This run took 151 seconds.
$ date --- stdout --- Thu Nov 14 17:20:30 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-extensions-Wikistories.git repo --depth=1 -b REL1_42 --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/REL1_42 --- stdout --- 6e9260d1a1ad46b096e5dddf6842ff815e921614 refs/heads/REL1_42 --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@jest/transform": { "name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": [ "jest-haste-map" ], "effects": [ "@storybook/addon-docs" ], "range": "<=26.6.2", "nodes": [ "node_modules/@storybook/addon-docs/node_modules/@jest/transform" ], "fixAvailable": true }, "@mdx-js/mdx": { "name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": [ "remark-mdx", "remark-parse" ], "effects": [ "@storybook/mdx1-csf" ], "range": "<=1.6.22", "nodes": [ "node_modules/@mdx-js/mdx" ], "fixAvailable": true }, "@storybook/addon-controls": { "name": "@storybook/addon-controls", "severity": "moderate", "isDirect": false, "via": [ "@storybook/core-common" ], "effects": [ "@storybook/addon-essentials" ], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-controls" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/addon-docs": { "name": "@storybook/addon-docs", "severity": "high", "isDirect": false, "via": [ "@jest/transform", "@storybook/core-common", "@storybook/mdx1-csf" ], "effects": [], "range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": [ "node_modules/@storybook/addon-docs" ], "fixAvailable": true }, "@storybook/addon-essentials": { "name": "@storybook/addon-essentials", "severity": "moderate", "isDirect": true, "via": [ "@storybook/addon-controls", "@storybook/addon-docs", "@storybook/core-common" ], "effects": [], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-essentials" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/addon-interactions": { "name": "@storybook/addon-interactions", "severity": "moderate", "isDirect": true, "via": [ "@storybook/core-common" ], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-interactions" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/builder-webpack4": { "name": "@storybook/builder-webpack4", "severity": "high", "isDirect": true, "via": [ "@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/@storybook/builder-webpack4" ], "fixAvailable": false }, "@storybook/core": { "name": "@storybook/core", "severity": "high", "isDirect": false, "via": [ "@storybook/core-server" ], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core" ], "fixAvailable": true }, "@storybook/core-common": { "name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-essentials", "@storybook/addon-interactions", "@storybook/telemetry" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core-common" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/core-server": { "name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": [ "@storybook/builder-webpack4", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "@storybook/telemetry", "cpy", "ip", "webpack" ], "effects": [ "@storybook/core" ], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": [ "node_modules/@storybook/core-server" ], "fixAvailable": true }, "@storybook/csf-tools": { "name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": [ "@storybook/mdx1-csf" ], "effects": [], "range": "6.5.0-alpha.1 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/csf-tools" ], "fixAvailable": true }, "@storybook/manager-webpack4": { "name": "@storybook/manager-webpack4", "severity": "high", "isDirect": true, "via": [ "@storybook/core-common", "css-loader", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/@storybook/manager-webpack4" ], "fixAvailable": false }, "@storybook/mdx1-csf": { "name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": [ "@mdx-js/mdx" ], "effects": [ "@storybook/addon-docs", "@storybook/csf-tools" ], "range": "*", "nodes": [ "node_modules/@storybook/mdx1-csf" ], "fixAvailable": true }, "@storybook/telemetry": { "name": "@storybook/telemetry", "severity": "moderate", "isDirect": false, "via": [ "@storybook/core-common" ], "effects": [ "@storybook/core-server" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/telemetry" ], "fixAvailable": true }, "@storybook/vue3": { "name": "@storybook/vue3", "severity": "high", "isDirect": true, "via": [ "@storybook/core", "@storybook/core-common", "vue-docgen-loader" ], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/vue3" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "@wdio/cli": { "name": "@wdio/cli", "severity": "high", "isDirect": true, "via": [ "webdriverio" ], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/cli" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "@wdio/local-runner": { "name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": [ "@wdio/runner" ], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/local-runner" ], "fixAvailable": { "name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true } }, "@wdio/runner": { "name": "@wdio/runner", "severity": "high", "isDirect": false, "via": [ "webdriverio" ], "effects": [ "@wdio/local-runner" ], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/runner" ], "fixAvailable": { "name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true } }, "anymatch": { "name": "anymatch", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar", "sane" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "autoprefixer": { "name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": [ "node_modules/autoprefixer" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "node_modules/cpy/node_modules/braces", "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "cpy": { "name": "cpy", "severity": "moderate", "isDirect": false, "via": [ "globby" ], "effects": [ "@storybook/core-server" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/cpy" ], "fixAvailable": true }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": true }, "devtools": { "name": "devtools", "severity": "high", "isDirect": false, "via": [ "puppeteer-core" ], "effects": [], "range": ">=7.16.5", "nodes": [ "node_modules/devtools" ], "fixAvailable": true }, "fast-glob": { "name": "fast-glob", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/cpy/node_modules/fast-glob" ], "fixAvailable": true }, "fork-ts-checker-webpack-plugin": { "name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": [ "node_modules/fork-ts-checker-webpack-plugin" ], "fixAvailable": true }, "globby": { "name": "globby", "severity": "moderate", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/cpy/node_modules/globby" ], "fixAvailable": true }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader", "postcss-modules-local-by-default", "postcss-modules-values" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": true }, "ip": { "name": "ip", "severity": "high", "isDirect": false, "via": [ { "source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": [ "CWE-918" ], "cvss": { "score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=2.0.1" } ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/ip" ], "fixAvailable": true }, "jest-haste-map": { "name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": [ "sane" ], "effects": [ "@jest/transform" ], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": [ "node_modules/@storybook/addon-docs/node_modules/jest-haste-map" ], "fixAvailable": true }, "jscodeshift": { "name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "vue-docgen-loader" ], "range": "0.3.20 - 0.13.1", "nodes": [ "node_modules/jscodeshift" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "meow": { "name": "meow", "severity": "high", "isDirect": false, "via": [ "trim-newlines" ], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": [ "node_modules/default-browser-id/node_modules/meow" ], "fixAvailable": true }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" }, "braces" ], "effects": [ "anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack" ], "range": "<=4.0.7", "nodes": [ "node_modules/cpy/node_modules/micromatch", "node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "mwbot": { "name": "mwbot", "severity": "moderate", "isDirect": false, "via": [ "request" ], "effects": [ "wdio-mediawiki" ], "range": ">=0.1.6", "nodes": [ "node_modules/mwbot" ], "fixAvailable": false }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss" ], "fixAvailable": false }, "postcss-flexbugs-fixes": { "name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=4.2.1", "nodes": [ "node_modules/postcss-flexbugs-fixes" ], "fixAvailable": true }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [], "range": "<=4.0.0-rc.4", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [ "css-loader" ], "range": "<=4.0.0-rc.5", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": true }, "puppeteer-core": { "name": "puppeteer-core", "severity": "high", "isDirect": false, "via": [ "ws" ], "effects": [ "devtools", "webdriverio" ], "range": "11.0.0 - 22.11.1", "nodes": [ "node_modules/puppeteer-core" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "readdirp": { "name": "readdirp", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "remark-mdx": { "name": "remark-mdx", "severity": "high", "isDirect": false, "via": [ "remark-parse" ], "effects": [ "@mdx-js/mdx" ], "range": "<=1.6.22", "nodes": [ "node_modules/remark-mdx" ], "fixAvailable": true }, "remark-parse": { "name": "remark-parse", "severity": "high", "isDirect": false, "via": [ "trim" ], "effects": [ "@mdx-js/mdx", "remark-mdx" ], "range": "<=8.0.3", "nodes": [ "node_modules/remark-parse" ], "fixAvailable": true }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "mwbot" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "sane": { "name": "sane", "severity": "moderate", "isDirect": false, "via": [ "anymatch", "micromatch" ], "effects": [ "jest-haste-map" ], "range": "1.5.0 - 4.1.0", "nodes": [ "node_modules/sane" ], "fixAvailable": true }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/request/node_modules/tough-cookie" ], "fixAvailable": false }, "trim": { "name": "trim", "severity": "high", "isDirect": false, "via": [ { "source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<0.0.3" } ], "effects": [ "remark-parse" ], "range": "<0.0.3", "nodes": [ "node_modules/trim" ], "fixAvailable": true }, "trim-newlines": { "name": "trim-newlines", "severity": "high", "isDirect": false, "via": [ { "source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.1" } ], "effects": [ "meow" ], "range": "<3.0.1", "nodes": [ "node_modules/default-browser-id/node_modules/trim-newlines" ], "fixAvailable": true }, "vue-docgen-loader": { "name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": [ "jscodeshift" ], "effects": [ "@storybook/vue3" ], "range": "1.3.0-beta.0 - 2.0.0", "nodes": [ "node_modules/vue-docgen-loader" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [ "webpack" ], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/webpack/node_modules/watchpack" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "wdio-mediawiki": { "name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": [ "mwbot" ], "effects": [], "range": "*", "nodes": [ "node_modules/wdio-mediawiki" ], "fixAvailable": false }, "webdriverio": { "name": "webdriverio", "severity": "high", "isDirect": false, "via": [ "devtools", "puppeteer-core" ], "effects": [ "@wdio/cli", "@wdio/runner" ], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/webdriverio" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "webpack": { "name": "webpack", "severity": "high", "isDirect": false, "via": [ "micromatch", "watchpack" ], "effects": [ "@storybook/core-common" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "webpack-dev-middleware": { "name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [ { "source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": [ "CWE-22" ], "cvss": { "score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" }, "range": "<=5.3.3" } ], "effects": [ "@storybook/manager-webpack4" ], "range": "<=5.3.3", "nodes": [ "node_modules/webpack-dev-middleware" ], "fixAvailable": false }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" } ], "effects": [ "puppeteer-core" ], "range": "8.0.0 - 8.17.0", "nodes": [ "node_modules/puppeteer-core/node_modules/ws" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 29, "high": 29, "critical": 0, "total": 58 }, "dependencies": { "prod": 1, "dev": 2522, "optional": 58, "peer": 0, "peerOptional": 0, "total": 2522 } } } --- end --- $ /usr/bin/composer install --- stderr --- No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information. Loading composer repositories with package information Updating dependencies Lock file operations: 39 installs, 0 updates, 0 removals - Locking composer/pcre (3.3.2) - Locking composer/semver (3.4.0) - Locking composer/spdx-licenses (1.5.8) - Locking composer/xdebug-handler (3.0.5) - Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0) - Locking doctrine/deprecations (1.1.3) - Locking felixfbecker/advanced-json-rpc (v3.2.1) - Locking mediawiki/mediawiki-codesniffer (v43.0.0) - Locking mediawiki/mediawiki-phan-config (0.14.0) - Locking mediawiki/minus-x (1.1.1) - Locking mediawiki/phan-taint-check-plugin (6.0.0) - Locking microsoft/tolerant-php-parser (v0.1.2) - Locking netresearch/jsonmapper (v4.5.0) - Locking phan/phan (5.4.3) - Locking php-parallel-lint/php-console-color (v1.0.1) - Locking php-parallel-lint/php-console-highlighter (v1.0.0) - Locking php-parallel-lint/php-parallel-lint (v1.3.2) - Locking phpcsstandards/phpcsextra (1.1.2) - Locking phpcsstandards/phpcsutils (1.0.9) - Locking phpdocumentor/reflection-common (2.2.0) - Locking phpdocumentor/reflection-docblock (5.6.0) - Locking phpdocumentor/type-resolver (1.10.0) - Locking phpstan/phpdoc-parser (2.0.0) - Locking psr/container (2.0.2) - Locking psr/log (2.0.0) - Locking sabre/event (5.1.7) - Locking squizlabs/php_codesniffer (3.8.1) - Locking symfony/console (v5.4.47) - Locking symfony/deprecation-contracts (v3.5.0) - Locking symfony/polyfill-ctype (v1.31.0) - Locking symfony/polyfill-intl-grapheme (v1.31.0) - Locking symfony/polyfill-intl-normalizer (v1.31.0) - Locking symfony/polyfill-mbstring (v1.31.0) - Locking symfony/polyfill-php73 (v1.31.0) - Locking symfony/polyfill-php80 (v1.31.0) - Locking symfony/service-contracts (v3.5.0) - Locking symfony/string (v6.4.15) - Locking tysonandre/var_representation_polyfill (0.1.3) - Locking webmozart/assert (1.11.0) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 39 installs, 0 updates, 0 removals 0 [>---------------------------] 0 [->--------------------------] - Installing squizlabs/php_codesniffer (3.8.1): Extracting archive - Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive - Installing composer/pcre (3.3.2): Extracting archive - Installing symfony/polyfill-php80 (v1.31.0): Extracting archive - Installing phpcsstandards/phpcsutils (1.0.9): Extracting archive - Installing phpcsstandards/phpcsextra (1.1.2): Extracting archive - Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive - Installing composer/spdx-licenses (1.5.8): Extracting archive - Installing composer/semver (3.4.0): Extracting archive - Installing mediawiki/mediawiki-codesniffer (v43.0.0): Extracting archive - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive - Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive - Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive - Installing symfony/polyfill-ctype (v1.31.0): Extracting archive - Installing symfony/string (v6.4.15): Extracting archive - Installing symfony/deprecation-contracts (v3.5.0): Extracting archive - Installing psr/container (2.0.2): Extracting archive - Installing symfony/service-contracts (v3.5.0): Extracting archive - Installing symfony/polyfill-php73 (v1.31.0): Extracting archive - Installing symfony/console (v5.4.47): Extracting archive - Installing sabre/event (5.1.7): Extracting archive - Installing netresearch/jsonmapper (v4.5.0): Extracting archive - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive - Installing webmozart/assert (1.11.0): Extracting archive - Installing phpstan/phpdoc-parser (2.0.0): Extracting archive - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive - Installing doctrine/deprecations (1.1.3): Extracting archive - Installing phpdocumentor/type-resolver (1.10.0): Extracting archive - Installing phpdocumentor/reflection-docblock (5.6.0): Extracting archive - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive - Installing psr/log (2.0.0): Extracting archive - Installing composer/xdebug-handler (3.0.5): Extracting archive - Installing phan/phan (5.4.3): Extracting archive - Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive - Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive - Installing mediawiki/minus-x (1.1.1): Extracting archive - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive - Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive 0/37 [>---------------------------] 0% 20/37 [===============>------------] 54% 36/37 [===========================>] 97% 37/37 [============================] 100% 3 package suggestions were added by new dependencies, use `composer suggest` to see details. Generating autoload files 16 packages you are using are looking for funding. Use the `composer fund` command to find out more! --- stdout --- PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@jest/transform": { "name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": [ "jest-haste-map" ], "effects": [ "@storybook/addon-docs" ], "range": "<=26.6.2", "nodes": [ "node_modules/@storybook/addon-docs/node_modules/@jest/transform" ], "fixAvailable": true }, "@mdx-js/mdx": { "name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": [ "remark-mdx", "remark-parse" ], "effects": [ "@storybook/mdx1-csf" ], "range": "<=1.6.22", "nodes": [ "node_modules/@mdx-js/mdx" ], "fixAvailable": true }, "@storybook/addon-controls": { "name": "@storybook/addon-controls", "severity": "moderate", "isDirect": false, "via": [ "@storybook/core-common" ], "effects": [ "@storybook/addon-essentials" ], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-controls" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/addon-docs": { "name": "@storybook/addon-docs", "severity": "high", "isDirect": false, "via": [ "@jest/transform", "@storybook/core-common", "@storybook/mdx1-csf" ], "effects": [], "range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": [ "node_modules/@storybook/addon-docs" ], "fixAvailable": true }, "@storybook/addon-essentials": { "name": "@storybook/addon-essentials", "severity": "moderate", "isDirect": true, "via": [ "@storybook/addon-controls", "@storybook/addon-docs", "@storybook/core-common" ], "effects": [], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-essentials" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/addon-interactions": { "name": "@storybook/addon-interactions", "severity": "moderate", "isDirect": true, "via": [ "@storybook/core-common" ], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-interactions" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/builder-webpack4": { "name": "@storybook/builder-webpack4", "severity": "high", "isDirect": true, "via": [ "@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/@storybook/builder-webpack4" ], "fixAvailable": false }, "@storybook/core": { "name": "@storybook/core", "severity": "high", "isDirect": false, "via": [ "@storybook/core-server" ], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core" ], "fixAvailable": true }, "@storybook/core-common": { "name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-essentials", "@storybook/addon-interactions", "@storybook/telemetry" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core-common" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/core-server": { "name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": [ "@storybook/builder-webpack4", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "@storybook/telemetry", "cpy", "ip", "webpack" ], "effects": [ "@storybook/core" ], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": [ "node_modules/@storybook/core-server" ], "fixAvailable": true }, "@storybook/csf-tools": { "name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": [ "@storybook/mdx1-csf" ], "effects": [], "range": "6.5.0-alpha.1 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/csf-tools" ], "fixAvailable": true }, "@storybook/manager-webpack4": { "name": "@storybook/manager-webpack4", "severity": "high", "isDirect": true, "via": [ "@storybook/core-common", "css-loader", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/@storybook/manager-webpack4" ], "fixAvailable": false }, "@storybook/mdx1-csf": { "name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": [ "@mdx-js/mdx" ], "effects": [ "@storybook/addon-docs", "@storybook/csf-tools" ], "range": "*", "nodes": [ "node_modules/@storybook/mdx1-csf" ], "fixAvailable": true }, "@storybook/telemetry": { "name": "@storybook/telemetry", "severity": "moderate", "isDirect": false, "via": [ "@storybook/core-common" ], "effects": [ "@storybook/core-server" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/telemetry" ], "fixAvailable": true }, "@storybook/vue3": { "name": "@storybook/vue3", "severity": "high", "isDirect": true, "via": [ "@storybook/core", "@storybook/core-common", "vue-docgen-loader" ], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/vue3" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "@wdio/cli": { "name": "@wdio/cli", "severity": "high", "isDirect": true, "via": [ "webdriverio" ], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/cli" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "@wdio/local-runner": { "name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": [ "@wdio/runner" ], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/local-runner" ], "fixAvailable": { "name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true } }, "@wdio/runner": { "name": "@wdio/runner", "severity": "high", "isDirect": false, "via": [ "webdriverio" ], "effects": [ "@wdio/local-runner" ], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/runner" ], "fixAvailable": { "name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true } }, "anymatch": { "name": "anymatch", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar", "sane" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "autoprefixer": { "name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": [ "node_modules/autoprefixer" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "node_modules/cpy/node_modules/braces", "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "cpy": { "name": "cpy", "severity": "moderate", "isDirect": false, "via": [ "globby" ], "effects": [ "@storybook/core-server" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/cpy" ], "fixAvailable": true }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": true }, "devtools": { "name": "devtools", "severity": "high", "isDirect": false, "via": [ "puppeteer-core" ], "effects": [], "range": ">=7.16.5", "nodes": [ "node_modules/devtools" ], "fixAvailable": true }, "fast-glob": { "name": "fast-glob", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/cpy/node_modules/fast-glob" ], "fixAvailable": true }, "fork-ts-checker-webpack-plugin": { "name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": [ "node_modules/fork-ts-checker-webpack-plugin" ], "fixAvailable": true }, "globby": { "name": "globby", "severity": "moderate", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/cpy/node_modules/globby" ], "fixAvailable": true }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader", "postcss-modules-local-by-default", "postcss-modules-values" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": true }, "ip": { "name": "ip", "severity": "high", "isDirect": false, "via": [ { "source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": [ "CWE-918" ], "cvss": { "score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=2.0.1" } ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/ip" ], "fixAvailable": true }, "jest-haste-map": { "name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": [ "sane" ], "effects": [ "@jest/transform" ], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": [ "node_modules/@storybook/addon-docs/node_modules/jest-haste-map" ], "fixAvailable": true }, "jscodeshift": { "name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "vue-docgen-loader" ], "range": "0.3.20 - 0.13.1", "nodes": [ "node_modules/jscodeshift" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "meow": { "name": "meow", "severity": "high", "isDirect": false, "via": [ "trim-newlines" ], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": [ "node_modules/default-browser-id/node_modules/meow" ], "fixAvailable": true }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" }, "braces" ], "effects": [ "anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack" ], "range": "<=4.0.7", "nodes": [ "node_modules/cpy/node_modules/micromatch", "node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "mwbot": { "name": "mwbot", "severity": "moderate", "isDirect": false, "via": [ "request" ], "effects": [ "wdio-mediawiki" ], "range": ">=0.1.6", "nodes": [ "node_modules/mwbot" ], "fixAvailable": false }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss" ], "fixAvailable": false }, "postcss-flexbugs-fixes": { "name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=4.2.1", "nodes": [ "node_modules/postcss-flexbugs-fixes" ], "fixAvailable": true }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [], "range": "<=4.0.0-rc.4", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [ "css-loader" ], "range": "<=4.0.0-rc.5", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": true }, "puppeteer-core": { "name": "puppeteer-core", "severity": "high", "isDirect": false, "via": [ "ws" ], "effects": [ "devtools", "webdriverio" ], "range": "11.0.0 - 22.11.1", "nodes": [ "node_modules/puppeteer-core" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "readdirp": { "name": "readdirp", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "remark-mdx": { "name": "remark-mdx", "severity": "high", "isDirect": false, "via": [ "remark-parse" ], "effects": [ "@mdx-js/mdx" ], "range": "<=1.6.22", "nodes": [ "node_modules/remark-mdx" ], "fixAvailable": true }, "remark-parse": { "name": "remark-parse", "severity": "high", "isDirect": false, "via": [ "trim" ], "effects": [ "@mdx-js/mdx", "remark-mdx" ], "range": "<=8.0.3", "nodes": [ "node_modules/remark-parse" ], "fixAvailable": true }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "mwbot" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "sane": { "name": "sane", "severity": "moderate", "isDirect": false, "via": [ "anymatch", "micromatch" ], "effects": [ "jest-haste-map" ], "range": "1.5.0 - 4.1.0", "nodes": [ "node_modules/sane" ], "fixAvailable": true }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/request/node_modules/tough-cookie" ], "fixAvailable": false }, "trim": { "name": "trim", "severity": "high", "isDirect": false, "via": [ { "source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<0.0.3" } ], "effects": [ "remark-parse" ], "range": "<0.0.3", "nodes": [ "node_modules/trim" ], "fixAvailable": true }, "trim-newlines": { "name": "trim-newlines", "severity": "high", "isDirect": false, "via": [ { "source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.1" } ], "effects": [ "meow" ], "range": "<3.0.1", "nodes": [ "node_modules/default-browser-id/node_modules/trim-newlines" ], "fixAvailable": true }, "vue-docgen-loader": { "name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": [ "jscodeshift" ], "effects": [ "@storybook/vue3" ], "range": "1.3.0-beta.0 - 2.0.0", "nodes": [ "node_modules/vue-docgen-loader" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [ "webpack" ], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/webpack/node_modules/watchpack" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "wdio-mediawiki": { "name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": [ "mwbot" ], "effects": [], "range": "*", "nodes": [ "node_modules/wdio-mediawiki" ], "fixAvailable": false }, "webdriverio": { "name": "webdriverio", "severity": "high", "isDirect": false, "via": [ "devtools", "puppeteer-core" ], "effects": [ "@wdio/cli", "@wdio/runner" ], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/webdriverio" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "webpack": { "name": "webpack", "severity": "high", "isDirect": false, "via": [ "micromatch", "watchpack" ], "effects": [ "@storybook/core-common" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "webpack-dev-middleware": { "name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [ { "source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": [ "CWE-22" ], "cvss": { "score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" }, "range": "<=5.3.3" } ], "effects": [ "@storybook/manager-webpack4" ], "range": "<=5.3.3", "nodes": [ "node_modules/webpack-dev-middleware" ], "fixAvailable": false }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" } ], "effects": [ "puppeteer-core" ], "range": "8.0.0 - 8.17.0", "nodes": [ "node_modules/puppeteer-core/node_modules/ws" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 29, "high": 29, "critical": 0, "total": 58 }, "dependencies": { "prod": 1, "dev": 2522, "optional": 58, "peer": 0, "peerOptional": 0, "total": 2522 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6', npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2', npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0', npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } --- stdout --- { "added": 2522, "removed": 0, "changed": 0, "audited": 2523, "funding": 333, "audit": { "auditReportVersion": 2, "vulnerabilities": { "@jest/transform": { "name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": [ "jest-haste-map" ], "effects": [ "@storybook/addon-docs" ], "range": "<=26.6.2", "nodes": [ "node_modules/@storybook/addon-docs/node_modules/@jest/transform" ], "fixAvailable": true }, "@mdx-js/mdx": { "name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": [ "remark-mdx", "remark-parse" ], "effects": [ "@storybook/mdx1-csf" ], "range": "<=1.6.22", "nodes": [ "node_modules/@mdx-js/mdx" ], "fixAvailable": true }, "@storybook/addon-controls": { "name": "@storybook/addon-controls", "severity": "moderate", "isDirect": false, "via": [ "@storybook/core-common" ], "effects": [ "@storybook/addon-essentials" ], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-controls" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/addon-docs": { "name": "@storybook/addon-docs", "severity": "high", "isDirect": false, "via": [ "@jest/transform", "@storybook/core-common", "@storybook/mdx1-csf" ], "effects": [], "range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": [ "node_modules/@storybook/addon-docs" ], "fixAvailable": true }, "@storybook/addon-essentials": { "name": "@storybook/addon-essentials", "severity": "moderate", "isDirect": true, "via": [ "@storybook/addon-controls", "@storybook/addon-docs", "@storybook/core-common" ], "effects": [], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-essentials" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/addon-interactions": { "name": "@storybook/addon-interactions", "severity": "moderate", "isDirect": true, "via": [ "@storybook/core-common" ], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/addon-interactions" ], "fixAvailable": { "name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/builder-webpack4": { "name": "@storybook/builder-webpack4", "severity": "high", "isDirect": true, "via": [ "@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/@storybook/builder-webpack4" ], "fixAvailable": false }, "@storybook/core": { "name": "@storybook/core", "severity": "high", "isDirect": false, "via": [ "@storybook/core-server" ], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core" ], "fixAvailable": true }, "@storybook/core-common": { "name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": [ "webpack" ], "effects": [ "@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-essentials", "@storybook/addon-interactions", "@storybook/telemetry" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/core-common" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "@storybook/core-server": { "name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": [ "@storybook/builder-webpack4", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "@storybook/telemetry", "cpy", "ip", "webpack" ], "effects": [ "@storybook/core" ], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": [ "node_modules/@storybook/core-server" ], "fixAvailable": true }, "@storybook/csf-tools": { "name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": [ "@storybook/mdx1-csf" ], "effects": [], "range": "6.5.0-alpha.1 - 6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/csf-tools" ], "fixAvailable": true }, "@storybook/manager-webpack4": { "name": "@storybook/manager-webpack4", "severity": "high", "isDirect": true, "via": [ "@storybook/core-common", "css-loader", "webpack", "webpack-dev-middleware" ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/@storybook/manager-webpack4" ], "fixAvailable": false }, "@storybook/mdx1-csf": { "name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": [ "@mdx-js/mdx" ], "effects": [ "@storybook/addon-docs", "@storybook/csf-tools" ], "range": "*", "nodes": [ "node_modules/@storybook/mdx1-csf" ], "fixAvailable": true }, "@storybook/telemetry": { "name": "@storybook/telemetry", "severity": "moderate", "isDirect": false, "via": [ "@storybook/core-common" ], "effects": [ "@storybook/core-server" ], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/telemetry" ], "fixAvailable": true }, "@storybook/vue3": { "name": "@storybook/vue3", "severity": "high", "isDirect": true, "via": [ "@storybook/core", "@storybook/core-common", "vue-docgen-loader" ], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": [ "node_modules/@storybook/vue3" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "@wdio/cli": { "name": "@wdio/cli", "severity": "high", "isDirect": true, "via": [ "webdriverio" ], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/cli" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "@wdio/local-runner": { "name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": [ "@wdio/runner" ], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/local-runner" ], "fixAvailable": { "name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true } }, "@wdio/runner": { "name": "@wdio/runner", "severity": "high", "isDirect": false, "via": [ "webdriverio" ], "effects": [ "@wdio/local-runner" ], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/@wdio/runner" ], "fixAvailable": { "name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true } }, "anymatch": { "name": "anymatch", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar", "sane" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "autoprefixer": { "name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": [ "node_modules/autoprefixer" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "node_modules/cpy/node_modules/braces", "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "cpy": { "name": "cpy", "severity": "moderate", "isDirect": false, "via": [ "globby" ], "effects": [ "@storybook/core-server" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/cpy" ], "fixAvailable": true }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": true }, "devtools": { "name": "devtools", "severity": "high", "isDirect": false, "via": [ "puppeteer-core" ], "effects": [], "range": ">=7.16.5", "nodes": [ "node_modules/devtools" ], "fixAvailable": true }, "fast-glob": { "name": "fast-glob", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/cpy/node_modules/fast-glob" ], "fixAvailable": true }, "fork-ts-checker-webpack-plugin": { "name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": [ "node_modules/fork-ts-checker-webpack-plugin" ], "fixAvailable": true }, "globby": { "name": "globby", "severity": "moderate", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/cpy/node_modules/globby" ], "fixAvailable": true }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader", "postcss-modules-local-by-default", "postcss-modules-values" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": true }, "ip": { "name": "ip", "severity": "high", "isDirect": false, "via": [ { "source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": [ "CWE-918" ], "cvss": { "score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<=2.0.1" } ], "effects": [ "@storybook/core-server" ], "range": "*", "nodes": [ "node_modules/ip" ], "fixAvailable": true }, "jest-haste-map": { "name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": [ "sane" ], "effects": [ "@jest/transform" ], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": [ "node_modules/@storybook/addon-docs/node_modules/jest-haste-map" ], "fixAvailable": true }, "jscodeshift": { "name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "vue-docgen-loader" ], "range": "0.3.20 - 0.13.1", "nodes": [ "node_modules/jscodeshift" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "meow": { "name": "meow", "severity": "high", "isDirect": false, "via": [ "trim-newlines" ], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": [ "node_modules/default-browser-id/node_modules/meow" ], "fixAvailable": true }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" }, "braces" ], "effects": [ "anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack" ], "range": "<=4.0.7", "nodes": [ "node_modules/cpy/node_modules/micromatch", "node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "mwbot": { "name": "mwbot", "severity": "moderate", "isDirect": false, "via": [ "request" ], "effects": [ "wdio-mediawiki" ], "range": ">=0.1.6", "nodes": [ "node_modules/mwbot" ], "fixAvailable": false }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss" ], "fixAvailable": false }, "postcss-flexbugs-fixes": { "name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=4.2.1", "nodes": [ "node_modules/postcss-flexbugs-fixes" ], "fixAvailable": true }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [], "range": "<=4.0.0-rc.4", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "icss-utils", "postcss" ], "effects": [ "css-loader" ], "range": "<=4.0.0-rc.5", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": true }, "puppeteer-core": { "name": "puppeteer-core", "severity": "high", "isDirect": false, "via": [ "ws" ], "effects": [ "devtools", "webdriverio" ], "range": "11.0.0 - 22.11.1", "nodes": [ "node_modules/puppeteer-core" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "readdirp": { "name": "readdirp", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "remark-mdx": { "name": "remark-mdx", "severity": "high", "isDirect": false, "via": [ "remark-parse" ], "effects": [ "@mdx-js/mdx" ], "range": "<=1.6.22", "nodes": [ "node_modules/remark-mdx" ], "fixAvailable": true }, "remark-parse": { "name": "remark-parse", "severity": "high", "isDirect": false, "via": [ "trim" ], "effects": [ "@mdx-js/mdx", "remark-mdx" ], "range": "<=8.0.3", "nodes": [ "node_modules/remark-parse" ], "fixAvailable": true }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "mwbot" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "sane": { "name": "sane", "severity": "moderate", "isDirect": false, "via": [ "anymatch", "micromatch" ], "effects": [ "jest-haste-map" ], "range": "1.5.0 - 4.1.0", "nodes": [ "node_modules/sane" ], "fixAvailable": true }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/request/node_modules/tough-cookie" ], "fixAvailable": false }, "trim": { "name": "trim", "severity": "high", "isDirect": false, "via": [ { "source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<0.0.3" } ], "effects": [ "remark-parse" ], "range": "<0.0.3", "nodes": [ "node_modules/trim" ], "fixAvailable": true }, "trim-newlines": { "name": "trim-newlines", "severity": "high", "isDirect": false, "via": [ { "source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.1" } ], "effects": [ "meow" ], "range": "<3.0.1", "nodes": [ "node_modules/default-browser-id/node_modules/trim-newlines" ], "fixAvailable": true }, "vue-docgen-loader": { "name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": [ "jscodeshift" ], "effects": [ "@storybook/vue3" ], "range": "1.3.0-beta.0 - 2.0.0", "nodes": [ "node_modules/vue-docgen-loader" ], "fixAvailable": { "name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true } }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [ "webpack" ], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/webpack/node_modules/watchpack" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "wdio-mediawiki": { "name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": [ "mwbot" ], "effects": [], "range": "*", "nodes": [ "node_modules/wdio-mediawiki" ], "fixAvailable": false }, "webdriverio": { "name": "webdriverio", "severity": "high", "isDirect": false, "via": [ "devtools", "puppeteer-core" ], "effects": [ "@wdio/cli", "@wdio/runner" ], "range": "7.16.5 - 8.40.6", "nodes": [ "node_modules/webdriverio" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } }, "webpack": { "name": "webpack", "severity": "high", "isDirect": false, "via": [ "micromatch", "watchpack" ], "effects": [ "@storybook/core-common" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true } }, "webpack-dev-middleware": { "name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [ { "source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": [ "CWE-22" ], "cvss": { "score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" }, "range": "<=5.3.3" } ], "effects": [ "@storybook/manager-webpack4" ], "range": "<=5.3.3", "nodes": [ "node_modules/webpack-dev-middleware" ], "fixAvailable": false }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" } ], "effects": [ "puppeteer-core" ], "range": "8.0.0 - 8.17.0", "nodes": [ "node_modules/puppeteer-core/node_modules/ws" ], "fixAvailable": { "name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 29, "high": 29, "critical": 0, "total": 58 }, "dependencies": { "prod": 1, "dev": 2522, "optional": 58, "peer": 0, "peerOptional": 0, "total": 2522 } } } } --- end --- {"added": 2522, "removed": 0, "changed": 0, "audited": 2523, "funding": 333, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["jest-haste-map"], "effects": ["@storybook/addon-docs"], "range": "<=26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/@jest/transform"], "fixAvailable": true}, "@mdx-js/mdx": {"name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": ["remark-mdx", "remark-parse"], "effects": ["@storybook/mdx1-csf"], "range": "<=1.6.22", "nodes": ["node_modules/@mdx-js/mdx"], "fixAvailable": true}, "@storybook/addon-controls": {"name": "@storybook/addon-controls", "severity": "moderate", "isDirect": false, "via": ["@storybook/core-common"], "effects": ["@storybook/addon-essentials"], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-controls"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/addon-docs": {"name": "@storybook/addon-docs", "severity": "high", "isDirect": false, "via": ["@jest/transform", "@storybook/core-common", "@storybook/mdx1-csf"], "effects": [], "range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": ["node_modules/@storybook/addon-docs"], "fixAvailable": true}, "@storybook/addon-essentials": {"name": "@storybook/addon-essentials", "severity": "moderate", "isDirect": true, "via": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/core-common"], "effects": [], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-essentials"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/addon-interactions": {"name": "@storybook/addon-interactions", "severity": "moderate", "isDirect": true, "via": ["@storybook/core-common"], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-interactions"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": false}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/core-server"], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core"], "fixAvailable": true}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-essentials", "@storybook/addon-interactions", "@storybook/telemetry"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": ["@storybook/builder-webpack4", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "@storybook/telemetry", "cpy", "ip", "webpack"], "effects": ["@storybook/core"], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": true}, "@storybook/csf-tools": {"name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": ["@storybook/mdx1-csf"], "effects": [], "range": "6.5.0-alpha.1 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/csf-tools"], "fixAvailable": true}, "@storybook/manager-webpack4": {"name": "@storybook/manager-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/core-common", "css-loader", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/manager-webpack4"], "fixAvailable": false}, "@storybook/mdx1-csf": {"name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": ["@mdx-js/mdx"], "effects": ["@storybook/addon-docs", "@storybook/csf-tools"], "range": "*", "nodes": ["node_modules/@storybook/mdx1-csf"], "fixAvailable": true}, "@storybook/telemetry": {"name": "@storybook/telemetry", "severity": "moderate", "isDirect": false, "via": ["@storybook/core-common"], "effects": ["@storybook/core-server"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/telemetry"], "fixAvailable": true}, "@storybook/vue3": {"name": "@storybook/vue3", "severity": "high", "isDirect": true, "via": ["@storybook/core", "@storybook/core-common", "vue-docgen-loader"], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/vue3"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "@wdio/cli": {"name": "@wdio/cli", "severity": "high", "isDirect": true, "via": ["webdriverio"], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true}}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": ["@wdio/runner"], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "high", "isDirect": false, "via": ["webdriverio"], "effects": ["@wdio/local-runner"], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.2.12", "isSemVerMajor": true}}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar", "sane"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["node_modules/cpy/node_modules/braces", "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["watchpack-chokidar2"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "cpy": {"name": "cpy", "severity": "moderate", "isDirect": false, "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": true}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/css-loader"], "fixAvailable": true}, "devtools": {"name": "devtools", "severity": "high", "isDirect": false, "via": ["puppeteer-core"], "effects": [], "range": ">=7.16.5", "nodes": ["node_modules/devtools"], "fixAvailable": true}, "fast-glob": {"name": "fast-glob", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/cpy/node_modules/fast-glob"], "fixAvailable": true}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": ["node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": true}, "globby": {"name": "globby", "severity": "moderate", "isDirect": false, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/cpy/node_modules/globby"], "fixAvailable": true}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "ip": {"name": "ip", "severity": "high", "isDirect": false, "via": [{"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/ip"], "fixAvailable": true}, "jest-haste-map": {"name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": ["sane"], "effects": ["@jest/transform"], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/jest-haste-map"], "fixAvailable": true}, "jscodeshift": {"name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["vue-docgen-loader"], "range": "0.3.20 - 0.13.1", "nodes": ["node_modules/jscodeshift"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "meow": {"name": "meow", "severity": "high", "isDirect": false, "via": ["trim-newlines"], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": ["node_modules/default-browser-id/node_modules/meow"], "fixAvailable": true}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack"], "range": "<=4.0.7", "nodes": ["node_modules/cpy/node_modules/micromatch", "node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "mwbot": {"name": "mwbot", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["wdio-mediawiki"], "range": ">=0.1.6", "nodes": ["node_modules/mwbot"], "fixAvailable": false}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<8.4.31", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": false}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "puppeteer-core": {"name": "puppeteer-core", "severity": "high", "isDirect": false, "via": ["ws"], "effects": ["devtools", "webdriverio"], "range": "11.0.0 - 22.11.1", "nodes": ["node_modules/puppeteer-core"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true}}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/watchpack-chokidar2/node_modules/readdirp"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "remark-mdx": {"name": "remark-mdx", "severity": "high", "isDirect": false, "via": ["remark-parse"], "effects": ["@mdx-js/mdx"], "range": "<=1.6.22", "nodes": ["node_modules/remark-mdx"], "fixAvailable": true}, "remark-parse": {"name": "remark-parse", "severity": "high", "isDirect": false, "via": ["trim"], "effects": ["@mdx-js/mdx", "remark-mdx"], "range": "<=8.0.3", "nodes": ["node_modules/remark-parse"], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["mwbot"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "sane": {"name": "sane", "severity": "moderate", "isDirect": false, "via": ["anymatch", "micromatch"], "effects": ["jest-haste-map"], "range": "1.5.0 - 4.1.0", "nodes": ["node_modules/sane"], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/request/node_modules/tough-cookie"], "fixAvailable": false}, "trim": {"name": "trim", "severity": "high", "isDirect": false, "via": [{"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}], "effects": ["remark-parse"], "range": "<0.0.3", "nodes": ["node_modules/trim"], "fixAvailable": true}, "trim-newlines": {"name": "trim-newlines", "severity": "high", "isDirect": false, "via": [{"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}], "effects": ["meow"], "range": "<3.0.1", "nodes": ["node_modules/default-browser-id/node_modules/trim-newlines"], "fixAvailable": true}, "vue-docgen-loader": {"name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": ["jscodeshift"], "effects": ["@storybook/vue3"], "range": "1.3.0-beta.0 - 2.0.0", "nodes": ["node_modules/vue-docgen-loader"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": ["webpack"], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/webpack/node_modules/watchpack"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "wdio-mediawiki": {"name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": ["mwbot"], "effects": [], "range": "*", "nodes": ["node_modules/wdio-mediawiki"], "fixAvailable": false}, "webdriverio": {"name": "webdriverio", "severity": "high", "isDirect": false, "via": ["devtools", "puppeteer-core"], "effects": ["@wdio/cli", "@wdio/runner"], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/webdriverio"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true}}, "webpack": {"name": "webpack", "severity": "high", "isDirect": false, "via": ["micromatch", "watchpack"], "effects": ["@storybook/core-common"], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": ["node_modules/webpack"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}], "effects": ["@storybook/manager-webpack4"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": false}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.17.1"}], "effects": ["puppeteer-core"], "range": "8.0.0 - 8.17.0", "nodes": ["node_modules/puppeteer-core/node_modules/ws"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.12", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 29, "high": 29, "critical": 0, "total": 58}, "dependencies": {"prod": 1, "dev": 2522, "optional": 58, "peer": 0, "peerOptional": 0, "total": 2522}}}} $ /usr/bin/npm audit fix --only=dev --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6', npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2', npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0', npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin --- stdout --- added 2517 packages, and audited 2518 packages in 42s 333 packages are looking for funding run `npm fund` for details # npm audit report braces <3.0.3 Severity: high Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg fix available via `npm audit fix --force` Will install @storybook/vue3@8.4.4, which is a breaking change node_modules/cpy/node_modules/braces node_modules/fork-ts-checker-webpack-plugin/node_modules/braces node_modules/jscodeshift/node_modules/braces node_modules/sane/node_modules/braces node_modules/watchpack-chokidar2/node_modules/braces node_modules/webpack/node_modules/braces chokidar 1.3.0 - 2.1.8 Depends on vulnerable versions of anymatch Depends on vulnerable versions of braces Depends on vulnerable versions of readdirp node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/webpack/node_modules/watchpack webpack 4.0.0-alpha.0 - 5.0.0-rc.6 Depends on vulnerable versions of micromatch Depends on vulnerable versions of watchpack node_modules/webpack @storybook/core-common <=6.5.17-alpha.0 Depends on vulnerable versions of webpack node_modules/@storybook/core-common @storybook/addon-controls 6.4.0-alpha.0 - 6.5.17-alpha.0 Depends on vulnerable versions of @storybook/core-common node_modules/@storybook/addon-controls @storybook/addon-essentials 6.4.0-alpha.0 - 6.5.17-alpha.0 Depends on vulnerable versions of @storybook/addon-controls Depends on vulnerable versions of @storybook/addon-docs Depends on vulnerable versions of @storybook/core-common node_modules/@storybook/addon-essentials @storybook/addon-docs 5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2 Depends on vulnerable versions of @jest/transform Depends on vulnerable versions of @storybook/core-common Depends on vulnerable versions of @storybook/mdx1-csf node_modules/@storybook/addon-docs @storybook/addon-interactions <=6.5.17-alpha.0 Depends on vulnerable versions of @storybook/core-common node_modules/@storybook/addon-interactions @storybook/telemetry <=6.5.17-alpha.0 Depends on vulnerable versions of @storybook/core-common node_modules/@storybook/telemetry @storybook/core-server <=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3 Depends on vulnerable versions of @storybook/builder-webpack4 Depends on vulnerable versions of @storybook/core-common Depends on vulnerable versions of @storybook/csf-tools Depends on vulnerable versions of @storybook/manager-webpack4 Depends on vulnerable versions of @storybook/telemetry Depends on vulnerable versions of cpy Depends on vulnerable versions of ip Depends on vulnerable versions of webpack node_modules/@storybook/core-server @storybook/core 6.2.0-alpha.0 - 6.5.17-alpha.0 Depends on vulnerable versions of @storybook/core-server node_modules/@storybook/core micromatch <=4.0.7 Depends on vulnerable versions of braces node_modules/cpy/node_modules/micromatch node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch node_modules/jscodeshift/node_modules/micromatch node_modules/sane/node_modules/micromatch node_modules/watchpack-chokidar2/node_modules/micromatch node_modules/webpack/node_modules/micromatch anymatch 1.2.0 - 2.0.0 Depends on vulnerable versions of micromatch node_modules/sane/node_modules/anymatch node_modules/watchpack-chokidar2/node_modules/anymatch sane 1.5.0 - 4.1.0 Depends on vulnerable versions of anymatch Depends on vulnerable versions of micromatch node_modules/sane jest-haste-map 24.0.0-alpha.0 - 26.6.2 Depends on vulnerable versions of sane node_modules/@storybook/addon-docs/node_modules/jest-haste-map @jest/transform <=26.6.2 Depends on vulnerable versions of jest-haste-map node_modules/@storybook/addon-docs/node_modules/@jest/transform fast-glob <=2.2.7 Depends on vulnerable versions of micromatch node_modules/cpy/node_modules/fast-glob globby 8.0.0 - 9.2.0 Depends on vulnerable versions of fast-glob node_modules/cpy/node_modules/globby cpy 7.0.0 - 8.1.2 Depends on vulnerable versions of globby node_modules/cpy fork-ts-checker-webpack-plugin 0.4.14 - 4.1.6 Depends on vulnerable versions of micromatch node_modules/fork-ts-checker-webpack-plugin jscodeshift 0.3.20 - 0.13.1 Depends on vulnerable versions of micromatch node_modules/jscodeshift vue-docgen-loader 1.3.0-beta.0 - 2.0.0 Depends on vulnerable versions of jscodeshift node_modules/vue-docgen-loader @storybook/vue3 <=6.5.17-alpha.0 Depends on vulnerable versions of @storybook/core Depends on vulnerable versions of @storybook/core-common Depends on vulnerable versions of vue-docgen-loader node_modules/@storybook/vue3 readdirp 2.2.0 - 2.2.1 Depends on vulnerable versions of micromatch node_modules/watchpack-chokidar2/node_modules/readdirp ip * Severity: high ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp fix available via `npm audit fix` node_modules/ip postcss <8.4.31 Severity: moderate PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j No fix available node_modules/@storybook/builder-webpack4/node_modules/postcss node_modules/autoprefixer/node_modules/postcss node_modules/css-loader/node_modules/postcss node_modules/icss-utils/node_modules/postcss node_modules/postcss-flexbugs-fixes/node_modules/postcss node_modules/postcss-modules-extract-imports/node_modules/postcss node_modules/postcss-modules-local-by-default/node_modules/postcss node_modules/postcss-modules-scope/node_modules/postcss node_modules/postcss-modules-values/node_modules/postcss @storybook/builder-webpack4 * Depends on vulnerable versions of @storybook/core-common Depends on vulnerable versions of autoprefixer Depends on vulnerable versions of css-loader Depends on vulnerable versions of fork-ts-checker-webpack-plugin Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-flexbugs-fixes Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-middleware node_modules/@storybook/builder-webpack4 autoprefixer 1.0.20131222 - 9.8.8 Depends on vulnerable versions of postcss node_modules/autoprefixer css-loader 0.15.0 - 4.3.0 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-modules-extract-imports Depends on vulnerable versions of postcss-modules-local-by-default Depends on vulnerable versions of postcss-modules-scope Depends on vulnerable versions of postcss-modules-values node_modules/css-loader icss-utils <=4.1.1 Depends on vulnerable versions of postcss node_modules/icss-utils postcss-modules-local-by-default <=4.0.0-rc.4 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-local-by-default postcss-modules-values <=4.0.0-rc.5 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-values postcss-flexbugs-fixes <=4.2.1 Depends on vulnerable versions of postcss node_modules/postcss-flexbugs-fixes postcss-modules-extract-imports <=2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-extract-imports postcss-modules-scope <=2.2.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-scope request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request mwbot >=0.1.6 Depends on vulnerable versions of request node_modules/mwbot wdio-mediawiki * Depends on vulnerable versions of mwbot node_modules/wdio-mediawiki tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/request/node_modules/tough-cookie trim <0.0.3 Severity: high Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq fix available via `npm audit fix` node_modules/trim remark-parse <=8.0.3 Depends on vulnerable versions of trim node_modules/remark-parse @mdx-js/mdx <=1.6.22 Depends on vulnerable versions of remark-mdx Depends on vulnerable versions of remark-parse node_modules/@mdx-js/mdx @storybook/mdx1-csf * Depends on vulnerable versions of @mdx-js/mdx node_modules/@storybook/mdx1-csf @storybook/csf-tools 6.5.0-alpha.1 - 6.5.17-alpha.0 Depends on vulnerable versions of @storybook/mdx1-csf node_modules/@storybook/csf-tools remark-mdx <=1.6.22 Depends on vulnerable versions of remark-parse node_modules/remark-mdx trim-newlines <3.0.1 Severity: high Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v fix available via `npm audit fix` node_modules/default-browser-id/node_modules/trim-newlines meow 3.4.0 - 5.0.0 Depends on vulnerable versions of trim-newlines node_modules/default-browser-id/node_modules/meow webpack-dev-middleware <=5.3.3 Severity: high Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6 No fix available node_modules/webpack-dev-middleware @storybook/manager-webpack4 * Depends on vulnerable versions of @storybook/core-common Depends on vulnerable versions of css-loader Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-middleware node_modules/@storybook/manager-webpack4 ws 8.0.0 - 8.17.0 Severity: high ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q fix available via `npm audit fix --force` Will install @wdio/cli@9.2.12, which is a breaking change node_modules/puppeteer-core/node_modules/ws puppeteer-core 11.0.0 - 22.11.1 Depends on vulnerable versions of ws node_modules/puppeteer-core devtools >=7.16.5 Depends on vulnerable versions of puppeteer-core node_modules/devtools webdriverio 7.16.5 - 8.40.6 Depends on vulnerable versions of devtools Depends on vulnerable versions of puppeteer-core node_modules/webdriverio @wdio/cli 7.16.5 - 8.40.6 Depends on vulnerable versions of webdriverio node_modules/@wdio/cli @wdio/runner 7.16.5 - 8.40.6 Depends on vulnerable versions of webdriverio node_modules/@wdio/runner @wdio/local-runner 7.16.5 - 8.40.6 Depends on vulnerable versions of @wdio/runner node_modules/@wdio/local-runner 58 vulnerabilities (29 moderate, 29 high) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. --- end --- Verifying that tests still pass $ /usr/bin/npm ci --- stderr --- npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6', npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2', npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0', npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' }, npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' } npm WARN EBADENGINE } npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin --- stdout --- added 2517 packages, and audited 2518 packages in 52s 333 packages are looking for funding run `npm fund` for details 58 vulnerabilities (29 moderate, 29 high) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stderr --- PASS tests/jest/discover/util/convertUrlToThumbnail.test.js PASS tests/jest/builder/util/safeAssignString.test.js PASS tests/jest/builder/util/splitSentences.test.js PASS tests/jest/builder/util/convertUrlToMobile.test.js PASS tests/jest/builder/store/story.test.js Test Suites: 5 passed, 5 total Tests: 19 passed, 19 total Snapshots: 0 total Time: 6.596 s Ran all test suites. --- stdout --- > test > npm run lint:js && npm run lint:css && jest > lint:js > eslint . /src/repo/resources/components/StoryImage.vue 33:3 warning Prop 'error' requires default value to be set vue/require-default-prop 78:1 warning This line has a length of 101. Maximum allowed is 100 max-len 91:1 warning This line has a length of 123. Maximum allowed is 100 max-len 92:1 warning This line has a length of 123. Maximum allowed is 100 max-len 185:1 warning This line has a length of 101. Maximum allowed is 100 max-len 186:1 warning This line has a length of 103. Maximum allowed is 100 max-len 198:1 warning This line has a length of 103. Maximum allowed is 100 max-len 199:1 warning This line has a length of 104. Maximum allowed is 100 max-len 200:1 warning This line has a length of 104. Maximum allowed is 100 max-len 201:1 warning This line has a length of 106. Maximum allowed is 100 max-len /src/repo/resources/ext.wikistories.builder/App.vue 29:41 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector /src/repo/resources/ext.wikistories.builder/components/Frames.vue 11:1 warning This line has a length of 135. Maximum allowed is 100 max-len 127:1 warning This line has a length of 109. Maximum allowed is 100 max-len 128:1 warning This line has a length of 107. Maximum allowed is 100 max-len 176:1 warning This line has a length of 103. Maximum allowed is 100 max-len /src/repo/resources/ext.wikistories.builder/components/Notice.vue 2:1 warning This line has a length of 102. Maximum allowed is 100 max-len /src/repo/resources/ext.wikistories.builder/components/StoryTextbox.vue 14:1 warning This line has a length of 103. Maximum allowed is 100 max-len /src/repo/resources/ext.wikistories.builder/mixins/observer.js 43:28 warning IntersectionObserverEntry is not supported in Safari 11, iOS Safari 11.0-11.2 compat/compat 94:19 warning IntersectionObserver is not supported in Safari 11 compat/compat /src/repo/resources/ext.wikistories.builder/util/calculateUnmodifiedContent.js 23:0 warning Missing JSDoc @return type jsdoc/require-returns-type 50:1 warning This line has a length of 109. Maximum allowed is 100 max-len /src/repo/resources/ext.wikistories.builder/util/sortableFrames.js 129:6 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 139:4 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 168:6 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc /src/repo/resources/ext.wikistories.builder/views/Article.vue 93:5 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 96:5 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc /src/repo/resources/ext.wikistories.builder/views/PublishForm.vue 46:1 warning This line has a length of 110. Maximum allowed is 100 max-len 61:1 warning This line has a length of 114. Maximum allowed is 100 max-len 72:1 warning This line has a length of 110. Maximum allowed is 100 max-len 180:19 warning All possible message keys should be documented. See https://w.wiki/4r9a for details mediawiki/msg-doc 181:1 warning This line has a length of 106. Maximum allowed is 100 max-len 186:1 warning This line has a length of 138. Maximum allowed is 100 max-len 190:1 warning This line has a length of 102. Maximum allowed is 100 max-len /src/repo/resources/ext.wikistories.discover/Discover.js 5:21 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 9:17 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 13:16 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 27:9 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 41:15 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector 42:16 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector 57:25 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector 57:25 warning Selector extensions are not allowed no-jquery/no-sizzle /src/repo/resources/ext.wikistories.viewer/StoryViewer.vue 133:1 warning This line has a length of 106. Maximum allowed is 100 max-len 135:1 warning This line has a length of 105. Maximum allowed is 100 max-len 178:10 warning Dynamic message keys should not be used in templates. Use a computed property instead mediawiki/no-vue-dynamic-i18n 434:1 warning This line has a length of 101. Maximum allowed is 100 max-len /src/repo/resources/ext.wikistories.viewer/index.js 13:32 warning All possible CSS classes should be documented. See https://w.wiki/PS2 for details mediawiki/class-doc 22:2 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector /src/repo/resources/ext.wikistories.viewer/util/isTouchDevice.js 1:53 warning navigator.maxTouchPoints() is not supported in Safari 11, iOS Safari 11.0-11.2 compat/compat /src/repo/resources/instrumentation/consumptionEvents.js 29:1 warning This line has a length of 106. Maximum allowed is 100 max-len ✖ 49 problems (0 errors, 49 warnings) > lint:css > stylelint **/*.{vue,less} ------------------------------------|---------|----------|---------|---------|------------------------------------------ File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s ------------------------------------|---------|----------|---------|---------|------------------------------------------ All files | 7.8 | 6.73 | 1.97 | 7.8 | components | 0 | 0 | 0 | 0 | ConfirmDialog.vue | 0 | 0 | 0 | 0 | 33-44 DotsMenu.vue | 0 | 100 | 0 | 0 | 17-29 DotsMenuItem.vue | 0 | 100 | 0 | 0 | 13-29 StoryImage.vue | 0 | 0 | 0 | 0 | 25-245 ext.wikistories.builder | 0 | 0 | 0 | 0 | App.vue | 0 | 0 | 0 | 0 | 8-42 index.js | 0 | 0 | 100 | 0 | 1-19 ext.wikistories.builder/api | 12.5 | 0 | 0 | 12.74 | getPageInfo.js | 0 | 0 | 0 | 0 | 6-19 saveStory.js | 0 | 0 | 0 | 0 | 10-38 searchImages.js | 14.94 | 0 | 0 | 15.29 | 17-18,28-54,63-74,78-113,125-176,187-206 ext.wikistories.builder/components | 0 | 0 | 0 | 0 | Alert.vue | 0 | 100 | 100 | 0 | 24 CurrentFrame.vue | 0 | 0 | 0 | 0 | 21-57 Frames.vue | 0 | 0 | 0 | 0 | 29-77 ImageAttribution.vue | 0 | 0 | 0 | 0 | 27-41 ImageListView.vue | 0 | 0 | 0 | 0 | 27-72 ListImage.vue | 0 | 0 | 0 | 0 | 12-61 Navigator.vue | 0 | 0 | 0 | 0 | 27-38 Notice.vue | 0 | 100 | 100 | 0 | 12 Popup.vue | 0 | 100 | 100 | 0 | 12 PrimaryButton.vue | 0 | 100 | 100 | 0 | 9 RouterView.vue | 0 | 100 | 100 | 0 | 6-9 StoryTextbox.vue | 0 | 0 | 0 | 0 | 32-88 Toast.vue | 0 | 100 | 0 | 0 | 8-33 ext.wikistories.builder/mixins | 0 | 0 | 0 | 0 | observer.js | 0 | 0 | 0 | 0 | 10-110 ext.wikistories.builder/plugins | 0 | 100 | 0 | 0 | config.js | 0 | 100 | 0 | 0 | 5-20 ext.wikistories.builder/store | 6.27 | 0 | 0 | 6.34 | article.js | 0 | 0 | 0 | 0 | 1-106 index.js | 0 | 100 | 100 | 0 | 1-7 router.js | 0 | 0 | 0 | 0 | 1-62 search.js | 0 | 0 | 0 | 0 | 1-64 story.js | 11.11 | 0 | 0 | 11.34 | 40-324 ext.wikistories.builder/util | 33 | 21.48 | 24.13 | 32.68 | beforeUnloadListener.js | 0 | 100 | 0 | 0 | 4-9 calculateUnmodifiedContent.js | 16.66 | 0 | 0 | 16.66 | 2-12,26-52 convertUrlToMobile.js | 100 | 100 | 100 | 100 | safeAssignString.js | 93.33 | 87.5 | 100 | 93.33 | 26 sortableFrames.js | 0 | 0 | 0 | 0 | 5-215 splitSentences.js | 91.48 | 80 | 100 | 91.3 | 40,94,101-102 strip.js | 22.22 | 0 | 0 | 22.22 | 6-16 validateTitle.js | 0 | 0 | 0 | 0 | 1-43 ext.wikistories.builder/views | 0 | 0 | 0 | 0 | Article.vue | 0 | 0 | 0 | 0 | 46-123 PublishForm.vue | 0 | 0 | 0 | 0 | 110-268 Search.vue | 0 | 0 | 0 | 0 | 44-134 Story.vue | 0 | 0 | 0 | 0 | 69-248 ext.wikistories.discover | 0 | 0 | 0 | 0 | Discover.js | 0 | 0 | 0 | 0 | 1-92 index.js | 0 | 0 | 0 | 0 | 1-49 ext.wikistories.discover/api | 0 | 100 | 0 | 0 | getStories.js | 0 | 100 | 0 | 0 | 5-13 ext.wikistories.discover/util | 100 | 100 | 100 | 100 | convertUrlToThumbnail.js | 100 | 100 | 100 | 100 | ext.wikistories.viewaction | 0 | 100 | 100 | 0 | index.js | 0 | 100 | 100 | 0 | 1-3 ext.wikistories.viewer | 0 | 0 | 0 | 0 | StoryViewer.vue | 0 | 0 | 0 | 0 | 188-391 index.js | 0 | 0 | 0 | 0 | 1-36 ext.wikistories.viewer/components | 0 | 0 | 0 | 0 | ImageAttribution.vue | 0 | 100 | 100 | 0 | 31 Textbox.vue | 0 | 0 | 0 | 0 | 18-100 ext.wikistories.viewer/store | 0 | 0 | 0 | 0 | index.js | 0 | 100 | 100 | 0 | 1-4 story.js | 0 | 0 | 0 | 0 | 1-207 ext.wikistories.viewer/util | 0 | 0 | 0 | 0 | isTouchDevice.js | 0 | 0 | 100 | 0 | 1-4 timer.js | 0 | 0 | 0 | 0 | 4-38 instrumentation | 0 | 0 | 0 | 0 | consumptionEvents.js | 0 | 0 | 0 | 0 | 1-49 contributionEvents.js | 0 | 0 | 0 | 0 | 1-64 ------------------------------------|---------|----------|---------|---------|------------------------------------------ --- end --- {} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1099357": {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1099357": {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}} {} {} {} {} {} {} {} {} {} {"1099357": {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}} {} {"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}} {} {} {} {} {} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}} {} {"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}} {"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}} $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- [DNM] there are no updates $ git add . --- stdout --- --- end --- $ git commit -F /tmp/tmpw4w13jlx --- stdout --- On branch REL1_42 Your branch is up to date with 'origin/REL1_42'. nothing to commit, working tree clean --- end ---