This run took 46 seconds.
From 6fc6b3597c8f29de90f772c0ed8ec700e75d05b1 Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Wed, 20 Nov 2024 08:43:29 +0000 Subject: [PATCH] build: Updating cross-spawn to 7.0.6 * https://github.com/advisories/GHSA-3xgq-45jj-v275 Change-Id: I1c7339802178ec931ea2c4d766d4c99e47bc9258 --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6f81116..e3613a2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1066,9 +1066,9 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "dependencies": { "path-key": "^3.1.0", @@ -5834,9 +5834,9 @@ "dev": true }, "cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "requires": { "path-key": "^3.1.0", -- 2.39.2
$ date --- stdout --- Wed Nov 20 08:42:46 UTC 2024 --- end --- $ git clone file:///srv/git/wikibase-javascript-api.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 9d3415bfaac6693d14ee2877925e442c9b51fa92 refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "cross-spawn": { "name": "cross-spawn", "severity": "high", "isDirect": false, "via": [ { "source": 1100556, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=7.0.0 <7.0.5" } ], "effects": [], "range": "7.0.0 - 7.0.4", "nodes": [ "node_modules/cross-spawn" ], "fixAvailable": true }, "phantomjs-prebuilt": { "name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "*", "nodes": [ "node_modules/phantomjs-prebuilt" ], "fixAvailable": false }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "phantomjs-prebuilt" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 1, "critical": 0, "total": 4 }, "dependencies": { "prod": 3, "dev": 440, "optional": 2, "peer": 1, "peerOptional": 0, "total": 442 } } } --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "cross-spawn": { "name": "cross-spawn", "severity": "high", "isDirect": false, "via": [ { "source": 1100556, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=7.0.0 <7.0.5" } ], "effects": [], "range": "7.0.0 - 7.0.4", "nodes": [ "node_modules/cross-spawn" ], "fixAvailable": true }, "phantomjs-prebuilt": { "name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "*", "nodes": [ "node_modules/phantomjs-prebuilt" ], "fixAvailable": false }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "phantomjs-prebuilt" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 1, "critical": 0, "total": 4 }, "dependencies": { "prod": 3, "dev": 440, "optional": 2, "peer": 1, "peerOptional": 0, "total": 442 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- { "added": 442, "removed": 0, "changed": 0, "audited": 443, "funding": 67, "audit": { "auditReportVersion": 2, "vulnerabilities": { "cross-spawn": { "name": "cross-spawn", "severity": "high", "isDirect": false, "via": [ { "source": 1100556, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=7.0.0 <7.0.5" } ], "effects": [], "range": "7.0.0 - 7.0.4", "nodes": [ "" ], "fixAvailable": true }, "phantomjs-prebuilt": { "name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "*", "nodes": [ "node_modules/phantomjs-prebuilt" ], "fixAvailable": false }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "phantomjs-prebuilt" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 1, "critical": 0, "total": 4 }, "dependencies": { "prod": 3, "dev": 440, "optional": 2, "peer": 1, "peerOptional": 0, "total": 442 } } } } --- end --- {"added": 442, "removed": 0, "changed": 0, "audited": 443, "funding": 67, "audit": {"auditReportVersion": 2, "vulnerabilities": {"cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1100556, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.0.5"}], "effects": [], "range": "7.0.0 - 7.0.4", "nodes": [""], "fixAvailable": true}, "phantomjs-prebuilt": {"name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": ["request"], "effects": [], "range": "*", "nodes": ["node_modules/phantomjs-prebuilt"], "fixAvailable": false}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["phantomjs-prebuilt"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 3, "high": 1, "critical": 0, "total": 4}, "dependencies": {"prod": 3, "dev": 440, "optional": 2, "peer": 1, "peerOptional": 0, "total": 442}}}} $ /usr/bin/npm audit fix --only=dev --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest --- stdout --- added 442 packages, and audited 443 packages in 14s 67 packages are looking for funding run `npm fund` for details # npm audit report request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request phantomjs-prebuilt * Depends on vulnerable versions of request node_modules/phantomjs-prebuilt tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/tough-cookie 3 moderate severity vulnerabilities Some issues need review, and may require choosing a different dependency. --- end --- Verifying that tests still pass $ /usr/bin/npm ci --- stderr --- npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest --- stdout --- added 442 packages, and audited 443 packages in 14s 67 packages are looking for funding run `npm fund` for details 3 moderate severity vulnerabilities Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stdout --- > wikibase-api@3.1.1 test > grunt test Running "eslint:all" (eslint) task /src/repo/src/FormatValueCaller.js 4:2 warning Unexpected var, use let or const instead no-var 15:1 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 17:2 warning Unexpected var, use let or const instead no-var 31:1 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 41:1 warning The type 'dataValues' is undefined jsdoc/no-undefined-types 81:4 warning Unexpected var, use let or const instead no-var 92:12 warning Unexpected function expression prefer-arrow-callback 101:14 warning Unexpected function expression prefer-arrow-callback /src/repo/src/ParseValueCaller.js 4:2 warning Unexpected var, use let or const instead no-var 19:2 warning Unexpected var, use let or const instead no-var 46:4 warning Unexpected var, use let or const instead no-var 50:58 warning Unexpected function expression prefer-arrow-callback 59:5 warning Unexpected var, use let or const instead no-var 61:11 warning Unexpected var, use let or const instead no-var 62:6 warning Unexpected var, use let or const instead no-var 91:14 warning Unexpected function expression prefer-arrow-callback /src/repo/src/RepoApi.js 4:2 warning Unexpected var, use let or const instead no-var 25:1 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 31:2 warning Unexpected var, use let or const instead no-var 43:1 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 68:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 80:4 warning Unexpected var, use let or const instead no-var 103:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 120:4 warning Unexpected var, use let or const instead no-var 149:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 167:4 warning Unexpected var, use let or const instead no-var 197:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 213:4 warning Unexpected var, use let or const instead no-var 245:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 267:4 warning Unexpected var, use let or const instead no-var 294:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 310:4 warning Unexpected var, use let or const instead no-var 329:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 346:4 warning Unexpected var, use let or const instead no-var 371:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 388:4 warning Unexpected var, use let or const instead no-var 415:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 433:4 warning Unexpected var, use let or const instead no-var 459:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 471:4 warning Unexpected var, use let or const instead no-var 496:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 511:4 warning Unexpected var, use let or const instead no-var 538:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 555:4 warning Unexpected var, use let or const instead no-var 584:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 602:4 warning Unexpected var, use let or const instead no-var 649:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 681:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 715:35 warning Unexpected function expression prefer-arrow-callback /src/repo/src/RepoApiError.js 4:2 warning Unexpected var, use let or const instead no-var 23:2 warning Unexpected var, use let or const instead no-var 71:5 warning Unexpected var, use let or const instead no-var 101:3 warning Unexpected var, use let or const instead no-var 119:4 warning Unexpected var, use let or const instead no-var 158:4 warning Unexpected var, use let or const instead no-var 159:10 warning Unexpected var, use let or const instead no-var /src/repo/src/getLocationAgnosticMwApi.js 16:3 warning Unexpected var, use let or const instead no-var 33:1 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 41:3 warning Unexpected var, use let or const instead no-var /src/repo/tests/RepoApi.tests.js 2:1 warning Missing JSDoc @param "wb" type jsdoc/require-param-type 3:1 warning Missing JSDoc @param "QUnit" type jsdoc/require-param-type 4:1 warning Missing JSDoc @param "sinon" type jsdoc/require-param-type 26:3 warning Unexpected var, use let or const instead no-var 62:32 warning Unexpected function expression prefer-arrow-callback 63:3 warning Unexpected var, use let or const instead no-var 99:30 warning Unexpected function expression prefer-arrow-callback 100:3 warning Unexpected var, use let or const instead no-var 121:31 warning Unexpected function expression prefer-arrow-callback 122:3 warning Unexpected var, use let or const instead no-var 186:31 warning Unexpected function expression prefer-arrow-callback 187:3 warning Unexpected var, use let or const instead no-var 226:37 warning Unexpected function expression prefer-arrow-callback 227:3 warning Unexpected var, use let or const instead no-var 304:30 warning Unexpected function expression prefer-arrow-callback 305:3 warning Unexpected var, use let or const instead no-var 338:46 warning Unexpected function expression prefer-arrow-callback 339:3 warning Unexpected var, use let or const instead no-var 341:9 warning Unexpected var, use let or const instead no-var 342:4 warning Unexpected var, use let or const instead no-var 363:30 warning Unexpected function expression prefer-arrow-callback 364:3 warning Unexpected var, use let or const instead no-var 389:28 warning Unexpected function expression prefer-arrow-callback 390:3 warning Unexpected var, use let or const instead no-var 422:31 warning Unexpected function expression prefer-arrow-callback 423:3 warning Unexpected var, use let or const instead no-var 447:44 warning Unexpected function expression prefer-arrow-callback 448:3 warning Unexpected var, use let or const instead no-var 458:31 warning Unexpected function expression prefer-arrow-callback 459:3 warning Unexpected var, use let or const instead no-var 494:51 warning Unexpected function expression prefer-arrow-callback 495:3 warning Unexpected var, use let or const instead no-var 517:55 warning Unexpected function expression prefer-arrow-callback 518:3 warning Unexpected var, use let or const instead no-var 544:57 warning Unexpected function expression prefer-arrow-callback 545:3 warning Unexpected var, use let or const instead no-var 571:39 warning Unexpected function expression prefer-arrow-callback 572:3 warning Unexpected var, use let or const instead no-var 582:83 warning Unexpected function expression prefer-arrow-callback 583:3 warning Unexpected var, use let or const instead no-var 590:91 warning Unexpected function expression prefer-arrow-callback 591:3 warning Unexpected var, use let or const instead no-var /src/repo/tests/RepoApiError.tests.js 2:1 warning Missing JSDoc @param "wb" type jsdoc/require-param-type 3:1 warning Missing JSDoc @param "QUnit" type jsdoc/require-param-type 4:1 warning Missing JSDoc @param "sinon" type jsdoc/require-param-type 14:44 warning Unexpected function expression prefer-arrow-callback 15:3 warning Unexpected var, use let or const instead no-var 55:3 warning Unexpected function expression prefer-arrow-callback 56:4 warning Unexpected var, use let or const instead no-var 134:3 warning Unexpected function expression prefer-arrow-callback 135:4 warning Unexpected var, use let or const instead no-var 163:3 warning Unexpected function expression prefer-arrow-callback 164:4 warning Unexpected var, use let or const instead no-var 253:3 warning Unexpected function expression prefer-arrow-callback 254:4 warning Unexpected var, use let or const instead no-var ✖ 114 problems (0 errors, 114 warnings) 0 errors and 87 warnings potentially fixable with the `--fix` option. Running "qunit:all" (qunit) task Testing tests/index.html Failed to load resource: net::ERR_FILE_NOT_FOUND .......................OK >> 23 tests completed with 0 failed, 0 skipped, and 0 todo. >> 215 assertions (in 63ms), passed: 215, failed: 0 Done. --- end --- {"1100556": {"source": 1100556, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.0.5"}} Upgrading n:cross-spawn from 7.0.3 -> 7.0.6 $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- build: Updating cross-spawn to 7.0.6 * https://github.com/advisories/GHSA-3xgq-45jj-v275 $ git add . --- stdout --- --- end --- $ git commit -F /tmp/tmpo3jquvtl --- stdout --- [master 6fc6b35] build: Updating cross-spawn to 7.0.6 1 file changed, 6 insertions(+), 6 deletions(-) --- end --- $ git format-patch HEAD~1 --stdout --- stdout --- From 6fc6b3597c8f29de90f772c0ed8ec700e75d05b1 Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Wed, 20 Nov 2024 08:43:29 +0000 Subject: [PATCH] build: Updating cross-spawn to 7.0.6 * https://github.com/advisories/GHSA-3xgq-45jj-v275 Change-Id: I1c7339802178ec931ea2c4d766d4c99e47bc9258 --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6f81116..e3613a2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1066,9 +1066,9 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "dependencies": { "path-key": "^3.1.0", @@ -5834,9 +5834,9 @@ "dev": true }, "cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "requires": { "path-key": "^3.1.0", -- 2.39.2 --- end ---