This run took 218 seconds.
From 6fef346d5da6079bb461d387d2bcb98af5550325 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Wed, 5 Feb 2025 05:36:03 +0000
Subject: [PATCH] build: Updating @wikimedia/codex-design-tokens to 1.20.1
Change-Id: Ie446ee7eec126c83413e1f04d8c591e94019fe8b
---
package-lock.json | 15 +++++++--------
package.json | 2 +-
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 3bb97cb..605f136 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6,7 +6,7 @@
"": {
"name": "wikimedia-portals",
"devDependencies": {
- "@wikimedia/codex-design-tokens": "1.20.0",
+ "@wikimedia/codex-design-tokens": "1.20.1",
"@wikimedia/language-data": "^1.1.8",
"bluebird": "^3.7.2",
"browserslist-config-wikimedia": "0.7.0",
@@ -2844,11 +2844,10 @@
"dev": true
},
"node_modules/@wikimedia/codex-design-tokens": {
- "version": "1.20.0",
- "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.0.tgz",
- "integrity": "sha512-3Z5nngMIaIdDClzMQO1FL8HmGcONWUbX8YgM/2nuBy3xuCns7UPp+oQi8+2+wqKd9HpLF+dxHY5+m23GE8LMuQ==",
+ "version": "1.20.1",
+ "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.1.tgz",
+ "integrity": "sha512-a2YIdbs8dbLput3NvfJh8rnfKIpd2rn1gLHGyo0sUQhBOxCxpqKyQTYeFi0RQ/Iqg4qem0pcMsa/z5flLvDYnA==",
"dev": true,
- "license": "GPL-2.0+",
"engines": {
"node": ">=20",
"npm": ">=10.8.1"
@@ -22377,9 +22376,9 @@
"dev": true
},
"@wikimedia/codex-design-tokens": {
- "version": "1.20.0",
- "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.0.tgz",
- "integrity": "sha512-3Z5nngMIaIdDClzMQO1FL8HmGcONWUbX8YgM/2nuBy3xuCns7UPp+oQi8+2+wqKd9HpLF+dxHY5+m23GE8LMuQ==",
+ "version": "1.20.1",
+ "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.1.tgz",
+ "integrity": "sha512-a2YIdbs8dbLput3NvfJh8rnfKIpd2rn1gLHGyo0sUQhBOxCxpqKyQTYeFi0RQ/Iqg4qem0pcMsa/z5flLvDYnA==",
"dev": true
},
"@wikimedia/language-data": {
diff --git a/package.json b/package.json
index f9eb880..51ddc1f 100644
--- a/package.json
+++ b/package.json
@@ -14,7 +14,7 @@
"test"
],
"devDependencies": {
- "@wikimedia/codex-design-tokens": "1.20.0",
+ "@wikimedia/codex-design-tokens": "1.20.1",
"@wikimedia/language-data": "^1.1.8",
"bluebird": "^3.7.2",
"browserslist-config-wikimedia": "0.7.0",
--
2.39.2
$ date
--- stdout ---
Wed Feb 5 05:32:41 UTC 2025
--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' (https://gerrit.wikimedia.org/r/wikimedia/portals/deploy) registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
cfb32a954e2f3ea5737962eeab0442323a1abf50 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@koa/cors": {
"name": "@koa/cors",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095223,
"name": "@koa/cors",
"dependency": "@koa/cors",
"title": "Overly permissive origin policy",
"url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82",
"severity": "high",
"cwe": [
"CWE-346"
],
"cvss": {
"score": 8.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"
},
"range": "<5.0.0"
}
],
"effects": [
"es-dev-server"
],
"range": "<5.0.0",
"nodes": [
"node_modules/@koa/cors"
],
"fixAvailable": true
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"glob-watcher"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/glob-watcher/node_modules/anymatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098583,
"name": "axios",
"dependency": "axios",
"title": "Server-Side Request Forgery in axios",
"url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=1.3.2 <=1.7.3"
}
],
"effects": [
"github-build"
],
"range": "1.3.2 - 1.7.3",
"nodes": [
"node_modules/github-build/node_modules/axios"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/findup-sync/node_modules/braces",
"node_modules/glob-watcher/node_modules/braces",
"node_modules/matchdep/node_modules/braces"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"browserslist-useragent": {
"name": "browserslist-useragent",
"severity": "moderate",
"isDirect": false,
"via": [
"useragent"
],
"effects": [],
"range": "<=3.1.4",
"nodes": [
"node_modules/browserslist-useragent"
],
"fixAvailable": true
},
"bundlesize": {
"name": "bundlesize",
"severity": "high",
"isDirect": true,
"via": [
"github-build"
],
"effects": [],
"range": "0.18.2",
"nodes": [
"node_modules/bundlesize"
],
"fixAvailable": true
},
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"glob-watcher"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/glob-watcher/node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"isDirect": false,
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089718,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/color/node_modules/color-string"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-declaration-sorter": {
"name": "css-declaration-sorter",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.1.2",
"nodes": [
"node_modules/css-declaration-sorter"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "moderate",
"isDirect": true,
"via": [
"cssnano-preset-default",
"postcss"
],
"effects": [],
"range": "<=4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "moderate",
"isDirect": false,
"via": [
"css-declaration-sorter",
"cssnano-util-raw-cache",
"postcss",
"postcss-calc",
"postcss-colormin",
"postcss-convert-values",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-svgo",
"postcss-unique-selectors"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"cssnano-util-raw-cache": {
"name": "cssnano-util-raw-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/cssnano-util-raw-cache"
],
"fixAvailable": true
},
"es-dev-server": {
"name": "es-dev-server",
"severity": "high",
"isDirect": true,
"via": [
"@koa/cors",
"browserslist-useragent",
"useragent"
],
"effects": [],
"range": ">=1.24.1",
"nodes": [
"node_modules/es-dev-server"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"liftoff",
"matchdep"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/findup-sync",
"node_modules/matchdep/node_modules/findup-sync"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"bundlesize"
],
"range": ">=1.2.4",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"chokidar"
],
"effects": [
"gulp"
],
"range": "5.0.0 - 5.0.5",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"isDirect": true,
"via": [
"glob-watcher",
"gulp-cli"
],
"effects": [],
"range": "4.0.0 - 4.0.2",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp-cli": {
"name": "gulp-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"liftoff",
"matchdep"
],
"effects": [],
"range": "1.3.0 - 2.3.0",
"nodes": [
"node_modules/gulp-cli"
],
"fixAvailable": true
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "high",
"isDirect": true,
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-htmlmin": {
"name": "gulp-htmlmin",
"severity": "high",
"isDirect": true,
"via": [
"html-minifier"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-htmlmin"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "high",
"isDirect": true,
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"gulp-postcss": {
"name": "gulp-postcss",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=8.0.0",
"nodes": [
"node_modules/gulp-postcss"
],
"fixAvailable": {
"name": "gulp-postcss",
"version": "10.0.0",
"isSemVerMajor": true
}
},
"gulp-svg-sprite": {
"name": "gulp-svg-sprite",
"severity": "moderate",
"isDirect": true,
"via": [
"svg-sprite"
],
"effects": [],
"range": "1.3.0 - 1.5.0",
"nodes": [
"node_modules/gulp-svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"html-minifier": {
"name": "html-minifier",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100303,
"name": "html-minifier",
"dependency": "html-minifier",
"title": "kangax html-minifier REDoS vulnerability",
"url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=4.0.0"
}
],
"effects": [
"gulp-htmlmin"
],
"range": "*",
"nodes": [
"node_modules/html-minifier"
],
"fixAvailable": false
},
"liftoff": {
"name": "liftoff",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync"
],
"effects": [
"gulp-cli"
],
"range": "2.2.3 - 3.1.0",
"nodes": [
"node_modules/liftoff"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096303,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096993,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util",
"postcss-initial"
],
"range": "*",
"nodes": [
"node_modules/lodash.template",
"node_modules/postcss-initial/node_modules/lodash.template"
],
"fixAvailable": false
},
"matchdep": {
"name": "matchdep",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync",
"micromatch"
],
"effects": [
"gulp-cli"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/matchdep"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"matchdep",
"readdirp"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/findup-sync/node_modules/micromatch",
"node_modules/glob-watcher/node_modules/micromatch",
"node_modules/matchdep/node_modules/micromatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"phantomjs-prebuilt": {
"name": "phantomjs-prebuilt",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"svg-sprite"
],
"range": "*",
"nodes": [
"node_modules/phantomjs-prebuilt"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1093539,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<7.0.36"
},
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"css-declaration-sorter",
"cssnano",
"cssnano-preset-default",
"cssnano-util-raw-cache",
"gulp-postcss",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-colormin",
"postcss-convert-values",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-import",
"postcss-initial",
"postcss-media-minmax",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-nesting",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-replace-overflow-wrap",
"postcss-reporter",
"postcss-selector-matches",
"postcss-selector-not",
"postcss-svgo",
"postcss-unique-selectors",
"stylehacks"
],
"range": "<=8.4.30",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-declaration-sorter/node_modules/postcss",
"node_modules/cssnano-preset-default/node_modules/postcss",
"node_modules/cssnano-util-raw-cache/node_modules/postcss",
"node_modules/cssnano/node_modules/postcss",
"node_modules/gulp-postcss/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-colormin/node_modules/postcss",
"node_modules/postcss-convert-values/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-discard-comments/node_modules/postcss",
"node_modules/postcss-discard-duplicates/node_modules/postcss",
"node_modules/postcss-discard-empty/node_modules/postcss",
"node_modules/postcss-discard-overridden/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-import/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-merge-longhand/node_modules/postcss",
"node_modules/postcss-merge-rules/node_modules/postcss",
"node_modules/postcss-minify-font-values/node_modules/postcss",
"node_modules/postcss-minify-gradients/node_modules/postcss",
"node_modules/postcss-minify-params/node_modules/postcss",
"node_modules/postcss-minify-selectors/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-normalize-charset/node_modules/postcss",
"node_modules/postcss-normalize-display-values/node_modules/postcss",
"node_modules/postcss-normalize-positions/node_modules/postcss",
"node_modules/postcss-normalize-repeat-style/node_modules/postcss",
"node_modules/postcss-normalize-string/node_modules/postcss",
"node_modules/postcss-normalize-timing-functions/node_modules/postcss",
"node_modules/postcss-normalize-unicode/node_modules/postcss",
"node_modules/postcss-normalize-url/node_modules/postcss",
"node_modules/postcss-normalize-whitespace/node_modules/postcss",
"node_modules/postcss-ordered-values/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-reduce-initial/node_modules/postcss",
"node_modules/postcss-reduce-transforms/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-reporter/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss",
"node_modules/postcss-svgo/node_modules/postcss",
"node_modules/postcss-unique-selectors/node_modules/postcss",
"node_modules/stylehacks/node_modules/postcss"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-calc": {
"name": "postcss-calc",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.1.0 - 7.0.5",
"nodes": [
"node_modules/postcss-calc",
"node_modules/postcss-cssnext/node_modules/postcss-calc"
],
"fixAvailable": true
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": true
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": false
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-colormin": {
"name": "postcss-colormin",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-colormin"
],
"fixAvailable": true
},
"postcss-convert-values": {
"name": "postcss-convert-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-convert-values"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"postcss-selector-matches"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-discard-comments": {
"name": "postcss-discard-comments",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-discard-comments"
],
"fixAvailable": true
},
"postcss-discard-duplicates": {
"name": "postcss-discard-duplicates",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.2",
"nodes": [
"node_modules/postcss-discard-duplicates"
],
"fixAvailable": true
},
"postcss-discard-empty": {
"name": "postcss-discard-empty",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-discard-empty"
],
"fixAvailable": true
},
"postcss-discard-overridden": {
"name": "postcss-discard-overridden",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-discard-overridden"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-import": {
"name": "postcss-import",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=12.0.1",
"nodes": [
"node_modules/postcss-import"
],
"fixAvailable": {
"name": "postcss-import",
"version": "16.1.0",
"isSemVerMajor": true
}
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template",
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.2 || 4.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-merge-longhand": {
"name": "postcss-merge-longhand",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"stylehacks"
],
"effects": [],
"range": "<=4.0.11",
"nodes": [
"node_modules/postcss-merge-longhand"
],
"fixAvailable": true
},
"postcss-merge-rules": {
"name": "postcss-merge-rules",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-merge-rules"
],
"fixAvailable": true
},
"postcss-minify-font-values": {
"name": "postcss-minify-font-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-font-values"
],
"fixAvailable": true
},
"postcss-minify-gradients": {
"name": "postcss-minify-gradients",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-gradients"
],
"fixAvailable": true
},
"postcss-minify-params": {
"name": "postcss-minify-params",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-params"
],
"fixAvailable": true
},
"postcss-minify-selectors": {
"name": "postcss-minify-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-selectors"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-normalize-charset": {
"name": "postcss-normalize-charset",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-charset"
],
"fixAvailable": true
},
"postcss-normalize-display-values": {
"name": "postcss-normalize-display-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-display-values"
],
"fixAvailable": true
},
"postcss-normalize-positions": {
"name": "postcss-normalize-positions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-positions"
],
"fixAvailable": true
},
"postcss-normalize-repeat-style": {
"name": "postcss-normalize-repeat-style",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-repeat-style"
],
"fixAvailable": true
},
"postcss-normalize-string": {
"name": "postcss-normalize-string",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-string"
],
"fixAvailable": true
},
"postcss-normalize-timing-functions": {
"name": "postcss-normalize-timing-functions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-timing-functions"
],
"fixAvailable": true
},
"postcss-normalize-unicode": {
"name": "postcss-normalize-unicode",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-unicode"
],
"fixAvailable": true
},
"postcss-normalize-url": {
"name": "postcss-normalize-url",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-normalize-url"
],
"fixAvailable": true
},
"postcss-normalize-whitespace": {
"name": "postcss-normalize-whitespace",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-whitespace"
],
"fixAvailable": true
},
"postcss-ordered-values": {
"name": "postcss-ordered-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/postcss-ordered-values"
],
"fixAvailable": true
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-reduce-initial": {
"name": "postcss-reduce-initial",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-reduce-initial"
],
"fixAvailable": true
},
"postcss-reduce-transforms": {
"name": "postcss-reduce-transforms",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-reduce-transforms"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-reporter": {
"name": "postcss-reporter",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=6.0.1",
"nodes": [
"node_modules/postcss-reporter"
],
"fixAvailable": {
"name": "postcss-reporter",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"postcss",
"svgo"
],
"effects": [],
"range": "<=5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"postcss-unique-selectors": {
"name": "postcss-unique-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-unique-selectors"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/glob-watcher/node_modules/readdirp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"phantomjs-prebuilt"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"stylehacks": {
"name": "stylehacks",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-merge-longhand"
],
"range": "<=4.0.3",
"nodes": [
"node_modules/stylehacks"
],
"fixAvailable": true
},
"svg-sprite": {
"name": "svg-sprite",
"severity": "high",
"isDirect": false,
"via": [
"phantomjs-prebuilt",
"svgo"
],
"effects": [
"gulp-svg-sprite"
],
"range": "1.3.0 - 1.5.4",
"nodes": [
"node_modules/svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo",
"svg-sprite"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"useragent": {
"name": "useragent",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1100298,
"name": "useragent",
"dependency": "useragent",
"title": "useragent Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=2.3.0"
}
],
"effects": [
"browserslist-useragent",
"es-dev-server"
],
"range": "*",
"nodes": [
"node_modules/useragent"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 77,
"high": 26,
"critical": 0,
"total": 103
},
"dependencies": {
"prod": 1,
"dev": 1730,
"optional": 4,
"peer": 1,
"peerOptional": 0,
"total": 1730
}
}
}
--- end ---
Upgrading n:@wikimedia/codex-design-tokens from 1.20.0 -> 1.20.1
$ /usr/bin/npm install
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@1.20.1',
npm WARN EBADENGINE required: { npm: '>=10.8.1', node: '>=20' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @types/browserslist@4.15.0: This is a stub types definition. browserslist provides its own type definitions, so you do not need this installed.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at https://moox.io/blog/deprecating-cssnext/
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1726 packages, and audited 1727 packages in 46s
150 packages are looking for funding
run `npm fund` for details
103 vulnerabilities (77 moderate, 26 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@1.20.1',
npm WARN EBADENGINE required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @types/browserslist@4.15.0: This is a stub types definition. browserslist provides its own type definitions, so you do not need this installed.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at https://moox.io/blog/deprecating-cssnext/
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1726 packages, and audited 1727 packages in 51s
150 packages are looking for funding
run `npm fund` for details
103 vulnerabilities (77 moderate, 26 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
33 sources checked
/src/repo/src/common/assets/postcss/_app-badge.css
/src/repo/src/common/assets/postcss/_base-portal.css
/src/repo/src/common/assets/postcss/_base.css
/src/repo/src/common/assets/postcss/_buttons.css
/src/repo/src/common/assets/postcss/_central-featured.css
/src/repo/src/common/assets/postcss/_central-textlogo.css
/src/repo/src/common/assets/postcss/_footer.css
/src/repo/src/common/assets/postcss/_forms.css
/src/repo/src/common/assets/postcss/_localization.css
/src/repo/src/common/assets/postcss/_media-print.css
/src/repo/src/common/assets/postcss/_other-languages-bookshelf.css
/src/repo/src/common/assets/postcss/_other-languages.css
/src/repo/src/common/assets/postcss/_other-projects.css
/src/repo/src/common/assets/postcss/_search-language-picker.css
/src/repo/src/common/assets/postcss/_search-suggestions.css
/src/repo/src/common/assets/postcss/_search.css
/src/repo/src/common/assets/postcss/_vars.css
/src/repo/src/common/assets/postcss/_wm-portal.css
/src/repo/src/wikimedia.org/assets/postcss/_wikimedia-custom.css
/src/repo/src/wikimedia.org/assets/postcss/style.css
/src/repo/src/wikibooks.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikibooks.org/assets/postcss/style.css
/src/repo/src/wikinews.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikinews.org/assets/postcss/style.css
/src/repo/src/wikipedia.org/assets/postcss/style.css
/src/repo/src/wikiquote.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikiquote.org/assets/postcss/style.css
/src/repo/src/wikiversity.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikiversity.org/assets/postcss/style.css
/src/repo/src/wikivoyage.org/assets/postcss/_wikivoyage-custom.css
/src/repo/src/wikivoyage.org/assets/postcss/style.css
/src/repo/src/wiktionary.org/assets/postcss/_wiktionary-custom.css
/src/repo/src/wiktionary.org/assets/postcss/style.css
0 problems found
--- stdout ---
> test
> npm -s run lint:styles && npm -s run lint:js
/src/repo/gulpfile.js/prod.js
42:1 warning Missing JSDoc @param "cb" type jsdoc/require-param-type
49:8 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
50:4 warning Found rmdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
55:1 warning This line has a length of 108. Maximum allowed is 100 max-len
68:7 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
70:3 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
72:22 warning Found unlinkSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/gulpfile.js/sprites.js
16:4 warning Found unlink from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/src/common/assets/js/page-localized.js
14:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
15:1 warning Missing JSDoc @param "translationsHash" type jsdoc/require-param-type
16:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
17:1 warning Missing JSDoc @param "rtlLangs" type jsdoc/require-param-type
/src/repo/src/common/assets/js/topten-localized.js
12:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
13:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
117:1 warning This line has a length of 101. Maximum allowed is 100 max-len
122:1 warning This line has a length of 117. Maximum allowed is 100 max-len
✖ 16 problems (0 errors, 16 warnings)
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@koa/cors": {
"name": "@koa/cors",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095223,
"name": "@koa/cors",
"dependency": "@koa/cors",
"title": "Overly permissive origin policy",
"url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82",
"severity": "high",
"cwe": [
"CWE-346"
],
"cvss": {
"score": 8.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"
},
"range": "<5.0.0"
}
],
"effects": [
"es-dev-server"
],
"range": "<5.0.0",
"nodes": [
"node_modules/@koa/cors"
],
"fixAvailable": true
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"glob-watcher"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/glob-watcher/node_modules/anymatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098583,
"name": "axios",
"dependency": "axios",
"title": "Server-Side Request Forgery in axios",
"url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=1.3.2 <=1.7.3"
}
],
"effects": [
"github-build"
],
"range": "1.3.2 - 1.7.3",
"nodes": [
"node_modules/github-build/node_modules/axios"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/findup-sync/node_modules/braces",
"node_modules/glob-watcher/node_modules/braces",
"node_modules/matchdep/node_modules/braces"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"browserslist-useragent": {
"name": "browserslist-useragent",
"severity": "moderate",
"isDirect": false,
"via": [
"useragent"
],
"effects": [],
"range": "<=3.1.4",
"nodes": [
"node_modules/browserslist-useragent"
],
"fixAvailable": true
},
"bundlesize": {
"name": "bundlesize",
"severity": "high",
"isDirect": true,
"via": [
"github-build"
],
"effects": [],
"range": "0.18.2",
"nodes": [
"node_modules/bundlesize"
],
"fixAvailable": true
},
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"glob-watcher"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/glob-watcher/node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"isDirect": false,
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089718,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/color/node_modules/color-string"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-declaration-sorter": {
"name": "css-declaration-sorter",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.1.2",
"nodes": [
"node_modules/css-declaration-sorter"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "moderate",
"isDirect": true,
"via": [
"cssnano-preset-default",
"postcss"
],
"effects": [],
"range": "<=4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "moderate",
"isDirect": false,
"via": [
"css-declaration-sorter",
"cssnano-util-raw-cache",
"postcss",
"postcss-calc",
"postcss-colormin",
"postcss-convert-values",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-svgo",
"postcss-unique-selectors"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"cssnano-util-raw-cache": {
"name": "cssnano-util-raw-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/cssnano-util-raw-cache"
],
"fixAvailable": true
},
"es-dev-server": {
"name": "es-dev-server",
"severity": "high",
"isDirect": true,
"via": [
"@koa/cors",
"browserslist-useragent",
"useragent"
],
"effects": [],
"range": ">=1.24.1",
"nodes": [
"node_modules/es-dev-server"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"liftoff",
"matchdep"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/findup-sync",
"node_modules/matchdep/node_modules/findup-sync"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"bundlesize"
],
"range": ">=1.2.4",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"chokidar"
],
"effects": [
"gulp"
],
"range": "5.0.0 - 5.0.5",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"isDirect": true,
"via": [
"glob-watcher",
"gulp-cli"
],
"effects": [],
"range": "4.0.0 - 4.0.2",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp-cli": {
"name": "gulp-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"liftoff",
"matchdep"
],
"effects": [],
"range": "1.3.0 - 2.3.0",
"nodes": [
"node_modules/gulp-cli"
],
"fixAvailable": true
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "high",
"isDirect": true,
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-htmlmin": {
"name": "gulp-htmlmin",
"severity": "high",
"isDirect": true,
"via": [
"html-minifier"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-htmlmin"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "high",
"isDirect": true,
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"gulp-postcss": {
"name": "gulp-postcss",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=8.0.0",
"nodes": [
"node_modules/gulp-postcss"
],
"fixAvailable": {
"name": "gulp-postcss",
"version": "10.0.0",
"isSemVerMajor": true
}
},
"gulp-svg-sprite": {
"name": "gulp-svg-sprite",
"severity": "moderate",
"isDirect": true,
"via": [
"svg-sprite"
],
"effects": [],
"range": "1.3.0 - 1.5.0",
"nodes": [
"node_modules/gulp-svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"html-minifier": {
"name": "html-minifier",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100303,
"name": "html-minifier",
"dependency": "html-minifier",
"title": "kangax html-minifier REDoS vulnerability",
"url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=4.0.0"
}
],
"effects": [
"gulp-htmlmin"
],
"range": "*",
"nodes": [
"node_modules/html-minifier"
],
"fixAvailable": false
},
"liftoff": {
"name": "liftoff",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync"
],
"effects": [
"gulp-cli"
],
"range": "2.2.3 - 3.1.0",
"nodes": [
"node_modules/liftoff"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096303,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096993,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util",
"postcss-initial"
],
"range": "*",
"nodes": [
"node_modules/lodash.template",
"node_modules/postcss-initial/node_modules/lodash.template"
],
"fixAvailable": false
},
"matchdep": {
"name": "matchdep",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync",
"micromatch"
],
"effects": [
"gulp-cli"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/matchdep"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"matchdep",
"readdirp"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/findup-sync/node_modules/micromatch",
"node_modules/glob-watcher/node_modules/micromatch",
"node_modules/matchdep/node_modules/micromatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"phantomjs-prebuilt": {
"name": "phantomjs-prebuilt",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"svg-sprite"
],
"range": "*",
"nodes": [
"node_modules/phantomjs-prebuilt"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1093539,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<7.0.36"
},
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"css-declaration-sorter",
"cssnano",
"cssnano-preset-default",
"cssnano-util-raw-cache",
"gulp-postcss",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-colormin",
"postcss-convert-values",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-import",
"postcss-initial",
"postcss-media-minmax",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-nesting",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-replace-overflow-wrap",
"postcss-reporter",
"postcss-selector-matches",
"postcss-selector-not",
"postcss-svgo",
"postcss-unique-selectors",
"stylehacks"
],
"range": "<=8.4.30",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-declaration-sorter/node_modules/postcss",
"node_modules/cssnano-preset-default/node_modules/postcss",
"node_modules/cssnano-util-raw-cache/node_modules/postcss",
"node_modules/cssnano/node_modules/postcss",
"node_modules/gulp-postcss/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-colormin/node_modules/postcss",
"node_modules/postcss-convert-values/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-discard-comments/node_modules/postcss",
"node_modules/postcss-discard-duplicates/node_modules/postcss",
"node_modules/postcss-discard-empty/node_modules/postcss",
"node_modules/postcss-discard-overridden/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-import/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-merge-longhand/node_modules/postcss",
"node_modules/postcss-merge-rules/node_modules/postcss",
"node_modules/postcss-minify-font-values/node_modules/postcss",
"node_modules/postcss-minify-gradients/node_modules/postcss",
"node_modules/postcss-minify-params/node_modules/postcss",
"node_modules/postcss-minify-selectors/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-normalize-charset/node_modules/postcss",
"node_modules/postcss-normalize-display-values/node_modules/postcss",
"node_modules/postcss-normalize-positions/node_modules/postcss",
"node_modules/postcss-normalize-repeat-style/node_modules/postcss",
"node_modules/postcss-normalize-string/node_modules/postcss",
"node_modules/postcss-normalize-timing-functions/node_modules/postcss",
"node_modules/postcss-normalize-unicode/node_modules/postcss",
"node_modules/postcss-normalize-url/node_modules/postcss",
"node_modules/postcss-normalize-whitespace/node_modules/postcss",
"node_modules/postcss-ordered-values/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-reduce-initial/node_modules/postcss",
"node_modules/postcss-reduce-transforms/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-reporter/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss",
"node_modules/postcss-svgo/node_modules/postcss",
"node_modules/postcss-unique-selectors/node_modules/postcss",
"node_modules/stylehacks/node_modules/postcss"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-calc": {
"name": "postcss-calc",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.1.0 - 7.0.5",
"nodes": [
"node_modules/postcss-calc",
"node_modules/postcss-cssnext/node_modules/postcss-calc"
],
"fixAvailable": true
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": false
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": true
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-colormin": {
"name": "postcss-colormin",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-colormin"
],
"fixAvailable": true
},
"postcss-convert-values": {
"name": "postcss-convert-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-convert-values"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"postcss-selector-matches"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-discard-comments": {
"name": "postcss-discard-comments",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-discard-comments"
],
"fixAvailable": true
},
"postcss-discard-duplicates": {
"name": "postcss-discard-duplicates",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.2",
"nodes": [
"node_modules/postcss-discard-duplicates"
],
"fixAvailable": true
},
"postcss-discard-empty": {
"name": "postcss-discard-empty",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-discard-empty"
],
"fixAvailable": true
},
"postcss-discard-overridden": {
"name": "postcss-discard-overridden",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-discard-overridden"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-import": {
"name": "postcss-import",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=12.0.1",
"nodes": [
"node_modules/postcss-import"
],
"fixAvailable": {
"name": "postcss-import",
"version": "16.1.0",
"isSemVerMajor": true
}
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template",
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.2 || 4.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-merge-longhand": {
"name": "postcss-merge-longhand",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"stylehacks"
],
"effects": [],
"range": "<=4.0.11",
"nodes": [
"node_modules/postcss-merge-longhand"
],
"fixAvailable": true
},
"postcss-merge-rules": {
"name": "postcss-merge-rules",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-merge-rules"
],
"fixAvailable": true
},
"postcss-minify-font-values": {
"name": "postcss-minify-font-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-font-values"
],
"fixAvailable": true
},
"postcss-minify-gradients": {
"name": "postcss-minify-gradients",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-gradients"
],
"fixAvailable": true
},
"postcss-minify-params": {
"name": "postcss-minify-params",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-params"
],
"fixAvailable": true
},
"postcss-minify-selectors": {
"name": "postcss-minify-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-selectors"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-normalize-charset": {
"name": "postcss-normalize-charset",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-charset"
],
"fixAvailable": true
},
"postcss-normalize-display-values": {
"name": "postcss-normalize-display-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-display-values"
],
"fixAvailable": true
},
"postcss-normalize-positions": {
"name": "postcss-normalize-positions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-positions"
],
"fixAvailable": true
},
"postcss-normalize-repeat-style": {
"name": "postcss-normalize-repeat-style",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-repeat-style"
],
"fixAvailable": true
},
"postcss-normalize-string": {
"name": "postcss-normalize-string",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-string"
],
"fixAvailable": true
},
"postcss-normalize-timing-functions": {
"name": "postcss-normalize-timing-functions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-timing-functions"
],
"fixAvailable": true
},
"postcss-normalize-unicode": {
"name": "postcss-normalize-unicode",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-unicode"
],
"fixAvailable": true
},
"postcss-normalize-url": {
"name": "postcss-normalize-url",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-normalize-url"
],
"fixAvailable": true
},
"postcss-normalize-whitespace": {
"name": "postcss-normalize-whitespace",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-whitespace"
],
"fixAvailable": true
},
"postcss-ordered-values": {
"name": "postcss-ordered-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/postcss-ordered-values"
],
"fixAvailable": true
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-reduce-initial": {
"name": "postcss-reduce-initial",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-reduce-initial"
],
"fixAvailable": true
},
"postcss-reduce-transforms": {
"name": "postcss-reduce-transforms",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-reduce-transforms"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-reporter": {
"name": "postcss-reporter",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=6.0.1",
"nodes": [
"node_modules/postcss-reporter"
],
"fixAvailable": {
"name": "postcss-reporter",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"postcss",
"svgo"
],
"effects": [],
"range": "<=5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"postcss-unique-selectors": {
"name": "postcss-unique-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-unique-selectors"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/glob-watcher/node_modules/readdirp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"phantomjs-prebuilt"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"stylehacks": {
"name": "stylehacks",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-merge-longhand"
],
"range": "<=4.0.3",
"nodes": [
"node_modules/stylehacks"
],
"fixAvailable": true
},
"svg-sprite": {
"name": "svg-sprite",
"severity": "high",
"isDirect": false,
"via": [
"phantomjs-prebuilt",
"svgo"
],
"effects": [
"gulp-svg-sprite"
],
"range": "1.3.0 - 1.5.4",
"nodes": [
"node_modules/svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo",
"svg-sprite"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"useragent": {
"name": "useragent",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1100298,
"name": "useragent",
"dependency": "useragent",
"title": "useragent Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=2.3.0"
}
],
"effects": [
"browserslist-useragent",
"es-dev-server"
],
"range": "*",
"nodes": [
"node_modules/useragent"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 77,
"high": 26,
"critical": 0,
"total": 103
},
"dependencies": {
"prod": 1,
"dev": 1730,
"optional": 4,
"peer": 1,
"peerOptional": 0,
"total": 1730
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@1.20.1',
npm WARN EBADENGINE required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 4,
"removed": 0,
"changed": 0,
"audited": 1731,
"funding": 150,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@koa/cors": {
"name": "@koa/cors",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095223,
"name": "@koa/cors",
"dependency": "@koa/cors",
"title": "Overly permissive origin policy",
"url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82",
"severity": "high",
"cwe": [
"CWE-346"
],
"cvss": {
"score": 8.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"
},
"range": "<5.0.0"
}
],
"effects": [
"es-dev-server"
],
"range": "<5.0.0",
"nodes": [
"node_modules/@koa/cors"
],
"fixAvailable": true
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"glob-watcher"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/glob-watcher/node_modules/anymatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098583,
"name": "axios",
"dependency": "axios",
"title": "Server-Side Request Forgery in axios",
"url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=1.3.2 <=1.7.3"
}
],
"effects": [
"github-build"
],
"range": "1.3.2 - 1.7.3",
"nodes": [
"node_modules/github-build/node_modules/axios"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/findup-sync/node_modules/braces",
"node_modules/glob-watcher/node_modules/braces",
"node_modules/matchdep/node_modules/braces"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"browserslist-useragent": {
"name": "browserslist-useragent",
"severity": "moderate",
"isDirect": false,
"via": [
"useragent"
],
"effects": [],
"range": "<=3.1.4",
"nodes": [
"node_modules/browserslist-useragent"
],
"fixAvailable": true
},
"bundlesize": {
"name": "bundlesize",
"severity": "high",
"isDirect": true,
"via": [
"github-build"
],
"effects": [],
"range": "0.18.2",
"nodes": [
"node_modules/bundlesize"
],
"fixAvailable": true
},
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"glob-watcher"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/glob-watcher/node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"isDirect": false,
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089718,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/color/node_modules/color-string"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-declaration-sorter": {
"name": "css-declaration-sorter",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.1.2",
"nodes": [
"node_modules/css-declaration-sorter"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "moderate",
"isDirect": true,
"via": [
"cssnano-preset-default",
"postcss"
],
"effects": [],
"range": "<=4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "moderate",
"isDirect": false,
"via": [
"css-declaration-sorter",
"cssnano-util-raw-cache",
"postcss",
"postcss-calc",
"postcss-colormin",
"postcss-convert-values",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-svgo",
"postcss-unique-selectors"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"cssnano-util-raw-cache": {
"name": "cssnano-util-raw-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/cssnano-util-raw-cache"
],
"fixAvailable": true
},
"es-dev-server": {
"name": "es-dev-server",
"severity": "high",
"isDirect": true,
"via": [
"@koa/cors",
"browserslist-useragent",
"useragent"
],
"effects": [],
"range": ">=1.24.1",
"nodes": [
"node_modules/es-dev-server"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"liftoff",
"matchdep"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/findup-sync",
"node_modules/matchdep/node_modules/findup-sync"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"bundlesize"
],
"range": ">=1.2.4",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"chokidar"
],
"effects": [
"gulp"
],
"range": "5.0.0 - 5.0.5",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"isDirect": true,
"via": [
"glob-watcher",
"gulp-cli"
],
"effects": [],
"range": "4.0.0 - 4.0.2",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp-cli": {
"name": "gulp-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"liftoff",
"matchdep"
],
"effects": [],
"range": "1.3.0 - 2.3.0",
"nodes": [
"node_modules/gulp-cli"
],
"fixAvailable": true
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "high",
"isDirect": true,
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-htmlmin": {
"name": "gulp-htmlmin",
"severity": "high",
"isDirect": true,
"via": [
"html-minifier"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-htmlmin"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "high",
"isDirect": true,
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"gulp-postcss": {
"name": "gulp-postcss",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=8.0.0",
"nodes": [
"node_modules/gulp-postcss"
],
"fixAvailable": {
"name": "gulp-postcss",
"version": "10.0.0",
"isSemVerMajor": true
}
},
"gulp-svg-sprite": {
"name": "gulp-svg-sprite",
"severity": "moderate",
"isDirect": true,
"via": [
"svg-sprite"
],
"effects": [],
"range": "1.3.0 - 1.5.0",
"nodes": [
"node_modules/gulp-svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"html-minifier": {
"name": "html-minifier",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100303,
"name": "html-minifier",
"dependency": "html-minifier",
"title": "kangax html-minifier REDoS vulnerability",
"url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=4.0.0"
}
],
"effects": [
"gulp-htmlmin"
],
"range": "*",
"nodes": [
"node_modules/html-minifier"
],
"fixAvailable": false
},
"liftoff": {
"name": "liftoff",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync"
],
"effects": [
"gulp-cli"
],
"range": "2.2.3 - 3.1.0",
"nodes": [
"node_modules/liftoff"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096303,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096993,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util",
"postcss-initial"
],
"range": "*",
"nodes": [
"node_modules/lodash.template",
"node_modules/postcss-initial/node_modules/lodash.template"
],
"fixAvailable": false
},
"matchdep": {
"name": "matchdep",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync",
"micromatch"
],
"effects": [
"gulp-cli"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/matchdep"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"matchdep",
"readdirp"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/findup-sync/node_modules/micromatch",
"node_modules/glob-watcher/node_modules/micromatch",
"node_modules/matchdep/node_modules/micromatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"phantomjs-prebuilt": {
"name": "phantomjs-prebuilt",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"svg-sprite"
],
"range": "*",
"nodes": [
"node_modules/phantomjs-prebuilt"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1093539,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<7.0.36"
},
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"css-declaration-sorter",
"cssnano",
"cssnano-preset-default",
"cssnano-util-raw-cache",
"gulp-postcss",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-colormin",
"postcss-convert-values",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-import",
"postcss-initial",
"postcss-media-minmax",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-nesting",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-replace-overflow-wrap",
"postcss-reporter",
"postcss-selector-matches",
"postcss-selector-not",
"postcss-svgo",
"postcss-unique-selectors",
"stylehacks"
],
"range": "<=8.4.30",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-declaration-sorter/node_modules/postcss",
"node_modules/cssnano-preset-default/node_modules/postcss",
"node_modules/cssnano-util-raw-cache/node_modules/postcss",
"node_modules/cssnano/node_modules/postcss",
"node_modules/gulp-postcss/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-colormin/node_modules/postcss",
"node_modules/postcss-convert-values/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-discard-comments/node_modules/postcss",
"node_modules/postcss-discard-duplicates/node_modules/postcss",
"node_modules/postcss-discard-empty/node_modules/postcss",
"node_modules/postcss-discard-overridden/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-import/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-merge-longhand/node_modules/postcss",
"node_modules/postcss-merge-rules/node_modules/postcss",
"node_modules/postcss-minify-font-values/node_modules/postcss",
"node_modules/postcss-minify-gradients/node_modules/postcss",
"node_modules/postcss-minify-params/node_modules/postcss",
"node_modules/postcss-minify-selectors/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-normalize-charset/node_modules/postcss",
"node_modules/postcss-normalize-display-values/node_modules/postcss",
"node_modules/postcss-normalize-positions/node_modules/postcss",
"node_modules/postcss-normalize-repeat-style/node_modules/postcss",
"node_modules/postcss-normalize-string/node_modules/postcss",
"node_modules/postcss-normalize-timing-functions/node_modules/postcss",
"node_modules/postcss-normalize-unicode/node_modules/postcss",
"node_modules/postcss-normalize-url/node_modules/postcss",
"node_modules/postcss-normalize-whitespace/node_modules/postcss",
"node_modules/postcss-ordered-values/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-reduce-initial/node_modules/postcss",
"node_modules/postcss-reduce-transforms/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-reporter/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss",
"node_modules/postcss-svgo/node_modules/postcss",
"node_modules/postcss-unique-selectors/node_modules/postcss",
"node_modules/stylehacks/node_modules/postcss"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.6",
"isSemVerMajor": true
}
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-calc": {
"name": "postcss-calc",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.1.0 - 7.0.5",
"nodes": [
"node_modules/postcss-calc",
"node_modules/postcss-cssnext/node_modules/postcss-calc"
],
"fixAvailable": true
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": true
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": false
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-colormin": {
"name": "postcss-colormin",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-colormin"
],
"fixAvailable": true
},
"postcss-convert-values": {
"name": "postcss-convert-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-convert-values"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"postcss-selector-matches"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-discard-comments": {
"name": "postcss-discard-comments",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-discard-comments"
],
"fixAvailable": true
},
"postcss-discard-duplicates": {
"name": "postcss-discard-duplicates",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.2",
"nodes": [
"node_modules/postcss-discard-duplicates"
],
"fixAvailable": true
},
"postcss-discard-empty": {
"name": "postcss-discard-empty",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-discard-empty"
],
"fixAvailable": true
},
"postcss-discard-overridden": {
"name": "postcss-discard-overridden",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-discard-overridden"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-import": {
"name": "postcss-import",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=12.0.1",
"nodes": [
"node_modules/postcss-import"
],
"fixAvailable": {
"name": "postcss-import",
"version": "16.1.0",
"isSemVerMajor": true
}
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template",
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.2 || 4.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-merge-longhand": {
"name": "postcss-merge-longhand",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"stylehacks"
],
"effects": [],
"range": "<=4.0.11",
"nodes": [
"node_modules/postcss-merge-longhand"
],
"fixAvailable": true
},
"postcss-merge-rules": {
"name": "postcss-merge-rules",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-merge-rules"
],
"fixAvailable": true
},
"postcss-minify-font-values": {
"name": "postcss-minify-font-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-font-values"
],
"fixAvailable": true
},
"postcss-minify-gradients": {
"name": "postcss-minify-gradients",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-gradients"
],
"fixAvailable": true
},
"postcss-minify-params": {
"name": "postcss-minify-params",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-params"
],
"fixAvailable": true
},
"postcss-minify-selectors": {
"name": "postcss-minify-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-selectors"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-normalize-charset": {
"name": "postcss-normalize-charset",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-charset"
],
"fixAvailable": true
},
"postcss-normalize-display-values": {
"name": "postcss-normalize-display-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-display-values"
],
"fixAvailable": true
},
"postcss-normalize-positions": {
"name": "postcss-normalize-positions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-positions"
],
"fixAvailable": true
},
"postcss-normalize-repeat-style": {
"name": "postcss-normalize-repeat-style",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-repeat-style"
],
"fixAvailable": true
},
"postcss-normalize-string": {
"name": "postcss-normalize-string",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-string"
],
"fixAvailable": true
},
"postcss-normalize-timing-functions": {
"name": "postcss-normalize-timing-functions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-timing-functions"
],
"fixAvailable": true
},
"postcss-normalize-unicode": {
"name": "postcss-normalize-unicode",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-unicode"
],
"fixAvailable": true
},
"postcss-normalize-url": {
"name": "postcss-normalize-url",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-normalize-url"
],
"fixAvailable": true
},
"postcss-normalize-whitespace": {
"name": "postcss-normalize-whitespace",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-whitespace"
],
"fixAvailable": true
},
"postcss-ordered-values": {
"name": "postcss-ordered-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/postcss-ordered-values"
],
"fixAvailable": true
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-reduce-initial": {
"name": "postcss-reduce-initial",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-reduce-initial"
],
"fixAvailable": true
},
"postcss-reduce-transforms": {
"name": "postcss-reduce-transforms",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-reduce-transforms"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-reporter": {
"name": "postcss-reporter",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=6.0.1",
"nodes": [
"node_modules/postcss-reporter"
],
"fixAvailable": {
"name": "postcss-reporter",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"postcss",
"svgo"
],
"effects": [],
"range": "<=5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"postcss-unique-selectors": {
"name": "postcss-unique-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-unique-selectors"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/glob-watcher/node_modules/readdirp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"phantomjs-prebuilt"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"stylehacks": {
"name": "stylehacks",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-merge-longhand"
],
"range": "<=4.0.3",
"nodes": [
"node_modules/stylehacks"
],
"fixAvailable": true
},
"svg-sprite": {
"name": "svg-sprite",
"severity": "high",
"isDirect": false,
"via": [
"phantomjs-prebuilt",
"svgo"
],
"effects": [
"gulp-svg-sprite"
],
"range": "1.3.0 - 1.5.4",
"nodes": [
"node_modules/svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo",
"svg-sprite"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"useragent": {
"name": "useragent",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1100298,
"name": "useragent",
"dependency": "useragent",
"title": "useragent Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=2.3.0"
}
],
"effects": [
"browserslist-useragent",
"es-dev-server"
],
"range": "*",
"nodes": [
"node_modules/useragent"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 77,
"high": 26,
"critical": 0,
"total": 103
},
"dependencies": {
"prod": 1,
"dev": 1730,
"optional": 4,
"peer": 1,
"peerOptional": 0,
"total": 1730
}
}
}
}
--- end ---
{"added": 4, "removed": 0, "changed": 0, "audited": 1731, "funding": 150, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@koa/cors": {"name": "@koa/cors", "severity": "high", "isDirect": false, "via": [{"source": 1095223, "name": "@koa/cors", "dependency": "@koa/cors", "title": "Overly permissive origin policy", "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82", "severity": "high", "cwe": ["CWE-346"], "cvss": {"score": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "range": "<5.0.0"}], "effects": ["es-dev-server"], "range": "<5.0.0", "nodes": ["node_modules/@koa/cors"], "fixAvailable": true}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar", "glob-watcher"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/glob-watcher/node_modules/anymatch"], "fixAvailable": {"name": "gulp", "version": "5.0.0", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 8.6.5", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "axios": {"name": "axios", "severity": "high", "isDirect": false, "via": [{"source": 1098583, "name": "axios", "dependency": "axios", "title": "Server-Side Request Forgery in axios", "url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": ">=1.3.2 <=1.7.3"}], "effects": ["github-build"], "range": "1.3.2 - 1.7.3", "nodes": ["node_modules/github-build/node_modules/axios"], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["node_modules/findup-sync/node_modules/braces", "node_modules/glob-watcher/node_modules/braces", "node_modules/matchdep/node_modules/braces"], "fixAvailable": {"name": "gulp", "version": "5.0.0", "isSemVerMajor": true}}, "browserslist-useragent": {"name": "browserslist-useragent", "severity": "moderate", "isDirect": false, "via": ["useragent"], "effects": [], "range": "<=3.1.4", "nodes": ["node_modules/browserslist-useragent"], "fixAvailable": true}, "bundlesize": {"name": "bundlesize", "severity": "high", "isDirect": true, "via": ["github-build"], "effects": [], "range": "0.18.2", "nodes": ["node_modules/bundlesize"], "fixAvailable": true}, "cheerio": {"name": "cheerio", "severity": "high", "isDirect": false, "via": ["css-select", "lodash.pick"], "effects": ["gulp-inline"], "range": "0.19.0 - 1.0.0-rc.3", "nodes": ["node_modules/cheerio"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["glob-watcher"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/glob-watcher/node_modules/chokidar"], "fixAvailable": {"name": "gulp", "version": "5.0.0", "isSemVerMajor": true}}, "color": {"name": "color", "severity": "moderate", "isDirect": false, "via": ["color-string"], "effects": ["css-color-function"], "range": "<=0.11.4", "nodes": ["node_modules/color"], "fixAvailable": true}, "color-string": {"name": "color-string", "severity": "moderate", "isDirect": false, "via": [{"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}], "effects": ["color"], "range": "<1.5.5", "nodes": ["node_modules/color/node_modules/color-string"], "fixAvailable": true}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1100562, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["pre-commit"], "range": "<6.0.6", "nodes": ["node_modules/pre-commit/node_modules/cross-spawn"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}, "css-color-function": {"name": "css-color-function", "severity": "moderate", "isDirect": false, "via": ["color"], "effects": ["postcss-color-function"], "range": "*", "nodes": ["node_modules/css-color-function"], "fixAvailable": true}, "css-declaration-sorter": {"name": "css-declaration-sorter", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=5.1.2", "nodes": ["node_modules/css-declaration-sorter"], "fixAvailable": true}, "css-select": {"name": "css-select", "severity": "high", "isDirect": false, "via": ["nth-check"], "effects": ["cheerio", "svgo"], "range": "<=3.1.0", "nodes": ["node_modules/css-select", "node_modules/svgo/node_modules/css-select"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "cssnano": {"name": "cssnano", "severity": "moderate", "isDirect": true, "via": ["cssnano-preset-default", "postcss"], "effects": [], "range": "<=4.1.11", "nodes": ["node_modules/cssnano"], "fixAvailable": {"name": "cssnano", "version": "7.0.6", "isSemVerMajor": true}}, "cssnano-preset-default": {"name": "cssnano-preset-default", "severity": "moderate", "isDirect": false, "via": ["css-declaration-sorter", "cssnano-util-raw-cache", "postcss", "postcss-calc", "postcss-colormin", "postcss-convert-values", "postcss-discard-comments", "postcss-discard-duplicates", "postcss-discard-empty", "postcss-discard-overridden", "postcss-merge-longhand", "postcss-merge-rules", "postcss-minify-font-values", "postcss-minify-gradients", "postcss-minify-params", "postcss-minify-selectors", "postcss-normalize-charset", "postcss-normalize-display-values", "postcss-normalize-positions", "postcss-normalize-repeat-style", "postcss-normalize-string", "postcss-normalize-timing-functions", "postcss-normalize-unicode", "postcss-normalize-url", "postcss-normalize-whitespace", "postcss-ordered-values", "postcss-reduce-initial", "postcss-reduce-transforms", "postcss-svgo", "postcss-unique-selectors"], "effects": ["cssnano"], "range": "<=4.0.8", "nodes": ["node_modules/cssnano-preset-default"], "fixAvailable": {"name": "cssnano", "version": "7.0.6", "isSemVerMajor": true}}, "cssnano-util-raw-cache": {"name": "cssnano-util-raw-cache", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "*", "nodes": ["node_modules/cssnano-util-raw-cache"], "fixAvailable": true}, "es-dev-server": {"name": "es-dev-server", "severity": "high", "isDirect": true, "via": ["@koa/cors", "browserslist-useragent", "useragent"], "effects": [], "range": ">=1.24.1", "nodes": ["node_modules/es-dev-server"], "fixAvailable": true}, "findup-sync": {"name": "findup-sync", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["liftoff", "matchdep"], "range": "0.4.0 - 3.0.0", "nodes": ["node_modules/findup-sync", "node_modules/matchdep/node_modules/findup-sync"], "fixAvailable": true}, "github-build": {"name": "github-build", "severity": "high", "isDirect": false, "via": ["axios"], "effects": ["bundlesize"], "range": ">=1.2.4", "nodes": ["node_modules/github-build"], "fixAvailable": true}, "glob-watcher": {"name": "glob-watcher", "severity": "high", "isDirect": false, "via": ["anymatch", "chokidar"], "effects": ["gulp"], "range": "5.0.0 - 5.0.5", "nodes": ["node_modules/glob-watcher"], "fixAvailable": {"name": "gulp", "version": "5.0.0", "isSemVerMajor": true}}, "gulp": {"name": "gulp", "severity": "high", "isDirect": true, "via": ["glob-watcher", "gulp-cli"], "effects": [], "range": "4.0.0 - 4.0.2", "nodes": ["node_modules/gulp"], "fixAvailable": {"name": "gulp", "version": "5.0.0", "isSemVerMajor": true}}, "gulp-cli": {"name": "gulp-cli", "severity": "moderate", "isDirect": false, "via": ["liftoff", "matchdep"], "effects": [], "range": "1.3.0 - 2.3.0", "nodes": ["node_modules/gulp-cli"], "fixAvailable": true}, "gulp-compile-handlebars": {"name": "gulp-compile-handlebars", "severity": "high", "isDirect": true, "via": ["gulp-util"], "effects": [], "range": "*", "nodes": ["node_modules/gulp-compile-handlebars"], "fixAvailable": false}, "gulp-htmlmin": {"name": "gulp-htmlmin", "severity": "high", "isDirect": true, "via": ["html-minifier"], "effects": [], "range": "*", "nodes": ["node_modules/gulp-htmlmin"], "fixAvailable": false}, "gulp-inline": {"name": "gulp-inline", "severity": "high", "isDirect": true, "via": ["cheerio", "gulp-util"], "effects": [], "range": "*", "nodes": ["node_modules/gulp-inline"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "gulp-postcss": {"name": "gulp-postcss", "severity": "moderate", "isDirect": true, "via": ["postcss"], "effects": [], "range": "<=8.0.0", "nodes": ["node_modules/gulp-postcss"], "fixAvailable": {"name": "gulp-postcss", "version": "10.0.0", "isSemVerMajor": true}}, "gulp-svg-sprite": {"name": "gulp-svg-sprite", "severity": "moderate", "isDirect": true, "via": ["svg-sprite"], "effects": [], "range": "1.3.0 - 1.5.0", "nodes": ["node_modules/gulp-svg-sprite"], "fixAvailable": {"name": "gulp-svg-sprite", "version": "2.0.3", "isSemVerMajor": true}}, "gulp-util": {"name": "gulp-util", "severity": "high", "isDirect": false, "via": ["lodash.template"], "effects": ["gulp-compile-handlebars", "gulp-inline"], "range": ">=1.1.0", "nodes": ["node_modules/gulp-util"], "fixAvailable": false}, "html-minifier": {"name": "html-minifier", "severity": "high", "isDirect": false, "via": [{"source": 1100303, "name": "html-minifier", "dependency": "html-minifier", "title": "kangax html-minifier REDoS vulnerability", "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=4.0.0"}], "effects": ["gulp-htmlmin"], "range": "*", "nodes": ["node_modules/html-minifier"], "fixAvailable": false}, "liftoff": {"name": "liftoff", "severity": "moderate", "isDirect": false, "via": ["findup-sync"], "effects": ["gulp-cli"], "range": "2.2.3 - 3.1.0", "nodes": ["node_modules/liftoff"], "fixAvailable": true}, "lodash.pick": {"name": "lodash.pick", "severity": "high", "isDirect": false, "via": [{"source": 1096303, "name": "lodash.pick", "dependency": "lodash.pick", "title": "Prototype Pollution in lodash", "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw", "severity": "high", "cwe": ["CWE-770", "CWE-1321"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": ">=4.0.0 <=4.4.0"}], "effects": ["cheerio"], "range": ">=4.0.0", "nodes": ["node_modules/lodash.pick"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "lodash.template": {"name": "lodash.template", "severity": "high", "isDirect": false, "via": [{"source": 1096993, "name": "lodash.template", "dependency": "lodash.template", "title": "Command Injection in lodash", "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "severity": "high", "cwe": ["CWE-77", "CWE-94"], "cvss": {"score": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=4.5.0"}], "effects": ["gulp-util", "postcss-initial"], "range": "*", "nodes": ["node_modules/lodash.template", "node_modules/postcss-initial/node_modules/lodash.template"], "fixAvailable": false}, "matchdep": {"name": "matchdep", "severity": "moderate", "isDirect": false, "via": ["findup-sync", "micromatch"], "effects": ["gulp-cli"], "range": ">=1.0.1", "nodes": ["node_modules/matchdep"], "fixAvailable": true}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "findup-sync", "matchdep", "readdirp"], "range": "<=4.0.7", "nodes": ["node_modules/findup-sync/node_modules/micromatch", "node_modules/glob-watcher/node_modules/micromatch", "node_modules/matchdep/node_modules/micromatch"], "fixAvailable": {"name": "gulp", "version": "5.0.0", "isSemVerMajor": true}}, "nth-check": {"name": "nth-check", "severity": "high", "isDirect": false, "via": [{"source": 1095141, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["node_modules/nth-check"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "phantomjs-prebuilt": {"name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["svg-sprite"], "range": "*", "nodes": ["node_modules/phantomjs-prebuilt"], "fixAvailable": {"name": "gulp-svg-sprite", "version": "2.0.3", "isSemVerMajor": true}}, "pixrem": {"name": "pixrem", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/pixrem"], "fixAvailable": true}, "pleeease-filters": {"name": "pleeease-filters", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "*", "nodes": ["node_modules/pleeease-filters"], "fixAvailable": true}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1093539, "name": "postcss", "dependency": "postcss", "title": "Regular Expression Denial of Service in postcss", "url": "https://github.com/advisories/GHSA-566m-qj78-rww5", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<7.0.36"}, {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["autoprefixer", "css-declaration-sorter", "cssnano", "cssnano-preset-default", "cssnano-util-raw-cache", "gulp-postcss", "pixrem", "pleeease-filters", "postcss-apply", "postcss-attribute-case-insensitive", "postcss-calc", "postcss-color-function", "postcss-color-gray", "postcss-color-hex-alpha", "postcss-color-hsl", "postcss-color-hwb", "postcss-color-rebeccapurple", "postcss-color-rgb", "postcss-color-rgba-fallback", "postcss-colormin", "postcss-convert-values", "postcss-cssnext", "postcss-custom-media", "postcss-custom-properties", "postcss-custom-selectors", "postcss-discard-comments", "postcss-discard-duplicates", "postcss-discard-empty", "postcss-discard-overridden", "postcss-font-family-system-ui", "postcss-font-variant", "postcss-image-set-polyfill", "postcss-import", "postcss-initial", "postcss-media-minmax", "postcss-merge-longhand", "postcss-merge-rules", "postcss-minify-font-values", "postcss-minify-gradients", "postcss-minify-params", "postcss-minify-selectors", "postcss-nesting", "postcss-normalize-charset", "postcss-normalize-display-values", "postcss-normalize-positions", "postcss-normalize-repeat-style", "postcss-normalize-string", "postcss-normalize-timing-functions", "postcss-normalize-unicode", "postcss-normalize-url", "postcss-normalize-whitespace", "postcss-ordered-values", "postcss-pseudo-class-any-link", "postcss-pseudoelements", "postcss-reduce-initial", "postcss-reduce-transforms", "postcss-replace-overflow-wrap", "postcss-reporter", "postcss-selector-matches", "postcss-selector-not", "postcss-svgo", "postcss-unique-selectors", "stylehacks"], "range": "<=8.4.30", "nodes": ["node_modules/autoprefixer/node_modules/postcss", "node_modules/css-declaration-sorter/node_modules/postcss", "node_modules/cssnano-preset-default/node_modules/postcss", "node_modules/cssnano-util-raw-cache/node_modules/postcss", "node_modules/cssnano/node_modules/postcss", "node_modules/gulp-postcss/node_modules/postcss", "node_modules/pixrem/node_modules/postcss", "node_modules/pleeease-filters/node_modules/postcss", "node_modules/postcss-apply/node_modules/postcss", "node_modules/postcss-attribute-case-insensitive/node_modules/postcss", "node_modules/postcss-calc/node_modules/postcss", "node_modules/postcss-color-function/node_modules/postcss", "node_modules/postcss-color-gray/node_modules/postcss", "node_modules/postcss-color-hex-alpha/node_modules/postcss", "node_modules/postcss-color-hsl/node_modules/postcss", "node_modules/postcss-color-hwb/node_modules/postcss", "node_modules/postcss-color-rebeccapurple/node_modules/postcss", "node_modules/postcss-color-rgb/node_modules/postcss", "node_modules/postcss-color-rgba-fallback/node_modules/postcss", "node_modules/postcss-colormin/node_modules/postcss", "node_modules/postcss-convert-values/node_modules/postcss", "node_modules/postcss-cssnext/node_modules/postcss", "node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss", "node_modules/postcss-custom-media/node_modules/postcss", "node_modules/postcss-custom-properties/node_modules/postcss", "node_modules/postcss-custom-selectors/node_modules/postcss", "node_modules/postcss-discard-comments/node_modules/postcss", "node_modules/postcss-discard-duplicates/node_modules/postcss", "node_modules/postcss-discard-empty/node_modules/postcss", "node_modules/postcss-discard-overridden/node_modules/postcss", "node_modules/postcss-font-family-system-ui/node_modules/postcss", "node_modules/postcss-font-variant/node_modules/postcss", "node_modules/postcss-image-set-polyfill/node_modules/postcss", "node_modules/postcss-import/node_modules/postcss", "node_modules/postcss-initial/node_modules/postcss", "node_modules/postcss-media-minmax/node_modules/postcss", "node_modules/postcss-merge-longhand/node_modules/postcss", "node_modules/postcss-merge-rules/node_modules/postcss", "node_modules/postcss-minify-font-values/node_modules/postcss", "node_modules/postcss-minify-gradients/node_modules/postcss", "node_modules/postcss-minify-params/node_modules/postcss", "node_modules/postcss-minify-selectors/node_modules/postcss", "node_modules/postcss-nesting/node_modules/postcss", "node_modules/postcss-normalize-charset/node_modules/postcss", "node_modules/postcss-normalize-display-values/node_modules/postcss", "node_modules/postcss-normalize-positions/node_modules/postcss", "node_modules/postcss-normalize-repeat-style/node_modules/postcss", "node_modules/postcss-normalize-string/node_modules/postcss", "node_modules/postcss-normalize-timing-functions/node_modules/postcss", "node_modules/postcss-normalize-unicode/node_modules/postcss", "node_modules/postcss-normalize-url/node_modules/postcss", "node_modules/postcss-normalize-whitespace/node_modules/postcss", "node_modules/postcss-ordered-values/node_modules/postcss", "node_modules/postcss-pseudo-class-any-link/node_modules/postcss", "node_modules/postcss-pseudoelements/node_modules/postcss", "node_modules/postcss-reduce-initial/node_modules/postcss", "node_modules/postcss-reduce-transforms/node_modules/postcss", "node_modules/postcss-replace-overflow-wrap/node_modules/postcss", "node_modules/postcss-reporter/node_modules/postcss", "node_modules/postcss-selector-matches/node_modules/postcss", "node_modules/postcss-selector-not/node_modules/postcss", "node_modules/postcss-svgo/node_modules/postcss", "node_modules/postcss-unique-selectors/node_modules/postcss", "node_modules/stylehacks/node_modules/postcss"], "fixAvailable": {"name": "cssnano", "version": "7.0.6", "isSemVerMajor": true}}, "postcss-apply": {"name": "postcss-apply", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=0.10.0", "nodes": ["node_modules/postcss-apply"], "fixAvailable": false}, "postcss-attribute-case-insensitive": {"name": "postcss-attribute-case-insensitive", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=3.0.1", "nodes": ["node_modules/postcss-attribute-case-insensitive"], "fixAvailable": false}, "postcss-calc": {"name": "postcss-calc", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "4.1.0 - 7.0.5", "nodes": ["node_modules/postcss-calc", "node_modules/postcss-cssnext/node_modules/postcss-calc"], "fixAvailable": true}, "postcss-color-function": {"name": "postcss-color-function", "severity": "moderate", "isDirect": false, "via": ["css-color-function", "postcss"], "effects": [], "range": "*", "nodes": ["node_modules/postcss-color-function"], "fixAvailable": true}, "postcss-color-gray": {"name": "postcss-color-gray", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "3.0.0 - 4.1.0", "nodes": ["node_modules/postcss-color-gray"], "fixAvailable": true}, "postcss-color-hex-alpha": {"name": "postcss-color-hex-alpha", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.3.0 - 3.0.0", "nodes": ["node_modules/postcss-color-hex-alpha"], "fixAvailable": true}, "postcss-color-hsl": {"name": "postcss-color-hsl", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "*", "nodes": ["node_modules/postcss-color-hsl"], "fixAvailable": true}, "postcss-color-hwb": {"name": "postcss-color-hwb", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": ">=1.2.0", "nodes": ["node_modules/postcss-color-hwb"], "fixAvailable": true}, "postcss-color-rebeccapurple": {"name": "postcss-color-rebeccapurple", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.2.0 - 3.1.0", "nodes": ["node_modules/postcss-color-rebeccapurple"], "fixAvailable": true}, "postcss-color-rgb": {"name": "postcss-color-rgb", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "*", "nodes": ["node_modules/postcss-color-rgb"], "fixAvailable": false}, "postcss-color-rgba-fallback": {"name": "postcss-color-rgba-fallback", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=3.0.0", "nodes": ["node_modules/postcss-color-rgba-fallback"], "fixAvailable": true}, "postcss-colormin": {"name": "postcss-colormin", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.3", "nodes": ["node_modules/postcss-colormin"], "fixAvailable": true}, "postcss-convert-values": {"name": "postcss-convert-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-convert-values"], "fixAvailable": true}, "postcss-cssnext": {"name": "postcss-cssnext", "severity": "moderate", "isDirect": true, "via": ["autoprefixer", "pixrem", "pleeease-filters", "postcss", "postcss-apply", "postcss-attribute-case-insensitive", "postcss-calc", "postcss-color-function", "postcss-color-gray", "postcss-color-hex-alpha", "postcss-color-hsl", "postcss-color-hwb", "postcss-color-rebeccapurple", "postcss-color-rgb", "postcss-color-rgba-fallback", "postcss-custom-media", "postcss-custom-properties", "postcss-custom-selectors", "postcss-font-family-system-ui", "postcss-font-variant", "postcss-image-set-polyfill", "postcss-initial", "postcss-media-minmax", "postcss-nesting", "postcss-pseudo-class-any-link", "postcss-pseudoelements", "postcss-replace-overflow-wrap", "postcss-selector-matches", "postcss-selector-not"], "effects": [], "range": "*", "nodes": ["node_modules/postcss-cssnext"], "fixAvailable": false}, "postcss-custom-media": {"name": "postcss-custom-media", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "4.0.0 - 6.0.0", "nodes": ["node_modules/postcss-custom-media"], "fixAvailable": true}, "postcss-custom-properties": {"name": "postcss-custom-properties", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "3.3.0 - 7.0.0", "nodes": ["node_modules/postcss-custom-properties"], "fixAvailable": true}, "postcss-custom-selectors": {"name": "postcss-custom-selectors", "severity": "moderate", "isDirect": false, "via": ["postcss", "postcss-selector-matches"], "effects": [], "range": "2.3.0 - 4.0.1", "nodes": ["node_modules/postcss-custom-selectors"], "fixAvailable": true}, "postcss-discard-comments": {"name": "postcss-discard-comments", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-discard-comments"], "fixAvailable": true}, "postcss-discard-duplicates": {"name": "postcss-discard-duplicates", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.1.0 - 4.0.2", "nodes": ["node_modules/postcss-discard-duplicates"], "fixAvailable": true}, "postcss-discard-empty": {"name": "postcss-discard-empty", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.1.0 - 4.0.1", "nodes": ["node_modules/postcss-discard-empty"], "fixAvailable": true}, "postcss-discard-overridden": {"name": "postcss-discard-overridden", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-discard-overridden"], "fixAvailable": true}, "postcss-font-family-system-ui": {"name": "postcss-font-family-system-ui", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=3.0.0", "nodes": ["node_modules/postcss-font-family-system-ui"], "fixAvailable": false}, "postcss-font-variant": {"name": "postcss-font-variant", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.2.0 - 3.0.0", "nodes": ["node_modules/postcss-font-variant"], "fixAvailable": true}, "postcss-image-set-polyfill": {"name": "postcss-image-set-polyfill", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=0.4.4", "nodes": ["node_modules/postcss-image-set-polyfill"], "fixAvailable": false}, "postcss-import": {"name": "postcss-import", "severity": "moderate", "isDirect": true, "via": ["postcss"], "effects": [], "range": "<=12.0.1", "nodes": ["node_modules/postcss-import"], "fixAvailable": {"name": "postcss-import", "version": "16.1.0", "isSemVerMajor": true}}, "postcss-initial": {"name": "postcss-initial", "severity": "high", "isDirect": false, "via": ["lodash.template", "postcss"], "effects": ["postcss-cssnext"], "range": "<=3.0.2 || 4.0.0", "nodes": ["node_modules/postcss-initial"], "fixAvailable": false}, "postcss-media-minmax": {"name": "postcss-media-minmax", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.2.0 - 3.0.0", "nodes": ["node_modules/postcss-media-minmax"], "fixAvailable": true}, "postcss-merge-longhand": {"name": "postcss-merge-longhand", "severity": "moderate", "isDirect": false, "via": ["postcss", "stylehacks"], "effects": [], "range": "<=4.0.11", "nodes": ["node_modules/postcss-merge-longhand"], "fixAvailable": true}, "postcss-merge-rules": {"name": "postcss-merge-rules", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.3", "nodes": ["node_modules/postcss-merge-rules"], "fixAvailable": true}, "postcss-minify-font-values": {"name": "postcss-minify-font-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-font-values"], "fixAvailable": true}, "postcss-minify-gradients": {"name": "postcss-minify-gradients", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-gradients"], "fixAvailable": true}, "postcss-minify-params": {"name": "postcss-minify-params", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-params"], "fixAvailable": true}, "postcss-minify-selectors": {"name": "postcss-minify-selectors", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-selectors"], "fixAvailable": true}, "postcss-nesting": {"name": "postcss-nesting", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=6.0.0", "nodes": ["node_modules/postcss-nesting"], "fixAvailable": false}, "postcss-normalize-charset": {"name": "postcss-normalize-charset", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-normalize-charset"], "fixAvailable": true}, "postcss-normalize-display-values": {"name": "postcss-normalize-display-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-display-values"], "fixAvailable": true}, "postcss-normalize-positions": {"name": "postcss-normalize-positions", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-positions"], "fixAvailable": true}, "postcss-normalize-repeat-style": {"name": "postcss-normalize-repeat-style", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-repeat-style"], "fixAvailable": true}, "postcss-normalize-string": {"name": "postcss-normalize-string", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-string"], "fixAvailable": true}, "postcss-normalize-timing-functions": {"name": "postcss-normalize-timing-functions", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-timing-functions"], "fixAvailable": true}, "postcss-normalize-unicode": {"name": "postcss-normalize-unicode", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-normalize-unicode"], "fixAvailable": true}, "postcss-normalize-url": {"name": "postcss-normalize-url", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.1.0 - 4.0.1", "nodes": ["node_modules/postcss-normalize-url"], "fixAvailable": true}, "postcss-normalize-whitespace": {"name": "postcss-normalize-whitespace", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-whitespace"], "fixAvailable": true}, "postcss-ordered-values": {"name": "postcss-ordered-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.1.2", "nodes": ["node_modules/postcss-ordered-values"], "fixAvailable": true}, "postcss-pseudo-class-any-link": {"name": "postcss-pseudo-class-any-link", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=5.0.0", "nodes": ["node_modules/postcss-pseudo-class-any-link"], "fixAvailable": true}, "postcss-pseudoelements": {"name": "postcss-pseudoelements", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": ">=2.2.0", "nodes": ["node_modules/postcss-pseudoelements"], "fixAvailable": true}, "postcss-reduce-initial": {"name": "postcss-reduce-initial", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.3", "nodes": ["node_modules/postcss-reduce-initial"], "fixAvailable": true}, "postcss-reduce-transforms": {"name": "postcss-reduce-transforms", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-reduce-transforms"], "fixAvailable": true}, "postcss-replace-overflow-wrap": {"name": "postcss-replace-overflow-wrap", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=2.0.0", "nodes": ["node_modules/postcss-replace-overflow-wrap"], "fixAvailable": false}, "postcss-reporter": {"name": "postcss-reporter", "severity": "moderate", "isDirect": true, "via": ["postcss"], "effects": [], "range": "<=6.0.1", "nodes": ["node_modules/postcss-reporter"], "fixAvailable": {"name": "postcss-reporter", "version": "7.1.0", "isSemVerMajor": true}}, "postcss-selector-matches": {"name": "postcss-selector-matches", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=3.0.1", "nodes": ["node_modules/postcss-selector-matches"], "fixAvailable": true}, "postcss-selector-not": {"name": "postcss-selector-not", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=3.0.1", "nodes": ["node_modules/postcss-selector-not"], "fixAvailable": true}, "postcss-svgo": {"name": "postcss-svgo", "severity": "high", "isDirect": false, "via": ["postcss", "svgo"], "effects": [], "range": "<=5.0.0-rc.2", "nodes": ["node_modules/postcss-svgo"], "fixAvailable": true}, "postcss-unique-selectors": {"name": "postcss-unique-selectors", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-unique-selectors"], "fixAvailable": true}, "pre-commit": {"name": "pre-commit", "severity": "high", "isDirect": true, "via": ["cross-spawn"], "effects": [], "range": ">=1.1.0", "nodes": ["node_modules/pre-commit"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/glob-watcher/node_modules/readdirp"], "fixAvailable": {"name": "gulp", "version": "5.0.0", "isSemVerMajor": true}}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["phantomjs-prebuilt"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "gulp-svg-sprite", "version": "2.0.3", "isSemVerMajor": true}}, "stylehacks": {"name": "stylehacks", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-merge-longhand"], "range": "<=4.0.3", "nodes": ["node_modules/stylehacks"], "fixAvailable": true}, "svg-sprite": {"name": "svg-sprite", "severity": "high", "isDirect": false, "via": ["phantomjs-prebuilt", "svgo"], "effects": ["gulp-svg-sprite"], "range": "1.3.0 - 1.5.4", "nodes": ["node_modules/svg-sprite"], "fixAvailable": {"name": "gulp-svg-sprite", "version": "2.0.3", "isSemVerMajor": true}}, "svgo": {"name": "svgo", "severity": "high", "isDirect": false, "via": ["css-select"], "effects": ["postcss-svgo", "svg-sprite"], "range": "1.0.0 - 1.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "gulp-svg-sprite", "version": "2.0.3", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "gulp-svg-sprite", "version": "2.0.3", "isSemVerMajor": true}}, "useragent": {"name": "useragent", "severity": "moderate", "isDirect": false, "via": [{"source": 1100298, "name": "useragent", "dependency": "useragent", "title": "useragent Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=2.3.0"}], "effects": ["browserslist-useragent", "es-dev-server"], "range": "*", "nodes": ["node_modules/useragent"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 77, "high": 26, "critical": 0, "total": 103}, "dependencies": {"prod": 1, "dev": 1730, "optional": 4, "peer": 1, "peerOptional": 0, "total": 1730}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@1.20.1',
npm WARN EBADENGINE required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
up to date, audited 1727 packages in 8s
150 packages are looking for funding
run `npm fund` for details
# npm audit report
@koa/cors <5.0.0
Severity: high
Overly permissive origin policy - https://github.com/advisories/GHSA-qxrj-hx23-xp82
fix available via `npm audit fix`
node_modules/@koa/cors
es-dev-server >=1.24.1
Depends on vulnerable versions of @koa/cors
Depends on vulnerable versions of browserslist-useragent
Depends on vulnerable versions of useragent
node_modules/es-dev-server
axios 1.3.2 - 1.7.3
Severity: high
Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj
fix available via `npm audit fix`
node_modules/github-build/node_modules/axios
github-build >=1.2.4
Depends on vulnerable versions of axios
node_modules/github-build
bundlesize 0.18.2
Depends on vulnerable versions of github-build
node_modules/bundlesize
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install gulp@5.0.0, which is a breaking change
node_modules/findup-sync/node_modules/braces
node_modules/glob-watcher/node_modules/braces
node_modules/matchdep/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/glob-watcher/node_modules/chokidar
glob-watcher 5.0.0 - 5.0.5
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of chokidar
node_modules/glob-watcher
gulp 4.0.0 - 4.0.2
Depends on vulnerable versions of glob-watcher
Depends on vulnerable versions of gulp-cli
node_modules/gulp
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/findup-sync/node_modules/micromatch
node_modules/glob-watcher/node_modules/micromatch
node_modules/matchdep/node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/glob-watcher/node_modules/anymatch
findup-sync 0.4.0 - 3.0.0
Depends on vulnerable versions of micromatch
node_modules/findup-sync
node_modules/matchdep/node_modules/findup-sync
liftoff 2.2.3 - 3.1.0
Depends on vulnerable versions of findup-sync
node_modules/liftoff
gulp-cli 1.3.0 - 2.3.0
Depends on vulnerable versions of liftoff
Depends on vulnerable versions of matchdep
node_modules/gulp-cli
matchdep >=1.0.1
Depends on vulnerable versions of findup-sync
Depends on vulnerable versions of micromatch
node_modules/matchdep
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/glob-watcher/node_modules/readdirp
color-string <1.5.5
Severity: moderate
Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-257v-vj4p-3w2h
fix available via `npm audit fix`
node_modules/color/node_modules/color-string
color <=0.11.4
Depends on vulnerable versions of color-string
node_modules/color
css-color-function *
Depends on vulnerable versions of color
node_modules/css-color-function
postcss-color-function *
Depends on vulnerable versions of css-color-function
Depends on vulnerable versions of postcss
node_modules/postcss-color-function
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install pre-commit@1.0.10, which is a breaking change
node_modules/pre-commit/node_modules/cross-spawn
pre-commit >=1.1.0
Depends on vulnerable versions of cross-spawn
node_modules/pre-commit
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
No fix available
node_modules/html-minifier
gulp-htmlmin *
Depends on vulnerable versions of html-minifier
node_modules/gulp-htmlmin
lodash.pick >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install gulp-inline@0.1.2, which is a breaking change
node_modules/lodash.pick
cheerio 0.19.0 - 1.0.0-rc.3
Depends on vulnerable versions of css-select
Depends on vulnerable versions of lodash.pick
node_modules/cheerio
gulp-inline *
Depends on vulnerable versions of cheerio
Depends on vulnerable versions of gulp-util
node_modules/gulp-inline
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
No fix available
node_modules/lodash.template
node_modules/postcss-initial/node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp-util
gulp-compile-handlebars *
Depends on vulnerable versions of gulp-util
node_modules/gulp-compile-handlebars
postcss-initial <=3.0.2 || 4.0.0
Depends on vulnerable versions of lodash.template
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-cssnext *
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of pixrem
Depends on vulnerable versions of pleeease-filters
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-apply
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-color-function
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-hsl
Depends on vulnerable versions of postcss-color-hwb
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-color-rgb
Depends on vulnerable versions of postcss-color-rgba-fallback
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-font-family-system-ui
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-image-set-polyfill
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-pseudoelements
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-cssnext
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install gulp-inline@0.1.2, which is a breaking change
node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
svg-sprite 1.3.0 - 1.5.4
Depends on vulnerable versions of phantomjs-prebuilt
Depends on vulnerable versions of svgo
node_modules/svg-sprite
gulp-svg-sprite 1.3.0 - 1.5.0
Depends on vulnerable versions of svg-sprite
node_modules/gulp-svg-sprite
postcss <=8.4.30
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install cssnano@7.0.6, which is a breaking change
node_modules/autoprefixer/node_modules/postcss
node_modules/css-declaration-sorter/node_modules/postcss
node_modules/cssnano-preset-default/node_modules/postcss
node_modules/cssnano-util-raw-cache/node_modules/postcss
node_modules/cssnano/node_modules/postcss
node_modules/gulp-postcss/node_modules/postcss
node_modules/pixrem/node_modules/postcss
node_modules/pleeease-filters/node_modules/postcss
node_modules/postcss-apply/node_modules/postcss
node_modules/postcss-attribute-case-insensitive/node_modules/postcss
node_modules/postcss-calc/node_modules/postcss
node_modules/postcss-color-function/node_modules/postcss
node_modules/postcss-color-gray/node_modules/postcss
node_modules/postcss-color-hex-alpha/node_modules/postcss
node_modules/postcss-color-hsl/node_modules/postcss
node_modules/postcss-color-hwb/node_modules/postcss
node_modules/postcss-color-rebeccapurple/node_modules/postcss
node_modules/postcss-color-rgb/node_modules/postcss
node_modules/postcss-color-rgba-fallback/node_modules/postcss
node_modules/postcss-colormin/node_modules/postcss
node_modules/postcss-convert-values/node_modules/postcss
node_modules/postcss-cssnext/node_modules/postcss
node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss
node_modules/postcss-custom-media/node_modules/postcss
node_modules/postcss-custom-properties/node_modules/postcss
node_modules/postcss-custom-selectors/node_modules/postcss
node_modules/postcss-discard-comments/node_modules/postcss
node_modules/postcss-discard-duplicates/node_modules/postcss
node_modules/postcss-discard-empty/node_modules/postcss
node_modules/postcss-discard-overridden/node_modules/postcss
node_modules/postcss-font-family-system-ui/node_modules/postcss
node_modules/postcss-font-variant/node_modules/postcss
node_modules/postcss-image-set-polyfill/node_modules/postcss
node_modules/postcss-import/node_modules/postcss
node_modules/postcss-initial/node_modules/postcss
node_modules/postcss-media-minmax/node_modules/postcss
node_modules/postcss-merge-longhand/node_modules/postcss
node_modules/postcss-merge-rules/node_modules/postcss
node_modules/postcss-minify-font-values/node_modules/postcss
node_modules/postcss-minify-gradients/node_modules/postcss
node_modules/postcss-minify-params/node_modules/postcss
node_modules/postcss-minify-selectors/node_modules/postcss
node_modules/postcss-nesting/node_modules/postcss
node_modules/postcss-normalize-charset/node_modules/postcss
node_modules/postcss-normalize-display-values/node_modules/postcss
node_modules/postcss-normalize-positions/node_modules/postcss
node_modules/postcss-normalize-repeat-style/node_modules/postcss
node_modules/postcss-normalize-string/node_modules/postcss
node_modules/postcss-normalize-timing-functions/node_modules/postcss
node_modules/postcss-normalize-unicode/node_modules/postcss
node_modules/postcss-normalize-url/node_modules/postcss
node_modules/postcss-normalize-whitespace/node_modules/postcss
node_modules/postcss-ordered-values/node_modules/postcss
node_modules/postcss-pseudo-class-any-link/node_modules/postcss
node_modules/postcss-pseudoelements/node_modules/postcss
node_modules/postcss-reduce-initial/node_modules/postcss
node_modules/postcss-reduce-transforms/node_modules/postcss
node_modules/postcss-replace-overflow-wrap/node_modules/postcss
node_modules/postcss-reporter/node_modules/postcss
node_modules/postcss-selector-matches/node_modules/postcss
node_modules/postcss-selector-not/node_modules/postcss
node_modules/postcss-svgo/node_modules/postcss
node_modules/postcss-unique-selectors/node_modules/postcss
node_modules/stylehacks/node_modules/postcss
autoprefixer 1.0.20131222 - 8.6.5
Depends on vulnerable versions of postcss
node_modules/autoprefixer
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache *
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
gulp-postcss <=8.0.0
Depends on vulnerable versions of postcss
node_modules/gulp-postcss
pixrem <=4.0.1
Depends on vulnerable versions of postcss
node_modules/pixrem
pleeease-filters *
Depends on vulnerable versions of postcss
node_modules/pleeease-filters
postcss-apply <=0.10.0
Depends on vulnerable versions of postcss
node_modules/postcss-apply
postcss-attribute-case-insensitive <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
node_modules/postcss-cssnext/node_modules/postcss-calc
postcss-color-gray 3.0.0 - 4.1.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-hsl *
Depends on vulnerable versions of postcss
node_modules/postcss-color-hsl
postcss-color-hwb >=1.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hwb
postcss-color-rebeccapurple 1.2.0 - 3.1.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-color-rgb *
Depends on vulnerable versions of postcss
node_modules/postcss-color-rgb
postcss-color-rgba-fallback <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rgba-fallback
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 7.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 4.0.1
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-selector-matches
node_modules/postcss-custom-selectors
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-font-family-system-ui <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-font-family-system-ui
postcss-font-variant 1.2.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-image-set-polyfill <=0.4.4
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-polyfill
postcss-import <=12.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-import
postcss-media-minmax 1.2.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-nesting <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-pseudo-class-any-link <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-pseudoelements >=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudoelements
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-reporter <=6.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-reporter
postcss-selector-matches <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install gulp-svg-sprite@2.0.3, which is a breaking change
node_modules/request
phantomjs-prebuilt *
Depends on vulnerable versions of request
node_modules/phantomjs-prebuilt
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install gulp-svg-sprite@2.0.3, which is a breaking change
node_modules/tough-cookie
useragent *
Severity: moderate
useragent Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-mgfv-m47x-4wqp
fix available via `npm audit fix`
node_modules/useragent
browserslist-useragent <=3.1.4
Depends on vulnerable versions of useragent
node_modules/browserslist-useragent
103 vulnerabilities (77 moderate, 26 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@1.20.1',
npm WARN EBADENGINE required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @types/browserslist@4.15.0: This is a stub types definition. browserslist provides its own type definitions, so you do not need this installed.
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at https://moox.io/blog/deprecating-cssnext/
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1726 packages, and audited 1727 packages in 55s
150 packages are looking for funding
run `npm fund` for details
103 vulnerabilities (77 moderate, 26 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
33 sources checked
/src/repo/src/common/assets/postcss/_app-badge.css
/src/repo/src/common/assets/postcss/_base-portal.css
/src/repo/src/common/assets/postcss/_base.css
/src/repo/src/common/assets/postcss/_buttons.css
/src/repo/src/common/assets/postcss/_central-featured.css
/src/repo/src/common/assets/postcss/_central-textlogo.css
/src/repo/src/common/assets/postcss/_footer.css
/src/repo/src/common/assets/postcss/_forms.css
/src/repo/src/common/assets/postcss/_localization.css
/src/repo/src/common/assets/postcss/_media-print.css
/src/repo/src/common/assets/postcss/_other-languages-bookshelf.css
/src/repo/src/common/assets/postcss/_other-languages.css
/src/repo/src/common/assets/postcss/_other-projects.css
/src/repo/src/common/assets/postcss/_search-language-picker.css
/src/repo/src/common/assets/postcss/_search-suggestions.css
/src/repo/src/common/assets/postcss/_search.css
/src/repo/src/common/assets/postcss/_vars.css
/src/repo/src/common/assets/postcss/_wm-portal.css
/src/repo/src/wikimedia.org/assets/postcss/_wikimedia-custom.css
/src/repo/src/wikimedia.org/assets/postcss/style.css
/src/repo/src/wikibooks.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikibooks.org/assets/postcss/style.css
/src/repo/src/wikinews.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikinews.org/assets/postcss/style.css
/src/repo/src/wikipedia.org/assets/postcss/style.css
/src/repo/src/wikiquote.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikiquote.org/assets/postcss/style.css
/src/repo/src/wikiversity.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikiversity.org/assets/postcss/style.css
/src/repo/src/wikivoyage.org/assets/postcss/_wikivoyage-custom.css
/src/repo/src/wikivoyage.org/assets/postcss/style.css
/src/repo/src/wiktionary.org/assets/postcss/_wiktionary-custom.css
/src/repo/src/wiktionary.org/assets/postcss/style.css
0 problems found
--- stdout ---
> test
> npm -s run lint:styles && npm -s run lint:js
/src/repo/gulpfile.js/prod.js
42:1 warning Missing JSDoc @param "cb" type jsdoc/require-param-type
49:8 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
50:4 warning Found rmdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
55:1 warning This line has a length of 108. Maximum allowed is 100 max-len
68:7 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
70:3 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
72:22 warning Found unlinkSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/gulpfile.js/sprites.js
16:4 warning Found unlink from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/src/common/assets/js/page-localized.js
14:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
15:1 warning Missing JSDoc @param "translationsHash" type jsdoc/require-param-type
16:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
17:1 warning Missing JSDoc @param "rtlLangs" type jsdoc/require-param-type
/src/repo/src/common/assets/js/topten-localized.js
12:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
13:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
117:1 warning This line has a length of 101. Maximum allowed is 100 max-len
122:1 warning This line has a length of 117. Maximum allowed is 100 max-len
✖ 16 problems (0 errors, 16 warnings)
--- end ---
{"1095223": {"source": 1095223, "name": "@koa/cors", "dependency": "@koa/cors", "title": "Overly permissive origin policy", "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82", "severity": "high", "cwe": ["CWE-346"], "cvss": {"score": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "range": "<5.0.0"}}
{}
{"1098583": {"source": 1098583, "name": "axios", "dependency": "axios", "title": "Server-Side Request Forgery in axios", "url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": ">=1.3.2 <=1.7.3"}}
{"1100298": {"source": 1100298, "name": "useragent", "dependency": "useragent", "title": "useragent Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=2.3.0"}}
{"1098583": {"source": 1098583, "name": "axios", "dependency": "axios", "title": "Server-Side Request Forgery in axios", "url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": ">=1.3.2 <=1.7.3"}}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{}
{}
{"1095223": {"source": 1095223, "name": "@koa/cors", "dependency": "@koa/cors", "title": "Overly permissive origin policy", "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82", "severity": "high", "cwe": ["CWE-346"], "cvss": {"score": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "range": "<5.0.0"}, "1100298": {"source": 1100298, "name": "useragent", "dependency": "useragent", "title": "useragent Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=2.3.0"}}
{}
{"1098583": {"source": 1098583, "name": "axios", "dependency": "axios", "title": "Server-Side Request Forgery in axios", "url": "https://github.com/advisories/GHSA-8hc4-vh64-cxmj", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": ">=1.3.2 <=1.7.3"}}
{}
{}
{}
{}
{}
{}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{"1100298": {"source": 1100298, "name": "useragent", "dependency": "useragent", "title": "useragent Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=2.3.0"}}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating @wikimedia/codex-design-tokens to 1.20.1
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpyc0ilkfx
--- stderr ---
33 sources checked
/src/repo/src/common/assets/postcss/_app-badge.css
/src/repo/src/common/assets/postcss/_base-portal.css
/src/repo/src/common/assets/postcss/_base.css
/src/repo/src/common/assets/postcss/_buttons.css
/src/repo/src/common/assets/postcss/_central-featured.css
/src/repo/src/common/assets/postcss/_central-textlogo.css
/src/repo/src/common/assets/postcss/_footer.css
/src/repo/src/common/assets/postcss/_forms.css
/src/repo/src/common/assets/postcss/_localization.css
/src/repo/src/common/assets/postcss/_media-print.css
/src/repo/src/common/assets/postcss/_other-languages-bookshelf.css
/src/repo/src/common/assets/postcss/_other-languages.css
/src/repo/src/common/assets/postcss/_other-projects.css
/src/repo/src/common/assets/postcss/_search-language-picker.css
/src/repo/src/common/assets/postcss/_search-suggestions.css
/src/repo/src/common/assets/postcss/_search.css
/src/repo/src/common/assets/postcss/_vars.css
/src/repo/src/common/assets/postcss/_wm-portal.css
/src/repo/src/wikibooks.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikibooks.org/assets/postcss/style.css
/src/repo/src/wikinews.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikinews.org/assets/postcss/style.css
/src/repo/src/wikipedia.org/assets/postcss/style.css
/src/repo/src/wikiquote.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikiquote.org/assets/postcss/style.css
/src/repo/src/wikimedia.org/assets/postcss/_wikimedia-custom.css
/src/repo/src/wikimedia.org/assets/postcss/style.css
/src/repo/src/wikiversity.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikiversity.org/assets/postcss/style.css
/src/repo/src/wikivoyage.org/assets/postcss/_wikivoyage-custom.css
/src/repo/src/wikivoyage.org/assets/postcss/style.css
/src/repo/src/wiktionary.org/assets/postcss/_wiktionary-custom.css
/src/repo/src/wiktionary.org/assets/postcss/style.css
0 problems found
/src/repo/gulpfile.js/prod.js
42:1 warning Missing JSDoc @param "cb" type jsdoc/require-param-type
49:8 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
50:4 warning Found rmdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
55:1 warning This line has a length of 108. Maximum allowed is 100 max-len
68:7 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
70:3 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
72:22 warning Found unlinkSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/gulpfile.js/sprites.js
16:4 warning Found unlink from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/src/common/assets/js/page-localized.js
14:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
15:1 warning Missing JSDoc @param "translationsHash" type jsdoc/require-param-type
16:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
17:1 warning Missing JSDoc @param "rtlLangs" type jsdoc/require-param-type
/src/repo/src/common/assets/js/topten-localized.js
12:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
13:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
117:1 warning This line has a length of 101. Maximum allowed is 100 max-len
122:1 warning This line has a length of 117. Maximum allowed is 100 max-len
✖ 16 problems (0 errors, 16 warnings)
--- stdout ---
[master 6fef346] build: Updating @wikimedia/codex-design-tokens to 1.20.1
2 files changed, 8 insertions(+), 9 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 6fef346d5da6079bb461d387d2bcb98af5550325 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Wed, 5 Feb 2025 05:36:03 +0000
Subject: [PATCH] build: Updating @wikimedia/codex-design-tokens to 1.20.1
Change-Id: Ie446ee7eec126c83413e1f04d8c591e94019fe8b
---
package-lock.json | 15 +++++++--------
package.json | 2 +-
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 3bb97cb..605f136 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6,7 +6,7 @@
"": {
"name": "wikimedia-portals",
"devDependencies": {
- "@wikimedia/codex-design-tokens": "1.20.0",
+ "@wikimedia/codex-design-tokens": "1.20.1",
"@wikimedia/language-data": "^1.1.8",
"bluebird": "^3.7.2",
"browserslist-config-wikimedia": "0.7.0",
@@ -2844,11 +2844,10 @@
"dev": true
},
"node_modules/@wikimedia/codex-design-tokens": {
- "version": "1.20.0",
- "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.0.tgz",
- "integrity": "sha512-3Z5nngMIaIdDClzMQO1FL8HmGcONWUbX8YgM/2nuBy3xuCns7UPp+oQi8+2+wqKd9HpLF+dxHY5+m23GE8LMuQ==",
+ "version": "1.20.1",
+ "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.1.tgz",
+ "integrity": "sha512-a2YIdbs8dbLput3NvfJh8rnfKIpd2rn1gLHGyo0sUQhBOxCxpqKyQTYeFi0RQ/Iqg4qem0pcMsa/z5flLvDYnA==",
"dev": true,
- "license": "GPL-2.0+",
"engines": {
"node": ">=20",
"npm": ">=10.8.1"
@@ -22377,9 +22376,9 @@
"dev": true
},
"@wikimedia/codex-design-tokens": {
- "version": "1.20.0",
- "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.0.tgz",
- "integrity": "sha512-3Z5nngMIaIdDClzMQO1FL8HmGcONWUbX8YgM/2nuBy3xuCns7UPp+oQi8+2+wqKd9HpLF+dxHY5+m23GE8LMuQ==",
+ "version": "1.20.1",
+ "resolved": "https://registry.npmjs.org/@wikimedia/codex-design-tokens/-/codex-design-tokens-1.20.1.tgz",
+ "integrity": "sha512-a2YIdbs8dbLput3NvfJh8rnfKIpd2rn1gLHGyo0sUQhBOxCxpqKyQTYeFi0RQ/Iqg4qem0pcMsa/z5flLvDYnA==",
"dev": true
},
"@wikimedia/language-data": {
diff --git a/package.json b/package.json
index f9eb880..51ddc1f 100644
--- a/package.json
+++ b/package.json
@@ -14,7 +14,7 @@
"test"
],
"devDependencies": {
- "@wikimedia/codex-design-tokens": "1.20.0",
+ "@wikimedia/codex-design-tokens": "1.20.1",
"@wikimedia/language-data": "^1.1.8",
"bluebird": "^3.7.2",
"browserslist-config-wikimedia": "0.7.0",
--
2.39.2
--- end ---