mediawiki/services/kartotherian: main (log #1418956)

sourcepatches

This run took 96 seconds.

$ date
--- stdout ---
Tue Jul 23 05:21:08 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-services-kartotherian.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
75780584339d1ce773d1ebf23ef950ecdee4a2e2 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@babel/traverse": {
      "name": "@babel/traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096886,
          "name": "@babel/traverse",
          "dependency": "@babel/traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [],
      "range": "<7.23.2",
      "nodes": [
        "node_modules/@babel/traverse"
      ],
      "fixAvailable": true
    },
    "@kartotherian/abaculus": {
      "name": "@kartotherian/abaculus",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@kartotherian/tilelive-bridge"
      ],
      "effects": [],
      "range": ">=3.0.3-alpha.0",
      "nodes": [
        "node_modules/@kartotherian/abaculus"
      ],
      "fixAvailable": {
        "name": "@kartotherian/abaculus",
        "version": "3.0.1",
        "isSemVerMajor": true
      }
    },
    "@kartotherian/blend": {
      "name": "@kartotherian/blend",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@kartotherian/mapnik"
      ],
      "effects": [
        "@wikimedia/geojson-mapnikify",
        "@wikimedia/makizushi"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@kartotherian/blend"
      ],
      "fixAvailable": {
        "name": "@wikimedia/geojson-mapnikify",
        "version": "4.0.0",
        "isSemVerMajor": true
      }
    },
    "@kartotherian/mapnik": {
      "name": "@kartotherian/mapnik",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "node-pre-gyp"
      ],
      "effects": [
        "@kartotherian/blend",
        "@kartotherian/tilelive-bridge"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@kartotherian/mapnik"
      ],
      "fixAvailable": {
        "name": "@wikimedia/geojson-mapnikify",
        "version": "4.0.0",
        "isSemVerMajor": true
      }
    },
    "@kartotherian/tilelive-bridge": {
      "name": "@kartotherian/tilelive-bridge",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@kartotherian/mapnik"
      ],
      "effects": [
        "@kartotherian/abaculus"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@kartotherian/tilelive-bridge"
      ],
      "fixAvailable": {
        "name": "@kartotherian/abaculus",
        "version": "3.0.1",
        "isSemVerMajor": true
      }
    },
    "@kartotherian/tilelive-vector": {
      "name": "@kartotherian/tilelive-vector",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "request",
        "tar",
        "underscore"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/@kartotherian/tilelive-vector"
      ],
      "fixAvailable": false
    },
    "@mapbox/tilejson": {
      "name": "@mapbox/tilejson",
      "severity": "high",
      "isDirect": true,
      "via": [
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/@mapbox/tilejson"
      ],
      "fixAvailable": false
    },
    "@wikimedia/geojson-mapnikify": {
      "name": "@wikimedia/geojson-mapnikify",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@kartotherian/blend"
      ],
      "effects": [
        "@wikimedia/tilelive-overlay"
      ],
      "range": "3.0.1",
      "nodes": [
        "node_modules/@wikimedia/geojson-mapnikify"
      ],
      "fixAvailable": {
        "name": "@wikimedia/geojson-mapnikify",
        "version": "4.0.0",
        "isSemVerMajor": true
      }
    },
    "@wikimedia/makizushi": {
      "name": "@wikimedia/makizushi",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@kartotherian/blend"
      ],
      "effects": [],
      "range": "4.0.0",
      "nodes": [
        "node_modules/@wikimedia/makizushi"
      ],
      "fixAvailable": {
        "name": "@wikimedia/makizushi",
        "version": "4.1.0",
        "isSemVerMajor": false
      }
    },
    "@wikimedia/tilelive-overlay": {
      "name": "@wikimedia/tilelive-overlay",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@wikimedia/geojson-mapnikify"
      ],
      "effects": [],
      "range": "2.3.0",
      "nodes": [
        "node_modules/@wikimedia/tilelive-overlay"
      ],
      "fixAvailable": {
        "name": "@wikimedia/tilelive-overlay",
        "version": "2.4.0",
        "isSemVerMajor": false
      }
    },
    "ajv": {
      "name": "ajv",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097685,
          "name": "ajv",
          "dependency": "ajv",
          "title": "Prototype Pollution in Ajv",
          "url": "https://github.com/advisories/GHSA-v88g-cgmw-v5xw",
          "severity": "moderate",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<6.12.3"
        }
      ],
      "effects": [
        "har-validator"
      ],
      "range": "<6.12.3",
      "nodes": [
        "node_modules/har-validator/node_modules/ajv"
      ],
      "fixAvailable": false
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
        "node_modules/autoprefixer"
      ],
      "fixAvailable": {
        "name": "stylelint",
        "version": "16.7.0",
        "isSemVerMajor": true
      }
    },
    "aws-sdk": {
      "name": "aws-sdk",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "xml2js"
      ],
      "effects": [],
      "range": "<=2.1353.0",
      "nodes": [
        "node_modules/aws-sdk"
      ],
      "fixAvailable": true
    },
    "boom": {
      "name": "boom",
      "severity": "high",
      "isDirect": false,
      "via": [
        "hoek"
      ],
      "effects": [
        "cryptiles",
        "hawk"
      ],
      "range": "*",
      "nodes": [
        "node_modules/boom",
        "node_modules/cryptiles/node_modules/boom"
      ],
      "fixAvailable": false
    },
    "braces": {
      "name": "braces",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098094,
          "name": "braces",
          "dependency": "braces",
          "title": "Uncontrolled resource consumption in braces",
          "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1050"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.3"
        }
      ],
      "effects": [],
      "range": "<3.0.3",
      "nodes": [
        "node_modules/braces"
      ],
      "fixAvailable": true
    },
    "browserify-sign": {
      "name": "browserify-sign",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096644,
          "name": "browserify-sign",
          "dependency": "browserify-sign",
          "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
          "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
          "severity": "high",
          "cwe": [
            "CWE-347"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=2.6.0 <=4.2.1"
        }
      ],
      "effects": [],
      "range": "2.6.0 - 4.2.1",
      "nodes": [
        "node_modules/browserify-sign"
      ],
      "fixAvailable": true
    },
    "carto": {
      "name": "carto",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "js-yaml",
        "semver",
        "yargs"
      ],
      "effects": [
        "tilelive-tmstyle"
      ],
      "range": ">=0.17.2",
      "nodes": [
        "node_modules/carto"
      ],
      "fixAvailable": false
    },
    "cryptiles": {
      "name": "cryptiles",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095034,
          "name": "cryptiles",
          "dependency": "cryptiles",
          "title": "Insufficient Entropy in cryptiles",
          "url": "https://github.com/advisories/GHSA-rq8g-5pc5-wrhr",
          "severity": "critical",
          "cwe": [
            "CWE-331"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=3.1.0 <4.1.2"
        },
        "boom"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/cryptiles"
      ],
      "fixAvailable": true
    },
    "eslint-config-wikimedia": {
      "name": "eslint-config-wikimedia",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "eslint-plugin-compat"
      ],
      "effects": [],
      "range": "0.18.0 - 0.21.0",
      "nodes": [
        "node_modules/eslint-config-wikimedia"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.28.2",
        "isSemVerMajor": true
      }
    },
    "eslint-plugin-compat": {
      "name": "eslint-plugin-compat",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "eslint-config-wikimedia"
      ],
      "range": "3.6.0-0 - 4.1.4",
      "nodes": [
        "node_modules/eslint-plugin-compat"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.28.2",
        "isSemVerMajor": true
      }
    },
    "express": {
      "name": "express",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1096820,
          "name": "express",
          "dependency": "express",
          "title": "Express.js Open Redirect in malformed URLs",
          "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc",
          "severity": "moderate",
          "cwe": [
            "CWE-601",
            "CWE-1286"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.19.2"
        }
      ],
      "effects": [],
      "range": "<4.19.2",
      "nodes": [
        "node_modules/express"
      ],
      "fixAvailable": true
    },
    "get-func-name": {
      "name": "get-func-name",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1094574,
          "name": "get-func-name",
          "dependency": "get-func-name",
          "title": "Chaijs/get-func-name vulnerable to ReDoS",
          "url": "https://github.com/advisories/GHSA-4q6p-r6v2-jvc5",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.0.1"
        }
      ],
      "effects": [],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/get-func-name"
      ],
      "fixAvailable": true
    },
    "har-validator": {
      "name": "har-validator",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ajv"
      ],
      "effects": [
        "request"
      ],
      "range": "3.3.0 - 5.1.0",
      "nodes": [
        "node_modules/har-validator"
      ],
      "fixAvailable": false
    },
    "hawk": {
      "name": "hawk",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095062,
          "name": "hawk",
          "dependency": "hawk",
          "title": "Uncontrolled Resource Consumption in Hawk",
          "url": "https://github.com/advisories/GHSA-44pw-h2cw-w3vq",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"
          },
          "range": "<9.0.1"
        },
        "boom",
        "hoek",
        "sntp"
      ],
      "effects": [
        "request"
      ],
      "range": "<=9.0.0",
      "nodes": [
        "node_modules/hawk"
      ],
      "fixAvailable": false
    },
    "hoek": {
      "name": "hoek",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096410,
          "name": "hoek",
          "dependency": "hoek",
          "title": "hoek subject to prototype pollution via the clone function.",
          "url": "https://github.com/advisories/GHSA-c429-5p7v-vgjp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=6.1.3"
        }
      ],
      "effects": [
        "boom",
        "hawk",
        "sntp"
      ],
      "range": "*",
      "nodes": [
        "node_modules/hoek"
      ],
      "fixAvailable": false
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1085724,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "Denial of Service in js-yaml",
          "url": "https://github.com/advisories/GHSA-2pr6-76vf-7546",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.13.0"
        },
        {
          "source": 1095058,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "Code Injection in js-yaml",
          "url": "https://github.com/advisories/GHSA-8j8c-7jfh-h6hx",
          "severity": "high",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.13.1"
        }
      ],
      "effects": [],
      "range": "<=3.13.0",
      "nodes": [
        "node_modules/carto/node_modules/js-yaml"
      ],
      "fixAvailable": true
    },
    "libxmljs": {
      "name": "libxmljs",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1093040,
          "name": "libxmljs",
          "dependency": "libxmljs",
          "title": "Denial of service vulnerability exists in libxmljs",
          "url": "https://github.com/advisories/GHSA-773h-w45w-f2f9",
          "severity": "high",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.19.8"
        },
        {
          "source": 1097229,
          "name": "libxmljs",
          "dependency": "libxmljs",
          "title": "libxmljs vulnerable to type confusion when parsing specially crafted XML",
          "url": "https://github.com/advisories/GHSA-6433-x5p4-8jc7",
          "severity": "high",
          "cwe": [],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=1.0.11"
        },
        {
          "source": 1097231,
          "name": "libxmljs",
          "dependency": "libxmljs",
          "title": "libxmljs vulnerable to type confusion when parsing specially crafted XML ",
          "url": "https://github.com/advisories/GHSA-mg49-jqgw-gcj6",
          "severity": "high",
          "cwe": [],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=1.0.11"
        },
        "node-pre-gyp"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/libxmljs"
      ],
      "fixAvailable": {
        "name": "libxmljs",
        "version": "0.19.10",
        "isSemVerMajor": false
      }
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "wikimedia-kad-fork"
      ],
      "effects": [
        "service-runner"
      ],
      "range": ">=0.2.3",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": {
        "name": "service-runner",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "mem": {
      "name": "mem",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1085685,
          "name": "mem",
          "dependency": "mem",
          "title": "Denial of Service in mem",
          "url": "https://github.com/advisories/GHSA-4xcv-9jjx-gfj3",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.1,
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<4.0.0"
        }
      ],
      "effects": [
        "os-locale"
      ],
      "range": "<4.0.0",
      "nodes": [
        "node_modules/mem"
      ],
      "fixAvailable": false
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1097677,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1097678,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [],
      "range": "<0.2.4 || >=1.0.0 <1.2.6",
      "nodes": [
        "node_modules/@kartotherian/mapnik/node_modules/minimist",
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "wikimedia-kad-fork"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/wikimedia-kad-fork/node_modules/ms"
      ],
      "fixAvailable": {
        "name": "service-runner",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "mwapi": {
      "name": "mwapi",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "preq"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/mwapi"
      ],
      "fixAvailable": false
    },
    "node-pre-gyp": {
      "name": "node-pre-gyp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "tar"
      ],
      "effects": [
        "@kartotherian/mapnik",
        "libxmljs"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@kartotherian/mapnik/node_modules/node-pre-gyp",
        "node_modules/libxmljs/node_modules/node-pre-gyp"
      ],
      "fixAvailable": {
        "name": "@wikimedia/geojson-mapnikify",
        "version": "4.0.0",
        "isSemVerMajor": true
      }
    },
    "os-locale": {
      "name": "os-locale",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "mem"
      ],
      "effects": [
        "yargs"
      ],
      "range": "2.0.0 - 3.0.0",
      "nodes": [
        "node_modules/os-locale"
      ],
      "fixAvailable": false
    },
    "pg": {
      "name": "pg",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "pg-promise"
      ],
      "range": "4.0.0-beta2 - 8.3.3",
      "nodes": [
        "node_modules/pg"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.9.1",
        "isSemVerMajor": true
      }
    },
    "pg-promise": {
      "name": "pg-promise",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "pg"
      ],
      "effects": [],
      "range": "0.6.4 - 2.9.5 || 3.0.3 - 10.6.2",
      "nodes": [
        "node_modules/pg-promise"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.9.1",
        "isSemVerMajor": true
      }
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "autoprefixer",
        "postcss-less",
        "postcss-safe-parser",
        "postcss-sass",
        "postcss-scss",
        "stylelint",
        "sugarss"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/doiuse/node_modules/postcss",
        "node_modules/postcss",
        "node_modules/stylelint-no-unsupported-browser-features/node_modules/postcss"
      ],
      "fixAvailable": {
        "name": "stylelint",
        "version": "16.7.0",
        "isSemVerMajor": true
      }
    },
    "postcss-less": {
      "name": "postcss-less",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=3.1.4",
      "nodes": [
        "node_modules/postcss-less"
      ],
      "fixAvailable": {
        "name": "stylelint",
        "version": "16.7.0",
        "isSemVerMajor": true
      }
    },
    "postcss-safe-parser": {
      "name": "postcss-safe-parser",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-safe-parser"
      ],
      "fixAvailable": {
        "name": "stylelint",
        "version": "16.7.0",
        "isSemVerMajor": true
      }
    },
    "postcss-sass": {
      "name": "postcss-sass",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=0.4.4",
      "nodes": [
        "node_modules/postcss-sass"
      ],
      "fixAvailable": {
        "name": "stylelint",
        "version": "16.7.0",
        "isSemVerMajor": true
      }
    },
    "postcss-scss": {
      "name": "postcss-scss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=2.1.1",
      "nodes": [
        "node_modules/postcss-scss"
      ],
      "fixAvailable": {
        "name": "stylelint",
        "version": "16.7.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [
        "mwapi"
      ],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "har-validator",
        "hawk",
        "tough-cookie"
      ],
      "effects": [
        "preq",
        "requestretry",
        "tilelive-http"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@kartotherian/tilelive-vector/node_modules/request",
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "request-promise": {
      "name": "request-promise",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "tough-cookie"
      ],
      "effects": [],
      "range": ">=4.2.3",
      "nodes": [
        "node_modules/request-promise"
      ],
      "fixAvailable": true
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "@mapbox/tilejson",
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/preq/node_modules/requestretry",
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096482,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=7.0.0 <7.5.2"
        },
        {
          "source": 1096483,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<5.7.2"
        },
        {
          "source": 1096484,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=6.0.0 <6.3.1"
        }
      ],
      "effects": [
        "carto",
        "eslint-plugin-compat",
        "pg"
      ],
      "range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1",
      "nodes": [
        "node_modules/@babel/core/node_modules/semver",
        "node_modules/@babel/helper-compilation-targets/node_modules/semver",
        "node_modules/@kartotherian/mapnik/node_modules/semver",
        "node_modules/@mapbox/node-pre-gyp/node_modules/semver",
        "node_modules/eslint-plugin-compat/node_modules/semver",
        "node_modules/eslint-plugin-jsdoc/node_modules/semver",
        "node_modules/eslint-plugin-node/node_modules/semver",
        "node_modules/eslint-plugin-vue/node_modules/semver",
        "node_modules/eslint/node_modules/semver",
        "node_modules/istanbul-lib-instrument/node_modules/semver",
        "node_modules/jest-snapshot/node_modules/semver",
        "node_modules/make-dir/node_modules/semver",
        "node_modules/meow/node_modules/read-pkg/node_modules/semver",
        "node_modules/meow/node_modules/semver",
        "node_modules/pg/node_modules/semver",
        "node_modules/semver",
        "node_modules/service-runner/node_modules/semver",
        "node_modules/vue-eslint-parser/node_modules/semver"
      ],
      "fixAvailable": false
    },
    "service-runner": {
      "name": "service-runner",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "limitation",
        "tar"
      ],
      "effects": [],
      "range": ">=3.0.0",
      "nodes": [
        "node_modules/service-runner"
      ],
      "fixAvailable": {
        "name": "service-runner",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "sntp": {
      "name": "sntp",
      "severity": "high",
      "isDirect": false,
      "via": [
        "hoek"
      ],
      "effects": [
        "hawk"
      ],
      "range": "0.0.0 || >=0.1.1",
      "nodes": [
        "node_modules/sntp"
      ],
      "fixAvailable": false
    },
    "stylelint": {
      "name": "stylelint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "autoprefixer",
        "postcss",
        "postcss-less",
        "postcss-safe-parser",
        "postcss-sass",
        "postcss-scss",
        "sugarss"
      ],
      "effects": [
        "stylelint-config-wikimedia"
      ],
      "range": "0.1.0 - 13.13.1",
      "nodes": [
        "node_modules/stylelint"
      ],
      "fixAvailable": {
        "name": "stylelint",
        "version": "16.7.0",
        "isSemVerMajor": true
      }
    },
    "stylelint-config-wikimedia": {
      "name": "stylelint-config-wikimedia",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "stylelint"
      ],
      "effects": [],
      "range": "<=0.11.1",
      "nodes": [
        "node_modules/stylelint-config-wikimedia"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.17.2",
        "isSemVerMajor": true
      }
    },
    "sugarss": {
      "name": "sugarss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/sugarss"
      ],
      "fixAvailable": true
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089685,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<3.2.2"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1097493,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [
        "@kartotherian/tilelive-vector",
        "node-pre-gyp",
        "service-runner"
      ],
      "range": "<=6.2.0",
      "nodes": [
        "node_modules/@kartotherian/mapnik/node_modules/tar",
        "node_modules/@mapbox/node-pre-gyp/node_modules/tar",
        "node_modules/libxmljs/node_modules/tar",
        "node_modules/service-runner/node_modules/tar",
        "node_modules/tar"
      ],
      "fixAvailable": {
        "name": "service-runner",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "tilelive-http": {
      "name": "tilelive-http",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/tilelive-http"
      ],
      "fixAvailable": false
    },
    "tilelive-tmstyle": {
      "name": "tilelive-tmstyle",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "carto",
        "underscore"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/tilelive-tmstyle"
      ],
      "fixAvailable": false
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request",
        "request-promise"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/jsdom/node_modules/tough-cookie",
        "node_modules/request/node_modules/tough-cookie",
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "underscore": {
      "name": "underscore",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095097,
          "name": "underscore",
          "dependency": "underscore",
          "title": "Arbitrary Code Execution in underscore",
          "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
          "severity": "critical",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.3.2 <1.12.1"
        }
      ],
      "effects": [
        "tilelive-tmstyle"
      ],
      "range": "1.3.2 - 1.12.0",
      "nodes": [
        "node_modules/@kartotherian/tilelive-vector/node_modules/underscore",
        "node_modules/tilelive-tmstyle/node_modules/underscore"
      ],
      "fixAvailable": false
    },
    "wikimedia-kad-fork": {
      "name": "wikimedia-kad-fork",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/wikimedia-kad-fork"
      ],
      "fixAvailable": {
        "name": "service-runner",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "word-wrap": {
      "name": "word-wrap",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097681,
          "name": "word-wrap",
          "dependency": "word-wrap",
          "title": "word-wrap vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<1.2.4"
        }
      ],
      "effects": [],
      "range": "<1.2.4",
      "nodes": [
        "node_modules/word-wrap"
      ],
      "fixAvailable": true
    },
    "ws": {
      "name": "ws",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097616,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=7.0.0 <7.5.10"
        }
      ],
      "effects": [],
      "range": "7.0.0 - 7.5.9",
      "nodes": [
        "node_modules/ws"
      ],
      "fixAvailable": true
    },
    "xml2js": {
      "name": "xml2js",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096693,
          "name": "xml2js",
          "dependency": "xml2js",
          "title": "xml2js is vulnerable to prototype pollution",
          "url": "https://github.com/advisories/GHSA-776f-qx25-q3cc",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<0.5.0"
        }
      ],
      "effects": [
        "aws-sdk"
      ],
      "range": "<0.5.0",
      "nodes": [
        "node_modules/xml2js"
      ],
      "fixAvailable": true
    },
    "yargs": {
      "name": "yargs",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "os-locale",
        "yargs-parser"
      ],
      "effects": [
        "carto"
      ],
      "range": "8.0.0-candidate.0 - 12.0.5",
      "nodes": [
        "node_modules/yargs"
      ],
      "fixAvailable": false
    },
    "yargs-parser": {
      "name": "yargs-parser",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088811,
          "name": "yargs-parser",
          "dependency": "yargs-parser",
          "title": "yargs-parser Vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-p9pc-299p-vxgp",
          "severity": "moderate",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=6.0.0 <13.1.2"
        }
      ],
      "effects": [
        "yargs"
      ],
      "range": "6.0.0 - 13.1.1",
      "nodes": [
        "node_modules/yargs-parser"
      ],
      "fixAvailable": false
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 41,
      "high": 15,
      "critical": 6,
      "total": 62
    },
    "dependencies": {
      "prod": 763,
      "dev": 653,
      "optional": 17,
      "peer": 0,
      "peerOptional": 0,
      "total": 1430
    }
  }
}

--- end ---
Upgrading n:eslint from ^7.32.0 -> 8.57.0
Upgrading n:eslint-config-wikimedia from ^0.20.0 -> 0.28.2
Upgrading n:stylelint from ^13.13.1 -> 16.2.0
Upgrading n:stylelint-config-wikimedia from ^0.11.1 -> 0.17.2
$ /usr/bin/npm install
--- stderr ---
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated s3signed@0.1.0: This module is no longer maintained. It is provided as is.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated rimraf@2.4.5: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated cryptiles@3.1.4: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm WARN deprecated sntp@2.1.0: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated har-validator@5.0.3: this library is no longer supported
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated npmlog@4.1.2: This package is no longer supported.
npm WARN deprecated request-promise@4.2.6: request-promise has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated boom@4.3.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated boom@5.2.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated hoek@4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@1.1.7: This package is no longer supported.
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated queue-async@1.0.7: renamed to d3-queue
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated glob@6.0.4: Glob versions prior to v9 are no longer supported
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated mkdirp@0.3.5: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated hawk@6.0.2: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated gauge@2.7.4: This package is no longer supported.
npm WARN deprecated loupe@2.3.6: Please upgrade to 2.3.7 which fixes GHSA-4q6p-r6v2-jvc5
npm WARN deprecated protozero@1.5.1: protozero should no longer be used via npm, install instead via https://github.com/mapbox/mason
npm WARN deprecated request@2.83.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated fstream@1.0.12: This package is no longer supported.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-pre-gyp@0.11.0: Please upgrade to @mapbox/node-pre-gyp: the non-scoped node-pre-gyp package is deprecated and only the @mapbox scoped package will recieve updates in the future
npm WARN deprecated pg-promise@9.3.6: This version of pg-promise is obsolete. You should update to a newer version.
npm WARN deprecated tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
npm ERR! code 1
npm ERR! path /src/repo/node_modules/@kartotherian/mapnik
npm ERR! command failed
npm ERR! command sh -c node-pre-gyp install --build-from-source
npm ERR! Failed to execute '/usr/bin/node /usr/share/nodejs/node-gyp/bin/node-gyp.js configure --build-from-source --module=/src/repo/node_modules/@kartotherian/mapnik/lib/binding/mapnik.node --module_name=mapnik --module_path=/src/repo/node_modules/@kartotherian/mapnik/lib/binding --napi_version=9 --node_abi_napi=napi' (1)
npm ERR! node-pre-gyp info it worked if it ends with ok
npm ERR! node-pre-gyp info using node-pre-gyp@0.10.3
npm ERR! node-pre-gyp info using node@18.19.0 | linux | x64
npm ERR! node-pre-gyp WARN Using request for node-pre-gyp https download 
npm ERR! node-pre-gyp info build requesting source compile
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using node-gyp@9.3.0
npm ERR! gyp info using node@18.19.0 | linux | x64
npm ERR! gyp info ok 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using node-gyp@9.3.0
npm ERR! gyp info using node@18.19.0 | linux | x64
npm ERR! gyp info find Python using Python version 3.11.2 found at "/usr/bin/python3"
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/src/repo/node_modules/@kartotherian/mapnik/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/src/repo/node_modules/@kartotherian/mapnik/common.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/include/nodejs/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/usr/include/nodejs',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/share/nodejs/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/usr/include/nodejs/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/src/repo/node_modules/@kartotherian/mapnik',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! /bin/sh: 1: mapnik-config: not found
npm ERR! gyp: Call to 'mapnik-config --cflags' returned exit status 127 while in binding.gyp. while trying to load binding.gyp
npm ERR! gyp ERR! configure error 
npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/usr/share/nodejs/node-gyp/lib/configure.js:329:16)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:517:28)
npm ERR! gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:292:12)
npm ERR! gyp ERR! System Linux 6.1.0-21-cloud-amd64
npm ERR! gyp ERR! command "/usr/bin/node" "/usr/share/nodejs/node-gyp/bin/node-gyp.js" "configure" "--build-from-source" "--module=/src/repo/node_modules/@kartotherian/mapnik/lib/binding/mapnik.node" "--module_name=mapnik" "--module_path=/src/repo/node_modules/@kartotherian/mapnik/lib/binding" "--napi_version=9" "--node_abi_napi=napi"
npm ERR! gyp ERR! cwd /src/repo/node_modules/@kartotherian/mapnik
npm ERR! gyp ERR! node -v v18.19.0
npm ERR! gyp ERR! node-gyp -v v9.3.0
npm ERR! gyp ERR! not ok 
npm ERR! node-pre-gyp ERR! build error 
npm ERR! node-pre-gyp ERR! stack Error: Failed to execute '/usr/bin/node /usr/share/nodejs/node-gyp/bin/node-gyp.js configure --build-from-source --module=/src/repo/node_modules/@kartotherian/mapnik/lib/binding/mapnik.node --module_name=mapnik --module_path=/src/repo/node_modules/@kartotherian/mapnik/lib/binding --napi_version=9 --node_abi_napi=napi' (1)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/src/repo/node_modules/@kartotherian/mapnik/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.emit (node:events:517:28)
npm ERR! node-pre-gyp ERR! stack     at maybeClose (node:internal/child_process:1098:16)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:303:5)
npm ERR! node-pre-gyp ERR! System Linux 6.1.0-21-cloud-amd64
npm ERR! node-pre-gyp ERR! command "/usr/bin/node" "/src/repo/node_modules/@kartotherian/mapnik/node_modules/.bin/node-pre-gyp" "install" "--build-from-source"
npm ERR! node-pre-gyp ERR! cwd /src/repo/node_modules/@kartotherian/mapnik
npm ERR! node-pre-gyp ERR! node -v v18.19.0
npm ERR! node-pre-gyp ERR! node-pre-gyp -v v0.10.3
npm ERR! node-pre-gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /cache/_logs/2024-07-23T05_21_19_594Z-debug-0.log
--- stdout ---

--- end ---
$ rm -rf package-lock.json node_modules
--- stdout ---

--- end ---
$ /usr/bin/npm install
--- stderr ---
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated s3signed@0.1.0: This module is no longer maintained. It is provided as is.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated rimraf@2.4.5: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated cryptiles@3.2.1: This module has moved and is now available at @hapi/cryptiles. Please update your dependencies as this version is no longer maintained and may contain bugs and security issues.
npm WARN deprecated boom@5.3.3: This module has moved and is now available at @hapi/boom. Please update your dependencies as this version is no longer maintained and may contain bugs and security issues.
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated sntp@2.1.0: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm WARN deprecated npmlog@4.1.2: This package is no longer supported.
npm WARN deprecated har-validator@5.0.3: this library is no longer supported
npm WARN deprecated har-validator@5.0.3: this library is no longer supported
npm WARN deprecated boom@4.3.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated request-promise@4.2.6: request-promise has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@1.1.7: This package is no longer supported.
npm WARN deprecated hoek@4.3.1: This module has moved and is now available at @hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated queue-async@1.0.7: renamed to d3-queue
npm WARN deprecated glob@6.0.4: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated mkdirp@0.3.5: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated hawk@6.0.2: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated gauge@2.7.4: This package is no longer supported.
npm WARN deprecated protozero@1.5.1: protozero should no longer be used via npm, install instead via https://github.com/mapbox/mason
npm WARN deprecated request@2.83.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated request@2.83.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated fstream@1.0.12: This package is no longer supported.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-pre-gyp@0.11.0: Please upgrade to @mapbox/node-pre-gyp: the non-scoped node-pre-gyp package is deprecated and only the @mapbox scoped package will recieve updates in the future
npm WARN deprecated pg-promise@9.3.6: This version of pg-promise is obsolete. You should update to a newer version.
npm WARN deprecated tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
npm WARN cleanup Failed to remove some directories [
npm WARN cleanup   [
npm WARN cleanup     '/src/repo/node_modules/unix-dgram',
npm WARN cleanup     [Error: ENOTEMPTY: directory not empty, rmdir '/src/repo/node_modules/unix-dgram'] {
npm WARN cleanup       errno: -39,
npm WARN cleanup       code: 'ENOTEMPTY',
npm WARN cleanup       syscall: 'rmdir',
npm WARN cleanup       path: '/src/repo/node_modules/unix-dgram'
npm WARN cleanup     }
npm WARN cleanup   ],
npm WARN cleanup   [
npm WARN cleanup     '/src/repo/node_modules',
npm WARN cleanup     [Error: ENOTEMPTY: directory not empty, rmdir '/src/repo/node_modules/unix-dgram'] {
npm WARN cleanup       errno: -39,
npm WARN cleanup       code: 'ENOTEMPTY',
npm WARN cleanup       syscall: 'rmdir',
npm WARN cleanup       path: '/src/repo/node_modules/unix-dgram'
npm WARN cleanup     }
npm WARN cleanup   ],
npm WARN cleanup   [
npm WARN cleanup     '/src/repo/node_modules/mapnik',
npm WARN cleanup     [Error: ENOTEMPTY: directory not empty, rmdir '/src/repo/node_modules/mapnik/lib/binding/share'] {
npm WARN cleanup       errno: -39,
npm WARN cleanup       code: 'ENOTEMPTY',
npm WARN cleanup       syscall: 'rmdir',
npm WARN cleanup       path: '/src/repo/node_modules/mapnik/lib/binding/share'
npm WARN cleanup     }
npm WARN cleanup   ]
npm WARN cleanup ]
npm ERR! code 1
npm ERR! path /src/repo/node_modules/@kartotherian/mapnik
npm ERR! command failed
npm ERR! command sh -c node-pre-gyp install --build-from-source
npm ERR! Failed to execute '/usr/bin/node /usr/share/nodejs/node-gyp/bin/node-gyp.js configure --build-from-source --module=/src/repo/node_modules/@kartotherian/mapnik/lib/binding/mapnik.node --module_name=mapnik --module_path=/src/repo/node_modules/@kartotherian/mapnik/lib/binding --napi_version=9 --node_abi_napi=napi' (1)
npm ERR! node-pre-gyp info it worked if it ends with ok
npm ERR! node-pre-gyp info using node-pre-gyp@0.10.3
npm ERR! node-pre-gyp info using node@18.19.0 | linux | x64
npm ERR! node-pre-gyp WARN Using request for node-pre-gyp https download 
npm ERR! node-pre-gyp info build requesting source compile
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using node-gyp@9.3.0
npm ERR! gyp info using node@18.19.0 | linux | x64
npm ERR! gyp info ok 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using node-gyp@9.3.0
npm ERR! gyp info using node@18.19.0 | linux | x64
npm ERR! gyp info find Python using Python version 3.11.2 found at "/usr/bin/python3"
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/src/repo/node_modules/@kartotherian/mapnik/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/src/repo/node_modules/@kartotherian/mapnik/common.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/share/nodejs/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/include/nodejs/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/usr/include/nodejs',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/share/nodejs/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/usr/include/nodejs/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/src/repo/node_modules/@kartotherian/mapnik',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! /bin/sh: 1: mapnik-config: not found
npm ERR! gyp: Call to 'mapnik-config --cflags' returned exit status 127 while in binding.gyp. while trying to load binding.gyp
npm ERR! gyp ERR! configure error 
npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/usr/share/nodejs/node-gyp/lib/configure.js:329:16)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:517:28)
npm ERR! gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:292:12)
npm ERR! gyp ERR! System Linux 6.1.0-21-cloud-amd64
npm ERR! gyp ERR! command "/usr/bin/node" "/usr/share/nodejs/node-gyp/bin/node-gyp.js" "configure" "--build-from-source" "--module=/src/repo/node_modules/@kartotherian/mapnik/lib/binding/mapnik.node" "--module_name=mapnik" "--module_path=/src/repo/node_modules/@kartotherian/mapnik/lib/binding" "--napi_version=9" "--node_abi_napi=napi"
npm ERR! gyp ERR! cwd /src/repo/node_modules/@kartotherian/mapnik
npm ERR! gyp ERR! node -v v18.19.0
npm ERR! gyp ERR! node-gyp -v v9.3.0
npm ERR! gyp ERR! not ok 
npm ERR! node-pre-gyp ERR! build error 
npm ERR! node-pre-gyp ERR! stack Error: Failed to execute '/usr/bin/node /usr/share/nodejs/node-gyp/bin/node-gyp.js configure --build-from-source --module=/src/repo/node_modules/@kartotherian/mapnik/lib/binding/mapnik.node --module_name=mapnik --module_path=/src/repo/node_modules/@kartotherian/mapnik/lib/binding --napi_version=9 --node_abi_napi=napi' (1)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/src/repo/node_modules/@kartotherian/mapnik/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.emit (node:events:517:28)
npm ERR! node-pre-gyp ERR! stack     at maybeClose (node:internal/child_process:1098:16)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:303:5)
npm ERR! node-pre-gyp ERR! System Linux 6.1.0-21-cloud-amd64
npm ERR! node-pre-gyp ERR! command "/usr/bin/node" "/src/repo/node_modules/@kartotherian/mapnik/node_modules/.bin/node-pre-gyp" "install" "--build-from-source"
npm ERR! node-pre-gyp ERR! cwd /src/repo/node_modules/@kartotherian/mapnik
npm ERR! node-pre-gyp ERR! node -v v18.19.0
npm ERR! node-pre-gyp ERR! node-pre-gyp -v v0.10.3
npm ERR! node-pre-gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /cache/_logs/2024-07-23T05_21_59_479Z-debug-0.log
--- stdout ---

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1172, in npm_upgrade
    self.check_call(["npm", "install"])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1789, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1728, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1175, in npm_upgrade
    self.check_call(["npm", "install"])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install']' returned non-zero exit status 1.
Source code is licensed under the AGPL.