mediawiki/services/mobileapps: main (log #1240793)

sourcepatches

This run took 109 seconds.

$ date
--- stdout ---
Mon Apr  8 16:31:13 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-services-mobileapps.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
18863a45a87b31827f0c224e425a56b17e336880 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "cheerio": {
      "name": "cheerio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "css-select",
        "lodash.pick"
      ],
      "effects": [
        "microformat-node"
      ],
      "range": "0.19.0 - 1.0.0-rc.3",
      "nodes": [
        "node_modules/cheerio"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "isDirect": false,
      "via": [
        "nth-check"
      ],
      "effects": [
        "cheerio"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096792,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.3.1"
        },
        {
          "source": 1096793,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=3.2.0 <3.2.7"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/debug",
        "node_modules/mocha/node_modules/debug"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "eslint-config-wikimedia": {
      "name": "eslint-config-wikimedia",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "eslint-plugin-compat"
      ],
      "effects": [],
      "range": "0.18.0 - 0.21.0",
      "nodes": [
        "node_modules/eslint-config-wikimedia"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "eslint-plugin-compat": {
      "name": "eslint-plugin-compat",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "eslint-config-wikimedia"
      ],
      "range": "3.6.0-0 - 4.1.4",
      "nodes": [
        "node_modules/eslint-plugin-compat"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "flat": {
      "name": "flat",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1089152,
          "name": "flat",
          "dependency": "flat",
          "title": "flat vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<5.0.1"
        }
      ],
      "effects": [
        "yargs-unparser"
      ],
      "range": "<5.0.1",
      "nodes": [
        "node_modules/flat"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093224,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "wikimedia-kad-fork"
      ],
      "effects": [],
      "range": ">=0.2.3",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "lodash.pick": {
      "name": "lodash.pick",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096303,
          "name": "lodash.pick",
          "dependency": "lodash.pick",
          "title": "Prototype Pollution in lodash",
          "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
          "severity": "high",
          "cwe": [
            "CWE-770",
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
          },
          "range": ">=4.0.0 <=4.4.0"
        }
      ],
      "effects": [
        "cheerio"
      ],
      "range": ">=4.0.0",
      "nodes": [
        "node_modules/lodash.pick"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "microformat-node": {
      "name": "microformat-node",
      "severity": "high",
      "isDirect": true,
      "via": [
        "cheerio"
      ],
      "effects": [],
      "range": ">=2.0.1",
      "nodes": [
        "node_modules/microformat-node"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096465,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1096466,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1096548,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1096549,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "debug",
        "minimatch",
        "yargs-unparser"
      ],
      "effects": [],
      "range": "5.1.0 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "wikimedia-kad-fork"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/wikimedia-kad-fork/node_modules/ms"
      ],
      "fixAvailable": true
    },
    "nodemon": {
      "name": "nodemon",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "simple-update-notifier"
      ],
      "effects": [],
      "range": "2.0.19 - 2.0.22",
      "nodes": [
        "node_modules/nodemon"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095141,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "sanitize-html"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/postcss"
      ],
      "fixAvailable": {
        "name": "sanitize-html",
        "version": "2.13.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "preq",
        "requestretry"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "sanitize-html": {
      "name": "sanitize-html",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1089955,
          "name": "sanitize-html",
          "dependency": "sanitize-html",
          "title": "Improper Input Validation in sanitize-html",
          "url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<2.3.2"
        },
        {
          "source": 1091789,
          "name": "sanitize-html",
          "dependency": "sanitize-html",
          "title": "Improper Input Validation in sanitize-html",
          "url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<2.3.1"
        },
        {
          "source": 1096639,
          "name": "sanitize-html",
          "dependency": "sanitize-html",
          "title": "sanitize-html Information Exposure vulnerability",
          "url": "https://github.com/advisories/GHSA-rm97-x556-q36h",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": "<2.12.1"
        },
        "postcss"
      ],
      "effects": [],
      "range": "<=2.12.0",
      "nodes": [
        "node_modules/sanitize-html"
      ],
      "fixAvailable": {
        "name": "sanitize-html",
        "version": "2.13.0",
        "isSemVerMajor": true
      }
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096482,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=7.0.0 <7.5.2"
        },
        {
          "source": 1096483,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<5.7.2"
        }
      ],
      "effects": [
        "eslint-plugin-compat",
        "simple-update-notifier"
      ],
      "range": ">=7.0.0 <7.5.2 || <5.7.2",
      "nodes": [
        "node_modules/gc-stats/node_modules/semver",
        "node_modules/semver",
        "node_modules/simple-update-notifier/node_modules/semver"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "simple-update-notifier": {
      "name": "simple-update-notifier",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "nodemon"
      ],
      "range": "1.0.7 - 1.1.0",
      "nodes": [
        "node_modules/simple-update-notifier"
      ],
      "fixAvailable": true
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "swagger-ui-dist",
        "version": "5.14.0",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1096309,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1096376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.16"
        },
        {
          "source": 1096411,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.18"
        }
      ],
      "effects": [],
      "range": "<=4.4.17",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "wikimedia-kad-fork": {
      "name": "wikimedia-kad-fork",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/wikimedia-kad-fork"
      ],
      "fixAvailable": true
    },
    "yargs-unparser": {
      "name": "yargs-unparser",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "flat"
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=1.6.3",
      "nodes": [
        "node_modules/yargs-unparser"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 14,
      "high": 10,
      "critical": 4,
      "total": 29
    },
    "dependencies": {
      "prod": 276,
      "dev": 454,
      "optional": 82,
      "peer": 0,
      "peerOptional": 0,
      "total": 806
    }
  }
}

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "cheerio": {
      "name": "cheerio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "css-select",
        "lodash.pick"
      ],
      "effects": [
        "microformat-node"
      ],
      "range": "0.19.0 - 1.0.0-rc.3",
      "nodes": [
        "node_modules/cheerio"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "isDirect": false,
      "via": [
        "nth-check"
      ],
      "effects": [
        "cheerio"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096792,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.3.1"
        },
        {
          "source": 1096793,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=3.2.0 <3.2.7"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/debug",
        "node_modules/mocha/node_modules/debug"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "eslint-config-wikimedia": {
      "name": "eslint-config-wikimedia",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "eslint-plugin-compat"
      ],
      "effects": [],
      "range": "0.18.0 - 0.21.0",
      "nodes": [
        "node_modules/eslint-config-wikimedia"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "eslint-plugin-compat": {
      "name": "eslint-plugin-compat",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "eslint-config-wikimedia"
      ],
      "range": "3.6.0-0 - 4.1.4",
      "nodes": [
        "node_modules/eslint-plugin-compat"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "flat": {
      "name": "flat",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1089152,
          "name": "flat",
          "dependency": "flat",
          "title": "flat vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<5.0.1"
        }
      ],
      "effects": [
        "yargs-unparser"
      ],
      "range": "<5.0.1",
      "nodes": [
        "node_modules/flat"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093224,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "wikimedia-kad-fork"
      ],
      "effects": [],
      "range": ">=0.2.3",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "lodash.pick": {
      "name": "lodash.pick",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096303,
          "name": "lodash.pick",
          "dependency": "lodash.pick",
          "title": "Prototype Pollution in lodash",
          "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
          "severity": "high",
          "cwe": [
            "CWE-770",
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
          },
          "range": ">=4.0.0 <=4.4.0"
        }
      ],
      "effects": [
        "cheerio"
      ],
      "range": ">=4.0.0",
      "nodes": [
        "node_modules/lodash.pick"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "microformat-node": {
      "name": "microformat-node",
      "severity": "high",
      "isDirect": true,
      "via": [
        "cheerio"
      ],
      "effects": [],
      "range": ">=2.0.1",
      "nodes": [
        "node_modules/microformat-node"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096465,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1096466,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1096548,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1096549,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "debug",
        "minimatch",
        "yargs-unparser"
      ],
      "effects": [],
      "range": "5.1.0 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "wikimedia-kad-fork"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/wikimedia-kad-fork/node_modules/ms"
      ],
      "fixAvailable": true
    },
    "nodemon": {
      "name": "nodemon",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "simple-update-notifier"
      ],
      "effects": [],
      "range": "2.0.19 - 2.0.22",
      "nodes": [
        "node_modules/nodemon"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095141,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "microformat-node",
        "version": "2.0.0",
        "isSemVerMajor": true
      }
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "sanitize-html"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/postcss"
      ],
      "fixAvailable": {
        "name": "sanitize-html",
        "version": "2.13.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "preq",
        "requestretry"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "sanitize-html": {
      "name": "sanitize-html",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1089955,
          "name": "sanitize-html",
          "dependency": "sanitize-html",
          "title": "Improper Input Validation in sanitize-html",
          "url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<2.3.2"
        },
        {
          "source": 1091789,
          "name": "sanitize-html",
          "dependency": "sanitize-html",
          "title": "Improper Input Validation in sanitize-html",
          "url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<2.3.1"
        },
        {
          "source": 1096639,
          "name": "sanitize-html",
          "dependency": "sanitize-html",
          "title": "sanitize-html Information Exposure vulnerability",
          "url": "https://github.com/advisories/GHSA-rm97-x556-q36h",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": "<2.12.1"
        },
        "postcss"
      ],
      "effects": [],
      "range": "<=2.12.0",
      "nodes": [
        "node_modules/sanitize-html"
      ],
      "fixAvailable": {
        "name": "sanitize-html",
        "version": "2.13.0",
        "isSemVerMajor": true
      }
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096482,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=7.0.0 <7.5.2"
        },
        {
          "source": 1096483,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<5.7.2"
        }
      ],
      "effects": [
        "eslint-plugin-compat",
        "simple-update-notifier"
      ],
      "range": ">=7.0.0 <7.5.2 || <5.7.2",
      "nodes": [
        "node_modules/gc-stats/node_modules/semver",
        "node_modules/semver",
        "node_modules/simple-update-notifier/node_modules/semver"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "simple-update-notifier": {
      "name": "simple-update-notifier",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "nodemon"
      ],
      "range": "1.0.7 - 1.1.0",
      "nodes": [
        "node_modules/simple-update-notifier"
      ],
      "fixAvailable": true
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "swagger-ui-dist",
        "version": "5.14.0",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1096309,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1096376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.16"
        },
        {
          "source": 1096411,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.18"
        }
      ],
      "effects": [],
      "range": "<=4.4.17",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "wikimedia-kad-fork": {
      "name": "wikimedia-kad-fork",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/wikimedia-kad-fork"
      ],
      "fixAvailable": true
    },
    "yargs-unparser": {
      "name": "yargs-unparser",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "flat"
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=1.6.3",
      "nodes": [
        "node_modules/yargs-unparser"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 14,
      "high": 10,
      "critical": 4,
      "total": 29
    },
    "dependencies": {
      "prod": 276,
      "dev": 454,
      "optional": 82,
      "peer": 0,
      "peerOptional": 0,
      "total": 806
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
--- stdout ---
{
  "added": 740,
  "removed": 0,
  "changed": 0,
  "audited": 807,
  "funding": 74,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "cheerio": {
        "name": "cheerio",
        "severity": "high",
        "isDirect": false,
        "via": [
          "css-select",
          "lodash.pick"
        ],
        "effects": [
          "microformat-node"
        ],
        "range": "0.19.0 - 1.0.0-rc.3",
        "nodes": [
          "node_modules/cheerio"
        ],
        "fixAvailable": {
          "name": "microformat-node",
          "version": "2.0.0",
          "isSemVerMajor": true
        }
      },
      "css-select": {
        "name": "css-select",
        "severity": "high",
        "isDirect": false,
        "via": [
          "nth-check"
        ],
        "effects": [
          "cheerio"
        ],
        "range": "<=3.1.0",
        "nodes": [
          "node_modules/css-select"
        ],
        "fixAvailable": {
          "name": "microformat-node",
          "version": "2.0.0",
          "isSemVerMajor": true
        }
      },
      "debug": {
        "name": "debug",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1096792,
            "name": "debug",
            "dependency": "debug",
            "title": "Regular Expression Denial of Service in debug",
            "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=4.0.0 <4.3.1"
          },
          {
            "source": 1096793,
            "name": "debug",
            "dependency": "debug",
            "title": "Regular Expression Denial of Service in debug",
            "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=3.2.0 <3.2.7"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0",
        "nodes": [
          "node_modules/gc-stats/node_modules/debug",
          "node_modules/mocha/node_modules/debug"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "eslint-config-wikimedia": {
        "name": "eslint-config-wikimedia",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "eslint-plugin-compat"
        ],
        "effects": [],
        "range": "0.18.0 - 0.21.0",
        "nodes": [
          "node_modules/eslint-config-wikimedia"
        ],
        "fixAvailable": {
          "name": "eslint-config-wikimedia",
          "version": "0.27.0",
          "isSemVerMajor": true
        }
      },
      "eslint-plugin-compat": {
        "name": "eslint-plugin-compat",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "semver"
        ],
        "effects": [
          "eslint-config-wikimedia"
        ],
        "range": "3.6.0-0 - 4.1.4",
        "nodes": [
          "node_modules/eslint-plugin-compat"
        ],
        "fixAvailable": {
          "name": "eslint-config-wikimedia",
          "version": "0.27.0",
          "isSemVerMajor": true
        }
      },
      "flat": {
        "name": "flat",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1089152,
            "name": "flat",
            "dependency": "flat",
            "title": "flat vulnerable to Prototype Pollution",
            "url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<5.0.1"
          }
        ],
        "effects": [
          "yargs-unparser"
        ],
        "range": "<5.0.1",
        "nodes": [
          "node_modules/flat"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "ini": {
        "name": "ini",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1093224,
            "name": "ini",
            "dependency": "ini",
            "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
            "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
            "severity": "high",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": "<1.3.6"
          }
        ],
        "effects": [],
        "range": "<1.3.6",
        "nodes": [
          "node_modules/gc-stats/node_modules/ini"
        ],
        "fixAvailable": true
      },
      "limitation": {
        "name": "limitation",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "wikimedia-kad-fork"
        ],
        "effects": [],
        "range": ">=0.2.3",
        "nodes": [
          "node_modules/limitation"
        ],
        "fixAvailable": true
      },
      "lodash.pick": {
        "name": "lodash.pick",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096303,
            "name": "lodash.pick",
            "dependency": "lodash.pick",
            "title": "Prototype Pollution in lodash",
            "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
            "severity": "high",
            "cwe": [
              "CWE-770",
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.4,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
            },
            "range": ">=4.0.0 <=4.4.0"
          }
        ],
        "effects": [
          "cheerio"
        ],
        "range": ">=4.0.0",
        "nodes": [
          "node_modules/lodash.pick"
        ],
        "fixAvailable": {
          "name": "microformat-node",
          "version": "2.0.0",
          "isSemVerMajor": true
        }
      },
      "microformat-node": {
        "name": "microformat-node",
        "severity": "high",
        "isDirect": true,
        "via": [
          "cheerio"
        ],
        "effects": [],
        "range": ">=2.0.1",
        "nodes": [
          "node_modules/microformat-node"
        ],
        "fixAvailable": {
          "name": "microformat-node",
          "version": "2.0.0",
          "isSemVerMajor": true
        }
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096485,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS vulnerability",
            "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.0.5"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<3.0.5",
        "nodes": [
          "node_modules/gc-stats/node_modules/minimatch",
          "node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "minimist": {
        "name": "minimist",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096465,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.6,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": ">=1.0.0 <1.2.3"
          },
          {
            "source": 1096466,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.6,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": "<0.2.1"
          },
          {
            "source": 1096548,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<0.2.4"
          },
          {
            "source": 1096549,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=1.0.0 <1.2.6"
          }
        ],
        "effects": [
          "mkdirp"
        ],
        "range": "<=0.2.3 || 1.0.0 - 1.2.5",
        "nodes": [
          "node_modules/gc-stats/node_modules/minimist",
          "node_modules/gc-stats/node_modules/rc/node_modules/minimist"
        ],
        "fixAvailable": true
      },
      "mkdirp": {
        "name": "mkdirp",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "minimist"
        ],
        "effects": [],
        "range": "0.4.1 - 0.5.1",
        "nodes": [
          "node_modules/gc-stats/node_modules/mkdirp"
        ],
        "fixAvailable": true
      },
      "mocha": {
        "name": "mocha",
        "severity": "critical",
        "isDirect": true,
        "via": [
          "debug",
          "minimatch",
          "yargs-unparser"
        ],
        "effects": [],
        "range": "5.1.0 - 9.2.1",
        "nodes": [
          "node_modules/mocha"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "ms": {
        "name": "ms",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1094419,
            "name": "ms",
            "dependency": "ms",
            "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
            "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<2.0.0"
          }
        ],
        "effects": [
          "wikimedia-kad-fork"
        ],
        "range": "<2.0.0",
        "nodes": [
          "node_modules/wikimedia-kad-fork/node_modules/ms"
        ],
        "fixAvailable": true
      },
      "nodemon": {
        "name": "nodemon",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "simple-update-notifier"
        ],
        "effects": [],
        "range": "2.0.19 - 2.0.22",
        "nodes": [
          "node_modules/nodemon"
        ],
        "fixAvailable": true
      },
      "nth-check": {
        "name": "nth-check",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1095141,
            "name": "nth-check",
            "dependency": "nth-check",
            "title": "Inefficient Regular Expression Complexity in nth-check",
            "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<2.0.1"
          }
        ],
        "effects": [
          "css-select"
        ],
        "range": "<2.0.1",
        "nodes": [
          "node_modules/nth-check"
        ],
        "fixAvailable": {
          "name": "microformat-node",
          "version": "2.0.0",
          "isSemVerMajor": true
        }
      },
      "postcss": {
        "name": "postcss",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1094544,
            "name": "postcss",
            "dependency": "postcss",
            "title": "PostCSS line return parsing error",
            "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
            "severity": "moderate",
            "cwe": [
              "CWE-74",
              "CWE-144"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<8.4.31"
          }
        ],
        "effects": [
          "sanitize-html"
        ],
        "range": "<8.4.31",
        "nodes": [
          "node_modules/postcss"
        ],
        "fixAvailable": {
          "name": "sanitize-html",
          "version": "2.13.0",
          "isSemVerMajor": true
        }
      },
      "preq": {
        "name": "preq",
        "severity": "high",
        "isDirect": true,
        "via": [
          "request",
          "requestretry"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/preq"
        ],
        "fixAvailable": false
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "preq",
          "requestretry"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": false
      },
      "requestretry": {
        "name": "requestretry",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1090420,
            "name": "requestretry",
            "dependency": "requestretry",
            "title": "Cookie exposure in requestretry",
            "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
            "severity": "high",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": "<7.0.0"
          },
          "request"
        ],
        "effects": [
          "preq"
        ],
        "range": "*",
        "nodes": [
          "node_modules/requestretry"
        ],
        "fixAvailable": false
      },
      "sanitize-html": {
        "name": "sanitize-html",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          {
            "source": 1089955,
            "name": "sanitize-html",
            "dependency": "sanitize-html",
            "title": "Improper Input Validation in sanitize-html",
            "url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4",
            "severity": "moderate",
            "cwe": [
              "CWE-20"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<2.3.2"
          },
          {
            "source": 1091789,
            "name": "sanitize-html",
            "dependency": "sanitize-html",
            "title": "Improper Input Validation in sanitize-html",
            "url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r",
            "severity": "moderate",
            "cwe": [
              "CWE-20"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<2.3.1"
          },
          {
            "source": 1096639,
            "name": "sanitize-html",
            "dependency": "sanitize-html",
            "title": "sanitize-html Information Exposure vulnerability",
            "url": "https://github.com/advisories/GHSA-rm97-x556-q36h",
            "severity": "moderate",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
            },
            "range": "<2.12.1"
          },
          "postcss"
        ],
        "effects": [],
        "range": "<=2.12.0",
        "nodes": [
          "node_modules/sanitize-html"
        ],
        "fixAvailable": {
          "name": "sanitize-html",
          "version": "2.13.0",
          "isSemVerMajor": true
        }
      },
      "semver": {
        "name": "semver",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096482,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=7.0.0 <7.5.2"
          },
          {
            "source": 1096483,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<5.7.2"
          }
        ],
        "effects": [
          "eslint-plugin-compat",
          "simple-update-notifier"
        ],
        "range": ">=7.0.0 <7.5.2 || <5.7.2",
        "nodes": [
          "node_modules/gc-stats/node_modules/semver",
          "node_modules/semver",
          "node_modules/simple-update-notifier/node_modules/semver"
        ],
        "fixAvailable": {
          "name": "eslint-config-wikimedia",
          "version": "0.27.0",
          "isSemVerMajor": true
        }
      },
      "simple-update-notifier": {
        "name": "simple-update-notifier",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "semver"
        ],
        "effects": [
          "nodemon"
        ],
        "range": "1.0.7 - 1.1.0",
        "nodes": [
          "node_modules/simple-update-notifier"
        ],
        "fixAvailable": true
      },
      "swagger-ui-dist": {
        "name": "swagger-ui-dist",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          {
            "source": 1088759,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Spoofing attack in swagger-ui-dist",
            "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
            "severity": "moderate",
            "cwe": [
              "CWE-1021"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          },
          {
            "source": 1092160,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Server side request forgery in SwaggerUI",
            "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [],
        "range": "<=4.1.2",
        "nodes": [
          "node_modules/swagger-ui-dist"
        ],
        "fixAvailable": {
          "name": "swagger-ui-dist",
          "version": "5.14.0",
          "isSemVerMajor": true
        }
      },
      "tar": {
        "name": "tar",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1089684,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
            "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=4.0.0 <4.4.14"
          },
          {
            "source": 1095117,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
            "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": "<4.4.18"
          },
          {
            "source": 1096309,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
            "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-23",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=4.0.0 <4.4.15"
          },
          {
            "source": 1096376,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
            "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=3.0.0 <4.4.16"
          },
          {
            "source": 1096411,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
            "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=3.0.0 <4.4.18"
          }
        ],
        "effects": [],
        "range": "<=4.4.17",
        "nodes": [
          "node_modules/gc-stats/node_modules/tar"
        ],
        "fixAvailable": true
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096643,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": false
      },
      "wikimedia-kad-fork": {
        "name": "wikimedia-kad-fork",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "ms"
        ],
        "effects": [
          "limitation"
        ],
        "range": "*",
        "nodes": [
          "node_modules/wikimedia-kad-fork"
        ],
        "fixAvailable": true
      },
      "yargs-unparser": {
        "name": "yargs-unparser",
        "severity": "critical",
        "isDirect": false,
        "via": [
          "flat"
        ],
        "effects": [
          "mocha"
        ],
        "range": "<=1.6.3",
        "nodes": [
          "node_modules/yargs-unparser"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 1,
        "moderate": 14,
        "high": 10,
        "critical": 4,
        "total": 29
      },
      "dependencies": {
        "prod": 276,
        "dev": 454,
        "optional": 82,
        "peer": 0,
        "peerOptional": 0,
        "total": 806
      }
    }
  }
}

--- end ---
{"added": 740, "removed": 0, "changed": 0, "audited": 807, "funding": 74, "audit": {"auditReportVersion": 2, "vulnerabilities": {"cheerio": {"name": "cheerio", "severity": "high", "isDirect": false, "via": ["css-select", "lodash.pick"], "effects": ["microformat-node"], "range": "0.19.0 - 1.0.0-rc.3", "nodes": ["node_modules/cheerio"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "css-select": {"name": "css-select", "severity": "high", "isDirect": false, "via": ["nth-check"], "effects": ["cheerio"], "range": "<=3.1.0", "nodes": ["node_modules/css-select"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "debug": {"name": "debug", "severity": "low", "isDirect": false, "via": [{"source": 1096792, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.3.1"}, {"source": 1096793, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=3.2.0 <3.2.7"}], "effects": ["mocha"], "range": "3.2.0 - 3.2.6 || 4.0.0 - 4.3.0", "nodes": ["node_modules/gc-stats/node_modules/debug", "node_modules/mocha/node_modules/debug"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint-plugin-compat"], "effects": [], "range": "0.18.0 - 0.21.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "eslint-plugin-compat": {"name": "eslint-plugin-compat", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["eslint-config-wikimedia"], "range": "3.6.0-0 - 4.1.4", "nodes": ["node_modules/eslint-plugin-compat"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "flat": {"name": "flat", "severity": "critical", "isDirect": false, "via": [{"source": 1089152, "name": "flat", "dependency": "flat", "title": "flat vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<5.0.1"}], "effects": ["yargs-unparser"], "range": "<5.0.1", "nodes": ["node_modules/flat"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "ini": {"name": "ini", "severity": "high", "isDirect": false, "via": [{"source": 1093224, "name": "ini", "dependency": "ini", "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<1.3.6"}], "effects": [], "range": "<1.3.6", "nodes": ["node_modules/gc-stats/node_modules/ini"], "fixAvailable": true}, "limitation": {"name": "limitation", "severity": "moderate", "isDirect": false, "via": ["wikimedia-kad-fork"], "effects": [], "range": ">=0.2.3", "nodes": ["node_modules/limitation"], "fixAvailable": true}, "lodash.pick": {"name": "lodash.pick", "severity": "high", "isDirect": false, "via": [{"source": 1096303, "name": "lodash.pick", "dependency": "lodash.pick", "title": "Prototype Pollution in lodash", "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw", "severity": "high", "cwe": ["CWE-770", "CWE-1321"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": ">=4.0.0 <=4.4.0"}], "effects": ["cheerio"], "range": ">=4.0.0", "nodes": ["node_modules/lodash.pick"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "microformat-node": {"name": "microformat-node", "severity": "high", "isDirect": true, "via": ["cheerio"], "effects": [], "range": ">=2.0.1", "nodes": ["node_modules/microformat-node"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["mocha"], "range": "<3.0.5", "nodes": ["node_modules/gc-stats/node_modules/minimatch", "node_modules/minimatch"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "minimist": {"name": "minimist", "severity": "critical", "isDirect": false, "via": [{"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, {"source": 1096548, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, {"source": 1096549, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}], "effects": ["mkdirp"], "range": "<=0.2.3 || 1.0.0 - 1.2.5", "nodes": ["node_modules/gc-stats/node_modules/minimist", "node_modules/gc-stats/node_modules/rc/node_modules/minimist"], "fixAvailable": true}, "mkdirp": {"name": "mkdirp", "severity": "moderate", "isDirect": false, "via": ["minimist"], "effects": [], "range": "0.4.1 - 0.5.1", "nodes": ["node_modules/gc-stats/node_modules/mkdirp"], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "critical", "isDirect": true, "via": ["debug", "minimatch", "yargs-unparser"], "effects": [], "range": "5.1.0 - 9.2.1", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "ms": {"name": "ms", "severity": "moderate", "isDirect": false, "via": [{"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}], "effects": ["wikimedia-kad-fork"], "range": "<2.0.0", "nodes": ["node_modules/wikimedia-kad-fork/node_modules/ms"], "fixAvailable": true}, "nodemon": {"name": "nodemon", "severity": "moderate", "isDirect": true, "via": ["simple-update-notifier"], "effects": [], "range": "2.0.19 - 2.0.22", "nodes": ["node_modules/nodemon"], "fixAvailable": true}, "nth-check": {"name": "nth-check", "severity": "high", "isDirect": false, "via": [{"source": 1095141, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["node_modules/nth-check"], "fixAvailable": {"name": "microformat-node", "version": "2.0.0", "isSemVerMajor": true}}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["sanitize-html"], "range": "<8.4.31", "nodes": ["node_modules/postcss"], "fixAvailable": {"name": "sanitize-html", "version": "2.13.0", "isSemVerMajor": true}}, "preq": {"name": "preq", "severity": "high", "isDirect": true, "via": ["request", "requestretry"], "effects": [], "range": "*", "nodes": ["node_modules/preq"], "fixAvailable": false}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["preq", "requestretry"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "requestretry": {"name": "requestretry", "severity": "high", "isDirect": false, "via": [{"source": 1090420, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": ["CWE-200"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<7.0.0"}, "request"], "effects": ["preq"], "range": "*", "nodes": ["node_modules/requestretry"], "fixAvailable": false}, "sanitize-html": {"name": "sanitize-html", "severity": "moderate", "isDirect": true, "via": [{"source": 1089955, "name": "sanitize-html", "dependency": "sanitize-html", "title": "Improper Input Validation in sanitize-html", "url": "https://github.com/advisories/GHSA-mjxr-4v3x-q3m4", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, {"source": 1091789, "name": "sanitize-html", "dependency": "sanitize-html", "title": "Improper Input Validation in sanitize-html", "url": "https://github.com/advisories/GHSA-rjqq-98f6-6j3r", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.1"}, {"source": 1096639, "name": "sanitize-html", "dependency": "sanitize-html", "title": "sanitize-html Information Exposure vulnerability", "url": "https://github.com/advisories/GHSA-rm97-x556-q36h", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": "<2.12.1"}, "postcss"], "effects": [], "range": "<=2.12.0", "nodes": ["node_modules/sanitize-html"], "fixAvailable": {"name": "sanitize-html", "version": "2.13.0", "isSemVerMajor": true}}, "semver": {"name": "semver", "severity": "moderate", "isDirect": false, "via": [{"source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=7.0.0 <7.5.2"}, {"source": 1096483, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<5.7.2"}], "effects": ["eslint-plugin-compat", "simple-update-notifier"], "range": ">=7.0.0 <7.5.2 || <5.7.2", "nodes": ["node_modules/gc-stats/node_modules/semver", "node_modules/semver", "node_modules/simple-update-notifier/node_modules/semver"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "simple-update-notifier": {"name": "simple-update-notifier", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["nodemon"], "range": "1.0.7 - 1.1.0", "nodes": ["node_modules/simple-update-notifier"], "fixAvailable": true}, "swagger-ui-dist": {"name": "swagger-ui-dist", "severity": "moderate", "isDirect": true, "via": [{"source": 1088759, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Spoofing attack in swagger-ui-dist", "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "severity": "moderate", "cwe": ["CWE-1021"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.1.3"}, {"source": 1092160, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Server side request forgery in SwaggerUI", "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<4.1.3"}], "effects": [], "range": "<=4.1.2", "nodes": ["node_modules/swagger-ui-dist"], "fixAvailable": {"name": "swagger-ui-dist", "version": "5.14.0", "isSemVerMajor": true}}, "tar": {"name": "tar", "severity": "high", "isDirect": false, "via": [{"source": 1089684, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.14"}, {"source": 1095117, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": "<4.4.18"}, {"source": 1096309, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "cwe": ["CWE-22", "CWE-23", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.15"}, {"source": 1096376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.16"}, {"source": 1096411, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.18"}], "effects": [], "range": "<=4.4.17", "nodes": ["node_modules/gc-stats/node_modules/tar"], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}, "wikimedia-kad-fork": {"name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": ["ms"], "effects": ["limitation"], "range": "*", "nodes": ["node_modules/wikimedia-kad-fork"], "fixAvailable": true}, "yargs-unparser": {"name": "yargs-unparser", "severity": "critical", "isDirect": false, "via": ["flat"], "effects": ["mocha"], "range": "<=1.6.3", "nodes": ["node_modules/yargs-unparser"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 14, "high": 10, "critical": 4, "total": 29}, "dependencies": {"prod": 276, "dev": 454, "optional": 82, "peer": 0, "peerOptional": 0, "total": 806}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
npm WARN deprecated @types/long@5.0.0: This is a stub types definition. long provides its own type definitions, so you do not need this installed.
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@5.1.3: Please switch to @apidevtools/json-schema-ref-parser
npm WARN deprecated core-js@3.19.0: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---

added 739 packages, and audited 806 packages in 11s

74 packages are looking for funding
  run `npm fund` for details

# npm audit report

debug  3.2.0 - 3.2.6 || 4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/gc-stats/node_modules/debug
node_modules/mocha/node_modules/debug
  mocha  5.1.0 - 9.2.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of minimatch
  Depends on vulnerable versions of yargs-unparser
  node_modules/mocha

flat  <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/flat
  yargs-unparser  <=1.6.3
  Depends on vulnerable versions of flat
  node_modules/yargs-unparser

ini  <1.3.6
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/ini

lodash.pick  >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install microformat-node@2.0.0, which is a breaking change
node_modules/lodash.pick
  cheerio  0.19.0 - 1.0.0-rc.3
  Depends on vulnerable versions of css-select
  Depends on vulnerable versions of lodash.pick
  node_modules/cheerio
    microformat-node  >=2.0.1
    Depends on vulnerable versions of cheerio
    node_modules/microformat-node

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/gc-stats/node_modules/minimatch
node_modules/minimatch

minimist  <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/minimist
node_modules/gc-stats/node_modules/rc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/gc-stats/node_modules/mkdirp

ms  <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix`
node_modules/wikimedia-kad-fork/node_modules/ms
  wikimedia-kad-fork  *
  Depends on vulnerable versions of ms
  node_modules/wikimedia-kad-fork
    limitation  >=0.2.3
    Depends on vulnerable versions of wikimedia-kad-fork
    node_modules/limitation

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install microformat-node@2.0.0, which is a breaking change
node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/css-select

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install sanitize-html@2.13.0, which is a breaking change
node_modules/postcss
  sanitize-html  <=2.12.0
  Depends on vulnerable versions of postcss
  node_modules/sanitize-html

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  preq  *
  Depends on vulnerable versions of request
  Depends on vulnerable versions of requestretry
  node_modules/preq
  requestretry  *
  Depends on vulnerable versions of request
  node_modules/requestretry



semver  >=7.0.0 <7.5.2 || <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install eslint-config-wikimedia@0.27.0, which is a breaking change
node_modules/gc-stats/node_modules/semver
node_modules/semver
node_modules/simple-update-notifier/node_modules/semver
  eslint-plugin-compat  3.6.0-0 - 4.1.4
  Depends on vulnerable versions of semver
  node_modules/eslint-plugin-compat
    eslint-config-wikimedia  0.18.0 - 0.21.0
    Depends on vulnerable versions of eslint-plugin-compat
    node_modules/eslint-config-wikimedia
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/nodemon

swagger-ui-dist  <=4.1.2
Severity: moderate
Spoofing attack in swagger-ui-dist - https://github.com/advisories/GHSA-6c9x-mj3g-h47x
Server side request forgery in SwaggerUI - https://github.com/advisories/GHSA-qrmm-w75w-3wpx
fix available via `npm audit fix --force`
Will install swagger-ui-dist@5.14.0, which is a breaking change
node_modules/swagger-ui-dist

tar  <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/tar

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

29 vulnerabilities (1 low, 14 moderate, 10 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @types/long@5.0.0: This is a stub types definition. long provides its own type definitions, so you do not need this installed.
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated mkdirp@0.5.4: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@5.1.3: Please switch to @apidevtools/json-schema-ref-parser
npm WARN deprecated core-js@3.19.0: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---

added 739 packages, and audited 806 packages in 11s

74 packages are looking for funding
  run `npm fund` for details

29 vulnerabilities (1 low, 14 moderate, 10 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at Context.<anonymous> (/src/repo/test/lib/metadata/parsoid-preprocessing.js:27:3)
    at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
    at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
    at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
    at /src/repo/node_modules/mocha/lib/runner.js:653:12
    at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
    at /src/repo/node_modules/mocha/lib/runner.js:457:7
    at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
    at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
    at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at Context.<anonymous> (/src/repo/test/lib/metadata/parsoid-preprocessing.js:35:3)
    at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
    at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
    at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
    at /src/repo/node_modules/mocha/lib/runner.js:653:12
    at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
    at /src/repo/node_modules/mocha/lib/runner.js:457:7
    at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
    at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
    at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at Context.<anonymous> (/src/repo/test/lib/metadata/parsoid-preprocessing.js:43:3)
    at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
    at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
    at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
    at /src/repo/node_modules/mocha/lib/runner.js:653:12
    at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
    at /src/repo/node_modules/mocha/lib/runner.js:457:7
    at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
    at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
    at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at /src/repo/lib/summary.js:98:17
    at tryCatcher (/src/repo/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/src/repo/node_modules/bluebird/js/release/promise.js:547:31)
    at Promise._settlePromise (/src/repo/node_modules/bluebird/js/release/promise.js:604:18)
    at Promise._settlePromise0 (/src/repo/node_modules/bluebird/js/release/promise.js:649:10)
    at Promise._settlePromises (/src/repo/node_modules/bluebird/js/release/promise.js:729:18)
    at _drainQueueStep (/src/repo/node_modules/bluebird/js/release/async.js:93:12)
    at _drainQueue (/src/repo/node_modules/bluebird/js/release/async.js:86:9)
    at Async._drainQueues (/src/repo/node_modules/bluebird/js/release/async.js:102:5)
    at Async.drainQueues [as _onImmediate] (/src/repo/node_modules/bluebird/js/release/async.js:15:14)
    at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at /src/repo/lib/summary.js:98:17
    at tryCatcher (/src/repo/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/src/repo/node_modules/bluebird/js/release/promise.js:547:31)
    at Promise._settlePromise (/src/repo/node_modules/bluebird/js/release/promise.js:604:18)
    at Promise._settlePromise0 (/src/repo/node_modules/bluebird/js/release/promise.js:649:10)
    at Promise._settlePromises (/src/repo/node_modules/bluebird/js/release/promise.js:729:18)
    at _drainQueueStep (/src/repo/node_modules/bluebird/js/release/async.js:93:12)
    at _drainQueue (/src/repo/node_modules/bluebird/js/release/async.js:86:9)
    at Async._drainQueues (/src/repo/node_modules/bluebird/js/release/async.js:102:5)
    at Async.drainQueues [as _onImmediate] (/src/repo/node_modules/bluebird/js/release/async.js:15:14)
    at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at test (/src/repo/test/lib/transforms/transforms-test.js:114:11)
    at Context.<anonymous> (/src/repo/test/lib/transforms/transforms-test.js:120:4)
    at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
    at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
    at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
    at /src/repo/node_modules/mocha/lib/runner.js:653:12
    at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
    at /src/repo/node_modules/mocha/lib/runner.js:457:7
    at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
    at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
    at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at test (/src/repo/test/lib/transforms/transforms-test.js:114:11)
    at Context.<anonymous> (/src/repo/test/lib/transforms/transforms-test.js:135:4)
    at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
    at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
    at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
    at /src/repo/node_modules/mocha/lib/runner.js:653:12
    at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
    at /src/repo/node_modules/mocha/lib/runner.js:457:7
    at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
    at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
    at process.processImmediate (node:internal/timers:476:21)
Unhandled rejection TypeError: transforms[transform] is not a function
    at /src/repo/lib/processing.js:40:27
    at Array.forEach (<anonymous>)
    at process (/src/repo/lib/processing.js:38:34)
    at /src/repo/lib/processing.js:72:24
    at Promise._execute (/src/repo/node_modules/bluebird/js/release/debuggability.js:384:9)
    at Promise._resolveFromExecutor (/src/repo/node_modules/bluebird/js/release/promise.js:518:18)
    at new Promise (/src/repo/node_modules/bluebird/js/release/promise.js:103:10)
    at module.exports (/src/repo/lib/processing.js:72:9)
    at test (/src/repo/test/lib/transforms/transforms-test.js:114:11)
    at Context.<anonymous> (/src/repo/test/lib/transforms/transforms-test.js:140:4)
    at callFn (/src/repo/node_modules/mocha/lib/runnable.js:387:21)
    at Runnable.run (/src/repo/node_modules/mocha/lib/runnable.js:379:7)
    at Runner.runTest (/src/repo/node_modules/mocha/lib/runner.js:535:10)
    at /src/repo/node_modules/mocha/lib/runner.js:653:12
    at next (/src/repo/node_modules/mocha/lib/runner.js:447:14)
    at /src/repo/node_modules/mocha/lib/runner.js:457:7
    at next (/src/repo/node_modules/mocha/lib/runner.js:362:14)
    at Immediate._onImmediate (/src/repo/node_modules/mocha/lib/runner.js:425:5)
    at process.processImmediate (node:internal/timers:476:21)
--- stdout ---

> mobileapps@0.3.0 test
> PREQ_CONNECT_TIMEOUT=15 mocha 'test/{,!(diff)/**}/*.js' && npm run lint



  express app
starting test server
    ✓ should get robots.txt
    ✓ should set CORS headers
    ✓ should set CSP headers
    ✓ should not follow redirects (334ms)

  Swagger spec
    ✓ get the spec
    ✓ spec validation
    validate responses against schema
      ✓ summary response should conform to schema (7710ms)
      ✓ media-list response should conform to schema (513ms)
    validate spec examples
      ✓ spec from root
      ✓ retrieve service info
      ✓ Get base CSS
      ✓ Get CSS bundle from wikimedia-page-library
      ✓ Get site-specific CSS (68ms)
      ✓ Get i18n strings for the Page Content Service
      ✓ Get javascript bundle for page library
      ✓ retrieve en-wiktionary definitions for 'cat' (245ms)
      ✓ Get description for test page (103ms)
Expected:
true
Result:
false
      - Get media list from test page
      ✓ Get offline resource links to accompany page content HTML for test page
      ✓ Get page content HTML for test page (225ms)
Expected:
true
Result:
false
      - retrieve test page via mobile-sections
      ✓ Get summary for test page (661ms)
      ✓ Get structured talk page for enwiki Salt article (110ms)
      ✓ Get preview mobile HTML for test page (107ms)

  Cache config
    ✓ should parse config and adapt ca value

  Cached endpoints
starting test server
stopping test server
stopping test server
    ✓ should call cache get for cached summary output (134ms)
starting test server
stopping test server
    ✓ should call cache set for non-cached summary page (511ms)
starting test server
stopping test server
    ✓ should call cache get for cached mobile-html output (123ms)
starting test server
stopping test server
    ✓ should call cache set for non-cached mobile-html page (812ms)

  definition
starting test server
    ✓ missing definitions (51ms)
    ✓ non-term page (306ms)
    ✓ unsupported language (116ms)
    ✓ non-English term on English Wiktionary returns valid results (105ms)
    ✓ translingual term (892ms)
    ✓ sets content-language header (909ms)

  description
    ✓ delete local description
    GET
      ✓ missing description, enwiki (74ms)
      ✓ missing description, other wiki (83ms)
      ✓ ok description, enwiki (93ms)
      ✓ ok description, ru wiki (139ms)
    PUT
      ✓ failed fetching token, central
      ✓ failed fetching token, local
      ✓ failed fetching page, local
      ✓ missing required parameter
      ✓ set central description: fail
      ✓ set central description
      ✓ set central description, variant
      ✓ set local description
    DELETE
      ✓ failed fetching token, central
      ✓ failed fetching token, local
      ✓ failed fetching page, local
      ✓ delete description

  service information
    ✓ should get the service name
    ✓ should get the service version
    ✓ should redirect to the service home page
    ✓ should get the service info

  media
    ✓ Media-list resources should be the same on mobile-html (274ms)

  transform/html/to/mobile-html
    ✓ simple html convertion should work properly (135ms)
    ✓ single html convertion should work properly (82ms)
    ✓ empty section with id=0 convertion should work properly (102ms)

  mobile-html-offline-resources
    ✓ Response should be array with JS and CSS resources

  mobile-html
    ✓ HTML should be sectioned (717ms)
    ✓ mobile-html headers not compatible with restbase output (137ms)
    ✓ mobile-html headers compatible with restbase output (153ms)
    ✓ mobile-html should have css links + viewport set (178ms)
    ✓ mobile-html should have lead paragraph moved up (12386ms)
    ✓ mobile-html should not have navboxes (585ms)
    ✓ mobile-html should have meta tags indicating page protection (143ms)
    ✓ mobile-html from mobileview should have meta tags indicating page protection (231ms)
    ✓ mobile-html should not enable edit talk page button by default (540ms)

  mobile-sections-lead
    ✓ Sections/deep page should have a lead object with expected properties (89ms)
    ✓ en San Francisco should have a lead object with a geo property (858ms)
    1) es Savonlinna should have a lead object with a geo property
    ✓ Wikivoyage en Paris should have a lead object with a geo property (436ms)
    ✓ es Gogland should not have a lead object with a geo property (85ms)
    ✓ Mare Tranquillitatis (lunar sea) should not have a geo property (180ms)
    ✓ Barack Obama should have a pronunciation (1180ms)
    ✓ Barack Obama infobox is part of the html (1010ms)
    ✓ Enwiki Uranus loads successfully (no pronunciation parsing TypeErrors) (558ms)
    - Enwiki Odisha loads successfully (no pronunciation parsing TypeErrors)
    ✓ Enwiki Yazidis loads successfully (no pronunciation parsing TypeErrors) (573ms)
    ✓ ' in pronunciation file name does not cause parsing error) (279ms)
    ✓ Enwiki Lead_paragraph_move has the infobox moved after the lead paragraph (99ms)
    ✓ Enwiki hatnotes are promoted to the lead object (1509ms)
    ✓ Enwiki Multiple page issues are promoted to lead (97ms)
    ✓ Enwiki Pages with single issue have issue promoted to lead (91ms)
    ✓ Disambiguation pages are flagged. (92ms)
    - Content model present in response for non-wikitext content

  mobile-sections
    ✓ Mismatched title and revision id give 404 (4272ms)
    ✓ Malformed revision id gives bad request (57ms)
    ✓ Missing title should respond with 404 (102ms)
    ✓ Sections/deep page should have a lead object with expected properties (95ms)
    ✓ en Main page should have a lead object with expected properties (1539ms)
    ✓ Description from local wiki should be used (93ms)
    ✓ Titles with special chars should not error out when parsing pronunciation files (209ms)
    ✓ Page with known past 'text-decoration' error should load successfully (1028ms)
    ✓ Page with irregular Spoken Wikipedia template usage should load correctly (437ms)
    ✓ Internal links should have title attribute (119ms)
    ✓ Any sections that contain references should have a reference flag (1096ms)
    ✓ The last section can be marked as a reference section (106ms)
    ✓ Page with math formulas should load without error (256ms)

  summary
    ✓ should respond with expected properties in payload (771ms)
    ✓ should respond with content-language header (376ms)
    ✓ empty summary should be sent for empty page (139ms)
    ✓ main page should return empty summary and type should be 'mainpage' (245ms)
    ✓ main page in non-mainspace should also return type: 'mainpage' (212ms)
    ✓ summary should come from first real content paragraph (2926ms)
    ✓ Empty extracts should be returned for a file page
    ✓ Empty extracts should be returned for a talk page
    ✓ Empty extracts should be returned for a redirected page
Expected:
"no-extract"
Result:
"standard"
    ✓ timestamp should refer to the requested revision, not the latest revision (1831ms)
    ✓ 404 for a page that doesn't exist (172ms)
    - 404 for a page with invalid title
    ✓ Description from local wiki should be used (138ms)
    ✓ Summary URLs do not contain un-encoded special characters (T216739) (256ms)
    ✓ Stray leading citation and template are stripped before parsing intro (T225474) (1169ms)
    ✓ Non wikitext content model should have timestamp in summary (138ms)

  lib:apiUtil
    ✓ checkForQueryPagesInResponse should return 504 when query.pages are absent
    ✓ batching works correctly
    ✓ order is preserved when Array.reduce is called on resolved BBPromise.all batches
    ✓ MW API request expanded from template includes Accept-Language header
    ✓ Checks header for explicit parsoid backend exists and its false
    ✓ Checks header for explicit parsoid backend exists and its true
    ✓ Checks header for explicit parsoid backend true (case insensitive)
    ✓ Checks header for explicit parsoid backend doesnt exist

  lib:core-api-compat unit tests
    ✓ should create a HTTPTitleRedirectError
    ✓ redirect middleware should redirect if configured
    ✓ redirect middleware should not redirect if error not matching
    ✓ redirect middleware should not redirect if not reverse url defined

  PCS configured to redirect
starting test server
stopping test server
    ✓ mobile-html should redirect to the resolved page (300ms)
    ✓ mobile-html-offline-resources should not redirect to the resolved page
stopping test server

  PCS configured to not redirect
starting test server
    ✓ mobile-html should not redirect and should parse the resolved response (283ms)
    ✓ should fixup missing content-language header (281ms)
stopping test server

  lib:dateUtil
    ✓ getRequestedDate(2016-04-15) should return a valid Date object
    ✓ iso8601DateFromYYYYMMDD
    ✓ addDays positive
    ✓ addDays zero
    ✓ addDays negative
    ✓ addDays immutable
    ✓ formatYYYYMMDD
    ✓ isWithinLast3Days
    ✓ date format validation should reject invalid formats

  lib:definitions
    Level 2 headers
      ✓ extracts them to language code keys
    parts of speech
      ✓ is set
    language
      ✓ is set on each entry
    examples
      parsed
        formatted with MediaWiki markup (#:/#::)
          ✓ extracts usage examples
        formatted with microformats
          ✓ extracts usage examples
      unparsed/old format
        formatted with MediaWiki markup (#:/#::)
          ✓ extracts usage examples
        formatted with microformats
          ✓ extracts usage examples

  lib:definitions:parseExamples
    formatted with microformats
      ✓ extracts usage examples
    formatted with plain MediaWiki markup
      ✓ extracts usage examples

  lib:definitions:parseMicroformats
    ✓ parses a simple microformat
    ✓ filters specific formats

  Local description template editing
    ✓ Simple param, only template
    ✓ Simple param, in the beginning
    ✓ Simple param, in the middle
    ✓ Named param
    ✓ Unnamed param, multiple params, unnamed
    ✓ Unnamed param, multiple params, named
    ✓ named param, multiple params, unnamed
    ✓ named param, multiple params, named
    ✓ Empty wikitext
    ✓ Respects lowercase
    ✓ no template

  lib:domUtil
    isRTL
      ✓ isRTL should return false for LTR doc (86ms)
      ✓ isRTL should return true for RTL doc
    getBaseUri()
      ✓ returns URL without protocol
    getHttpsBaseUri()
      ✓ returns URL with https protocol
    getParsoidPlainTitle
      ✓ getParsoidPlainTitle should return normalized title
    getParsoidLinkTitle
      ✓ getParsoidLinkTitle should return DB title
      ✓ getParsoidLinkTitle should percent-decode title

  lib:media expected items are included or excluded
    ✓ items should be found for expected selectors
    ✓ items should not be found for other selectors
    ✓ false positives should be filtered

  lib:media metadata is correctly parsed from HTML
    ✓ all expected captions are present
    ✓ all expected data-mw properties are present
    ✓ all expected derivative properties are present
    ✓ media file derivative with no codecs in type attribute is parsed correctly
    ✓ spoken Wikipedia file is correctly identified
    - pronunciation audio file is correctly identified
    ✓ section is correctly identified
    ✓ titles are decoded after parsing from HTML
    - pronunciation titles are decoded after parsing from HTML
    ✓ items without imageinfo properties (e.g., deleted items) are filtered

  lib:media parse structured artist info
    ✓ all info is parsed from common HTML structure
    ✓ 'html' and 'name' fields are returned from plain text input
    ✓ only html returned for site other than Commons
    ✓ only html returned if additional text is present
    ✓ only html returned if non-namespace portion of the title !== html.textContent
    ✓ parses html with lang from metadata object
    ✓ parses html with lang (non-English) from metadata object
    ✓ undefined result if input is an empty string

  lib:media:getCodecs
    ✓ codecs are parsed from type attributes without errors

  lib:media:getStructuredSrcSet
    ✓ should return structured srcset values
    ✓ should return structured srcset and src values
    ✓ should return 1x if no scale is present in the srcset values
    ✓ should return empty array if srcset is empty

  lib:metadata buildTableOfContents
    ✓ should have same form as MediaWiki parser-generated TOC

  lib:metadata
    ✓ augmentCategories handles undefined categories
    augmentLangLinks
      ✓ handles undefined langlinks
      ✓ bails out if an empty title is found
      ✓ bails out if an empty title is found (and nonempty title exists)
      ✓ creates augmented langlink if input is good

  metadata:preprocessing
    ✓ strips comments
    ✓ strips span[typeof=mw:FallbackId]
    ✓ strips span:empty

  lib:mobile-util
    ✓ mwApiTrue handles formatversions 1 and 2
    ✓ domainForLangCode swaps in lang code if domain has >2 levels
    ✓ createDocument should accept an empty string
    ✓ createDocument should not block the event loop (257ms)
    setLanguageHeaders
      ✓ passes through headers (lower-case names in original)
      ✓ passes through headers (upper-case names in original)
      ✓ strips 'accept' from vary value with other values present
      ✓ strips 'Accept' from vary value with other values present
      ✓ strips vary header if set to 'Accept' only
      ✓ strips vary header if set to 'accept' only

  lib:mobile/mobile-request-util
    ✓ getOutputMode should return defaults when provided nonsense string
    ✓ getOutputMode should return defaults when provided undefined
    ✓ getOutputMode should return defaults when provided null
    ✓ getOutputMode should return the requested item when it is the first member of the array
    ✓ getOutputMode should return the requested item when it is a non-first member of the array

  lib:MobileHTML
    ✓ does not block the event loop (629ms)
    ✓ detects mwids
    ✓ detects https
    ✓ detects header tags
    ✓ detects single bracket spans
    ✓ detects inline background styles
    ✓ detects infobox classes
    ✓ detects infobox exclusion classes
    ✓ detects new class
    ✓ detects images to exclude from widening class
    ✓ detects reference text
    ✓ detects forbidden element classes
    ✓ detects forbidden element class substrings
    ✓ detects forbidden div classes
    ✓ detects forbidden span classes
    ✓ detects forbidden element ids
    ✓ detects style overriding classes
    ✓ was worth it to write these regexes (245ms)
    ✓ truncates reference links properly
    ✓ detects text under divs with about attribute
    ✓ detects specific HTML structure when "notheme" class adding is to be skipped from <span> inside <th>
    ✓ detects all elements inside <div> with class "equation-box-elem"

  lib:mobileview-html
    buildSection
      ✓ section 0
      ✓ section 1
      ✓ Chinese heading
    rewriteWikiLinks
      ✓ single link
    wrapImagesInSpanElements
      ✓ single image

  lib:mwapi:getFlaggedOrLatestRevision
    ✓ Test de.wikipedia.org with flagged revision extension (49ms)
    ✓ Test pt.wikipedia.org without flagged revision extension
    ✓ Test ta.wikinews.org with flagged revision extension (75ms)
    ✓ Test pl.wikinews.org without flagged revision extension
    ✓ Test de.wikiquote.org with flagged revision extension (57ms)
    ✓ Test pl.wikiquote.org without flagged revision extension
    ✓ Test pl.wikisource.org with flagged revision extension (53ms)
    ✓ Test en.wikisource.org without flagged revision extension
    ✓ Test is.wiktionary.org with flagged revision extension (56ms)
    ✓ Test en.wiktionary.org without flagged revision extension
    ✓ Test en.wikibooks.org with flagged revision extension (57ms)
    ✓ Test de.wikibooks.org without flagged revision extension
    ✓ Test non-flagged article from test2.wikipedia.org  (280ms)
    ✓ Test pending change article from test2.wikipedia.org (170ms)

  lib:mwapi:getPrimaryEarthCoordinates
    ✓ gets primary earth coordinates (single coordinate input)
    ✓ gets primary earth coordinates (multiple coordinate input)
    ✓ secondary coordinates are ignored
    ✓ non-earth coordinates are ignored

  lib:mwapi
    ✓ scaled thumb URL returned if initial URL is a thumb URL and original width > desired width

  lib:mwapi buildLeadImageUrls
    ✓ 2000px thumb should be resized for all widths
    ✓ 555px thumb should return 320 and 555 for rest
    ✓ 750px thumb should return 320, 640, and 750 for rest
    ✓ 200px thumb should return 200px URL for all thumb sizes
    ✓ should ignore non-thumbnail URLs
    ✓ should ignore 'thumb' when not a path segment
    ✓ should create thumb URLs correctly if width regex pattern is in original filename
    ✓ should handle edge case thumb filename patterns
    ✓ should handle edge case thumb filename patterns with width regex in original name

  lib:mwapi:queryForMetadata
    ✓ ensure that displaytitle is always requested (141ms)

  lib:mwapi:simplifyProtectionObject
    ✓ simplifyProtectionObject should simplify
    ✓ simplifyProtectionObject should remove duplicates
    ✓ simplifyProtectionObject should keep non-duplicates
    ✓ simplifyProtectionObject should return empty object for empty list

  lib:parsePronunciation
    ✓ has pronunciation file v1
    ✓ has pronunciation file v2
    ✓ no pronunciation file

  lib:parseSpokenWikipedia
    ✓ one spoken file
    ✓ multiple spoken files
    ✓ no spoken files

  lib:parsoid-access etag handling
    correctly parses and handles etags
      ✓ gets strong etag with no quotes
      ✓ strips prefix from weak etags
      ✓ gets revision from etag
      ✓ gets revision and tid from etag
      ✓ getEtagFromHeaders handles undefined input
      ✓ getRevisionFromEtag handles undefined input
      ✓ getRevAndTidFromEtag handles undefined input
    parses modified timestamp
      ✓ parses timestamp from domino Document

  lib:parsoid-sections (section elements)
    ✓ getSectionsText(empty) should produce an empty lead section
    ✓ getSectionsText() with just text should produce a lead section
    ✓ getSectionsText() with one h2 should produce two sections
    ✓ getSectionsText() with one h2 and h3 should produce three sections
    ✓ getSectionsText() with h2 inside lead should produce one section
    ✓ getSectionsText() with one h2 inside div should not produce another section
    ✓ getSectionsText() with one h3 inside div should not produce another section
    ✓ section inside lead section should not be part of lead section
    ✓ div/section inside lead section should be part of lead section
    ✓ should not warn for page containing only a lead section
    ✓ should warn for non-lead section without heading properties
    ✓ should not warn if id & anchor are found for all sections after the lead section
    ✓ should not warn for non-lead non-editable section without heading properties
    ✓ should not warn if a non-editable section precedes the true lead section
    ✓ should throw if sectionObj is invalid
    ✓ validatePreviousSection should log a warning if appropriate
    ✓ non-editable sections are flagged
    justLeadSection
      ✓ should just return the first section
      ✓ should skip non-editable section
      ✓ should return empty string if no lead section exists
      ✓ should skip malformed section tag with no data-mw-section-id
      ✓ should ignore data-mw-section-id multiples of 10

  lib:summary
    buildExtracts
      ✓ Applies stripUnneededMarkup
      ✓ Don't select scribunto errors.
    getSummaryType
      ✓ identifies main page
      ✓ identifies disambig page
      ✓ defaults to "standard"
      ✓ type for ns > 0 is no-extract
      ✓ type for non-wikitext content model is no-extract
      ✓ type for redirect is no-extract

  lib:talk
    parseUserTalkPageDocIntoTopicsWithReplies
      ✓ two h2 topics return first topic ID 1
      ✓ text before first h2 returns separate topic ID 0
      ✓ h3 section is given it's own topic
      ✓ empty h2 with title returns separate topic
      ✓ empty h2 without title is filtered out
      ✓ handles empty links
      ✓ removes figures
      ✓ does not block the event loop (42ms)

  lib:escape + unescape parentheses
    Latin parentheses escaping
      ✓ properly escapes Latin parentheses
      ✓ properly unescapes Latin parentheses
    Non-Latin parentheses escaping
      ✓ properly escapes non-Latin parentheses
      ✓ properly unescapes non-Latin parentheses

  lib:flattenElements
    ✓ replaces a with span, keeps class attribute
    ✓ replaces a with span, keeps style attribute
    ✓ replaces a tag with plain text if no attributes to keep
    ✓ retains HTML inside elements
    ✓ does not change the text content of the node
    ✓ drops `mw-redirect` class
    ✓ drops `new` class
    ✓ keeps `foo` class

  extractHatnotes
    ✓ .hatnote element
    ✓ .dablink element
    ✓ hatnote not in lead section
    ✓ multiple hatnotes
    ✓ no hatnotes
    ✓ dewiki hatnotes

  extractLeadIntroduction
    ✓ isEmptyChild
    ✓ matches the spec
    ✓ Trailing text content is escaped

  extractPageIssues
    ✓ single issue
    ✓ multiple issues
    ✓ issue in non-lead section
    ✓ no issues

  lib:addPageHeader
    ✓ addPageHeader should add header element with description (85ms)
    ✓ addPageHeader handles documents with no section elements

  lib:pcsHideRedLinks
    ✓ hideRedLinks should drop <a> elements with class="new"  (80ms)

  lib:moveReferenceListStyles
    ✓ empty document
    ✓ one list, one template style
    ✓ style outside ref list stays
    ✓ one list, two template styles; +basic deduplication
    ✓ two lists, two template styles; +basic deduplication

  lib:sanitizeSummary
    regular expressions
      ✓ ANY_REGEX matches
      ✓ ANY_REGEX does not match
      ✓ DECIMAL_REGEX matches
      ✓ DECIMAL_REGEX does not match
      ✓ CSS_SIZE_REGEX matches
      ✓ CSS_SIZE_REGEX does not match
      ✓ SINGLE_STRING_REGEX matches
      ✓ SINGLE_STRING_REGEX does not match
      ✓ HEX_REGEX matches
      ✓ HEX_REGEX does not match
      ✓ RGB_REGEX matches
      ✓ RGB_REGEX does not match
      ✓ HSL_REGEX matches
      ✓ HSL_REGEX does not match
    via sanitize-html
      ✓ removes anchor tags but keeps content (not in allowedTags list)
      ✓ removes script tags (in nonTextTags list)
      ✓ keeps blockquote
      ✓ but removes blockquote.cite attribute
      ✓ keeps abbr with .alt .aria-hidden and .class
      ✓ keeps span.style border
      ✓ removes audio tags
      ✓ removes video tags
      ✓ keeps img.src, .srcset, .width and .height attributes
      ✓ removes disallowed schemes
      ✓ removes background url"

  lib:stripGermanIPA
    ✓ removes German IPA text (outer text)
    ✓ removes German IPA text (outer text, Placeholder)
    ✓ removes German IPA text (outer span)

  lib:summarize follows spec
    ✓ keeps spaces before closing spans
    ✓ removes really all double spaces, even the ones caused due to unmatched tags
    ✓ removes spaces before commas
    ✓ flattens spans with `&nbsp;` -- removes extra spaces around it, too.
    ✓ flattens spans with multiple `&nbsp;` -- removes extra spaces around it, too.
    ✓ flattening spans before the `(` enables this parenthetical to be removed
    ✓ removes audio, video, and track tags
    ✓ ignores parens inside attributes by escaping them earlier
    ✓ ignores parens inside attributes by escaping them earlier (non-latin parentheses)
    ✓ reduces multiple spaces to single space
    ✓ removes problematic elements including their content
    ✓ removes unwanted attributes
    ✓ keeps white-listed attributes
    ✓ removes comments
    ✓ flattens empty nodes
    ✓ flattens links
    ✓ removes .noexcerpt elements
    ✓ removes .noprint elements
    ✓ keeps sup elements
    ✓ removes .mw-ref elements
    ✓ removes .reference elements - T176519
    ✓ removes math elements but any math images are shown
    ✓ keeps elements with style="display:none;"
    ✓ removes parentheticals
    ✓ removes multiple parentheticals
    ✓ keeps parentheticals without spaces
    ✓ keeps parentheticals without spaces even if there are spaces in the HTML syntax
    ✓ keeps parentheticals when they contain more complex formulas or links
    ✓ keeps all parentheticals when they contain complex formulas or links
    ✓ removes empty parentheticals also when nested parenthetical stripping is suspended
    ✓ keeps some nested parentheticals with formulas intact
    ✓ removes nested parentheticals without spaces
    ✓ removes nested parentheticals without other characters between the ()
    ✓ removes nested parentheticals with leading &nbsp; (or space)
    ✓ removes trailing spaces after punctuation before closing tag
    ✓ flattens nested empty spans
    ✓ removes some IPAs in nested partentheses
    ✓ ignores parentheticals inside a data-mw attribute
    ✓ removes content in parentheticals + double spaces
    ✓ removes birth and death dates inside parentheticals
    ✓ removes parentheticals contain '*' symbols
    ✓ removes content inside Chinese parentheticals
    ✓ removes content inside Japanese parentheticals
    ✓ removes content inside Cantonese parentheticals
    ✓ removes content inside parentheticals written in `wuu` language variant
    ✓ removes content inside parentheticals written in `gan` language variant
    ✓ keeps parentheticals if it doesn't include any spaces
    ✓ keeps parentheticals with single word and leading space inside and out
    ✓ removes parentheticals with multiple words and leading space inside and out
    ✓ removes empty parentheticals with leading comma
    ✓ removes parentheticals beginning and ending with spaces
    ✓ removes nested parentheticals for non-Latin parens
    ✓ removes parentheticals with multiple words and leading &nbsp;
    ✓ parentheticals stripping is not greedy
    ✓ full stops do not impact the summary length (T173640)
    ✓ keeps bold elements
    ✓ reduces multiple spaces to single space
    ✓ strip space before punctuation followed by tags
    ✓ keeps bold elementsa and regular text that contain parentheses
    ✓ keeps bold elements that contain parentheses
    ✓ keeps bold elements that contain parentheses and single quotes and spaces

  lib:summarize regex fun
    ✓ detects complex chemical formulas
    ✓ detects single character with italic symbols inside parentheses
    ✓ but skips areas

  lib:app-transforms
    ✓ fixVideoAnchor should skip video tags just holding audio
    ✓ fixVideoAnchor should transform actual videos

  lib:size-transforms
    ✓ rmBracketSpans should remove the spans around brackets
    ✓ rmElements should remove the spans with style="display:none"

  lib:transforms
    ✓ shortenPageInternalLinks should remove the title in the href
    ✓ shortenPageInternalLinks with single quote and space
    ✓ shortenPageInternalLinks with colon and single quote
    ✓ shortenPageInternalLinks with special chars
    ✓ shortenPageInternalLinks with double quote
    ✓ shortenPageInternalLinks with single quote and startsWith ./
    summary:preprocessing
      ✓ removes IPA speaker symbols (de): IPA in span
      ✓ removes IPA speaker symbols (en): IPAc-en in span
      ✓ removes spans with style display:none
    rmMwIdAttributes
      ✓ removes id attribute with -
      ✓ removes id attribute with _
      ✓ does not remove id attribute with id not starting with mw
      ✓ does not remove id attribute with id too long

  lib:wikiLanguage
    ✓ parses accept language headers
    ✓ parses accept language headers without spaces
    ✓ parses accept language headers with inconsistent spaces
    ✓ returns relevant srwiki language codes
    ✓ returns relevant zhwiki language codes
    ✓ falls back on the provided language code
    ✓ removes duplicates
    ✓ handles invalid input
    ✓ handles legacy input
    ✓ identifies languages with variants
    ✓ parses the language code from a domain
    ✓ returns the right language variant from request object
    ✓ falls back to language code when accept-language invalid
    ✓ falls back to language code when no accept-language header sent


  481 passing (1m)
  7 pending
  1 failing

  1) mobile-sections-lead
       es Savonlinna should have a lead object with a geo property:

      AssertionError [ERR_ASSERTION]: 61.86805556 == 61.86666667
      + expected - actual

      -61.86805556
      +61.86666667
      
      at /src/repo/test/features/mobile-sections-lead/pagecontent.js:49:12
      at tryCatcher (node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (node_modules/bluebird/js/release/promise.js:547:31)
      at Promise._settlePromise (node_modules/bluebird/js/release/promise.js:604:18)
      at Promise._settlePromise0 (node_modules/bluebird/js/release/promise.js:649:10)
      at Promise._settlePromises (node_modules/bluebird/js/release/promise.js:729:18)
      at _drainQueueStep (node_modules/bluebird/js/release/async.js:93:12)
      at _drainQueue (node_modules/bluebird/js/release/async.js:86:9)
      at Async._drainQueues (node_modules/bluebird/js/release/async.js:102:5)
      at Async.drainQueues [as _onImmediate] (node_modules/bluebird/js/release/async.js:15:14)
      at process.processImmediate (node:internal/timers:476:21)




--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1534, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1478, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 249, in npm_audit_fix
    self.check_call(['npm', 'test'])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 54, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.
Source code is licensed under the AGPL.