This run took 70 seconds.
From 74d9cfa1171378ad882d77c652407280d14ce548 Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Thu, 11 Apr 2024 20:06:46 +0000 Subject: [PATCH] build: Updating undici to 6.12.0 * https://github.com/advisories/GHSA-9qxr-qj54-h672 * https://github.com/advisories/GHSA-m4v8-wqvr-p9f7 Change-Id: I6f02905e7b7acc08e2948169fd30bd7670b4d018 --- package-lock.json | 79 ++++++++++++++++++----------------------------- 1 file changed, 30 insertions(+), 49 deletions(-) diff --git a/package-lock.json b/package-lock.json index 398ebce..c2931da 100644 --- a/package-lock.json +++ b/package-lock.json @@ -689,14 +689,6 @@ "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, - "node_modules/@fastify/busboy": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz", - "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==", - "engines": { - "node": ">=14" - } - }, "node_modules/@gar/promisify": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/@gar/promisify/-/promisify-1.1.3.tgz", @@ -954,9 +946,9 @@ } }, "node_modules/@mapbox/node-pre-gyp/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "dependencies": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -1798,9 +1790,9 @@ } }, "node_modules/cacache/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "dependencies": { "chownr": "^2.0.0", @@ -5345,9 +5337,9 @@ } }, "node_modules/node-gyp/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "dependencies": { "chownr": "^2.0.0", @@ -6932,9 +6924,9 @@ } }, "node_modules/sqlite3/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "dependencies": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -7392,12 +7384,9 @@ "dev": true }, "node_modules/undici": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.6.2.tgz", - "integrity": "sha512-vSqvUE5skSxQJ5sztTZ/CdeJb1Wq0Hf44hlYMciqHghvz+K88U0l7D6u1VsndoFgskDcnU+nG3gYmMzJVzd9Qg==", - "dependencies": { - "@fastify/busboy": "^2.0.0" - }, + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.12.0.tgz", + "integrity": "sha512-d87yk8lqSFUYtR5fTFe2frpkMIrUEz+lgoJmhcL+J3StVl+8fj8ytE4lLnJOTPCE12YbumNGzf4LYsQyusdV5g==", "engines": { "node": ">=18.0" } @@ -8389,11 +8378,6 @@ "integrity": "sha512-gMsVel9D7f2HLkBma9VbtzZRehRogVRfbr++f06nL2vnCGCNlzOD+/MUov/F4p8myyAHspEhVobgjpX64q5m6A==", "dev": true }, - "@fastify/busboy": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz", - "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==" - }, "@gar/promisify": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/@gar/promisify/-/promisify-1.1.3.tgz", @@ -8589,9 +8573,9 @@ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "requires": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -9225,9 +9209,9 @@ } }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "requires": { "chownr": "^2.0.0", @@ -11869,9 +11853,9 @@ } }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "requires": { "chownr": "^2.0.0", @@ -13083,9 +13067,9 @@ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "requires": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -13436,12 +13420,9 @@ "dev": true }, "undici": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.6.2.tgz", - "integrity": "sha512-vSqvUE5skSxQJ5sztTZ/CdeJb1Wq0Hf44hlYMciqHghvz+K88U0l7D6u1VsndoFgskDcnU+nG3gYmMzJVzd9Qg==", - "requires": { - "@fastify/busboy": "^2.0.0" - } + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.12.0.tgz", + "integrity": "sha512-d87yk8lqSFUYtR5fTFe2frpkMIrUEz+lgoJmhcL+J3StVl+8fj8ytE4lLnJOTPCE12YbumNGzf4LYsQyusdV5g==" }, "unique-filename": { "version": "1.1.1", -- 2.39.2
$ date --- stdout --- Thu Apr 11 20:05:56 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-services-cxserver.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 75db8b753c71f2b2edda7944b9852fe9b1e8bf98 refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "limitation": { "name": "limitation", "severity": "moderate", "isDirect": false, "via": [ "wikimedia-kad-fork" ], "effects": [ "service-runner" ], "range": ">=0.2.3", "nodes": [ "node_modules/limitation" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "ms": { "name": "ms", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<2.0.0" } ], "effects": [ "wikimedia-kad-fork" ], "range": "<2.0.0", "nodes": [ "node_modules/wikimedia-kad-fork/node_modules/ms" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "service-runner": { "name": "service-runner", "severity": "moderate", "isDirect": true, "via": [ "limitation", "tar" ], "effects": [], "range": ">=3.0.0", "nodes": [ "node_modules/service-runner" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [ "service-runner" ], "range": "<6.2.1", "nodes": [ "node_modules/@mapbox/node-pre-gyp/node_modules/tar", "node_modules/cacache/node_modules/tar", "node_modules/node-gyp/node_modules/tar", "node_modules/sqlite3/node_modules/tar", "node_modules/tar" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "undici": { "name": "undici", "severity": "low", "isDirect": true, "via": [ { "source": 1096887, "name": "undici", "dependency": "undici", "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect", "url": "https://github.com/advisories/GHSA-9qxr-qj54-h672", "severity": "low", "cwe": [ "CWE-284" ], "cvss": { "score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, "range": ">=6.0.0 <6.11.1" }, { "source": 1096890, "name": "undici", "dependency": "undici", "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", "url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7", "severity": "low", "cwe": [ "CWE-200", "CWE-285" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": ">=6.0.0 <6.11.1" } ], "effects": [], "range": "6.0.0 - 6.11.0", "nodes": [ "node_modules/undici" ], "fixAvailable": true }, "wikimedia-kad-fork": { "name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": [ "ms" ], "effects": [ "limitation" ], "range": "*", "nodes": [ "node_modules/wikimedia-kad-fork" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 5, "high": 0, "critical": 0, "total": 6 }, "dependencies": { "prod": 267, "dev": 382, "optional": 63, "peer": 1, "peerOptional": 0, "total": 710 } } } --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "limitation": { "name": "limitation", "severity": "moderate", "isDirect": false, "via": [ "wikimedia-kad-fork" ], "effects": [ "service-runner" ], "range": ">=0.2.3", "nodes": [ "node_modules/limitation" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "ms": { "name": "ms", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<2.0.0" } ], "effects": [ "wikimedia-kad-fork" ], "range": "<2.0.0", "nodes": [ "node_modules/wikimedia-kad-fork/node_modules/ms" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "service-runner": { "name": "service-runner", "severity": "moderate", "isDirect": true, "via": [ "limitation", "tar" ], "effects": [], "range": ">=3.0.0", "nodes": [ "node_modules/service-runner" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [ "service-runner" ], "range": "<6.2.1", "nodes": [ "node_modules/@mapbox/node-pre-gyp/node_modules/tar", "node_modules/cacache/node_modules/tar", "node_modules/node-gyp/node_modules/tar", "node_modules/sqlite3/node_modules/tar", "node_modules/tar" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "undici": { "name": "undici", "severity": "low", "isDirect": true, "via": [ { "source": 1096887, "name": "undici", "dependency": "undici", "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect", "url": "https://github.com/advisories/GHSA-9qxr-qj54-h672", "severity": "low", "cwe": [ "CWE-284" ], "cvss": { "score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, "range": ">=6.0.0 <6.11.1" }, { "source": 1096890, "name": "undici", "dependency": "undici", "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", "url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7", "severity": "low", "cwe": [ "CWE-200", "CWE-285" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": ">=6.0.0 <6.11.1" } ], "effects": [], "range": "6.0.0 - 6.11.0", "nodes": [ "node_modules/undici" ], "fixAvailable": true }, "wikimedia-kad-fork": { "name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": [ "ms" ], "effects": [ "limitation" ], "range": "*", "nodes": [ "node_modules/wikimedia-kad-fork" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 5, "high": 0, "critical": 0, "total": 6 }, "dependencies": { "prod": 267, "dev": 382, "optional": 63, "peer": 1, "peerOptional": 0, "total": 710 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- { "added": 709, "removed": 0, "changed": 0, "audited": 710, "funding": 84, "audit": { "auditReportVersion": 2, "vulnerabilities": { "limitation": { "name": "limitation", "severity": "moderate", "isDirect": false, "via": [ "wikimedia-kad-fork" ], "effects": [ "service-runner" ], "range": ">=0.2.3", "nodes": [ "node_modules/limitation" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "ms": { "name": "ms", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<2.0.0" } ], "effects": [ "wikimedia-kad-fork" ], "range": "<2.0.0", "nodes": [ "node_modules/wikimedia-kad-fork/node_modules/ms" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "service-runner": { "name": "service-runner", "severity": "moderate", "isDirect": true, "via": [ "limitation", "tar" ], "effects": [], "range": ">=3.0.0", "nodes": [ "node_modules/service-runner" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [ "service-runner" ], "range": "<6.2.1", "nodes": [ "", "", "", "", "node_modules/tar" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "undici": { "name": "undici", "severity": "low", "isDirect": false, "via": [ { "source": 1096887, "name": "undici", "dependency": "undici", "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect", "url": "https://github.com/advisories/GHSA-9qxr-qj54-h672", "severity": "low", "cwe": [ "CWE-284" ], "cvss": { "score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, "range": ">=6.0.0 <6.11.1" }, { "source": 1096890, "name": "undici", "dependency": "undici", "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", "url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7", "severity": "low", "cwe": [ "CWE-200", "CWE-285" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": ">=6.0.0 <6.11.1" } ], "effects": [], "range": "6.0.0 - 6.11.0", "nodes": [ "" ], "fixAvailable": true }, "wikimedia-kad-fork": { "name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": [ "ms" ], "effects": [ "limitation" ], "range": "*", "nodes": [ "node_modules/wikimedia-kad-fork" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 5, "high": 0, "critical": 0, "total": 6 }, "dependencies": { "prod": 266, "dev": 382, "optional": 63, "peer": 1, "peerOptional": 0, "total": 709 } } } } --- end --- {"added": 709, "removed": 0, "changed": 0, "audited": 710, "funding": 84, "audit": {"auditReportVersion": 2, "vulnerabilities": {"limitation": {"name": "limitation", "severity": "moderate", "isDirect": false, "via": ["wikimedia-kad-fork"], "effects": ["service-runner"], "range": ">=0.2.3", "nodes": ["node_modules/limitation"], "fixAvailable": {"name": "service-runner", "version": "5.0.0", "isSemVerMajor": true}}, "ms": {"name": "ms", "severity": "moderate", "isDirect": false, "via": [{"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}], "effects": ["wikimedia-kad-fork"], "range": "<2.0.0", "nodes": ["node_modules/wikimedia-kad-fork/node_modules/ms"], "fixAvailable": {"name": "service-runner", "version": "5.0.0", "isSemVerMajor": true}}, "service-runner": {"name": "service-runner", "severity": "moderate", "isDirect": true, "via": ["limitation", "tar"], "effects": [], "range": ">=3.0.0", "nodes": ["node_modules/service-runner"], "fixAvailable": {"name": "service-runner", "version": "5.0.0", "isSemVerMajor": true}}, "tar": {"name": "tar", "severity": "moderate", "isDirect": false, "via": [{"source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<6.2.1"}], "effects": ["service-runner"], "range": "<6.2.1", "nodes": ["", "", "", "", "node_modules/tar"], "fixAvailable": {"name": "service-runner", "version": "5.0.0", "isSemVerMajor": true}}, "undici": {"name": "undici", "severity": "low", "isDirect": false, "via": [{"source": 1096887, "name": "undici", "dependency": "undici", "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect", "url": "https://github.com/advisories/GHSA-9qxr-qj54-h672", "severity": "low", "cwe": ["CWE-284"], "cvss": {"score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}, "range": ">=6.0.0 <6.11.1"}, {"source": 1096890, "name": "undici", "dependency": "undici", "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", "url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7", "severity": "low", "cwe": ["CWE-200", "CWE-285"], "cvss": {"score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"}, "range": ">=6.0.0 <6.11.1"}], "effects": [], "range": "6.0.0 - 6.11.0", "nodes": [""], "fixAvailable": true}, "wikimedia-kad-fork": {"name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": ["ms"], "effects": ["limitation"], "range": "*", "nodes": ["node_modules/wikimedia-kad-fork"], "fixAvailable": {"name": "service-runner", "version": "5.0.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 5, "high": 0, "critical": 0, "total": 6}, "dependencies": {"prod": 266, "dev": 382, "optional": 63, "peer": 1, "peerOptional": 0, "total": 709}}}} $ /usr/bin/npm audit fix --only=dev --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained. npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. --- stdout --- added 708 packages, and audited 709 packages in 8s 84 packages are looking for funding run `npm fund` for details # npm audit report ms <2.0.0 Severity: moderate Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f fix available via `npm audit fix --force` Will install service-runner@5.0.0, which is a breaking change node_modules/wikimedia-kad-fork/node_modules/ms wikimedia-kad-fork * Depends on vulnerable versions of ms node_modules/wikimedia-kad-fork limitation >=0.2.3 Depends on vulnerable versions of wikimedia-kad-fork node_modules/limitation service-runner >=3.0.0 Depends on vulnerable versions of limitation Depends on vulnerable versions of tar node_modules/service-runner tar <6.2.1 Severity: moderate Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36 fix available via `npm audit fix --force` Will install service-runner@5.0.0, which is a breaking change node_modules/tar 5 moderate severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Verifying that tests still pass $ /usr/bin/npm ci --- stderr --- npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained. npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. --- stdout --- added 708 packages, and audited 709 packages in 9s 84 packages are looking for funding run `npm fund` for details 5 moderate severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stdout --- > cxserver@1.2.0 test > npm run lint && npm run unittest > cxserver@1.2.0 lint > eslint . /src/repo/app.js 76:34 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp 88:31 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 178:20 warning Found non-literal argument in require security/detect-non-literal-require 225:9 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 226:10 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/bin/adapt.js 14:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 23:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 32:2 warning Don't use process.exit(); throw an error instead n/no-process-exit /src/repo/bin/linear-reduce.js 14:2 warning Don't use process.exit(); throw an error instead n/no-process-exit /src/repo/bin/linearize.js 15:2 warning Don't use process.exit(); throw an error instead n/no-process-exit /src/repo/bin/mt.js 12:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 19:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 31:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 51:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 68:2 warning Don't use process.exit(); throw an error instead n/no-process-exit /src/repo/bin/segment.js 36:2 warning Don't use process.exit(); throw an error instead n/no-process-exit /src/repo/bin/translate.js 15:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 23:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 39:2 warning Don't use process.exit(); throw an error instead n/no-process-exit 49:2 warning Don't use process.exit(); throw an error instead n/no-process-exit /src/repo/config.dev.yaml 22:1 warning Empty mapping values are forbidden yml/no-empty-mapping-value /src/repo/lib/Config.js 45:33 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 67:43 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 71:23 warning Found non-literal argument in require security/detect-non-literal-require 95:34 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/lib/lineardoc/MwContextualizer.js 145:35 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp /src/repo/lib/swagger-ui.js 28:9 warning Found readFile from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/lib/translationunits/MWCategory.js 17:41 warning Unsafe Regular Expression security/detect-unsafe-regex /src/repo/lib/translationunits/MWFile.js 46:51 warning Unsafe Regular Expression security/detect-unsafe-regex /src/repo/lib/translationunits/MWImage.js 125:68 warning Unsafe Regular Expression security/detect-unsafe-regex /src/repo/scripts/template-mapping.js 110:7 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 116:14 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/test/adaptation/SectionTest.js 26:20 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/test/features/app/spec.js 23:21 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 171:10 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp /src/repo/test/lineardoc/LinearDoc.test.js 22:22 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 23:24 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 24:26 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 132:27 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/test/mw/MWPageLoaderTest.js 31:27 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 40:5 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/test/segmentation/CXSegmenter.test.js 24:19 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 30:3 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/test/testutils.js 24:5 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/test/translationunits/MWReference.test.js 35:21 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 50:27 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename /src/repo/test/utils/assert.js 9:40 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp 24:40 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp ✖ 48 problems (0 errors, 48 warnings) > cxserver@1.2.0 unittest > mocha Adaptation tests ✔ Link adaptation basic test (220ms) ✔ Link adaptation - Full paragraph and relative links ✔ Image adaptation basic test (86ms) ✔ Image adaptation - Inline image with span tag ✔ Image adaptation - Inline image with span tag ✔ Image adaptation - Source and target language directions differs (99ms) ✔ Image adaptation - Image is not in commons ✔ Gallery adaptation ✔ Reference adaptation test without a reference template ✔ Reference adaptation test where the content is reference and template at same time ✔ Reference adaptation test where source and target has no template data. Must use template mapping database (85ms) ✔ Style tags holding template definition should not be ignored and used for template adaptation ✔ Audio adaptation ✔ Audio adaptation when audio is not in Commons ✔ Video adaptation ✔ Inline Video adaptation Adaptation tests ✔ should adapt section when: section has lot of templates, but all are fragments of main template (269ms) Template parameter mapping test ✔ should not have any errors while mapping params express app starting test server ✔ should get robots.txt ✔ should set CORS headers ✔ should set CSP headers Swagger spec ✔ get the spec ✔ should expose valid OpenAPI spec ✔ spec validation routes ✔ robots.txt check ✔ root with no query params ✔ spec from root ✔ doc from root ✔ root with wrong query param ✔ Fetch enwiki protected page (202ms) ✔ Fetch protected page with multi-word title (145ms) ✔ Fetch enwiki protected page with revision (133ms) ✔ Machine translate an HTML fragment using TestClient. ✔ Machine translate an HTML fragment using TestClient. ✔ Get the tools between two language pairs ✔ Get all the language pairs ✔ Get the MT tool between two language pairs ✔ Get the MT tool between two language pairs ✔ Translate enwiki protected page (154ms) ✔ Translate enwiki protected page with multi-word title (156ms) ✔ Translate enwiki protected page with revision (50ms) ✔ Machine translate an HTML fragment using TestClient, adapt the links to target language wiki. (206ms) ✔ Machine translate an HTML fragment using TestClient, adapt the links to target language wiki. ✔ Suggest a target title for the given source title and language pairs (241ms) ✔ Return an authentication error HTTP status code, when default MT requires authentication and the given JWT is invalid ✔ Suggest a source title to use for translation (87ms) ✔ Suggest target section titles for given source sections (48ms) ✔ Suggest source sections to translate (184ms) ✔ retrieve service info ✔ retrieve service name ✔ retrieve service version ✔ redirect to the home page service information ✔ should get the service name ✔ should get the service version ✔ should redirect to the service home page ✔ should get the service info v1 api - page gets ✔ should get the whole page body (422ms) ✔ should throw a 404 for a non-existent page v2 api - page gets ✔ should get the whole page body (342ms) ✔ should throw a 404 for a non-existent page (56ms) LinearDoc ✔ should be possible to linearise all kind of HTML inputs ✔ should be possible to reconstruct the HTML from LinearDoc ✔ should be possible to reduce and expand a document ✔ test HTML compaction roundtrip with inline chunks ✔ test HTML expand with external attributes inserted ✔ test if the content is block level template (112ms) ✔ test HTML compaction roundtrip with inline style content ✔ test HTML compaction roundtrip with template with empty content ✔ test getRootItem for ignoring blockspaces ✔ test getRootItem for not ignoring non-whitespace content in textblock ✔ test getRootItem for ignoring whitespace content in textblock Apertium machine translation ✔ Test: All caps words ✔ Test: Title caps one-to-many ✔ Test: Reordering with nested tags ✔ Test: Many-to-one with nested tags ✔ Test: Reordering at either ends of a tag ✔ Test: Identical tags separated by whitespace ✔ Test: Non-identical links separated by whitespace ✔ Test: Find longest match among multiple matches ✔ Test: Do not translate content inside the style tags Elia machine translation ✔ Should fail because of wrong key Google machine translation ✔ Should fail because of wrong key LingoCloud machine translation ✔ Should fail because of wrong key Machine translation with wrapped html result ✔ Should throw error Machine translation result with extra spaces ✔ Should be cleaned up Subsequence match finding ✔ Should return correct range mapping Template translation ✔ should not translate the fragement contents. Yandex machine translation with corrupted result ✔ Should sanitize the MT output (45ms) Yandex machine translation ✔ Should fail because of wrong key Config transform tests ✔ Simple cross product of languages ✔ Do not translate between two variants of English ✔ Exclude "notAsTarget" languages ✔ Handle pairs in the configuration MWPageLoader tests ✔ Test: Add data-section-number attribute to every CX section Section wrap tests ✔ should parse correctly when section has common pattern of elements ✔ should extract correct number of categories when section has common pattern of elements ✔ should parse correctly when section has categories to be extracted ✔ should extract correct number of categories when section has categories to be extracted ✔ should parse correctly when content has nested sections and tricky transclusion context ✔ should extract correct number of categories when content has nested sections and tricky transclusion context ✔ should parse correctly when content has blank template and then an unrelated table ✔ should extract correct number of categories when content has blank template and then an unrelated table ✔ should parse correctly when content is complete page content with html, head tags and body having two templates with fragments ✔ should extract correct number of categories when content is complete page content with html, head tags and body having two templates with fragments ✔ should parse correctly when Content has self closing meta tag ✔ should extract correct number of categories when Content has self closing meta tag ✔ should parse correctly when Content has template fragments and one fragment is a section candidate. Section has categories too ✔ should extract correct number of categories when Content has template fragments and one fragment is a section candidate. Section has categories too ✔ should parse correctly when Content has transclusion and one of its fragment get removed since it is ignorable. ✔ should extract correct number of categories when Content has transclusion and one of its fragment get removed since it is ignorable. ✔ should parse correctly when Content has transclusion and same element is removable templatestyle. So do not remove ✔ should extract correct number of categories when Content has transclusion and same element is removable templatestyle. So do not remove Title pair tests ✔ should adapt the title when: Corresponding title exist in target language ✔ should adapt the title when: Corresponding title exist in target language ✔ should adapt the title when: Corresponding title exist in target language and given title need normalization ✔ should adapt the title when: Corresponding title does not exist in target language and given title need normalization ✔ should adapt the title when: Corresponding title exist in target language and given title need normalization, has parenthesis ✔ should adapt the title when: Source title is percentage encoded, but should not throw error, should return corresponding title Title pair tests - batching ✔ should have the queue size 50 Segmentation tests for am ✔ should not have any errors when: Amharic segmentation - basic test Segmentation tests for en ✔ should not have any errors when: Simple paragraph test ✔ should not have any errors when: Sentence ending with ) ✔ should not have any errors when: Exclamation, punctuation test ✔ should not have any errors when: Multiple sentences ✔ should not have any errors when: Multiple sections - div, h1, paragraph ✔ should not have any errors when: Sentence starting with a link ✔ should not have any errors when: Sentence starting with a link and ending with a link ✔ should not have any errors when: Figure ✔ should not have any errors when: References can appear after period without space. Example: Hydrogen is a gas.[1] It is ... ✔ should not have any errors when: References can appear after period without space, repeated. Example: Hydrogen is a gas.[1][2][3] It is ... ✔ should not have any errors when: References can appear inside a sentence. Example: Hydrogen is a gas[1] and it is ... ✔ should not have any errors when: References can appear inside a sentence. Example:Hydrogen's atomic number is one. Hydrogen is a gas[1] and it is ..... Test the flags are reset properly ✔ should not have any errors when: References can appear repeated inside a sentence. Example: Hydrogen is a gas[1][2][3] and it is ... ✔ should not have any errors when: References can appear after period and space. Example: Hydrogen is a gas. [1] It is ... ✔ should not have any errors when: Paragraph from Debian article- repeating references ✔ should not have any errors when: References after closing bracket and period. ✔ should not have any errors when: Three sentences in a single text node ✔ should not have any errors when: Paragraph ending with reference and already having reference in between. The second reference should not be identified as repeating reference. If identified as repeating reference, 7 letters from last word will be missing. ✔ should not have any errors when: Sentences ending with abbreviations ✔ should not have any errors when: link element inside span element ✔ should not have any errors when: Do not break inside of links with abbreviations. Example: Carl E. Wieman. See https://phabricator.wikimedia.org/T99504 ✔ should not have any errors when: A non-segmentable text chunk inside a textblock should not mark the whole text chunk non-segmentable ✔ should not have any errors when: Figure-inline segmentation. Do not violate the MediaWiki DOM spec https://www.mediawiki.org/wiki/Specs/HTML#Images ✔ should not have any errors when: Figure-inline inside a transclusions ✔ should not have any errors when: Video tag in figure tag ✔ should not have any errors when: Audio tag in figure tag ✔ should not have any errors when: Audio tag in figure-inline tag ✔ should not have any errors when: Video tag in figure-inline tag ✔ should not have any errors when: Do not segment content inside block templates ✔ should not have any errors when: about attribute alone does not initiate a transclusion context ✔ should not have any errors when: Do not consider style tag with transclusion as block tag ✔ should not have any errors when: Sections with singe paragraph and a transclusion based reference at th end - T283513 ✔ should not have any errors when: Handle abbreviations such as Brown v. Board of education - T338689 Segmentation tests for de ✔ should not have any errors when: Avoid segmenting inside a transclusion textblock Segmentation tests for hi ✔ should not have any errors when: Hindi segmentation - basic test Segmentation tests for hy ✔ should not have any errors when: Armenian segmentation - basic test Segmentation tests for ja ✔ should not have any errors when: Japanese segmentation - basic test Segmentation tests for zh ✔ should not have any errors when: Chinese segmentation - basic test Segmentation tests for pa ✔ should not have any errors when: Punjabi segmentation - basic test SectionSuggester tests ✔ should find present and missing sections Link Adaptation tests ✔ Basic test (155ms) ✔ Space in the title ✔ Relative URL ✔ Title with parenthesis ✔ Target title does not exist ✔ Title with translation from Wikidata label ✔ ISBN Link adaptation Reference adaptation ✔ Adapting a reference with plain text content ✔ Adapting a reference with plain text content, sup tag ✔ Adapting a reference with html content, sup tag ✔ Not adapting a reference with no data-mw.body ✔ Partially adapting a reference with named reference ✔ Mark the reference adaptation failed when the content defined in template not adapted (186ms) ✔ Mark the reference adaptation failed when the content defined in template and it is unsupported by CXserver ✔ Partial reference adaptation, when mandatory params are not transferred successfully (91ms) Template adaptation ✔ Template with no equivalents (60ms) ✔ Babel template (61ms) ✔ Cite web template (135ms) ✔ Multi-part template for columns (59ms) ✔ Template with equivalents, but target template data missing, no params mapped (70ms) ✔ Equivalent template exist, templatedata exists only for source language. Use that as hint for extracting params from template source code in target language (65ms) ✔ Template with equivalents, but not able to map mandatory params (60ms) ✔ Images that are generated by templates stopping test server 183 passing (7s) --- end --- {"1096887": {"source": 1096887, "name": "undici", "dependency": "undici", "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect", "url": "https://github.com/advisories/GHSA-9qxr-qj54-h672", "severity": "low", "cwe": ["CWE-284"], "cvss": {"score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}, "range": ">=6.0.0 <6.11.1"}, "1096890": {"source": 1096890, "name": "undici", "dependency": "undici", "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", "url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7", "severity": "low", "cwe": ["CWE-200", "CWE-285"], "cvss": {"score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"}, "range": ">=6.0.0 <6.11.1"}} Upgrading n:undici from 6.6.2 -> 6.12.0 $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- build: Updating undici to 6.12.0 * https://github.com/advisories/GHSA-9qxr-qj54-h672 * https://github.com/advisories/GHSA-m4v8-wqvr-p9f7 $ git add . --- stdout --- --- end --- $ git commit -F /tmp/tmp6a1dze7l --- stdout --- [master 74d9cfa] build: Updating undici to 6.12.0 1 file changed, 30 insertions(+), 49 deletions(-) --- end --- $ git format-patch HEAD~1 --stdout --- stdout --- From 74d9cfa1171378ad882d77c652407280d14ce548 Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Thu, 11 Apr 2024 20:06:46 +0000 Subject: [PATCH] build: Updating undici to 6.12.0 * https://github.com/advisories/GHSA-9qxr-qj54-h672 * https://github.com/advisories/GHSA-m4v8-wqvr-p9f7 Change-Id: I6f02905e7b7acc08e2948169fd30bd7670b4d018 --- package-lock.json | 79 ++++++++++++++++++----------------------------- 1 file changed, 30 insertions(+), 49 deletions(-) diff --git a/package-lock.json b/package-lock.json index 398ebce..c2931da 100644 --- a/package-lock.json +++ b/package-lock.json @@ -689,14 +689,6 @@ "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, - "node_modules/@fastify/busboy": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz", - "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==", - "engines": { - "node": ">=14" - } - }, "node_modules/@gar/promisify": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/@gar/promisify/-/promisify-1.1.3.tgz", @@ -954,9 +946,9 @@ } }, "node_modules/@mapbox/node-pre-gyp/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "dependencies": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -1798,9 +1790,9 @@ } }, "node_modules/cacache/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "dependencies": { "chownr": "^2.0.0", @@ -5345,9 +5337,9 @@ } }, "node_modules/node-gyp/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "dependencies": { "chownr": "^2.0.0", @@ -6932,9 +6924,9 @@ } }, "node_modules/sqlite3/node_modules/tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "dependencies": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -7392,12 +7384,9 @@ "dev": true }, "node_modules/undici": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.6.2.tgz", - "integrity": "sha512-vSqvUE5skSxQJ5sztTZ/CdeJb1Wq0Hf44hlYMciqHghvz+K88U0l7D6u1VsndoFgskDcnU+nG3gYmMzJVzd9Qg==", - "dependencies": { - "@fastify/busboy": "^2.0.0" - }, + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.12.0.tgz", + "integrity": "sha512-d87yk8lqSFUYtR5fTFe2frpkMIrUEz+lgoJmhcL+J3StVl+8fj8ytE4lLnJOTPCE12YbumNGzf4LYsQyusdV5g==", "engines": { "node": ">=18.0" } @@ -8389,11 +8378,6 @@ "integrity": "sha512-gMsVel9D7f2HLkBma9VbtzZRehRogVRfbr++f06nL2vnCGCNlzOD+/MUov/F4p8myyAHspEhVobgjpX64q5m6A==", "dev": true }, - "@fastify/busboy": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz", - "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==" - }, "@gar/promisify": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/@gar/promisify/-/promisify-1.1.3.tgz", @@ -8589,9 +8573,9 @@ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "requires": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -9225,9 +9209,9 @@ } }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "requires": { "chownr": "^2.0.0", @@ -11869,9 +11853,9 @@ } }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "optional": true, "requires": { "chownr": "^2.0.0", @@ -13083,9 +13067,9 @@ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" }, "tar": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz", - "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", + "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", "requires": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", @@ -13436,12 +13420,9 @@ "dev": true }, "undici": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.6.2.tgz", - "integrity": "sha512-vSqvUE5skSxQJ5sztTZ/CdeJb1Wq0Hf44hlYMciqHghvz+K88U0l7D6u1VsndoFgskDcnU+nG3gYmMzJVzd9Qg==", - "requires": { - "@fastify/busboy": "^2.0.0" - } + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.12.0.tgz", + "integrity": "sha512-d87yk8lqSFUYtR5fTFe2frpkMIrUEz+lgoJmhcL+J3StVl+8fj8ytE4lLnJOTPCE12YbumNGzf4LYsQyusdV5g==" }, "unique-filename": { "version": "1.1.1", -- 2.39.2 --- end ---