wvui: main (log #573599)

sourcepatches

This run took 94 seconds.

$ date
--- stdout ---
Wed Apr 27 14:12:02 UTC 2022

--- end ---
$ git clone file:///srv/git/wvui.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
a6c699bda81233facf49b99ca949bf9aa05c515e refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@mdx-js/loader": {
      "name": "@mdx-js/loader",
      "severity": "high",
      "via": [
        "@mdx-js/mdx"
      ],
      "effects": [],
      "range": "0.15.5 - 1.6.22",
      "nodes": [
        "node_modules/@mdx-js/loader"
      ],
      "fixAvailable": true
    },
    "@mdx-js/mdx": {
      "name": "@mdx-js/mdx",
      "severity": "high",
      "via": [
        "remark-mdx",
        "remark-parse"
      ],
      "effects": [
        "@mdx-js/loader",
        "@storybook/addon-docs"
      ],
      "range": "<=1.6.22",
      "nodes": [
        "node_modules/@mdx-js/mdx"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/addon-docs": {
      "name": "@storybook/addon-docs",
      "severity": "high",
      "via": [
        "@mdx-js/mdx",
        "@storybook/builder-webpack4"
      ],
      "effects": [],
      "range": "<=6.5.0-alpha.42",
      "nodes": [
        "node_modules/@storybook/addon-docs"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/builder-webpack4": {
      "name": "@storybook/builder-webpack4",
      "severity": "high",
      "via": [
        "@storybook/core-common",
        "react-dev-utils"
      ],
      "effects": [
        "@storybook/addon-docs",
        "@storybook/core-server"
      ],
      "range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/builder-webpack4"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "moderate",
      "via": [
        "@storybook/core-server"
      ],
      "effects": [
        "@storybook/vue"
      ],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-common": {
      "name": "@storybook/core-common",
      "severity": "high",
      "via": [
        "glob-base"
      ],
      "effects": [
        "@storybook/builder-webpack4",
        "@storybook/core-server",
        "@storybook/vue"
      ],
      "range": "<=6.4.0-rc.11",
      "nodes": [
        "node_modules/@storybook/core-common"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-server": {
      "name": "@storybook/core-server",
      "severity": "high",
      "via": [
        "@storybook/builder-webpack4",
        "@storybook/core-common",
        "cpy"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/core-server"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/vue": {
      "name": "@storybook/vue",
      "severity": "high",
      "via": [
        "@storybook/core",
        "@storybook/core-common"
      ],
      "effects": [],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/vue"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "ansi-html": {
      "name": "ansi-html",
      "severity": "high",
      "via": [
        {
          "source": 1070006,
          "name": "ansi-html",
          "dependency": "ansi-html",
          "title": "Uncontrolled Resource Consumption in ansi-html",
          "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
          "severity": "high",
          "range": "<0.0.8"
        }
      ],
      "effects": [
        "webpack-hot-middleware"
      ],
      "range": "<0.0.8",
      "nodes": [
        "node_modules/ansi-html"
      ],
      "fixAvailable": true
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "via": [
        {
          "source": 1070251,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1070252,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/@jest/core/node_modules/ansi-regex",
        "node_modules/ansi-align/node_modules/ansi-regex",
        "node_modules/boxen/node_modules/ansi-regex",
        "node_modules/cli-table3/node_modules/ansi-regex",
        "node_modules/cli-truncate/node_modules/ansi-regex",
        "node_modules/cliui/node_modules/ansi-regex",
        "node_modules/doiuse/node_modules/ansi-regex",
        "node_modules/eslint/node_modules/ansi-regex",
        "node_modules/jest-config/node_modules/ansi-regex",
        "node_modules/jest-each/node_modules/ansi-regex",
        "node_modules/jest-jasmine2/node_modules/ansi-regex",
        "node_modules/jest-leak-detector/node_modules/ansi-regex",
        "node_modules/jest-matcher-utils/node_modules/ansi-regex",
        "node_modules/jest-message-util/node_modules/ansi-regex",
        "node_modules/jest-snapshot/node_modules/ansi-regex",
        "node_modules/jest-validate/node_modules/ansi-regex",
        "node_modules/listr2/node_modules/ansi-regex",
        "node_modules/pretty-format/node_modules/ansi-regex",
        "node_modules/react-dev-utils/node_modules/ansi-regex",
        "node_modules/string-length/node_modules/ansi-regex",
        "node_modules/stylelint/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/webpack-cli/node_modules/ansi-regex",
        "node_modules/widest-line/node_modules/ansi-regex",
        "node_modules/wrap-ansi/node_modules/ansi-regex",
        "node_modules/yargs/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1070206,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": "<2.6.4"
        }
      ],
      "effects": [
        "jake"
      ],
      "range": "<2.6.4",
      "nodes": [
        "node_modules/async"
      ],
      "fixAvailable": true
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "via": [
        {
          "source": 1067343,
          "name": "axios",
          "dependency": "axios",
          "title": "Incorrect Comparison in axios",
          "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
          "severity": "high",
          "range": "<0.21.2"
        }
      ],
      "effects": [
        "github-build"
      ],
      "range": "<0.21.2",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "via": [
        {
          "source": 1067902,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/chokidar"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.72.0",
        "isSemVerMajor": true
      }
    },
    "cpy": {
      "name": "cpy",
      "severity": "high",
      "via": [
        "globby"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "moderate",
      "via": [
        "nth-check"
      ],
      "effects": [
        "svgo"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "cssnano": {
      "name": "cssnano",
      "severity": "moderate",
      "via": [
        "cssnano-preset-default"
      ],
      "effects": [
        "optimize-css-assets-webpack-plugin"
      ],
      "range": "4.0.0-nightly.2020.1.9 - 4.1.11",
      "nodes": [
        "node_modules/cssnano"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "cssnano-preset-default": {
      "name": "cssnano-preset-default",
      "severity": "moderate",
      "via": [
        "postcss-svgo"
      ],
      "effects": [
        "cssnano"
      ],
      "range": "<=4.0.8",
      "nodes": [
        "node_modules/cssnano-preset-default"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/cpy/node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "high",
      "via": [
        {
          "source": 1067407,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
          "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
          "severity": "moderate",
          "range": "<1.14.8"
        },
        {
          "source": 1067459,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of sensitive information in follow-redirects",
          "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
          "severity": "high",
          "range": "<1.14.7"
        }
      ],
      "effects": [],
      "range": "<=1.14.7",
      "nodes": [
        "node_modules/follow-redirects"
      ],
      "fixAvailable": true
    },
    "github-build": {
      "name": "github-build",
      "severity": "high",
      "via": [
        "axios"
      ],
      "effects": [],
      "range": "<=1.2.2",
      "nodes": [
        "node_modules/github-build"
      ],
      "fixAvailable": true
    },
    "glob-base": {
      "name": "glob-base",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "@storybook/core-common"
      ],
      "range": "*",
      "nodes": [
        "node_modules/glob-base"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "via": [
        {
          "source": 1067329,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service in glob-parent",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob",
        "glob-base"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/cpy/node_modules/glob-parent",
        "node_modules/glob-base/node_modules/glob-parent",
        "node_modules/watchpack-chokidar2/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.72.0",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/cpy/node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "immer": {
      "name": "immer",
      "severity": "critical",
      "via": [
        {
          "source": 1067720,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
          "severity": "critical",
          "range": "<9.0.6"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<9.0.6",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "jake": {
      "name": "jake",
      "severity": "high",
      "via": [
        "async"
      ],
      "effects": [],
      "range": "8.0.1 - 10.8.4",
      "nodes": [
        "node_modules/jake"
      ],
      "fixAvailable": true
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "moderate",
      "via": [
        {
          "source": 1067524,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "moderate",
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "moderate",
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "via": [
        {
          "source": 1067367,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid",
        "node_modules/stylelint-config-wikimedia/node_modules/nanoid"
      ],
      "fixAvailable": true
    },
    "node-fetch": {
      "name": "node-fetch",
      "severity": "high",
      "via": [
        {
          "source": 1070022,
          "name": "node-fetch",
          "dependency": "node-fetch",
          "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
          "severity": "high",
          "range": "<2.6.7"
        }
      ],
      "effects": [],
      "range": "<2.6.7",
      "nodes": [
        "node_modules/node-fetch"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "moderate",
      "via": [
        {
          "source": 1067654,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "moderate",
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check",
        "node_modules/svgo/node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "optimize-css-assets-webpack-plugin": {
      "name": "optimize-css-assets-webpack-plugin",
      "severity": "moderate",
      "via": [
        "cssnano"
      ],
      "effects": [],
      "range": "3.2.1 || 5.0.0 - 5.0.8",
      "nodes": [
        "node_modules/optimize-css-assets-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "postcss-svgo": {
      "name": "postcss-svgo",
      "severity": "moderate",
      "via": [
        "svgo"
      ],
      "effects": [
        "cssnano-preset-default"
      ],
      "range": "4.0.0-nightly.2020.1.9 - 5.0.0-rc.2",
      "nodes": [
        "node_modules/postcss-svgo"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "via": [
        {
          "source": 1067401,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1067653,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service in prismjs",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "range": "<1.25.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/prismjs"
      ],
      "fixAvailable": true
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "via": [
        "browserslist",
        "immer"
      ],
      "effects": [
        "@storybook/builder-webpack4"
      ],
      "range": "6.0.0-next.03604a46 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "via": [
        "prismjs"
      ],
      "effects": [],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": true
    },
    "remark-mdx": {
      "name": "remark-mdx",
      "severity": "high",
      "via": [
        "remark-parse"
      ],
      "effects": [
        "@mdx-js/mdx"
      ],
      "range": "<=1.6.22",
      "nodes": [
        "node_modules/remark-mdx"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "remark-parse": {
      "name": "remark-parse",
      "severity": "high",
      "via": [
        "trim"
      ],
      "effects": [
        "@mdx-js/mdx",
        "remark-mdx"
      ],
      "range": "<=8.0.3",
      "nodes": [
        "node_modules/remark-parse"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "simple-get": {
      "name": "simple-get",
      "severity": "high",
      "via": [
        {
          "source": 1067428,
          "name": "simple-get",
          "dependency": "simple-get",
          "title": "Exposure of Sensitive Information in simple-get",
          "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
          "severity": "high",
          "range": ">=3.0.0 <3.1.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.0",
      "nodes": [
        "node_modules/simple-get"
      ],
      "fixAvailable": true
    },
    "svgo": {
      "name": "svgo",
      "severity": "moderate",
      "via": [
        "css-select"
      ],
      "effects": [
        "postcss-svgo"
      ],
      "range": "1.0.0 - 1.3.2",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "via": [
        {
          "source": 1067732,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "range": ">=6.0.0 <6.1.9"
        },
        {
          "source": 1067735,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "range": ">=6.0.0 <6.1.7"
        },
        {
          "source": 1067764,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "range": ">=6.0.0 <6.1.1"
        },
        {
          "source": 1067768,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "range": ">=6.0.0 <6.1.2"
        }
      ],
      "effects": [],
      "range": "6.0.0 - 6.1.8",
      "nodes": [
        "node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tmpl": {
      "name": "tmpl",
      "severity": "moderate",
      "via": [
        {
          "source": 1067697,
          "name": "tmpl",
          "dependency": "tmpl",
          "title": "Regular Expression Denial of Service in tmpl",
          "url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
          "severity": "moderate",
          "range": "<1.0.5"
        }
      ],
      "effects": [],
      "range": "<1.0.5",
      "nodes": [
        "node_modules/tmpl"
      ],
      "fixAvailable": true
    },
    "trim": {
      "name": "trim",
      "severity": "high",
      "via": [
        {
          "source": 1068044,
          "name": "trim",
          "dependency": "trim",
          "title": "Regular Expression Denial of Service in trim",
          "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
          "severity": "high",
          "range": "<0.0.3"
        }
      ],
      "effects": [
        "remark-parse"
      ],
      "range": "<0.0.3",
      "nodes": [
        "node_modules/trim"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [
        "webpack"
      ],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.72.0",
        "isSemVerMajor": true
      }
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.72.0",
        "isSemVerMajor": true
      }
    },
    "webpack": {
      "name": "webpack",
      "severity": "high",
      "via": [
        "watchpack"
      ],
      "effects": [],
      "range": "4.44.0 - 4.46.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.72.0",
        "isSemVerMajor": true
      }
    },
    "webpack-hot-middleware": {
      "name": "webpack-hot-middleware",
      "severity": "high",
      "via": [
        "ansi-html"
      ],
      "effects": [],
      "range": "2.9.0 - 2.25.0",
      "nodes": [
        "node_modules/webpack-hot-middleware"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 14,
      "high": 31,
      "critical": 3,
      "total": 48
    },
    "dependencies": {
      "prod": 1,
      "dev": 2783,
      "optional": 33,
      "peer": 0,
      "peerOptional": 0,
      "total": 2783
    }
  }
}

--- end ---
Upgrading n:eslint from 7.31.0 -> 8.9.0
Upgrading n:eslint-config-wikimedia from 0.20.0 -> 0.22.1
Upgrading n:stylelint from 13.9.0 -> 14.0.0
$ /usr/bin/npm install
--- stdout ---

> @wikimedia/wvui@0.4.0 prepare
> husky install

husky - Git hooks installed

added 2805 packages, and audited 2806 packages in 1m

16 packages are looking for funding
  run `npm fund` for details

47 vulnerabilities (13 moderate, 31 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(

ESLint: 8.9.0

TypeError: Failed to load plugin '@typescript-eslint' declared in '.eslintrc.json#overrides[0]': Class extends value undefined is not a constructor or null
Referenced from: /src/repo/.eslintrc.json
    at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/CLIEngine.js:12:34)
    at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:159:20)
    at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/index.js:14:14)
    at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
--- stdout ---

--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(

ESLint: 8.9.0

TypeError: Failed to load plugin '@typescript-eslint' declared in '.eslintrc.json#overrides[0]': Class extends value undefined is not a constructor or null
Referenced from: /src/repo/.eslintrc.json
    at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/CLIEngine.js:12:34)
    at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:159:20)
    at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/index.js:14:14)
    at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
--- stdout ---

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1395, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1333, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1041, in npm_upgrade
    hook(update)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1121, in _handle_eslint
    errors = json.loads(self.check_call([
  File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Source code is licensed under the AGPL.