This run took 147 seconds.
From 3e31bd9376ee80a032c9209b7ad7ca62700cee47 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 24 Nov 2024 21:31:13 +0000
Subject: [PATCH] build: Updating cross-spawn to 6.0.6, 7.0.6
* https://github.com/advisories/GHSA-3xgq-45jj-v275
Change-Id: I66a8382c10211087715d486ba8182f15d2973c7d
---
package-lock.json | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 4933174..e2b1074 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2193,9 +2193,9 @@
}
},
"node_modules/cross-spawn": {
- "version": "7.0.3",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
- "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+ "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"dependencies": {
"path-key": "^3.1.0",
@@ -7075,9 +7075,9 @@
"dev": true
},
"node_modules/npm-run-all/node_modules/cross-spawn": {
- "version": "6.0.5",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz",
- "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==",
+ "version": "6.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz",
+ "integrity": "sha512-VqCUuhcd1iB+dsv8gxPttb5iZh/D0iubSP21g36KXdEuf6I5JiioesUVjpCdHV9MZRUfVFlvwtIUyPfxo5trtw==",
"dev": true,
"dependencies": {
"nice-try": "^1.0.4",
@@ -12028,9 +12028,9 @@
}
},
"cross-spawn": {
- "version": "7.0.3",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
- "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+ "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"requires": {
"path-key": "^3.1.0",
@@ -15572,9 +15572,9 @@
"dev": true
},
"cross-spawn": {
- "version": "6.0.5",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz",
- "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==",
+ "version": "6.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz",
+ "integrity": "sha512-VqCUuhcd1iB+dsv8gxPttb5iZh/D0iubSP21g36KXdEuf6I5JiioesUVjpCdHV9MZRUfVFlvwtIUyPfxo5trtw==",
"dev": true,
"requires": {
"nice-try": "^1.0.4",
--
2.39.2
$ date
--- stdout ---
Sun Nov 24 21:29:09 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WikibaseLexeme.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'resources/special/new-lexeme' (https://phabricator.wikimedia.org/diffusion/NLSP/new-lexeme-special-page.git) registered for path 'resources/special/new-lexeme'
Cloning into '/src/repo/resources/special/new-lexeme'...
--- stdout ---
Submodule path 'resources/special/new-lexeme': checked out '0a9293702bb5993f1d02f51c3424947fbd7470e8'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
2be541fbe9e403c9990bb7a3f4adbaaea2708ed7 refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1100563,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/npm-run-all/node_modules/cross-spawn"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 1,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 848,
"optional": 5,
"peer": 19,
"peerOptional": 0,
"total": 848
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 44 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (3.0.5)
- Locking davidrjonas/composer-lock-diff (1.7.0)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
- Locking doctrine/deprecations (1.1.3)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking giorgiosironi/eris (0.14.0)
- Locking hamcrest/hamcrest-php (v2.0.1)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.0)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.0.0)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking serialization/serialization (4.0.0)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.1.8)
- Locking symfony/deprecation-contracts (v3.5.0)
- Locking symfony/polyfill-ctype (v1.31.0)
- Locking symfony/polyfill-intl-grapheme (v1.31.0)
- Locking symfony/polyfill-intl-normalizer (v1.31.0)
- Locking symfony/polyfill-mbstring (v1.31.0)
- Locking symfony/polyfill-php80 (v1.31.0)
- Locking symfony/service-contracts (v3.5.0)
- Locking symfony/string (v7.1.8)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
- Locking wikimedia/assert (v0.5.1)
- Locking wmde/php-vuejs-templating (2.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 44 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing davidrjonas/composer-lock-diff (1.7.0): Extracting archive
- Installing giorgiosironi/eris (0.14.0): Extracting archive
- Installing hamcrest/hamcrest-php (v2.0.1): Extracting archive
- Installing symfony/polyfill-php80 (v1.31.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive
- Installing composer/spdx-licenses (1.5.8): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.31.0): Extracting archive
- Installing symfony/string (v7.1.8): Extracting archive
- Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.5.0): Extracting archive
- Installing symfony/console (v7.1.8): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.3): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing serialization/serialization (4.0.0): Extracting archive
- Installing wikimedia/assert (v0.5.1): Extracting archive
- Installing wmde/php-vuejs-templating (2.0.0): Extracting archive
0/42 [>---------------------------] 0%
18/42 [============>---------------] 42%
32/42 [=====================>------] 76%
42/42 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1100563,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/npm-run-all/node_modules/cross-spawn"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 1,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 848,
"optional": 5,
"peer": 19,
"peerOptional": 0,
"total": 848
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 848,
"removed": 0,
"changed": 0,
"audited": 849,
"funding": 183,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1100563,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"",
""
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 1,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 848,
"optional": 5,
"peer": 19,
"peerOptional": 0,
"total": 848
}
}
}
}
--- end ---
{"added": 848, "removed": 0, "changed": 0, "audited": 849, "funding": 183, "audit": {"auditReportVersion": 2, "vulnerabilities": {"cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1100562, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}, {"source": 1100563, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.0.5"}], "effects": [], "range": "<6.0.6 || >=7.0.0 <7.0.5", "nodes": ["", ""], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": true, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": [], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/request/node_modules/tough-cookie"], "fixAvailable": false}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 2, "high": 1, "critical": 0, "total": 3}, "dependencies": {"prod": 1, "dev": 848, "optional": 5, "peer": 19, "peerOptional": 0, "total": 848}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
--- stdout ---
added 847 packages, and audited 848 packages in 26s
183 packages are looking for funding
run `npm fund` for details
# npm audit report
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/request/node_modules/tough-cookie
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
--- stdout ---
added 847 packages, and audited 848 packages in 17s
183 packages are looking for funding
run `npm fund` for details
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[33mThe CJS build of Vite's Node API is deprecated. See https://vitejs.dev/guide/troubleshooting.html#vite-cjs-node-api-deprecated for more details.[39m
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
11 │ padding: $dimension-layout-small;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 11:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
14 │ border-style: $border-style-base;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 14:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
15 │ border-width: $border-width-thin;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 15:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
16 │ border-radius: $border-radius-base;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 16:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
17 │ border-color: $border-color-base-subtle;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 17:2 root stylesheet
--- stdout ---
> test
> run-s test:*
> test:grunt
> grunt test
Running "eslint:all" (eslint) task
/src/repo/cypress/support/pageObjects/FormsSection.ts
143:2 warning Missing JSDoc @return declaration jsdoc/require-returns
144:1 warning Missing JSDoc @param "formId" type jsdoc/require-param-type
/src/repo/resources/entityChangers/FormChanger.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/resources/entityChangers/SenseChanger.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/resources/jquery.wikibase.lexemeformview.js
287:1 warning Missing JSDoc @param "lemmas" type jsdoc/require-param-type
288:1 warning Missing JSDoc @param "formIndex" type jsdoc/require-param-type
289:1 warning Missing JSDoc @param "formId" type jsdoc/require-param-type
290:1 warning Missing JSDoc @param "representations" type jsdoc/require-param-type
/src/repo/resources/jquery.wikibase.lexemeview.js
25:1 warning Expected 0 trailing lines jsdoc/tag-lines
/src/repo/resources/serialization/FormSerializer.js
12:1 warning The type 'serialization' is undefined jsdoc/no-undefined-types
/src/repo/resources/serialization/LexemeDeserializer.js
10:1 warning The type 'SERIALIZER' is undefined jsdoc/no-undefined-types
/src/repo/resources/serialization/SenseSerializer.js
12:1 warning The type 'serialization' is undefined jsdoc/no-undefined-types
/src/repo/resources/special/NewLexeme.js
6:2 warning Unused eslint-disable directive (no problems were reported from 'no-undef')
/src/repo/resources/special/NewLexemeFallback.js
8:3 warning NodeList.forEach not supported by Chrome<51, Firefox<50, Safari<10, IE & others. Use Array.prototype.forEach.call instead mediawiki/no-nodelist-unsupported-methods
/src/repo/resources/view/ViewFactoryFactory.js
17:1 warning Syntax error in type: [] jsdoc/valid-types
/src/repo/resources/widgets/GlossWidget.js
34:1 warning Syntax error in type: [{ value: string, language: string }] jsdoc/valid-types
/src/repo/tests/qunit/datamodel/Form.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/datamodel/Sense.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/entityChangers/FormChanger.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/entityChangers/SenseChanger.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.lexemeformlistview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.lexemeformview.tests.js
1:1 warning Missing JSDoc @param "require" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.senselistview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.senseview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/serialization/LexemeDeserializer.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/widgets/GrammaticalFeatureListWidget.tests.js
1:1 warning Missing JSDoc @param "QUnit" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "require" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "sinon" declaration jsdoc/require-param
✖ 29 problems (0 errors, 29 warnings)
0 errors and 17 warnings potentially fixable with the `--fix` option.
Running "banana:WikibaseLexeme" (banana) task
>> The "fr" translation has 2 translations with trailing whitespace:
>> * wikibaselexeme-formidformatter-separator-multiple-representation
>> * wikibaselexeme-presentation-lexeme-display-label-separator-multiple-lemma
>> 3 message directories checked.
Running "jasmine_nodejs:all" (jasmine_nodejs) task
>> Executing 127 defined specs...
Test Suites & Specs:
1) mutationTypes
✔ uses unique ids for all mutation types
2) mutations
✔ REPLACE_ALL_REPRESENTATIONS replaces representations of correct form
✔ DERIVE_REPRESENTATION_LANGUAGE_FROM_LEMMA changes representation language correctly
✔ UPDATE_REPRESENTATION_LANGUAGE changes correct representation language
✔ ADD_REPRESENTATION adds a new representation to the right form
✔ UPDATE_REPRESENTATION_VALUE changes correct representation value
✔ REMOVE_REPRESENTATION removes representation leaving others with updated index
3) wikibase.lexeme.widgets.LexemeHeader
4) isUnsaveable
✔ returns true when there are changes but also lemmas with redundant languages
✔ returns false by default
✔ returns true when there are changes but saving is ongoing
✔ returns true when there are no changes
✔ shows save button disabled when unsaveable
✔ save lemma list with error
✔ attempting to save with empty lemmas fails
✔ shows save button disabled without changes
✔ shows save button enabled when not unsaveable
✔ binds to lemma-widget hasRedundantLanguage event
✔ save lemma list
✔ passes language and lexical category to LanguageAndLexicalCategoryWidget
✔ updates language and lexical category on save
✔ passes lemmas to LemmaWidget
✔ cancel edit mode
5) hasChanges
✔ returns false by default
✔ returns true when language changes
✔ returns true when lexical category changes
✔ ignores added empty lemmas
✔ returns true when lemmas change
✔ switch to edit mode
6) InvalidLanguageIndicator
✔ creates mixin definition with watch that monitors the property recursively
✔ creates mixin definition with watch that does not fire immediately
✔ creates mixin definition with watch on desired property
✔ creates mixin watch handler not taking offence in empty language
✔ creates mixin definition that adds an InvalidLanguages property to data
✔ creates mixin watch handler that updates InvalidLanguages with respective language values
✔ creates mixin property hasInvalidLanguage returning true for existing InvalidLanguages
✔ creates mixin definition providing method to determine if language isInvalidLanguage
✔ creates mixin watch handler that can find multiple invalid languages
✔ creates mixin property hasInvalidLanguage returning false for empty InvalidLanguages
✔ creates mixin definition providing computed property hasInvalidLanguage
✔ creates mixin definition method isInvalidLanguage returning false for empty InvalidLanguages
7) wikibase.lexeme.widgets.LemmaWidget
✔ edit mode is false
✔ add a new lemma
✔ detects redundant lemma languages to mark the widget
✔ marks-up the lemma term with the lemma language
✔ detects redundant lemma language to mark the individual languages
✔ initialize widget with one lemma
✔ can carry redundant lemma languages
✔ edit mode is true
✔ remove a lemma
8) GlossWidget
✔ removes empty glosses when saved
✔ remove a gloss
✔ add a new gloss
✔ initialize widget with one gloss
✔ stop editing
✔ create with no glosses - when switched to edit mode empty gloss is added
✔ switch to edit mode
9) LexemeHeader.newLexemeHeaderStore
✔ failed save returns rejected promise with first error object if API returns multiple errors
✔ action save calls API with correct parameters when editing several existing lemmas
✔ action save on success processes tempuser values when present
✔ action save calls API with correct parameters when removing one of several existing lemmas
✔ failed save returns rejected promise with a single error object
✔ action save calls API with correct parameters when removing an item from the state
✔ mutation updateLanguage changes language and languageLink to given values
✔ mutation updateLanguage changes lexical category and the link to given values
✔ action save on success mutates the state to start saving, updates state and finishes saving
✔ action save calls API with correct parameters and changes state using data from response
✔ mutation updateRevisionId changes baseRevId to given value
✔ mutation finishSaving switches the isSaving flag to false
✔ action save calls API with correct parameters when editing one of several existing lemmas
✔ mutation startSaving switches the isSaving flag to true
✔ action save calls API with correct parameters when editing an existing lemma
✔ mutation updateLemmas changes lemmas to given values
✔ action save calls API with correct parameters when adding, editing and removing lemmas
10) focusElement
11) callback
✔ calls focus on selected element
✔ can handle missing element
✔ returns a callback without doing anything else
12) actionTypes
✔ uses unique ids for all action types
13) actions
✔ REMOVE_REPRESENTATION delegates to mutation
✔ UPDATE_REPRESENTATION_VALUE delegates to mutation
✔ UPDATE_REPRESENTATION_LANGUAGE delegates to mutation
✔ REPLACE_ALL_REPRESENTATIONS delegates to mutation
✔ ADD_REPRESENTATION on state having no representations and multiple lemmas mutates to empty values
✔ ADD_REPRESENTATION on state having existing representation and one lemma mutates to empty values
✔ ADD_REPRESENTATION on state having no representations and one lemma mutates to empty values and derives lemma language
14) store
✔ creates initial state
15) LemmaList
16) copy
✔ clones Lemmas
✔ creates an identical LemmaList
17) equals
✔ returns true for LemmaList with same lemmas
✔ returns false for objects that are not of type LemmaList
✔ returns false for LemmaList of different length
✔ returns false for LemmaList with different lemmas
✔ ignores empty lemmas
✔ remove
✔ add
✔ getLemmas
✔ length
18) RedundantLanguageIndicator
✔ creates mixin property hasRedundantLanguage returning true for existing redundantLanguages
✔ creates mixin watch handler that updates redundantLanguages with respective language values
✔ creates mixin definition that adds a redundantLanguages property to data
✔ creates mixin definition with watch on desired property
✔ creates mixin watch handler that can find multiple redundant languages
✔ creates mixin watch handler not taking offence in repeated empty language
✔ creates mixin definition method isRedundantLanguage returning false for empty redundantLanguages
✔ creates mixin definition with watch that fires immediately
✔ creates mixin definition providing computed property hasRedundantLanguage
✔ creates mixin definition with watch that monitors the property recursively
✔ creates mixin property hasRedundantLanguage returning false for empty redundantLanguages
✔ creates mixin definition providing method to determine if language isRedundantLanguage
19) RepresentationWidget
✔ can remove a representation
✔ adds an empty representation on add
✔ cannot add representation if not in edit mode
✔ adds a representation with unique lemmas language on add after delete
✔ shows only the representation it contains when editing the widget with some representation
✔ switches to edit mode when editing
✔ is not in edit mode after being created
✔ is not in edit mode after editing is stopped
✔ can carry redundant representations
✔ detects redundant representation languages and marks the widget
✔ cannot remove representation if not in edit mode
✔ detects redundant representation languages and can mark the individual languages
✔ adds a new empty representation when editing the widget with no representations and multiple lemmas
✔ adds a new representation with lemma language when editing the widget with no representations and one lemma
20) ItemSelectorWrapper
✔ passes the item ID to the entityselector widget on mount
21) LanguageAndLexicalCategoryWidget
✔ shows the language and the lexical category
✔ switches to edit mode and back
22) LexemeSubEntityId
23) getIdSuffix
✔ returns the Form id suffix
✔ returns the Sense id suffix
>> Done!
Summary:
Suites: 23 of 23
Specs: 127 of 127
Expects: 0 (0 failures)
Finished in 0.738 seconds
>> Successful!
Running "jasmine_nodejs_reset" task
Running "stylelint:all" (stylelint) task
>> Linted 7 files without errors
Done.
> test:snl-distnodiff
> run-s snl:install snl:build snl:cp snl:diff
> snl:install
> npm -C $npm_package_config_snl_src i
> new-lexeme-special-page@0.0.1 prepare
> husky
added 1160 packages, and audited 1161 packages in 34s
206 packages are looking for funding
run `npm fund` for details
5 vulnerabilities (2 moderate, 3 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
> snl:build
> npm -C $npm_package_config_snl_src run build
> new-lexeme-special-page@0.0.1 build
> vite build
vite v5.4.0 building for production...
transforming...
✓ 100 modules transformed.
rendering chunks...
computing gzip size...
dist/style.css 27.27 kB │ gzip: 4.20 kB
dist/SpecialNewLexeme.cjs.js 104.34 kB │ gzip: 34.83 kB
✓ built in 2.82s
> snl:cp
> run-p snl:cp:*
> snl:cp:cjs
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_cjs $npm_package_config_snl_dist/
> snl:cp:css
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_css $npm_package_config_snl_dist/
> snl:diff
> git diff --exit-code $npm_package_config_snl_dist
> test:snl-main
> git -C $npm_package_config_snl_src branch --contains HEAD main | grep -q .
> test:mwlibs
> echo 'disabled (T297381)' # ZUUL_BRANCH=${ZUUL_BRANCH:-master} lib-version-check
disabled (T297381)
--- end ---
{"1100562": {"source": 1100562, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}, "1100563": {"source": 1100563, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.0.5"}}
Upgrading n:cross-spawn from 6.0.5, 7.0.3 -> 6.0.6, 7.0.6
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating cross-spawn to 6.0.6, 7.0.6
* https://github.com/advisories/GHSA-3xgq-45jj-v275
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpe872wr3u
--- stdout ---
[REL1_43 3e31bd9] build: Updating cross-spawn to 6.0.6, 7.0.6
1 file changed, 12 insertions(+), 12 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 3e31bd9376ee80a032c9209b7ad7ca62700cee47 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 24 Nov 2024 21:31:13 +0000
Subject: [PATCH] build: Updating cross-spawn to 6.0.6, 7.0.6
* https://github.com/advisories/GHSA-3xgq-45jj-v275
Change-Id: I66a8382c10211087715d486ba8182f15d2973c7d
---
package-lock.json | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 4933174..e2b1074 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2193,9 +2193,9 @@
}
},
"node_modules/cross-spawn": {
- "version": "7.0.3",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
- "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+ "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"dependencies": {
"path-key": "^3.1.0",
@@ -7075,9 +7075,9 @@
"dev": true
},
"node_modules/npm-run-all/node_modules/cross-spawn": {
- "version": "6.0.5",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz",
- "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==",
+ "version": "6.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz",
+ "integrity": "sha512-VqCUuhcd1iB+dsv8gxPttb5iZh/D0iubSP21g36KXdEuf6I5JiioesUVjpCdHV9MZRUfVFlvwtIUyPfxo5trtw==",
"dev": true,
"dependencies": {
"nice-try": "^1.0.4",
@@ -12028,9 +12028,9 @@
}
},
"cross-spawn": {
- "version": "7.0.3",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
- "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+ "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"requires": {
"path-key": "^3.1.0",
@@ -15572,9 +15572,9 @@
"dev": true
},
"cross-spawn": {
- "version": "6.0.5",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz",
- "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==",
+ "version": "6.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz",
+ "integrity": "sha512-VqCUuhcd1iB+dsv8gxPttb5iZh/D0iubSP21g36KXdEuf6I5JiioesUVjpCdHV9MZRUfVFlvwtIUyPfxo5trtw==",
"dev": true,
"requires": {
"nice-try": "^1.0.4",
--
2.39.2
--- end ---