This run took 242 seconds.
$ date --- stdout --- Thu Oct 3 06:36:48 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-extensions-MobileFrontend.git repo --depth=1 -b REL1_41 --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/REL1_41 --- stdout --- 677e94d7cc41218ecb0843a0ff0ae3e276812902 refs/heads/REL1_41 --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@babel/traverse": { "name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [ { "source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": [ "CWE-184", "CWE-697" ], "cvss": { "score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, "range": "<7.23.2" } ], "effects": [], "range": "<7.23.2", "nodes": [ "node_modules/@babel/traverse" ], "fixAvailable": true }, "@storybook/builder-webpack4": { "name": "@storybook/builder-webpack4", "severity": "high", "isDirect": false, "via": [ "@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "react-dev-utils", "webpack", "webpack-dev-middleware" ], "effects": [], "range": "*", "nodes": [ "node_modules/@storybook/builder-webpack4" ], "fixAvailable": true }, "@storybook/core": { "name": "@storybook/core", "severity": "high", "isDirect": false, "via": [ "@storybook/core-server" ], "effects": [ "@storybook/html" ], "range": "6.2.0-alpha.0 - 6.3.0-rc.12", "nodes": [ "node_modules/@storybook/core" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/core-common": { "name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "@storybook/html" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core-common" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/core-server": { "name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": [ "@storybook/builder-webpack4", "@storybook/core-common", "cpy", "css-loader", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core" ], "range": "<=7.0.0-rc.11", "nodes": [ "node_modules/@storybook/core-server" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/html": { "name": "@storybook/html", "severity": "high", "isDirect": true, "via": [ "@storybook/core", "@storybook/core-common" ], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/html" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "anymatch": { "name": "anymatch", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": true }, "autoprefixer": { "name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": [ "node_modules/autoprefixer" ], "fixAvailable": true }, "body-parser": { "name": "body-parser", "severity": "high", "isDirect": false, "via": [ { "source": 1099520, "name": "body-parser", "dependency": "body-parser", "title": "body-parser vulnerable to denial of service when url encoding is enabled", "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7", "severity": "high", "cwe": [ "CWE-405" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<1.20.3" } ], "effects": [ "express" ], "range": "<1.20.3", "nodes": [ "node_modules/body-parser" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/braces", "node_modules/braces", "node_modules/fast-glob/node_modules/braces", "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack-cli/node_modules/braces", "node_modules/webpack/node_modules/braces" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "browserify-sign": { "name": "browserify-sign", "severity": "high", "isDirect": false, "via": [ { "source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": [ "CWE-347" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, "range": ">=2.6.0 <=4.2.1" } ], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [ "node_modules/browserify-sign" ], "fixAvailable": true }, "browserslist": { "name": "browserslist", "severity": "moderate", "isDirect": false, "via": [ { "source": 1093035, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=4.0.0 <4.16.5" } ], "effects": [ "react-dev-utils" ], "range": "4.0.0 - 4.16.4", "nodes": [ "node_modules/react-dev-utils/node_modules/browserslist" ], "fixAvailable": true }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": true }, "cpy": { "name": "cpy", "severity": "moderate", "isDirect": false, "via": [ "globby" ], "effects": [ "@storybook/core-server" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/cpy" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": true }, "elliptic": { "name": "elliptic", "severity": "low", "isDirect": false, "via": [ { "source": 1098593, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's EDDSA missing signature length check", "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=4.0.0 <=6.5.6" }, { "source": 1098594, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero", "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw", "severity": "low", "cwe": [ "CWE-130" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=2.0.0 <=6.5.6" }, { "source": 1098595, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic allows BER-encoded signatures", "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=5.2.1 <=6.5.6" } ], "effects": [], "range": "2.0.0 - 6.5.6", "nodes": [ "node_modules/elliptic" ], "fixAvailable": true }, "express": { "name": "express", "severity": "high", "isDirect": false, "via": [ { "source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": [ "CWE-601", "CWE-1286" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.19.2" }, { "source": 1099529, "name": "express", "dependency": "express", "title": "express vulnerable to XSS via response.redirect()", "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<4.20.0" }, "body-parser", "path-to-regexp", "send", "serve-static" ], "effects": [], "range": "<=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3", "nodes": [ "node_modules/express" ], "fixAvailable": true }, "fast-glob": { "name": "fast-glob", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/fast-glob" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "findup-sync": { "name": "findup-sync", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "webpack-cli" ], "range": "0.4.0 - 3.0.0", "nodes": [ "node_modules/webpack-cli/node_modules/findup-sync" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "fork-ts-checker-webpack-plugin": { "name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "react-dev-utils" ], "range": "0.4.14 - 4.1.6", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin", "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin" ], "fixAvailable": true }, "globby": { "name": "globby", "severity": "moderate", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/globby" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader", "postcss-modules-local-by-default", "postcss-modules-values" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": true }, "immer": { "name": "immer", "severity": "critical", "isDirect": false, "via": [ { "source": 1097196, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx", "severity": "high", "cwe": [ "CWE-915", "CWE-1321" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=7.0.0 <9.0.6" }, { "source": 1097209, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h", "severity": "critical", "cwe": [ "CWE-843", "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=7.0.0 <9.0.6" } ], "effects": [], "range": "7.0.0 - 9.0.5", "nodes": [ "node_modules/immer" ], "fixAvailable": true }, "ip": { "name": "ip", "severity": "high", "isDirect": false, "via": [ { "source": 1097720, "name": "ip", "dependency": "ip", "title": "NPM IP package incorrectly identifies some private IP addresses as public", "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22", "severity": "low", "cwe": [ "CWE-918" ], "cvss": { "score": 0, "vectorString": null }, "range": "<1.1.9" }, { "source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": [ "CWE-918" ], "cvss": { "score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=2.0.1" } ], "effects": [], "range": "*", "nodes": [ "node_modules/ip" ], "fixAvailable": true }, "jsdoc": { "name": "jsdoc", "severity": "high", "isDirect": true, "via": [ "markdown-it", "marked", "taffydb" ], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": [ "node_modules/jsdoc" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "jsdom": { "name": "jsdom", "severity": "moderate", "isDirect": true, "via": [ "request", "tough-cookie" ], "effects": [], "range": "0.1.20 || 0.2.0 - 16.5.3", "nodes": [ "node_modules/jsdom" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "less": { "name": "less", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3", "nodes": [ "node_modules/less" ], "fixAvailable": { "name": "less", "version": "3.13.1", "isSemVerMajor": false } }, "loader-utils": { "name": "loader-utils", "severity": "critical", "isDirect": false, "via": [ { "source": 1094088, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<1.4.1" }, { "source": 1094089, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=2.0.0 <2.0.3" }, { "source": 1095054, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=2.0.0 <2.0.4" }, { "source": 1095055, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=1.0.0 <1.4.2" }, { "source": 1097142, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=2.0.0 <2.0.4" }, { "source": 1097143, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=1.0.0 <1.4.2" } ], "effects": [ "react-dev-utils", "webpack-cli" ], "range": "<=1.4.1 || 2.0.0 - 2.0.3", "nodes": [ "node_modules/react-dev-utils/node_modules/loader-utils", "node_modules/webpack-cli/node_modules/loader-utils" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "markdown-it": { "name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [ { "source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<12.3.2" } ], "effects": [ "jsdoc" ], "range": "<12.3.2", "nodes": [ "node_modules/markdown-it" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "marked": { "name": "marked", "severity": "high", "isDirect": false, "via": [ { "source": 1095051, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" }, { "source": 1095052, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" } ], "effects": [ "jsdoc" ], "range": "<=4.0.9", "nodes": [ "node_modules/marked" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" }, "braces" ], "effects": [ "anymatch", "fast-glob", "findup-sync", "fork-ts-checker-webpack-plugin", "readdirp", "webpack" ], "range": "<=4.0.7", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/micromatch", "node_modules/fast-glob/node_modules/micromatch", "node_modules/micromatch", "node_modules/react-dev-utils/node_modules/fast-glob/node_modules/micromatch", "node_modules/react-dev-utils/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack-cli/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [ "recursive-readdir" ], "range": "<3.0.5", "nodes": [ "node_modules/minimatch" ], "fixAvailable": true }, "path-to-regexp": { "name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [ { "source": 1099561, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=0.2.0 <1.9.0" }, { "source": 1099562, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<0.1.10" } ], "effects": [ "express" ], "range": "<=0.1.9 || 0.2.0 - 1.8.0", "nodes": [ "node_modules/@wikimedia/mw-node-qunit/node_modules/path-to-regexp", "node_modules/nise/node_modules/path-to-regexp", "node_modules/path-to-regexp" ], "fixAvailable": true }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss" ], "fixAvailable": true }, "postcss-flexbugs-fixes": { "name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=4.2.1", "nodes": [ "node_modules/postcss-flexbugs-fixes" ], "fixAvailable": true }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [], "range": "<=4.0.0-rc.4", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [ "css-loader" ], "range": "<=4.0.0-rc.5", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": true }, "react-dev-utils": { "name": "react-dev-utils", "severity": "critical", "isDirect": false, "via": [ "browserslist", "fork-ts-checker-webpack-plugin", "immer", "loader-utils", "recursive-readdir", "shell-quote" ], "effects": [ "@storybook/builder-webpack4" ], "range": "0.5.2 - 12.0.0-next.60", "nodes": [ "node_modules/react-dev-utils" ], "fixAvailable": true }, "readdirp": { "name": "readdirp", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": true }, "recursive-readdir": { "name": "recursive-readdir", "severity": "high", "isDirect": false, "via": [ "minimatch" ], "effects": [ "react-dev-utils" ], "range": "1.2.0 - 2.2.2", "nodes": [ "node_modules/recursive-readdir" ], "fixAvailable": true }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "jsdom", "less", "request-promise-core", "request-promise-native" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "request-promise-core": { "name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": [ "request" ], "effects": [ "request-promise-native" ], "range": "*", "nodes": [ "node_modules/request-promise-core" ], "fixAvailable": true }, "request-promise-native": { "name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": [ "request", "request-promise-core", "tough-cookie" ], "effects": [], "range": ">=1.0.0", "nodes": [ "node_modules/request-promise-native" ], "fixAvailable": true }, "send": { "name": "send", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099525, "name": "send", "dependency": "send", "title": "send vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<0.19.0" } ], "effects": [ "express", "serve-static" ], "range": "<0.19.0", "nodes": [ "node_modules/send" ], "fixAvailable": true }, "serve-static": { "name": "serve-static", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099527, "name": "serve-static", "dependency": "serve-static", "title": "serve-static vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<1.16.0" }, "send" ], "effects": [], "range": "<=1.16.0", "nodes": [ "node_modules/serve-static" ], "fixAvailable": true }, "shell-quote": { "name": "shell-quote", "severity": "critical", "isDirect": false, "via": [ { "source": 1096375, "name": "shell-quote", "dependency": "shell-quote", "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote", "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7", "severity": "critical", "cwe": [ "CWE-77" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=1.7.2" } ], "effects": [ "react-dev-utils" ], "range": "<=1.7.2", "nodes": [ "node_modules/shell-quote" ], "fixAvailable": true }, "taffydb": { "name": "taffydb", "severity": "high", "isDirect": false, "via": [ { "source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": [ "CWE-20", "CWE-668" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=2.7.3" } ], "effects": [ "jsdoc" ], "range": "*", "nodes": [ "node_modules/taffydb" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [], "range": "<6.2.1", "nodes": [ "node_modules/tar" ], "fixAvailable": true }, "terser-webpack-plugin": { "name": "terser-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "webpack" ], "range": "<=2.2.1", "nodes": [ "node_modules/webpack/node_modules/terser-webpack-plugin" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "jsdom", "request", "request-promise-native" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/watchpack" ], "fixAvailable": true }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": true }, "webpack": { "name": "webpack", "severity": "moderate", "isDirect": true, "via": [ "micromatch", "terser-webpack-plugin" ], "effects": [ "@storybook/core-common", "@storybook/core-server", "terser-webpack-plugin", "webpack-cli" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "webpack-cli": { "name": "webpack-cli", "severity": "high", "isDirect": true, "via": [ "findup-sync", "loader-utils", "webpack" ], "effects": [], "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1", "nodes": [ "node_modules/webpack-cli" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "webpack-dev-middleware": { "name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [ { "source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": [ "CWE-22" ], "cvss": { "score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" }, "range": "<=5.3.3" } ], "effects": [ "@storybook/core-server" ], "range": "<=5.3.3", "nodes": [ "node_modules/webpack-dev-middleware" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" }, { "source": 1098394, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=6.0.0 <6.2.3" } ], "effects": [], "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0", "nodes": [ "node_modules/@wikimedia/mw-node-qunit/node_modules/ws", "node_modules/ws" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 30, "high": 22, "critical": 5, "total": 58 }, "dependencies": { "prod": 1, "dev": 1979, "optional": 35, "peer": 16, "peerOptional": 0, "total": 1979 } } } --- end --- $ /usr/bin/composer install --- stderr --- No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information. Loading composer repositories with package information Updating dependencies Lock file operations: 36 installs, 0 updates, 0 removals - Locking composer/pcre (3.3.1) - Locking composer/semver (3.3.2) - Locking composer/spdx-licenses (1.5.8) - Locking composer/xdebug-handler (3.0.5) - Locking doctrine/deprecations (1.1.3) - Locking felixfbecker/advanced-json-rpc (v3.2.1) - Locking mediawiki/mediawiki-codesniffer (v41.0.0) - Locking mediawiki/mediawiki-phan-config (0.12.1) - Locking mediawiki/minus-x (1.1.1) - Locking mediawiki/phan-taint-check-plugin (4.0.0) - Locking microsoft/tolerant-php-parser (v0.1.1) - Locking netresearch/jsonmapper (v4.5.0) - Locking phan/phan (5.4.1) - Locking php-parallel-lint/php-console-color (v1.0.1) - Locking php-parallel-lint/php-console-highlighter (v1.0.0) - Locking php-parallel-lint/php-parallel-lint (v1.3.2) - Locking phpdocumentor/reflection-common (2.2.0) - Locking phpdocumentor/reflection-docblock (5.4.1) - Locking phpdocumentor/type-resolver (1.8.2) - Locking phpstan/phpdoc-parser (1.32.0) - Locking psr/container (2.0.2) - Locking psr/log (2.0.0) - Locking sabre/event (5.1.7) - Locking squizlabs/php_codesniffer (3.7.2) - Locking symfony/console (v5.4.44) - Locking symfony/deprecation-contracts (v3.5.0) - Locking symfony/polyfill-ctype (v1.31.0) - Locking symfony/polyfill-intl-grapheme (v1.31.0) - Locking symfony/polyfill-intl-normalizer (v1.31.0) - Locking symfony/polyfill-mbstring (v1.31.0) - Locking symfony/polyfill-php73 (v1.31.0) - Locking symfony/polyfill-php80 (v1.31.0) - Locking symfony/service-contracts (v3.5.0) - Locking symfony/string (v6.4.12) - Locking tysonandre/var_representation_polyfill (0.1.3) - Locking webmozart/assert (1.11.0) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 36 installs, 0 updates, 0 removals 0 [>---------------------------] 0 [->--------------------------] - Installing composer/pcre (3.3.1): Extracting archive - Installing symfony/polyfill-php80 (v1.31.0): Extracting archive - Installing squizlabs/php_codesniffer (3.7.2): Extracting archive - Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive - Installing composer/spdx-licenses (1.5.8): Extracting archive - Installing composer/semver (3.3.2): Extracting archive - Installing mediawiki/mediawiki-codesniffer (v41.0.0): Extracting archive - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive - Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive - Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive - Installing symfony/polyfill-ctype (v1.31.0): Extracting archive - Installing symfony/string (v6.4.12): Extracting archive - Installing symfony/deprecation-contracts (v3.5.0): Extracting archive - Installing psr/container (2.0.2): Extracting archive - Installing symfony/service-contracts (v3.5.0): Extracting archive - Installing symfony/polyfill-php73 (v1.31.0): Extracting archive - Installing symfony/console (v5.4.44): Extracting archive - Installing sabre/event (5.1.7): Extracting archive - Installing netresearch/jsonmapper (v4.5.0): Extracting archive - Installing microsoft/tolerant-php-parser (v0.1.1): Extracting archive - Installing webmozart/assert (1.11.0): Extracting archive - Installing phpstan/phpdoc-parser (1.32.0): Extracting archive - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive - Installing doctrine/deprecations (1.1.3): Extracting archive - Installing phpdocumentor/type-resolver (1.8.2): Extracting archive - Installing phpdocumentor/reflection-docblock (5.4.1): Extracting archive - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive - Installing psr/log (2.0.0): Extracting archive - Installing composer/xdebug-handler (3.0.5): Extracting archive - Installing phan/phan (5.4.1): Extracting archive - Installing mediawiki/phan-taint-check-plugin (4.0.0): Extracting archive - Installing mediawiki/mediawiki-phan-config (0.12.1): Extracting archive - Installing mediawiki/minus-x (1.1.1): Extracting archive - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive - Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive 0/36 [>---------------------------] 0% 22/36 [=================>----------] 61% 35/36 [===========================>] 97% 36/36 [============================] 100% 3 package suggestions were added by new dependencies, use `composer suggest` to see details. Generating autoload files 15 packages you are using are looking for funding. Use the `composer fund` command to find out more! --- stdout --- --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@babel/traverse": { "name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [ { "source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": [ "CWE-184", "CWE-697" ], "cvss": { "score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, "range": "<7.23.2" } ], "effects": [], "range": "<7.23.2", "nodes": [ "node_modules/@babel/traverse" ], "fixAvailable": true }, "@storybook/builder-webpack4": { "name": "@storybook/builder-webpack4", "severity": "high", "isDirect": false, "via": [ "@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "react-dev-utils", "webpack", "webpack-dev-middleware" ], "effects": [], "range": "*", "nodes": [ "node_modules/@storybook/builder-webpack4" ], "fixAvailable": true }, "@storybook/core": { "name": "@storybook/core", "severity": "high", "isDirect": false, "via": [ "@storybook/core-server" ], "effects": [ "@storybook/html" ], "range": "6.2.0-alpha.0 - 6.3.0-rc.12", "nodes": [ "node_modules/@storybook/core" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/core-common": { "name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "@storybook/html" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core-common" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/core-server": { "name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": [ "@storybook/builder-webpack4", "@storybook/core-common", "cpy", "css-loader", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core" ], "range": "<=7.0.0-rc.11", "nodes": [ "node_modules/@storybook/core-server" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/html": { "name": "@storybook/html", "severity": "high", "isDirect": true, "via": [ "@storybook/core", "@storybook/core-common" ], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/html" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "anymatch": { "name": "anymatch", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": true }, "autoprefixer": { "name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": [ "node_modules/autoprefixer" ], "fixAvailable": true }, "body-parser": { "name": "body-parser", "severity": "high", "isDirect": false, "via": [ { "source": 1099520, "name": "body-parser", "dependency": "body-parser", "title": "body-parser vulnerable to denial of service when url encoding is enabled", "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7", "severity": "high", "cwe": [ "CWE-405" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<1.20.3" } ], "effects": [ "express" ], "range": "<1.20.3", "nodes": [ "node_modules/body-parser" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/braces", "node_modules/braces", "node_modules/fast-glob/node_modules/braces", "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack-cli/node_modules/braces", "node_modules/webpack/node_modules/braces" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "browserify-sign": { "name": "browserify-sign", "severity": "high", "isDirect": false, "via": [ { "source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": [ "CWE-347" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, "range": ">=2.6.0 <=4.2.1" } ], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [ "node_modules/browserify-sign" ], "fixAvailable": true }, "browserslist": { "name": "browserslist", "severity": "moderate", "isDirect": false, "via": [ { "source": 1093035, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=4.0.0 <4.16.5" } ], "effects": [ "react-dev-utils" ], "range": "4.0.0 - 4.16.4", "nodes": [ "node_modules/react-dev-utils/node_modules/browserslist" ], "fixAvailable": true }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": true }, "cpy": { "name": "cpy", "severity": "moderate", "isDirect": false, "via": [ "globby" ], "effects": [ "@storybook/core-server" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/cpy" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": true }, "elliptic": { "name": "elliptic", "severity": "low", "isDirect": false, "via": [ { "source": 1098593, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's EDDSA missing signature length check", "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=4.0.0 <=6.5.6" }, { "source": 1098594, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero", "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw", "severity": "low", "cwe": [ "CWE-130" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=2.0.0 <=6.5.6" }, { "source": 1098595, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic allows BER-encoded signatures", "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=5.2.1 <=6.5.6" } ], "effects": [], "range": "2.0.0 - 6.5.6", "nodes": [ "node_modules/elliptic" ], "fixAvailable": true }, "express": { "name": "express", "severity": "high", "isDirect": false, "via": [ { "source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": [ "CWE-601", "CWE-1286" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.19.2" }, { "source": 1099529, "name": "express", "dependency": "express", "title": "express vulnerable to XSS via response.redirect()", "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<4.20.0" }, "body-parser", "path-to-regexp", "send", "serve-static" ], "effects": [], "range": "<=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3", "nodes": [ "node_modules/express" ], "fixAvailable": true }, "fast-glob": { "name": "fast-glob", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/fast-glob" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "findup-sync": { "name": "findup-sync", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "webpack-cli" ], "range": "0.4.0 - 3.0.0", "nodes": [ "node_modules/webpack-cli/node_modules/findup-sync" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "fork-ts-checker-webpack-plugin": { "name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "react-dev-utils" ], "range": "0.4.14 - 4.1.6", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin", "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin" ], "fixAvailable": true }, "globby": { "name": "globby", "severity": "moderate", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/globby" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader", "postcss-modules-local-by-default", "postcss-modules-values" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": true }, "immer": { "name": "immer", "severity": "critical", "isDirect": false, "via": [ { "source": 1097196, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx", "severity": "high", "cwe": [ "CWE-915", "CWE-1321" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=7.0.0 <9.0.6" }, { "source": 1097209, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h", "severity": "critical", "cwe": [ "CWE-843", "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=7.0.0 <9.0.6" } ], "effects": [], "range": "7.0.0 - 9.0.5", "nodes": [ "node_modules/immer" ], "fixAvailable": true }, "ip": { "name": "ip", "severity": "high", "isDirect": false, "via": [ { "source": 1097720, "name": "ip", "dependency": "ip", "title": "NPM IP package incorrectly identifies some private IP addresses as public", "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22", "severity": "low", "cwe": [ "CWE-918" ], "cvss": { "score": 0, "vectorString": null }, "range": "<1.1.9" }, { "source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": [ "CWE-918" ], "cvss": { "score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=2.0.1" } ], "effects": [], "range": "*", "nodes": [ "node_modules/ip" ], "fixAvailable": true }, "jsdoc": { "name": "jsdoc", "severity": "high", "isDirect": true, "via": [ "markdown-it", "marked", "taffydb" ], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": [ "node_modules/jsdoc" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "jsdom": { "name": "jsdom", "severity": "moderate", "isDirect": true, "via": [ "request", "tough-cookie" ], "effects": [], "range": "0.1.20 || 0.2.0 - 16.5.3", "nodes": [ "node_modules/jsdom" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "less": { "name": "less", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3", "nodes": [ "node_modules/less" ], "fixAvailable": { "name": "less", "version": "3.13.1", "isSemVerMajor": false } }, "loader-utils": { "name": "loader-utils", "severity": "critical", "isDirect": false, "via": [ { "source": 1094088, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<1.4.1" }, { "source": 1094089, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=2.0.0 <2.0.3" }, { "source": 1095054, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=2.0.0 <2.0.4" }, { "source": 1095055, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=1.0.0 <1.4.2" }, { "source": 1097142, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=2.0.0 <2.0.4" }, { "source": 1097143, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=1.0.0 <1.4.2" } ], "effects": [ "react-dev-utils", "webpack-cli" ], "range": "<=1.4.1 || 2.0.0 - 2.0.3", "nodes": [ "node_modules/react-dev-utils/node_modules/loader-utils", "node_modules/webpack-cli/node_modules/loader-utils" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "markdown-it": { "name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [ { "source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<12.3.2" } ], "effects": [ "jsdoc" ], "range": "<12.3.2", "nodes": [ "node_modules/markdown-it" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "marked": { "name": "marked", "severity": "high", "isDirect": false, "via": [ { "source": 1095051, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" }, { "source": 1095052, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" } ], "effects": [ "jsdoc" ], "range": "<=4.0.9", "nodes": [ "node_modules/marked" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" }, "braces" ], "effects": [ "anymatch", "fast-glob", "findup-sync", "fork-ts-checker-webpack-plugin", "readdirp", "webpack" ], "range": "<=4.0.7", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/micromatch", "node_modules/fast-glob/node_modules/micromatch", "node_modules/micromatch", "node_modules/react-dev-utils/node_modules/fast-glob/node_modules/micromatch", "node_modules/react-dev-utils/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack-cli/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [ "recursive-readdir" ], "range": "<3.0.5", "nodes": [ "node_modules/minimatch" ], "fixAvailable": true }, "path-to-regexp": { "name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [ { "source": 1099561, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=0.2.0 <1.9.0" }, { "source": 1099562, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<0.1.10" } ], "effects": [ "express" ], "range": "<=0.1.9 || 0.2.0 - 1.8.0", "nodes": [ "node_modules/@wikimedia/mw-node-qunit/node_modules/path-to-regexp", "node_modules/nise/node_modules/path-to-regexp", "node_modules/path-to-regexp" ], "fixAvailable": true }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss" ], "fixAvailable": true }, "postcss-flexbugs-fixes": { "name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=4.2.1", "nodes": [ "node_modules/postcss-flexbugs-fixes" ], "fixAvailable": true }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [], "range": "<=4.0.0-rc.4", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [ "css-loader" ], "range": "<=4.0.0-rc.5", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": true }, "react-dev-utils": { "name": "react-dev-utils", "severity": "critical", "isDirect": false, "via": [ "browserslist", "fork-ts-checker-webpack-plugin", "immer", "loader-utils", "recursive-readdir", "shell-quote" ], "effects": [ "@storybook/builder-webpack4" ], "range": "0.5.2 - 12.0.0-next.60", "nodes": [ "node_modules/react-dev-utils" ], "fixAvailable": true }, "readdirp": { "name": "readdirp", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": true }, "recursive-readdir": { "name": "recursive-readdir", "severity": "high", "isDirect": false, "via": [ "minimatch" ], "effects": [ "react-dev-utils" ], "range": "1.2.0 - 2.2.2", "nodes": [ "node_modules/recursive-readdir" ], "fixAvailable": true }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "jsdom", "less", "request-promise-core", "request-promise-native" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "request-promise-core": { "name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": [ "request" ], "effects": [ "request-promise-native" ], "range": "*", "nodes": [ "node_modules/request-promise-core" ], "fixAvailable": true }, "request-promise-native": { "name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": [ "request", "request-promise-core", "tough-cookie" ], "effects": [], "range": ">=1.0.0", "nodes": [ "node_modules/request-promise-native" ], "fixAvailable": true }, "send": { "name": "send", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099525, "name": "send", "dependency": "send", "title": "send vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<0.19.0" } ], "effects": [ "express", "serve-static" ], "range": "<0.19.0", "nodes": [ "node_modules/send" ], "fixAvailable": true }, "serve-static": { "name": "serve-static", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099527, "name": "serve-static", "dependency": "serve-static", "title": "serve-static vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<1.16.0" }, "send" ], "effects": [], "range": "<=1.16.0", "nodes": [ "node_modules/serve-static" ], "fixAvailable": true }, "shell-quote": { "name": "shell-quote", "severity": "critical", "isDirect": false, "via": [ { "source": 1096375, "name": "shell-quote", "dependency": "shell-quote", "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote", "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7", "severity": "critical", "cwe": [ "CWE-77" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=1.7.2" } ], "effects": [ "react-dev-utils" ], "range": "<=1.7.2", "nodes": [ "node_modules/shell-quote" ], "fixAvailable": true }, "taffydb": { "name": "taffydb", "severity": "high", "isDirect": false, "via": [ { "source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": [ "CWE-20", "CWE-668" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=2.7.3" } ], "effects": [ "jsdoc" ], "range": "*", "nodes": [ "node_modules/taffydb" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [], "range": "<6.2.1", "nodes": [ "node_modules/tar" ], "fixAvailable": true }, "terser-webpack-plugin": { "name": "terser-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "webpack" ], "range": "<=2.2.1", "nodes": [ "node_modules/webpack/node_modules/terser-webpack-plugin" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "jsdom", "request", "request-promise-native" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/watchpack" ], "fixAvailable": true }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": true }, "webpack": { "name": "webpack", "severity": "moderate", "isDirect": true, "via": [ "micromatch", "terser-webpack-plugin" ], "effects": [ "@storybook/core-common", "@storybook/core-server", "terser-webpack-plugin", "webpack-cli" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "webpack-cli": { "name": "webpack-cli", "severity": "high", "isDirect": true, "via": [ "findup-sync", "loader-utils", "webpack" ], "effects": [], "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1", "nodes": [ "node_modules/webpack-cli" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "webpack-dev-middleware": { "name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [ { "source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": [ "CWE-22" ], "cvss": { "score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" }, "range": "<=5.3.3" } ], "effects": [ "@storybook/core-server" ], "range": "<=5.3.3", "nodes": [ "node_modules/webpack-dev-middleware" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" }, { "source": 1098394, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=6.0.0 <6.2.3" } ], "effects": [], "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0", "nodes": [ "node_modules/@wikimedia/mw-node-qunit/node_modules/ws", "node_modules/ws" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 30, "high": 22, "critical": 5, "total": 58 }, "dependencies": { "prod": 1, "dev": 1979, "optional": 35, "peer": 16, "peerOptional": 0, "total": 1979 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: babel-loader@8.2.3 npm WARN Found: webpack@4.43.0 npm WARN node_modules/webpack npm WARN dev webpack@"4.43.0" from the root project npm WARN 24 more (@storybook/builder-webpack4, babel-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/builder-webpack4/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3 npm WARN node_modules/@storybook/builder-webpack4 npm WARN npm WARN Conflicting peer dependency: webpack@5.95.0 npm WARN node_modules/webpack npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/builder-webpack4/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3 npm WARN node_modules/@storybook/builder-webpack4 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: babel-loader@8.2.3 npm WARN Found: webpack@4.43.0 npm WARN node_modules/webpack npm WARN dev webpack@"4.43.0" from the root project npm WARN 24 more (@storybook/builder-webpack4, babel-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-common/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-common@6.2.3 npm WARN node_modules/@storybook/core-common npm WARN npm WARN Conflicting peer dependency: webpack@5.95.0 npm WARN node_modules/webpack npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-common/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-common@6.2.3 npm WARN node_modules/@storybook/core-common npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: babel-loader@8.2.3 npm WARN Found: webpack@4.43.0 npm WARN node_modules/webpack npm WARN dev webpack@"4.43.0" from the root project npm WARN 24 more (@storybook/builder-webpack4, babel-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-server/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-server@6.2.3 npm WARN node_modules/@storybook/core-server npm WARN npm WARN Conflicting peer dependency: webpack@5.95.0 npm WARN node_modules/webpack npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-server/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-server@6.2.3 npm WARN node_modules/@storybook/core-server npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3 npm WARN node_modules/babel-plugin-polyfill-corejs2 npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3 npm WARN node_modules/babel-plugin-polyfill-corejs2 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.1.5 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5 npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7 npm WARN node_modules/babel-plugin-polyfill-corejs3 npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5 npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7 npm WARN node_modules/babel-plugin-polyfill-corejs3 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3 npm WARN node_modules/babel-plugin-polyfill-regenerator npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3 npm WARN node_modules/babel-plugin-polyfill-regenerator npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: undefined, npm WARN EBADENGINE required: { node: '14.17.5' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6', npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2', npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } --- stdout --- { "added": 1983, "removed": 0, "changed": 0, "audited": 1984, "funding": 208, "audit": { "auditReportVersion": 2, "vulnerabilities": { "@babel/traverse": { "name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [ { "source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": [ "CWE-184", "CWE-697" ], "cvss": { "score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, "range": "<7.23.2" } ], "effects": [], "range": "<7.23.2", "nodes": [ "" ], "fixAvailable": true }, "@storybook/builder-webpack4": { "name": "@storybook/builder-webpack4", "severity": "high", "isDirect": false, "via": [ "@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "react-dev-utils", "webpack", "webpack-dev-middleware" ], "effects": [], "range": "*", "nodes": [ "node_modules/@storybook/builder-webpack4" ], "fixAvailable": true }, "@storybook/core": { "name": "@storybook/core", "severity": "high", "isDirect": false, "via": [ "@storybook/core-server" ], "effects": [ "@storybook/html" ], "range": "6.2.0-alpha.0 - 6.3.0-rc.12", "nodes": [ "node_modules/@storybook/core" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/core-common": { "name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "@storybook/html" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core-common" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/core-server": { "name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": [ "@storybook/builder-webpack4", "@storybook/core-common", "cpy", "css-loader", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core" ], "range": "<=7.0.0-rc.11", "nodes": [ "node_modules/@storybook/core-server" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "@storybook/html": { "name": "@storybook/html", "severity": "high", "isDirect": true, "via": [ "@storybook/core", "@storybook/core-common" ], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/html" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "anymatch": { "name": "anymatch", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": true }, "autoprefixer": { "name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": [ "node_modules/autoprefixer" ], "fixAvailable": true }, "body-parser": { "name": "body-parser", "severity": "high", "isDirect": false, "via": [ { "source": 1099520, "name": "body-parser", "dependency": "body-parser", "title": "body-parser vulnerable to denial of service when url encoding is enabled", "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7", "severity": "high", "cwe": [ "CWE-405" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<1.20.3" } ], "effects": [ "express" ], "range": "<1.20.3", "nodes": [ "" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "", "", "node_modules/@storybook/builder-webpack4/node_modules/braces", "node_modules/fast-glob/node_modules/braces", "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "browserify-sign": { "name": "browserify-sign", "severity": "high", "isDirect": false, "via": [ { "source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": [ "CWE-347" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, "range": ">=2.6.0 <=4.2.1" } ], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [ "" ], "fixAvailable": true }, "browserslist": { "name": "browserslist", "severity": "moderate", "isDirect": false, "via": [ { "source": 1093035, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=4.0.0 <4.16.5" } ], "effects": [ "react-dev-utils" ], "range": "4.0.0 - 4.16.4", "nodes": [ "node_modules/react-dev-utils/node_modules/browserslist" ], "fixAvailable": true }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": true }, "cpy": { "name": "cpy", "severity": "moderate", "isDirect": false, "via": [ "globby" ], "effects": [ "@storybook/core-server" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/cpy" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": true }, "elliptic": { "name": "elliptic", "severity": "low", "isDirect": false, "via": [ { "source": 1098593, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's EDDSA missing signature length check", "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=4.0.0 <=6.5.6" }, { "source": 1098594, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero", "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw", "severity": "low", "cwe": [ "CWE-130" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=2.0.0 <=6.5.6" }, { "source": 1098595, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic allows BER-encoded signatures", "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=5.2.1 <=6.5.6" } ], "effects": [], "range": "2.0.0 - 6.5.6", "nodes": [ "" ], "fixAvailable": true }, "express": { "name": "express", "severity": "high", "isDirect": false, "via": [ { "source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": [ "CWE-601", "CWE-1286" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.19.2" }, { "source": 1099529, "name": "express", "dependency": "express", "title": "express vulnerable to XSS via response.redirect()", "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<4.20.0" }, "body-parser", "path-to-regexp", "send", "serve-static" ], "effects": [], "range": "<=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3", "nodes": [ "" ], "fixAvailable": true }, "fast-glob": { "name": "fast-glob", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/fast-glob" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "findup-sync": { "name": "findup-sync", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "webpack-cli" ], "range": "0.4.0 - 3.0.0", "nodes": [ "" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "fork-ts-checker-webpack-plugin": { "name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "react-dev-utils" ], "range": "0.4.14 - 4.1.6", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin", "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin" ], "fixAvailable": true }, "globby": { "name": "globby", "severity": "moderate", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/globby" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader", "postcss-modules-local-by-default", "postcss-modules-values" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": true }, "immer": { "name": "immer", "severity": "critical", "isDirect": false, "via": [ { "source": 1097196, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx", "severity": "high", "cwe": [ "CWE-915", "CWE-1321" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=7.0.0 <9.0.6" }, { "source": 1097209, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h", "severity": "critical", "cwe": [ "CWE-843", "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=7.0.0 <9.0.6" } ], "effects": [], "range": "7.0.0 - 9.0.5", "nodes": [ "node_modules/immer" ], "fixAvailable": true }, "ip": { "name": "ip", "severity": "high", "isDirect": false, "via": [ { "source": 1097720, "name": "ip", "dependency": "ip", "title": "NPM IP package incorrectly identifies some private IP addresses as public", "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22", "severity": "low", "cwe": [ "CWE-918" ], "cvss": { "score": 0, "vectorString": null }, "range": "<1.1.9" }, { "source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": [ "CWE-918" ], "cvss": { "score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=2.0.1" } ], "effects": [], "range": "*", "nodes": [ "" ], "fixAvailable": true }, "jsdoc": { "name": "jsdoc", "severity": "high", "isDirect": true, "via": [ "markdown-it", "marked", "taffydb" ], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": [ "node_modules/jsdoc" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "jsdom": { "name": "jsdom", "severity": "moderate", "isDirect": true, "via": [ "request", "tough-cookie" ], "effects": [], "range": "0.1.20 || 0.2.0 - 16.5.3", "nodes": [ "node_modules/jsdom" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "less": { "name": "less", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3", "nodes": [ "node_modules/less" ], "fixAvailable": { "name": "less", "version": "3.13.1", "isSemVerMajor": false } }, "loader-utils": { "name": "loader-utils", "severity": "critical", "isDirect": false, "via": [ { "source": 1094088, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<1.4.1" }, { "source": 1094089, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=2.0.0 <2.0.3" }, { "source": 1095054, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=2.0.0 <2.0.4" }, { "source": 1095055, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=1.0.0 <1.4.2" }, { "source": 1097142, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=2.0.0 <2.0.4" }, { "source": 1097143, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=1.0.0 <1.4.2" } ], "effects": [ "react-dev-utils", "webpack-cli" ], "range": "<=1.4.1 || 2.0.0 - 2.0.3", "nodes": [ "node_modules/react-dev-utils/node_modules/loader-utils", "node_modules/webpack-cli/node_modules/loader-utils" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "markdown-it": { "name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [ { "source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<12.3.2" } ], "effects": [ "jsdoc" ], "range": "<12.3.2", "nodes": [ "node_modules/markdown-it" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "marked": { "name": "marked", "severity": "high", "isDirect": false, "via": [ { "source": 1095051, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" }, { "source": 1095052, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" } ], "effects": [ "jsdoc" ], "range": "<=4.0.9", "nodes": [ "node_modules/marked" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" }, "braces" ], "effects": [ "anymatch", "fast-glob", "findup-sync", "fork-ts-checker-webpack-plugin", "readdirp", "webpack" ], "range": "<=4.0.7", "nodes": [ "", "", "", "node_modules/@storybook/builder-webpack4/node_modules/micromatch", "node_modules/fast-glob/node_modules/micromatch", "node_modules/react-dev-utils/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [ "recursive-readdir" ], "range": "<3.0.5", "nodes": [ "node_modules/minimatch" ], "fixAvailable": true }, "path-to-regexp": { "name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [ { "source": 1099561, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=0.2.0 <1.9.0" }, { "source": 1099562, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<0.1.10" } ], "effects": [ "express" ], "range": "<=0.1.9 || 0.2.0 - 1.8.0", "nodes": [ "", "", "" ], "fixAvailable": true }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "", "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss" ], "fixAvailable": true }, "postcss-flexbugs-fixes": { "name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=4.2.1", "nodes": [ "node_modules/postcss-flexbugs-fixes" ], "fixAvailable": true }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [], "range": "<=4.0.0-rc.4", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [ "css-loader" ], "range": "<=4.0.0-rc.5", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": true }, "react-dev-utils": { "name": "react-dev-utils", "severity": "critical", "isDirect": false, "via": [ "browserslist", "fork-ts-checker-webpack-plugin", "immer", "loader-utils", "recursive-readdir", "shell-quote" ], "effects": [ "@storybook/builder-webpack4" ], "range": "0.5.2 - 12.0.0-next.60", "nodes": [ "node_modules/react-dev-utils" ], "fixAvailable": true }, "readdirp": { "name": "readdirp", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": true }, "recursive-readdir": { "name": "recursive-readdir", "severity": "high", "isDirect": false, "via": [ "minimatch" ], "effects": [ "react-dev-utils" ], "range": "1.2.0 - 2.2.2", "nodes": [ "node_modules/recursive-readdir" ], "fixAvailable": true }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "jsdom", "less", "request-promise-core", "request-promise-native" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "request-promise-core": { "name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": [ "request" ], "effects": [ "request-promise-native" ], "range": "*", "nodes": [ "node_modules/request-promise-core" ], "fixAvailable": true }, "request-promise-native": { "name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": [ "request", "request-promise-core", "tough-cookie" ], "effects": [], "range": ">=1.0.0", "nodes": [ "node_modules/request-promise-native" ], "fixAvailable": true }, "send": { "name": "send", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099525, "name": "send", "dependency": "send", "title": "send vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<0.19.0" } ], "effects": [ "express", "serve-static" ], "range": "<0.19.0", "nodes": [ "" ], "fixAvailable": true }, "serve-static": { "name": "serve-static", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099527, "name": "serve-static", "dependency": "serve-static", "title": "serve-static vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<1.16.0" }, "send" ], "effects": [], "range": "<=1.16.0", "nodes": [ "" ], "fixAvailable": true }, "shell-quote": { "name": "shell-quote", "severity": "critical", "isDirect": false, "via": [ { "source": 1096375, "name": "shell-quote", "dependency": "shell-quote", "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote", "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7", "severity": "critical", "cwe": [ "CWE-77" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=1.7.2" } ], "effects": [ "react-dev-utils" ], "range": "<=1.7.2", "nodes": [ "node_modules/shell-quote" ], "fixAvailable": true }, "taffydb": { "name": "taffydb", "severity": "high", "isDirect": false, "via": [ { "source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": [ "CWE-20", "CWE-668" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=2.7.3" } ], "effects": [ "jsdoc" ], "range": "*", "nodes": [ "node_modules/taffydb" ], "fixAvailable": { "name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false } }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [], "range": "<6.2.1", "nodes": [ "" ], "fixAvailable": true }, "terser-webpack-plugin": { "name": "terser-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "webpack" ], "range": "<=2.2.1", "nodes": [ "" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "jsdom", "request", "request-promise-native" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": { "name": "jsdom", "version": "25.0.1", "isSemVerMajor": true } }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/watchpack" ], "fixAvailable": true }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": true }, "webpack": { "name": "webpack", "severity": "moderate", "isDirect": true, "via": [ "micromatch", "terser-webpack-plugin" ], "effects": [ "@storybook/core-common", "@storybook/core-server", "terser-webpack-plugin", "webpack-cli" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "webpack", "version": "5.95.0", "isSemVerMajor": true } }, "webpack-cli": { "name": "webpack-cli", "severity": "high", "isDirect": true, "via": [ "findup-sync", "loader-utils", "webpack" ], "effects": [], "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1", "nodes": [ "node_modules/webpack-cli" ], "fixAvailable": { "name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false } }, "webpack-dev-middleware": { "name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [ { "source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": [ "CWE-22" ], "cvss": { "score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" }, "range": "<=5.3.3" } ], "effects": [ "@storybook/core-server" ], "range": "<=5.3.3", "nodes": [ "node_modules/webpack-dev-middleware" ], "fixAvailable": { "name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true } }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" }, { "source": 1098394, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=6.0.0 <6.2.3" } ], "effects": [], "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0", "nodes": [ "", "" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 30, "high": 22, "critical": 5, "total": 58 }, "dependencies": { "prod": 1, "dev": 1983, "optional": 34, "peer": 15, "peerOptional": 0, "total": 1983 } } } } --- end --- {"added": 1983, "removed": 0, "changed": 0, "audited": 1984, "funding": 208, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/traverse": {"name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": [], "range": "<7.23.2", "nodes": [""], "fixAvailable": true}, "@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "isDirect": false, "via": ["@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "react-dev-utils", "webpack", "webpack-dev-middleware"], "effects": [], "range": "*", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": true}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/core-server"], "effects": ["@storybook/html"], "range": "6.2.0-alpha.0 - 6.3.0-rc.12", "nodes": ["node_modules/@storybook/core"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["@storybook/html"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": ["@storybook/builder-webpack4", "@storybook/core-common", "cpy", "css-loader", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "@storybook/html": {"name": "@storybook/html", "severity": "high", "isDirect": true, "via": ["@storybook/core", "@storybook/core-common"], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/html"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/watchpack-chokidar2/node_modules/anymatch"], "fixAvailable": true}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "body-parser": {"name": "body-parser", "severity": "high", "isDirect": false, "via": [{"source": 1099520, "name": "body-parser", "dependency": "body-parser", "title": "body-parser vulnerable to denial of service when url encoding is enabled", "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7", "severity": "high", "cwe": ["CWE-405"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<1.20.3"}], "effects": ["express"], "range": "<1.20.3", "nodes": [""], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["", "", "node_modules/@storybook/builder-webpack4/node_modules/braces", "node_modules/fast-glob/node_modules/braces", "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces"], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "browserify-sign": {"name": "browserify-sign", "severity": "high", "isDirect": false, "via": [{"source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": ["CWE-347"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=2.6.0 <=4.2.1"}], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [""], "fixAvailable": true}, "browserslist": {"name": "browserslist", "severity": "moderate", "isDirect": false, "via": [{"source": 1093035, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.16.5"}], "effects": ["react-dev-utils"], "range": "4.0.0 - 4.16.4", "nodes": ["node_modules/react-dev-utils/node_modules/browserslist"], "fixAvailable": true}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["watchpack-chokidar2"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": true}, "cpy": {"name": "cpy", "severity": "moderate", "isDirect": false, "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/css-loader"], "fixAvailable": true}, "elliptic": {"name": "elliptic", "severity": "low", "isDirect": false, "via": [{"source": 1098593, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's EDDSA missing signature length check", "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p", "severity": "low", "cwe": ["CWE-347"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": ">=4.0.0 <=6.5.6"}, {"source": 1098594, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero", "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw", "severity": "low", "cwe": ["CWE-130"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": ">=2.0.0 <=6.5.6"}, {"source": 1098595, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic allows BER-encoded signatures", "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m", "severity": "low", "cwe": ["CWE-347"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": ">=5.2.1 <=6.5.6"}], "effects": [], "range": "2.0.0 - 6.5.6", "nodes": [""], "fixAvailable": true}, "express": {"name": "express", "severity": "high", "isDirect": false, "via": [{"source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": ["CWE-601", "CWE-1286"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.19.2"}, {"source": 1099529, "name": "express", "dependency": "express", "title": "express vulnerable to XSS via response.redirect()", "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "range": "<4.20.0"}, "body-parser", "path-to-regexp", "send", "serve-static"], "effects": [], "range": "<=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3", "nodes": [""], "fixAvailable": true}, "fast-glob": {"name": "fast-glob", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/fast-glob"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "findup-sync": {"name": "findup-sync", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["webpack-cli"], "range": "0.4.0 - 3.0.0", "nodes": [""], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["react-dev-utils"], "range": "0.4.14 - 4.1.6", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin", "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": true}, "globby": {"name": "globby", "severity": "moderate", "isDirect": false, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/globby"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "immer": {"name": "immer", "severity": "critical", "isDirect": false, "via": [{"source": 1097196, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx", "severity": "high", "cwe": ["CWE-915", "CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <9.0.6"}, {"source": 1097209, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h", "severity": "critical", "cwe": ["CWE-843", "CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=7.0.0 <9.0.6"}], "effects": [], "range": "7.0.0 - 9.0.5", "nodes": ["node_modules/immer"], "fixAvailable": true}, "ip": {"name": "ip", "severity": "high", "isDirect": false, "via": [{"source": 1097720, "name": "ip", "dependency": "ip", "title": "NPM IP package incorrectly identifies some private IP addresses as public", "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22", "severity": "low", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<1.1.9"}, {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}], "effects": [], "range": "*", "nodes": [""], "fixAvailable": true}, "jsdoc": {"name": "jsdoc", "severity": "high", "isDirect": true, "via": ["markdown-it", "marked", "taffydb"], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "jsdom": {"name": "jsdom", "severity": "moderate", "isDirect": true, "via": ["request", "tough-cookie"], "effects": [], "range": "0.1.20 || 0.2.0 - 16.5.3", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "less": {"name": "less", "severity": "moderate", "isDirect": true, "via": ["request"], "effects": [], "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3", "nodes": ["node_modules/less"], "fixAvailable": {"name": "less", "version": "3.13.1", "isSemVerMajor": false}}, "loader-utils": {"name": "loader-utils", "severity": "critical", "isDirect": false, "via": [{"source": 1094088, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<1.4.1"}, {"source": 1094089, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=2.0.0 <2.0.3"}, {"source": 1095054, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.4"}, {"source": 1095055, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}, {"source": 1097142, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.4"}, {"source": 1097143, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}], "effects": ["react-dev-utils", "webpack-cli"], "range": "<=1.4.1 || 2.0.0 - 2.0.3", "nodes": ["node_modules/react-dev-utils/node_modules/loader-utils", "node_modules/webpack-cli/node_modules/loader-utils"], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<12.3.2"}], "effects": ["jsdoc"], "range": "<12.3.2", "nodes": ["node_modules/markdown-it"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "marked": {"name": "marked", "severity": "high", "isDirect": false, "via": [{"source": 1095051, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.0.10"}, {"source": 1095052, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.0.10"}], "effects": ["jsdoc"], "range": "<=4.0.9", "nodes": ["node_modules/marked"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "fast-glob", "findup-sync", "fork-ts-checker-webpack-plugin", "readdirp", "webpack"], "range": "<=4.0.7", "nodes": ["", "", "", "node_modules/@storybook/builder-webpack4/node_modules/micromatch", "node_modules/fast-glob/node_modules/micromatch", "node_modules/react-dev-utils/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch"], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["recursive-readdir"], "range": "<3.0.5", "nodes": ["node_modules/minimatch"], "fixAvailable": true}, "path-to-regexp": {"name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [{"source": 1099561, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=0.2.0 <1.9.0"}, {"source": 1099562, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.1.10"}], "effects": ["express"], "range": "<=0.1.9 || 0.2.0 - 1.8.0", "nodes": ["", "", ""], "fixAvailable": true}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<8.4.31", "nodes": ["", "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": true}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "react-dev-utils": {"name": "react-dev-utils", "severity": "critical", "isDirect": false, "via": ["browserslist", "fork-ts-checker-webpack-plugin", "immer", "loader-utils", "recursive-readdir", "shell-quote"], "effects": ["@storybook/builder-webpack4"], "range": "0.5.2 - 12.0.0-next.60", "nodes": ["node_modules/react-dev-utils"], "fixAvailable": true}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/watchpack-chokidar2/node_modules/readdirp"], "fixAvailable": true}, "recursive-readdir": {"name": "recursive-readdir", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": ["react-dev-utils"], "range": "1.2.0 - 2.2.2", "nodes": ["node_modules/recursive-readdir"], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["jsdom", "less", "request-promise-core", "request-promise-native"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "request-promise-core": {"name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["request-promise-native"], "range": "*", "nodes": ["node_modules/request-promise-core"], "fixAvailable": true}, "request-promise-native": {"name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": ["request", "request-promise-core", "tough-cookie"], "effects": [], "range": ">=1.0.0", "nodes": ["node_modules/request-promise-native"], "fixAvailable": true}, "send": {"name": "send", "severity": "moderate", "isDirect": false, "via": [{"source": 1099525, "name": "send", "dependency": "send", "title": "send vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "range": "<0.19.0"}], "effects": ["express", "serve-static"], "range": "<0.19.0", "nodes": [""], "fixAvailable": true}, "serve-static": {"name": "serve-static", "severity": "moderate", "isDirect": false, "via": [{"source": 1099527, "name": "serve-static", "dependency": "serve-static", "title": "serve-static vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "range": "<1.16.0"}, "send"], "effects": [], "range": "<=1.16.0", "nodes": [""], "fixAvailable": true}, "shell-quote": {"name": "shell-quote", "severity": "critical", "isDirect": false, "via": [{"source": 1096375, "name": "shell-quote", "dependency": "shell-quote", "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote", "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7", "severity": "critical", "cwe": ["CWE-77"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=1.7.2"}], "effects": ["react-dev-utils"], "range": "<=1.7.2", "nodes": ["node_modules/shell-quote"], "fixAvailable": true}, "taffydb": {"name": "taffydb", "severity": "high", "isDirect": false, "via": [{"source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": ["CWE-20", "CWE-668"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<=2.7.3"}], "effects": ["jsdoc"], "range": "*", "nodes": ["node_modules/taffydb"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "tar": {"name": "tar", "severity": "moderate", "isDirect": false, "via": [{"source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<6.2.1"}], "effects": [], "range": "<6.2.1", "nodes": [""], "fixAvailable": true}, "terser-webpack-plugin": {"name": "terser-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["webpack"], "range": "<=2.2.1", "nodes": [""], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["jsdom", "request", "request-promise-native"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/watchpack"], "fixAvailable": true}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": true}, "webpack": {"name": "webpack", "severity": "moderate", "isDirect": true, "via": ["micromatch", "terser-webpack-plugin"], "effects": ["@storybook/core-common", "@storybook/core-server", "terser-webpack-plugin", "webpack-cli"], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": ["node_modules/webpack"], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "webpack-cli": {"name": "webpack-cli", "severity": "high", "isDirect": true, "via": ["findup-sync", "loader-utils", "webpack"], "effects": [], "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1", "nodes": ["node_modules/webpack-cli"], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}], "effects": ["@storybook/core-server"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.4", "isSemVerMajor": true}}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.17.1"}, {"source": 1098394, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.0.0 <6.2.3"}], "effects": [], "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0", "nodes": ["", ""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 30, "high": 22, "critical": 5, "total": 58}, "dependencies": {"prod": 1, "dev": 1983, "optional": 34, "peer": 15, "peerOptional": 0, "total": 1983}}}} {} Upgrading n:jsdoc from 3.6.7 -> 3.6.11 {} Upgrading n:less from 3.8.1 -> 3.13.1 {} Upgrading n:webpack-cli from 3.3.11 -> 3.3.12 $ /usr/bin/npm audit fix --only=dev --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: babel-loader@8.2.3 npm WARN Found: webpack@4.43.0 npm WARN node_modules/webpack npm WARN dev webpack@"4.43.0" from the root project npm WARN 24 more (@storybook/builder-webpack4, babel-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/builder-webpack4/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3 npm WARN node_modules/@storybook/builder-webpack4 npm WARN npm WARN Conflicting peer dependency: webpack@5.95.0 npm WARN node_modules/webpack npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/builder-webpack4/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3 npm WARN node_modules/@storybook/builder-webpack4 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: babel-loader@8.2.3 npm WARN Found: webpack@4.43.0 npm WARN node_modules/webpack npm WARN dev webpack@"4.43.0" from the root project npm WARN 24 more (@storybook/builder-webpack4, babel-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-common/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-common@6.2.3 npm WARN node_modules/@storybook/core-common npm WARN npm WARN Conflicting peer dependency: webpack@5.95.0 npm WARN node_modules/webpack npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-common/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-common@6.2.3 npm WARN node_modules/@storybook/core-common npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: babel-loader@8.2.3 npm WARN Found: webpack@4.43.0 npm WARN node_modules/webpack npm WARN dev webpack@"4.43.0" from the root project npm WARN 24 more (@storybook/builder-webpack4, babel-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-server/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-server@6.2.3 npm WARN node_modules/@storybook/core-server npm WARN npm WARN Conflicting peer dependency: webpack@5.95.0 npm WARN node_modules/webpack npm WARN peer webpack@">=2" from babel-loader@8.2.3 npm WARN node_modules/@storybook/core-server/node_modules/babel-loader npm WARN babel-loader@"^8.2.2" from @storybook/core-server@6.2.3 npm WARN node_modules/@storybook/core-server npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3 npm WARN node_modules/babel-plugin-polyfill-corejs2 npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3 npm WARN node_modules/babel-plugin-polyfill-corejs2 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.1.5 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5 npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7 npm WARN node_modules/babel-plugin-polyfill-corejs3 npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5 npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7 npm WARN node_modules/babel-plugin-polyfill-corejs3 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3 npm WARN node_modules/babel-plugin-polyfill-regenerator npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3 npm WARN node_modules/babel-plugin-polyfill-regenerator npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: undefined, npm WARN EBADENGINE required: { node: '14.17.5' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6', npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2', npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142 npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin. npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js-pure@3.19.1: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. --- stdout --- added 1968 packages, and audited 1969 packages in 52s 210 packages are looking for funding run `npm fund` for details # npm audit report braces <3.0.3 Severity: high Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg fix available via `npm audit fix --force` Will install webpack@5.95.0, which is a breaking change node_modules/@storybook/builder-webpack4/node_modules/braces node_modules/fast-glob/node_modules/braces node_modules/findup-sync/node_modules/braces node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces node_modules/watchpack-chokidar2/node_modules/braces node_modules/webpack/node_modules/braces chokidar 1.3.0 - 2.1.8 Depends on vulnerable versions of anymatch Depends on vulnerable versions of braces Depends on vulnerable versions of readdirp node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack micromatch <=4.0.7 Depends on vulnerable versions of braces node_modules/@storybook/builder-webpack4/node_modules/micromatch node_modules/fast-glob/node_modules/micromatch node_modules/findup-sync/node_modules/micromatch node_modules/react-dev-utils/node_modules/micromatch node_modules/watchpack-chokidar2/node_modules/micromatch node_modules/webpack/node_modules/micromatch anymatch 1.2.0 - 2.0.0 Depends on vulnerable versions of micromatch node_modules/watchpack-chokidar2/node_modules/anymatch fast-glob <=2.2.7 Depends on vulnerable versions of micromatch node_modules/fast-glob globby 8.0.0 - 9.2.0 Depends on vulnerable versions of fast-glob node_modules/globby cpy 7.0.0 - 8.1.2 Depends on vulnerable versions of globby node_modules/cpy @storybook/core-server <=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3 Depends on vulnerable versions of @storybook/builder-webpack4 Depends on vulnerable versions of @storybook/core-common Depends on vulnerable versions of cpy Depends on vulnerable versions of css-loader Depends on vulnerable versions of ip Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-middleware node_modules/@storybook/core-server @storybook/core 6.2.0-alpha.0 - 6.3.0-rc.12 Depends on vulnerable versions of @storybook/core-server node_modules/@storybook/core @storybook/html 6.2.0-alpha.0 - 6.5.17-alpha.0 Depends on vulnerable versions of @storybook/core Depends on vulnerable versions of @storybook/core-common node_modules/@storybook/html findup-sync 0.4.0 - 3.0.0 Depends on vulnerable versions of micromatch node_modules/findup-sync webpack-cli <=0.0.8-development || 2.0.11 - 4.0.0-rc.1 Depends on vulnerable versions of findup-sync Depends on vulnerable versions of webpack node_modules/webpack-cli fork-ts-checker-webpack-plugin 0.4.14 - 4.1.6 Depends on vulnerable versions of micromatch node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin react-dev-utils 0.5.2 - 12.0.0-next.60 Depends on vulnerable versions of browserslist Depends on vulnerable versions of fork-ts-checker-webpack-plugin Depends on vulnerable versions of immer Depends on vulnerable versions of loader-utils Depends on vulnerable versions of recursive-readdir Depends on vulnerable versions of shell-quote node_modules/react-dev-utils @storybook/builder-webpack4 * Depends on vulnerable versions of @storybook/core-common Depends on vulnerable versions of autoprefixer Depends on vulnerable versions of css-loader Depends on vulnerable versions of fork-ts-checker-webpack-plugin Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-flexbugs-fixes Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-middleware node_modules/@storybook/builder-webpack4 readdirp 2.2.0 - 2.2.1 Depends on vulnerable versions of micromatch node_modules/watchpack-chokidar2/node_modules/readdirp webpack 4.0.0-alpha.0 - 5.0.0-rc.6 Depends on vulnerable versions of micromatch Depends on vulnerable versions of terser-webpack-plugin node_modules/webpack @storybook/core-common <=6.5.17-alpha.0 Depends on vulnerable versions of webpack node_modules/@storybook/core-common terser-webpack-plugin <=2.2.1 Depends on vulnerable versions of webpack node_modules/webpack/node_modules/terser-webpack-plugin browserslist 4.0.0 - 4.16.4 Severity: moderate Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5 fix available via `npm audit fix` node_modules/react-dev-utils/node_modules/browserslist immer 7.0.0 - 9.0.5 Severity: critical Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h fix available via `npm audit fix` node_modules/immer ip * Severity: high ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp fix available via `npm audit fix --force` Will install @storybook/html@8.3.4, which is a breaking change node_modules/ip loader-utils 2.0.0 - 2.0.3 Severity: critical Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g fix available via `npm audit fix` node_modules/react-dev-utils/node_modules/loader-utils minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3 fix available via `npm audit fix` node_modules/minimatch recursive-readdir 1.2.0 - 2.2.2 Depends on vulnerable versions of minimatch node_modules/recursive-readdir postcss <8.4.31 Severity: moderate PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j fix available via `npm audit fix` node_modules/@storybook/builder-webpack4/node_modules/postcss node_modules/autoprefixer/node_modules/postcss node_modules/css-loader/node_modules/postcss node_modules/icss-utils/node_modules/postcss node_modules/postcss-flexbugs-fixes/node_modules/postcss node_modules/postcss-modules-extract-imports/node_modules/postcss node_modules/postcss-modules-local-by-default/node_modules/postcss node_modules/postcss-modules-scope/node_modules/postcss node_modules/postcss-modules-values/node_modules/postcss autoprefixer 1.0.20131222 - 9.8.8 Depends on vulnerable versions of postcss node_modules/autoprefixer css-loader 0.15.0 - 4.3.0 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-modules-extract-imports Depends on vulnerable versions of postcss-modules-local-by-default Depends on vulnerable versions of postcss-modules-scope Depends on vulnerable versions of postcss-modules-values node_modules/css-loader icss-utils <=4.1.1 Depends on vulnerable versions of postcss node_modules/icss-utils postcss-modules-local-by-default <=4.0.0-rc.4 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-local-by-default postcss-modules-values <=4.0.0-rc.5 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-values postcss-flexbugs-fixes <=4.2.1 Depends on vulnerable versions of postcss node_modules/postcss-flexbugs-fixes postcss-modules-extract-imports <=2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-extract-imports postcss-modules-scope <=2.2.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-scope request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie fix available via `npm audit fix --force` Will install jsdom@25.0.1, which is a breaking change node_modules/request jsdom 0.1.20 || 0.2.0 - 16.5.3 Depends on vulnerable versions of request Depends on vulnerable versions of tough-cookie node_modules/jsdom request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core Depends on vulnerable versions of tough-cookie node_modules/request-promise-native shell-quote <=1.7.2 Severity: critical Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7 fix available via `npm audit fix` node_modules/shell-quote taffydb * Severity: high TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6 fix available via `npm audit fix --force` Will install jsdoc@4.0.3, which is a breaking change node_modules/taffydb jsdoc 3.2.0-dev - 3.6.11 Depends on vulnerable versions of taffydb node_modules/jsdoc tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 fix available via `npm audit fix --force` Will install jsdom@25.0.1, which is a breaking change node_modules/tough-cookie webpack-dev-middleware <=5.3.3 Severity: high Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6 fix available via `npm audit fix --force` Will install @storybook/html@8.3.4, which is a breaking change node_modules/webpack-dev-middleware 45 vulnerabilities (26 moderate, 15 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force --- end --- Verifying that tests still pass $ /usr/bin/npm ci --- stderr --- npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3 npm WARN node_modules/babel-plugin-polyfill-corejs2 npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3 npm WARN node_modules/babel-plugin-polyfill-corejs2 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.1.5 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5 npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7 npm WARN node_modules/babel-plugin-polyfill-corejs3 npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5 npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7 npm WARN node_modules/babel-plugin-polyfill-corejs3 npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4 npm WARN Found: @babel/core@7.2.2 npm WARN node_modules/@babel/core npm WARN dev @babel/core@"7.2.2" from the root project npm WARN 85 more (@babel/helper-compilation-targets, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3 npm WARN node_modules/babel-plugin-polyfill-regenerator npm WARN npm WARN Conflicting peer dependency: @babel/core@7.25.7 npm WARN node_modules/@babel/core npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4 npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider npm WARN @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3 npm WARN node_modules/babel-plugin-polyfill-regenerator npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: undefined, npm WARN EBADENGINE required: { node: '14.17.5' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6', npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2', npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142 npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin. npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js-pure@3.19.1: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. --- stdout --- added 1968 packages, and audited 1969 packages in 1m 210 packages are looking for funding run `npm fund` for details 45 vulnerabilities (26 moderate, 15 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stdout --- > test > npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc Checked 1 message directory. /src/repo/src/mobile.editor.overlay/EditorGateway.js 213:1 warning This line has a length of 119. Maximum allowed is 100 max-len 270:1 warning This line has a length of 102. Maximum allowed is 100 max-len /src/repo/src/mobile.editor.overlay/EditorOverlayBase.js 225:1 warning This line has a length of 101. Maximum allowed is 100 max-len /src/repo/src/mobile.editor.overlay/SourceEditorOverlay.js 538:1 warning This line has a length of 101. Maximum allowed is 100 max-len /src/repo/src/mobile.startup/Icon.js 94:0 warning @property path declaration ("defaults.base") appears before any real property jsdoc/check-property-names /src/repo/src/mobile.startup/PageHTMLParser.js 166:13 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp /src/repo/src/mobile.startup/search/SearchGateway.js 68:10 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp /src/repo/tests/node-qunit/importable.test.js 56:4 warning Found non-literal argument in require security/detect-non-literal-require /src/repo/tests/node-qunit/mobile.startup/CtaDrawer.test.js 100:12 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp 121:12 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp ✖ 10 problems (0 errors, 10 warnings) TAP version 13 ok 1 MobileFrontend imports > All our code is importable in headless Node.js ok 2 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent (no section) ok 3 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent ok 4 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent, missing section ok 5 MobileFrontend mobile.editor.overlay/EditorGateway > #getBlockInfo ok 6 MobileFrontend mobile.editor.overlay/EditorGateway > #save, success ok 7 MobileFrontend mobile.editor.overlay/EditorGateway > #save, new page ok 8 MobileFrontend mobile.editor.overlay/EditorGateway > #save, submit CAPTCHA ok 9 MobileFrontend mobile.editor.overlay/EditorGateway > #save, request failure ok 10 MobileFrontend mobile.editor.overlay/EditorGateway > #save, API failure ok 11 MobileFrontend mobile.editor.overlay/EditorGateway > #save, CAPTCHA response with image URL ok 12 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter warning ok 13 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter disallow ok 14 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter other ok 15 MobileFrontend mobile.editor.overlay/EditorGateway > #save, extension errors ok 16 MobileFrontend mobile.editor.overlay/EditorGateway > #save, read-only error ok 17 MobileFrontend mobile.editor.overlay/EditorGateway > #save, unknown errors ok 18 MobileFrontend mobile.editor.overlay/EditorGateway > #save, without changes ok 19 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway ok 20 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check without sectionLine ok 21 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check with sectionLine ok 22 MobileFrontend mobile.editor.overlay/EditorGateway > #save, when token has expired ok 23 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, blocked user ok 24 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, with given page and section ok 25 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, without a section ok 26 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #preview ok 27 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, as anonymous ok 28 MobileFrontend mobile.editor.overlay/identifyLeadParagraph > identifyLeadParagraph ok 29 MobileFrontend editorLoadingOverlay.js > editorLoadingOverlay calls the callbacks ok 30 MobileFrontend LanguageSearcher.js > renders output ok 31 MobileFrontend LanguageSearcher.js > saves the language count when link is clicked ok 32 MobileFrontend LanguageSearcher.js > without variants, input event filters languages ok 33 MobileFrontend LanguageSearcher.js > with variants, input event filters languages ok 34 MobileFrontend mobile.languages.structured/util.test.js > #getFrequentlyUsedLanguages ok 35 MobileFrontend mobile.languages.structured/util.test.js > #saveLanguageUsageCount ok 36 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages ok 37 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages device language ok 38 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages variants ok 39 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows details bar and image with successful api response ok 40 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows error message with failed api response ok 41 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is disabled when overlay has load failure ok 42 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is enabled when overlay loads successfully ok 43 MobileFrontend mobile.mediaViewer/ImageGateway > #findSizeBucket ok 44 MobileFrontend mobile.mediaViewer/ImageGateway > ImageGateway#getThumb (missing page) ok 45 MobileFrontend WatchList.js > In watched mode ok 46 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the first page ok 47 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the second page from last item of first ok 48 MobileFrontend WatchListGateway.js > loadWatchlist() doesn't throw an error when no pages are returned ok 49 MobileFrontend WatchListGateway.js > loadWatchlist() marks pages as new if necessary ok 50 MobileFrontend Browser.js > isIos() ok 51 MobileFrontend Browser.js > Methods are cached ok 52 MobileFrontend Browser.js > isWideScreen() ok 53 MobileFrontend Browser.js > supportsTouchEvents() ok 54 MobileFrontend Button.js > creates a link if passed href option ok 55 MobileFrontend Button.js > does not add href attribute when not a link ok 56 MobileFrontend CtaDrawer.js > redirectParams() > empty props, default URL ok 57 MobileFrontend CtaDrawer.js > redirectParams() > empty props, nondefault URL ok 58 MobileFrontend CtaDrawer.js > redirectParams() > nonempty props ok 59 MobileFrontend CtaDrawer.js > signUpParams() > empty props ok 60 MobileFrontend CtaDrawer.js > signUpParams() > nonempty props ok 61 MobileFrontend CtaDrawer.js > HTML > defaults ok 62 MobileFrontend CtaDrawer.js > HTML > overrides ok 63 MobileFrontend Drawer.js > visible on show() ok 64 MobileFrontend Drawer.js > accepts onShow and events ok 65 MobileFrontend Drawer.js > hidden on hide() ok 66 MobileFrontend Drawer.js > hidden on mask click ok 67 MobileFrontend Drawer.js > HTML is valid ok 68 MobileFrontend Icon.js > getIconClasses generates icon classes using icon ok 69 MobileFrontend Icon.js > getIconClasses generates icon classes using custom icon prefix ok 70 MobileFrontend Icon.js > getRotationClasses returns rotation classes ok 71 MobileFrontend Icon.js > getGlyphClassName uses icon prefix ok 72 MobileFrontend Icon.js > getGlyphClassName does not use icon prefix if not provided ok 73 MobileFrontend Icon.js > adds small classes ok 74 MobileFrontend IconButton.js > creates a link if passed href option ok 75 MobileFrontend IconButton.js > does not add href attribute when not a link ok 76 MobileFrontend IconButton.js > adds disabled attribute when a button ok 77 MobileFrontend IconButton.js > does not add disabled attribute when not a button ok 78 MobileFrontend IconButton.js > adds additional classes ok 79 MobileFrontend: Overlay.js > Simple overlay ok 80 MobileFrontend: Overlay.js > #make ok 81 MobileFrontend: Overlay.js > HTML overlay ok 82 MobileFrontend: Overlay.js > headerActions property ok 83 MobileFrontend: Overlay.js > onBeforeExit ok 84 MobileFrontend: Overlay.js > Close overlay ok 85 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay not managed) ok 86 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay managed) ok 87 MobileFrontend mobile.startup/OverlayManager > #getSingleton ok 88 MobileFrontend mobile.startup/OverlayManager > #add ok 89 MobileFrontend mobile.startup/OverlayManager > #show ok 90 MobileFrontend mobile.startup/OverlayManager > #add, with current path ok 91 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (matching) ok 92 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (not matching) ok 93 MobileFrontend mobile.startup/OverlayManager > #replaceCurrent ok 94 MobileFrontend mobile.startup/OverlayManager > route with params ok 95 MobileFrontend mobile.startup/OverlayManager > hide when route changes ok 96 MobileFrontend mobile.startup/OverlayManager > go back (change route) if overlay hidden but not by route change ok 97 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches ok 98 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches (non-regex) ok 99 MobileFrontend mobile.startup/OverlayManager > do not go back (change route) if overlay hidden by change in route ok 100 MobileFrontend mobile.startup/OverlayManager > preventDefault called when you cancel an exit request ok 101 MobileFrontend mobile.startup/OverlayManager > Browser back can be overidden ok 102 MobileFrontend mobile.startup/OverlayManager > stacked overlays ok 103 MobileFrontend mobile.startup/OverlayManager > prevent route change ok 104 MobileFrontend mobile.startup/OverlayManager > stack increases and decreases at right times ok 105 MobileFrontend mobile.startup/OverlayManager > replace overlay when route event path is equal to current path ok 106 MobileFrontend Page.js > #isMainPage ok 107 MobileFrontend PageHTMLParser.js > #findInSectionLead ok 108 MobileFrontend PageHTMLParser.js > #getThumbnail ok 109 MobileFrontend PageHTMLParser.js > #getThumbnails ok 110 MobileFrontend ScrollEndEventEmitter.js > initializes properly ok 111 MobileFrontend ScrollEndEventEmitter.js > emits scroll end event ok 112 MobileFrontend ScrollEndEventEmitter.js > doesn't emit when disabled ok 113 MobileFrontend Section.js > initialize with options ok 114 MobileFrontend Section.js > initialize with subsections ok 115 MobileFrontend Toggler.js > Mobile mode - Toggle section ok 116 MobileFrontend Toggler.js > Mobile mode - Clicking a hash link to reveal an already open section ok 117 MobileFrontend Toggler.js > Mobile mode - Reveal element ok 118 MobileFrontend Toggler.js > Mobile mode - Clicking hash links ok 119 MobileFrontend Toggler.js > Mobile mode - Tap event toggles section ok 120 MobileFrontend Toggler.js > Accessibility - Verify ARIA attributes ok 121 MobileFrontend Toggler.js > Tablet mode - Open by default ok 122 MobileFrontend Toggler.js > Tablet mode - Open by default 2 ok 123 MobileFrontend Toggler.js > Accessibility - Pressing space/ enter toggles a heading ok 124 MobileFrontend Toggler.js > Clicking a link within a heading isn't triggering a toggle ok 125 MobileFrontend Toggler.js > Toggling a section stores its state. ok 126 MobileFrontend Toggler.js > Expanding already expanded section does not toggle it. ok 127 MobileFrontend Toggler.js > MobileFrontend toggle.js - Expand stored sections. ok 128 MobileFrontend Toggler.js > MobileFrontend toggle.js - T320753: Presence of class disables toggling. ok 129 MobileFrontend mobile.startup/View > View ok 130 MobileFrontend mobile.startup/View > View, jQuery proxy functions ok 131 MobileFrontend mobile.startup/View > View#preRender ok 132 MobileFrontend mobile.startup/View > View#postRender ok 133 MobileFrontend mobile.startup/View > View#delegateEvents ok 134 MobileFrontend mobile.startup/View > View#render (with isTemplateMode) ok 135 MobileFrontend mobile.startup/View > View#render events (with isTemplateMode) ok 136 MobileFrontend mobile.startup/View > View with className option ok 137 MobileFrontend mobile.startup/View > View.make() ok 138 MobileFrontend amcOutreach/AmcEnableForm.js > renders correctly ok 139 MobileFrontend amcOutreachDrawer.js > returns a drawer ok 140 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and onBeforeHide callback when dismissed ok 141 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and toast.showOnPageReload when user enables ok 142 MobileFrontend cache.js > cache set() and get() ok 143 MobileFrontend extendSearchParams.js > it throws if the feature is invalid ok 144 MobileFrontend extendSearchParams.js > it extends the parameters ok 145 MobileFrontend extendSearchParams.js > it doesn't include Wikibase-specific parameters if the feature is disabled ok 146 MobileFrontend extendSearchParams.js > it adds the MobileFrontend configuration to given terms types ok 147 MobileFrontend extendSearchParams.js > it prioritizes MobileFrontend configuration ok 148 MobileFrontend extendSearchParams.js > it is variadic ok 149 MobileFrontend icons.js > #cancel() ok 150 MobileFrontend icons.js > #cancel(variant) ok 151 MobileFrontend icons.js > #cancel(, props) ok 152 MobileFrontend icons.js > #spinner(props) ok 153 MobileFrontend icons.js > #spinner() ok 154 MobileFrontend getDeviceLanguage > returns language code of device in lowercase ok 155 MobileFrontend languageOverlay.js > #constructor ok 156 MobileFrontend lazyImageLoader.js > #queryPlaceholders() empty ok 157 MobileFrontend lazyImageLoader.js > #queryPlaceholders() nonempty ok 158 MobileFrontend lazyImageLoader.js > #loadImage() copy attributes ok 159 MobileFrontend lazyImageLoader.js > #loadImage() loaded ok 160 MobileFrontend lazyImageLoader.js > #loadImage() load error ok 161 MobileFrontend lazyImageLoader.js > #loadImages() empty ok 162 MobileFrontend lazyImageLoader.js > #loadImages() nonempty ok 163 MobileFrontend lazyImageLoader.js > #loadImages() plural ok 164 MobileFrontend lazyImageLoader.js > #loadImages() one fails to load, one succeeds ok 165 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor ok 166 MobileFrontend mfExtend.test.js > mfExtend() - extending from object ok 167 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor with overrides ok 168 MobileFrontend ModuleLoader > #require ok 169 MobileFrontend ModuleLoader > #define ok 170 MobileFrontend pageJSONParser > .parse() ok 171 MobileFrontend promisedView.js > #constructor happyView ok 172 MobileFrontend promisedView.js > #constructor when promise rejects but not to a sadView ok 173 MobileFrontend promisedView.js > #constructor when promise rejects to a sadView ok 174 MobileFrontend promoCampaign.js > #showIfEligible throws when invalid ok 175 MobileFrontend promoCampaign.js > #showIfEligible when campaign off ok 176 MobileFrontend promoCampaign.js > #showIfEligible when user ineligible ok 177 MobileFrontend promoCampaign.js > #showIfEligible when storage is not available ok 178 MobileFrontend promoCampaign.js > #showIfEligible when storage key is ineligible ok 179 MobileFrontend promoCampaign.js > #showIfEligible when eligible ok 180 MobileFrontend promoCampaign.js > #showIfEligible when eligible and passed additional args ok 181 MobileFrontend promoCampaign.js > #makeActionIneligible when successful ok 182 MobileFrontend promoCampaign.js > #makeActionIneligible when unsuccessful ok 183 MobileFrontend promoCampaign.js > #makeActionIneligible when invalid action ok 184 MobileFrontend promoCampaign.js > #makeAllActionsIneligible ok 185 MobileFrontend promoCampaign.js > #isCampaignActive when true ok 186 MobileFrontend promoCampaign.js > #isCampaignActive when false ok 187 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking good reference ok 188 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking bad reference ok 189 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() adds an extra class for external links ok 190 MobileFrontend: references > Bad reference not shown ok 191 MobileFrontend: references > Good reference causes render ok 192 MobileFrontend: references > Reference failure renders error in drawer ok 193 MobileFrontend: references > makeOnNestedReferenceClickHandler runs when associated with link ok 194 MobileFrontend: SearchGateway > ._highlightSearchTerm ok 195 MobileFrontend: SearchGateway > show redirect targets ok 196 MobileFrontend: SearchGateway > MobileFrontend SearchGateway (Wikidata Descriptions) > Wikidata Description in search results ok 197 MobileFrontend mobile.startup/SearchOverlay.js > renders correctly ok 198 MobileFrontend mobile.startup/SearchOverlay.js > resetSearch ok 199 MobileFrontend mobile.startup/SearchOverlay.js > onClickOverlayContent ok 200 MobileFrontend mobile.startup/SearchResultsView.js > renders correctly ok 201 MobileFrontend time.js > timeAgo() ok 202 MobileFrontend util.js > Promise.all() success ok 203 MobileFrontend util.js > Promise.all() reject ok 204 MobileFrontend util.js > escapeSelector() ok 205 MobileFrontend util.js > docReady() ok 206 MobileFrontend util.js > Deferred() - resolve ok 207 MobileFrontend util.js > Deferred() - reject ok 208 MobileFrontend util.js > getDocument() ok 209 MobileFrontend util.js > getWindow() ok 210 MobileFrontend util.js > parseHTML() ok 211 MobileFrontend util.js > extend() ok 212 MobileFrontend Watchstar.js > Render a watchstar ok 213 MobileFrontend: WatchstarGateway.js > getStatuses(nonempty) ok 214 MobileFrontend: WatchstarGateway.js > getStatuses(empty) ok 215 MobileFrontend: WatchstarGateway.js > getStatusesByID(nonempty) ok 216 MobileFrontend: WatchstarGateway.js > getStatusesByID(empty) ok 217 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(nonempty) ok 218 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(empty) ok 219 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(nonempty) ok 220 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(empty) ok 221 MobileFrontend mobile.startup/WatchstarPageList > Watchlist status check if no ids ok 222 MobileFrontend mobile.startup/WatchstarPageList > Checks watchlist status once 1..222 # pass 222 # skip 0 # todo 0 # fail 0 ----------------------------------|---------|----------|---------|---------|------------------------ File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s ----------------------------------|---------|----------|---------|---------|------------------------ All files | 65.13 | 52.14 | 59.76 | 65.11 | mobile.editor.overlay | 39.94 | 29.34 | 31.65 | 39.85 | BlockMessageDetails.js | 9.43 | 0 | 0 | 9.43 | 13-140 EditorGateway.js | 92.13 | 83.33 | 93.75 | 92.13 | ...116-117,234,296-299 EditorOverlayBase.js | 34.73 | 16.3 | 26.82 | 34.73 | ...437-558,647,697-784 SourceEditorOverlay.js | 41.5 | 29.03 | 29.72 | 41.5 | ...341,390,408,425-608 VisualEditorOverlay.js | 11.3 | 0 | 0 | 11.3 | 26-113,147-331 blockMessageDrawer.js | 21.73 | 0 | 25 | 21.73 | 29-56 identifyLeadParagraph.js | 94.11 | 83.33 | 100 | 93.75 | 22 parseBlockInfo.js | 69.56 | 62.5 | 75 | 69.56 | 27,37,46-47,61-65 saveFailureMessage.js | 11.11 | 0 | 0 | 11.11 | 12-28 setPreferredEditor.js | 20 | 0 | 0 | 20 | 7-12 mobile.init | 16.47 | 0.69 | 10.34 | 16.47 | editor.js | 6.73 | 0 | 0 | 6.73 | 31-556,560-567 editorLoadingOverlay.js | 77.77 | 50 | 71.42 | 77.77 | 46-59 fakeToolbar.js | 100 | 100 | 100 | 100 | lazyLoadedImages.js | 9.52 | 0 | 0 | 9.52 | 11-66,73 toggling.js | 7.14 | 0 | 0 | 7.14 | 3-45 mobile.languages.structured | 91.07 | 82.75 | 90.9 | 91.07 | LanguageSearcher.js | 93.75 | 100 | 88.88 | 93.75 | 150-152 mobile.languages.structured.js | 100 | 100 | 100 | 100 | rtlLanguages.js | 100 | 100 | 100 | 100 | util.js | 88.33 | 75 | 92.3 | 88.33 | 44,61,131-133,164,174 mobile.mediaViewer | 81.34 | 52 | 81.81 | 81.34 | ImageCarousel.js | 78.43 | 41.66 | 80 | 78.43 | ...290,340-341,348,369 ImageGateway.js | 95.23 | 78.57 | 100 | 95.23 | 57 LoadErrorMessage.js | 81.81 | 100 | 66.66 | 81.81 | 74-76 mobile.special.watchlist.scripts | 85.48 | 83.33 | 64.28 | 85.48 | WatchList.js | 74.19 | 50 | 44.44 | 74.19 | 34,92-125 WatchListGateway.js | 96.77 | 87.5 | 100 | 96.77 | 49 mobile.startup | 84.77 | 75.88 | 79.63 | 84.75 | Anchor.js | 100 | 100 | 100 | 100 | Browser.js | 96.66 | 93.75 | 100 | 96.66 | 69 Button.js | 95 | 83.33 | 100 | 95 | 33 CtaDrawer.js | 100 | 100 | 100 | 100 | Drawer.js | 100 | 100 | 90.9 | 100 | Icon.js | 94.44 | 87.5 | 100 | 94.44 | 50-52 IconButton.js | 100 | 87.5 | 100 | 100 | 56-59 LanguageInfo.js | 20 | 0 | 0 | 20 | 11,25-65 MessageBox.js | 100 | 100 | 100 | 100 | Overlay.js | 89.79 | 70 | 84.61 | 89.79 | 54,110,113,164-165 OverlayManager.js | 99.05 | 94.73 | 100 | 99.05 | 59 Page.js | 53.84 | 74.28 | 58.33 | 53.84 | ...128,146-155,174-181 PageHTMLParser.js | 83.58 | 83.72 | 84.61 | 83.33 | 40,222,235-249 PageList.js | 100 | 50 | 100 | 100 | 60 ScrollEndEventEmitter.js | 85.71 | 81.81 | 87.5 | 85.71 | 130-133 Section.js | 100 | 100 | 100 | 100 | Skin.js | 24.32 | 0 | 0 | 24.32 | 23-29,50-119,129-136 Thumbnail.js | 88.88 | 100 | 75 | 88.88 | 47 Toggler.js | 88.61 | 77.33 | 85 | 88.61 | ...316,342-348,366,374 View.js | 92.42 | 78.57 | 88.23 | 92.42 | 184,198-201,353 actionParams.js | 100 | 50 | 100 | 100 | 16 cache.js | 100 | 100 | 50 | 100 | currentPage.js | 90.9 | 75 | 100 | 90.9 | 26 currentPageHTMLParser.js | 83.33 | 50 | 100 | 83.33 | 19 eventBusSingleton.js | 100 | 100 | 100 | 100 | extendSearchParams.js | 94.44 | 70 | 100 | 94.44 | 70 headers.js | 100 | 100 | 100 | 100 | icons.js | 100 | 81.25 | 100 | 100 | 118,135-136 loadingOverlay.js | 50 | 100 | 0 | 50 | 12-17 mfExtend.js | 100 | 100 | 100 | 100 | mobile.startup.js | 71.42 | 100 | 0 | 71.42 | 9,52 moduleLoader.js | 78.26 | 62.5 | 66.66 | 78.26 | 45,78-100 moduleLoaderSingleton.js | 100 | 100 | 100 | 100 | promisedView.js | 100 | 100 | 100 | 100 | showOnPageReload.js | 41.66 | 25 | 50 | 41.66 | 14-16,39-46 time.js | 24.24 | 9.09 | 16.66 | 24.24 | 35-149 util.js | 100 | 83.33 | 100 | 100 | 17 mobile.startup/amcOutreach | 84.37 | 50 | 75 | 84.37 | AmcEnableForm.js | 100 | 100 | 100 | 100 | amcOutreach.js | 61.53 | 0 | 0 | 61.53 | 34-77 amcOutreachDrawer.js | 100 | 100 | 100 | 100 | mobile.startup/languageOverlay | 76.66 | 100 | 50 | 76.66 | getDeviceLanguage.js | 100 | 100 | 100 | 100 | languageInfoOverlay.js | 54.54 | 100 | 0 | 54.54 | 15-38 languageOverlay.js | 87.5 | 100 | 71.42 | 87.5 | 30-34 mobile.startup/lazyImages | 92.3 | 88.88 | 100 | 92.3 | lazyImageLoader.js | 92.3 | 88.88 | 100 | 92.3 | 55,62 mobile.startup/mediaViewer | 63.63 | 100 | 0 | 63.63 | overlay.js | 63.63 | 100 | 0 | 63.63 | 15-32 mobile.startup/page | 86.66 | 80 | 100 | 86.66 | pageJSONParser.js | 86.66 | 80 | 100 | 86.66 | 37-38 mobile.startup/promoCampaign | 100 | 100 | 100 | 100 | promoCampaign.js | 100 | 100 | 100 | 100 | mobile.startup/references | 83.01 | 77.27 | 78.57 | 83.01 | ReferencesGateway.js | 100 | 100 | 100 | 100 | ReferencesHtmlScraperGateway.js | 94.73 | 87.5 | 100 | 94.73 | 40 references.js | 72.41 | 71.42 | 66.66 | 72.41 | 55,118-131 mobile.startup/search | 61.93 | 32 | 53.33 | 61.93 | SearchGateway.js | 91.48 | 50 | 84.61 | 91.48 | 49-50,172,178 SearchHeaderView.js | 57.14 | 0 | 66.66 | 57.14 | 33-38,67-72 SearchOverlay.js | 36.47 | 16.66 | 19.04 | 36.47 | ...201,208-212,226-304 SearchResultsView.js | 100 | 100 | 100 | 100 | searchHeader.js | 100 | 100 | 100 | 100 | mobile.startup/watchstar | 89.77 | 69.23 | 91.3 | 89.77 | WatchstarGateway.js | 84 | 80 | 90 | 84 | 113-120 WatchstarPageList.js | 95.45 | 75 | 100 | 95.45 | 93,126 watchstar.js | 84.21 | 50 | 50 | 84.21 | 28-31 ----------------------------------|---------|----------|---------|---------|------------------------ Checking the contents of resources/dist I will now check that you built them using the correct Node.js version v16.19.1. Note: You are using v18.19.0. Building assets... You are not running the required node version --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1864, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1809, in run self.npm_audit_fix(new_npm_audit) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 275, in npm_audit_fix self.npm_test() File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 325, in npm_test self.check_call(["npm", "test"]) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call res.check_returncode() File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.