" ], "cvss": { "score": 0, "vectorString": null }, "range": "<3.1.4" } ], "effects": [ "find-versions" ], "range": "<=3.1.3", "nodes": [ "node_modules/semver-regex" ], "fixAvailable": { "name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true } }, "taffydb": { "name": "taffydb", "severity": "high", "isDirect": false, "via": [ { "source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": [ "CWE-20", "CWE-668" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=2.7.3" } ], "effects": [ "jsdoc-wmf-theme" ], "range": "*", "nodes": [ "node_modules/taffydb" ], "fixAvailable": { "name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true } }, "trim-newlines": { "name": "trim-newlines", "severity": "high", "isDirect": false, "via": [ { "source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.1" } ], "effects": [ "meow" ], "range": "<3.0.1", "nodes": [ "node_modules/trim-newlines" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 12, "critical": 0, "total": 15 }, "dependencies": { "prod": 1, "dev": 932, "optional": 3, "peer": 1, "peerOptional": 0, "total": 932 } } } } --- end --- {"added": 932, "removed": 0, "changed": 0, "audited": 933, "funding": 93, "audit": {"auditReportVersion": 2, "vulnerabilities": {"bin-version": {"name": "bin-version", "severity": "high", "isDirect": false, "via": ["find-versions"], "effects": ["bin-version-check"], "range": "<=4.0.0", "nodes": ["node_modules/bin-version"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "bin-version-check": {"name": "bin-version-check", "severity": "high", "isDirect": false, "via": ["bin-version"], "effects": ["bin-wrapper"], "range": "<=4.0.0", "nodes": ["node_modules/bin-version-check"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "bin-wrapper": {"name": "bin-wrapper", "severity": "high", "isDirect": false, "via": ["bin-version-check", "download"], "effects": ["saucelabs"], "range": ">=0.4.0", "nodes": ["node_modules/bin-wrapper"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "cacheable-request": {"name": "cacheable-request", "severity": "high", "isDirect": false, "via": ["http-cache-semantics"], "effects": ["got"], "range": "0.1.0 - 2.1.4", "nodes": ["node_modules/download/node_modules/cacheable-request"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "download": {"name": "download", "severity": "moderate", "isDirect": false, "via": ["got"], "effects": ["bin-wrapper"], "range": ">=4.0.0", "nodes": ["node_modules/download"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "find-versions": {"name": "find-versions", "severity": "high", "isDirect": false, "via": ["semver-regex"], "effects": ["bin-version"], "range": "<=3.2.0", "nodes": ["node_modules/find-versions"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "got": {"name": "got", "severity": "high", "isDirect": false, "via": [{"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}, "cacheable-request"], "effects": ["download"], "range": "<=11.8.3", "nodes": ["node_modules/download/node_modules/got"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "http-cache-semantics": {"name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [{"source": 1092316, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.1.1"}], "effects": ["cacheable-request"], "range": "<4.1.1", "nodes": ["node_modules/download/node_modules/http-cache-semantics"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "jsdoc-wmf-theme": {"name": "jsdoc-wmf-theme", "severity": "high", "isDirect": true, "via": ["taffydb"], "effects": [], "range": "<=0.0.12", "nodes": ["node_modules/jsdoc-wmf-theme"], "fixAvailable": {"name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true}}, "karma-sauce-launcher": {"name": "karma-sauce-launcher", "severity": "moderate", "isDirect": true, "via": ["saucelabs"], "effects": [], "range": ">=4.1.5", "nodes": ["node_modules/karma-sauce-launcher"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "meow": {"name": "meow", "severity": "high", "isDirect": false, "via": ["trim-newlines"], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": ["node_modules/meow"], "fixAvailable": true}, "saucelabs": {"name": "saucelabs", "severity": "moderate", "isDirect": false, "via": ["bin-wrapper"], "effects": ["karma-sauce-launcher"], "range": "4.1.0 - 7.1.2", "nodes": ["node_modules/saucelabs"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "semver-regex": {"name": "semver-regex", "severity": "high", "isDirect": false, "via": [{"source": 1092475, "name": "semver-regex", "dependency": "semver-regex", "title": "semver-regex Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1092605, "name": "semver-regex", "dependency": "semver-regex", "title": "Regular expression denial of service in semver-regex", "url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch", "severity": "low", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.4"}], "effects": ["find-versions"], "range": "<=3.1.3", "nodes": ["node_modules/semver-regex"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "taffydb": {"name": "taffydb", "severity": "high", "isDirect": false, "via": [{"source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": ["CWE-20", "CWE-668"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<=2.7.3"}], "effects": ["jsdoc-wmf-theme"], "range": "*", "nodes": ["node_modules/taffydb"], "fixAvailable": {"name": "jsdoc-wmf-theme", "version": "0.0.13", "isSemVerMajor": true}}, "trim-newlines": {"name": "trim-newlines", "severity": "high", "isDirect": false, "via": [{"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}], "effects": ["meow"], "range": "<3.0.1", "nodes": ["node_modules/trim-newlines"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 3, "high": 12, "critical": 0, "total": 15}, "dependencies": {"prod": 1, "dev": 932, "optional": 3, "peer": 1, "peerOptional": 0, "total": 932}}}} $ /usr/bin/npm audit fix --only=dev --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN deprecated gulp-util@3.0.7: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5 npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead: npm WARN deprecated npm i nyc npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives. --- stdout --- added 931 packages, and audited 932 packages in 7s 93 packages are looking for funding run `npm fund` for details # npm audit report got <=11.8.3 Severity: high Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 Depends on vulnerable versions of cacheable-request fix available via `npm audit fix --force` Will install karma-sauce-launcher@4.1.4, which is a breaking change node_modules/download/node_modules/got download >=4.0.0 Depends on vulnerable versions of got node_modules/download bin-wrapper >=0.4.0 Depends on vulnerable versions of bin-version-check Depends on vulnerable versions of download node_modules/bin-wrapper saucelabs 4.1.0 - 7.1.2 Depends on vulnerable versions of bin-wrapper node_modules/saucelabs karma-sauce-launcher >=4.1.5 Depends on vulnerable versions of saucelabs node_modules/karma-sauce-launcher http-cache-semantics <4.1.1 Severity: high http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j fix available via `npm audit fix --force` Will install karma-sauce-launcher@4.1.4, which is a breaking change node_modules/download/node_modules/http-cache-semantics cacheable-request 0.1.0 - 2.1.4 Depends on vulnerable versions of http-cache-semantics node_modules/download/node_modules/cacheable-request semver-regex <=3.1.3 Severity: high semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch fix available via `npm audit fix --force` Will install karma-sauce-launcher@4.1.4, which is a breaking change node_modules/semver-regex find-versions <=3.2.0 Depends on vulnerable versions of semver-regex node_modules/find-versions bin-version <=4.0.0 Depends on vulnerable versions of find-versions node_modules/bin-version bin-version-check <=4.0.0 Depends on vulnerable versions of bin-version node_modules/bin-version-check taffydb * Severity: high TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6 fix available via `npm audit fix --force` Will install jsdoc-wmf-theme@0.0.13, which is a breaking change node_modules/taffydb jsdoc-wmf-theme <=0.0.12 Depends on vulnerable versions of taffydb node_modules/jsdoc-wmf-theme trim-newlines <3.0.1 Severity: high Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v fix available via `npm audit fix` node_modules/trim-newlines meow 3.4.0 - 5.0.0 Depends on vulnerable versions of trim-newlines node_modules/meow 15 vulnerabilities (3 moderate, 12 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Verifying that tests still pass $ /usr/bin/npm ci --- stderr --- npm WARN deprecated gulp-util@3.0.7: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5 npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead: npm WARN deprecated npm i nyc npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives. --- stdout --- added 931 packages, and audited 932 packages in 8s 93 packages are looking for funding run `npm fund` for details 15 vulnerabilities (3 moderate, 12 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stderr --- (node:164) Warning: Accessing non-existent property 'VERSION' of module exports inside circular dependency (Use `node --trace-warnings ...` to show where the warning was created) --- stdout --- > oojs@7.0.1 test > npm run build-dev && karma start && qunit --require ./tests/setup-node tests/unit/ && npm run lint > oojs@7.0.1 build-dev > grunt build-dev Running "set-meta" task Running "set-dev" task Running "clean:dist" (clean) task >> 0 paths cleaned. Running "concat:dev" (concat) task Done. [32m07 04 2024 17:33:54.354:INFO [karma-server]: [39mKarma v6.3.18 server started at http://localhost:9876/ [32m07 04 2024 17:33:54.356:INFO [launcher]: [39mLaunching browsers FirefoxHeadless, ChromeCustom with concurrency unlimited [32m07 04 2024 17:33:54.360:INFO [launcher]: [39mStarting browser FirefoxHeadless [32m07 04 2024 17:33:54.372:INFO [launcher]: [39mStarting browser ChromeHeadless [32m07 04 2024 17:33:57.154:INFO [Chrome Headless 123.0.6312.86 (Linux x86_64)]: [39mConnected on socket P8yo-5MoCIVFcuulAAAB with id 78148416 ............................................................ Chrome Headless 123.0.6312.86 (Linux x86_64): Executed 60 of 60 SUCCESS (0.127 secs / 0.103 secs) [32m07 04 2024 17:33:58.303:INFO [Firefox 115.0 (Linux x86_64)]: [39mConnected on socket B2Bodeo9IFDbcOuSAAAD with id 2298953 ............................................................ Firefox 115.0 (Linux x86_64): Executed 60 of 60 SUCCESS (0.116 secs / 0.082 secs) TOTAL: 120 SUCCESS TOTAL: 120 SUCCESS =============================== Coverage summary =============================== Statements : 100% ( 449/449 ) Branches : 100% ( 270/270 ) Functions : 100% ( 60/60 ) Lines : 100% ( 432/432 ) ================================================================================ TAP version 13 ok 1 EmitterList > addItems ok 2 EmitterList > moveItem ok 3 EmitterList > clearItems ok 4 EmitterList > removeItems ok 5 EmitterList > aggregate ok 6 EmitterList > Events ok 7 EventEmitter > on ok 8 EventEmitter > once ok 9 EventEmitter > once - nested ok 10 EventEmitter > once - off ok 11 EventEmitter > emit ok 12 EventEmitter > off ok 13 EventEmitter > connect ok 14 EventEmitter > disconnect( host ) ok 15 EventEmitter > disconnect( host, methods ) ok 16 EventEmitter > disconnect( host, array methods ) ok 17 EventEmitter > disconnect( host, unbound methods ) ok 18 EventEmitter > chainable ok 19 Factory > invalid registration ok 20 Factory > registeration and lookup [Class.key] ok 21 Factory > registeration and lookup [Class.static.name] ok 22 Factory > registeration and lookup [key and name] ok 23 Factory > registeration and lookup [unknown] ok 24 Factory > invalid creation ok 25 Factory > valid creation ok 26 Registry > register/unregister ok 27 Registry > lookup ok 28 SortedEmitterList > addItems ok 29 SortedEmitterList > Events ok 30 core > initClass ok 31 core > inheritClass ok 32 core > mixinClass ok 33 core > isSubclass ok 34 core > getProp( Object ) ok 35 core > getProp( Function ) ok 36 core > getProp( Array ) ok 37 core > setProp( Object ) ok 38 core > setProp( Function ) ok 39 core > setProp( Array ) ok 40 core > deleteProp( Object ) ok 41 core > deleteProp( Function ) ok 42 core > deleteProp( Array ) ok 43 core > cloneObject ok 44 core > getObjectValues ok 45 core > binarySearch ok 46 core > compare ok 47 core > compare( Node, Node ) ok 48 core > compare( Object, Object, Boolean asymmetrical ) ok 49 core > copy( source ) ok 50 core > copy( source, Function leafCallback ) ok 51 core > copy( source, Function leafCallback, Function nodeCallback ) ok 52 core > getHash: Basic usage ok 53 core > getHash: Complex usage ok 54 core > unique ok 55 core > simpleArrayUnion ok 56 core > simpleArrayIntersection ok 57 core > simpleArrayDifference ok 58 util > isPlainObject 1..58 # pass 58 # skip 0 # todo 0 # fail 0 > oojs@7.0.1 lint > eslint --cache . --- end --- {"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}} {"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}} $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- [DNM] there are no updates $ git add . --- stdout --- --- end --- $ git commit -F /tmp/tmpgwvyb8ds --- stdout --- On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean --- end ---