wikimedia/portals: main (log #639199)

sourcepatches

This run took 132 seconds.

$ date
--- stdout ---
Wed Jun 22 12:32:34 UTC 2022

--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' (https://gerrit.wikimedia.org/r/wikimedia/portals/deploy) registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
38bf03c0a5d8372372bd85a79fb73af79e44d6b3 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "via": [
        {
          "source": 1070273,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=3.0.0 <3.0.1"
        },
        {
          "source": 1070274,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1070275,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/doiuse/node_modules/ansi-regex",
        "node_modules/es-dev-server/node_modules/ansi-regex",
        "node_modules/eslint/node_modules/ansi-regex",
        "node_modules/gulp-stylelint/node_modules/ansi-regex",
        "node_modules/stylelint/node_modules/ansi-regex",
        "node_modules/svg-sprite/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/yargs/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1070440,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": ">=2.0.0 <2.6.4"
        },
        {
          "source": 1070443,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": ">=3.0.0 <3.2.2"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 2.6.3 || 3.0.0 - 3.2.1",
      "nodes": [
        "node_modules/async",
        "node_modules/winston/node_modules/async"
      ],
      "fixAvailable": true
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.0.20131222 - 8.6.5",
      "nodes": [
        "node_modules/postcss-cssnext/node_modules/autoprefixer"
      ],
      "fixAvailable": true
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "via": [
        {
          "source": 1070315,
          "name": "axios",
          "dependency": "axios",
          "title": "Incorrect Comparison in axios",
          "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
          "severity": "high",
          "range": "<0.21.2"
        }
      ],
      "effects": [
        "github-build"
      ],
      "range": "<0.21.2",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "via": [
        {
          "source": 1067902,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/browserslist"
      ],
      "fixAvailable": true
    },
    "cheerio": {
      "name": "cheerio",
      "severity": "high",
      "via": [
        "css-select"
      ],
      "effects": [
        "gulp-inline"
      ],
      "range": "0.19.0 - 1.0.0-rc.3",
      "nodes": [
        "node_modules/cheerio"
      ],
      "fixAvailable": false
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "glob-watcher"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/glob-watcher/node_modules/chokidar"
      ],
      "fixAvailable": true
    },
    "color": {
      "name": "color",
      "severity": "moderate",
      "via": [
        "color-string"
      ],
      "effects": [
        "css-color-function"
      ],
      "range": "<=0.11.4",
      "nodes": [
        "node_modules/color"
      ],
      "fixAvailable": true
    },
    "color-string": {
      "name": "color-string",
      "severity": "moderate",
      "via": [
        {
          "source": 1067818,
          "name": "color-string",
          "dependency": "color-string",
          "title": "Regular Expression Denial of Service (ReDOS)",
          "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
          "severity": "moderate",
          "range": "<1.5.5"
        }
      ],
      "effects": [
        "color"
      ],
      "range": "<1.5.5",
      "nodes": [
        "node_modules/color-string",
        "node_modules/colorspace/node_modules/color-string",
        "node_modules/postcss-color-gray/node_modules/color-string",
        "node_modules/postcss-color-hex-alpha/node_modules/color-string",
        "node_modules/postcss-color-hwb/node_modules/color-string"
      ],
      "fixAvailable": true
    },
    "copy-props": {
      "name": "copy-props",
      "severity": "high",
      "via": [
        {
          "source": 1068168,
          "name": "copy-props",
          "dependency": "copy-props",
          "title": "Prototype Pollution in copy-props",
          "url": "https://github.com/advisories/GHSA-897m-rjf5-jp39",
          "severity": "high",
          "range": "<2.0.5"
        }
      ],
      "effects": [],
      "range": "<2.0.5",
      "nodes": [
        "node_modules/copy-props"
      ],
      "fixAvailable": true
    },
    "css-color-function": {
      "name": "css-color-function",
      "severity": "moderate",
      "via": [
        "color"
      ],
      "effects": [
        "postcss-color-function"
      ],
      "range": "*",
      "nodes": [
        "node_modules/css-color-function"
      ],
      "fixAvailable": true
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "via": [
        "nth-check"
      ],
      "effects": [
        "cheerio",
        "svgo"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/css-select",
        "node_modules/svg-sprite/node_modules/css-select",
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": false
    },
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "high",
      "via": [
        {
          "source": 1067407,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
          "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
          "severity": "moderate",
          "range": "<1.14.8"
        },
        {
          "source": 1067459,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of sensitive information in follow-redirects",
          "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
          "severity": "high",
          "range": "<1.14.7"
        }
      ],
      "effects": [],
      "range": "<=1.14.7",
      "nodes": [
        "node_modules/follow-redirects"
      ],
      "fixAvailable": true
    },
    "github-build": {
      "name": "github-build",
      "severity": "high",
      "via": [
        "axios"
      ],
      "effects": [],
      "range": "<=1.2.2",
      "nodes": [
        "node_modules/github-build"
      ],
      "fixAvailable": true
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "via": [
        {
          "source": 1067329,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service in glob-parent",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "glob-stream"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/glob-parent",
        "node_modules/glob-stream/node_modules/glob-parent",
        "node_modules/glob-watcher/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "glob-stream": {
      "name": "glob-stream",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "vinyl-fs"
      ],
      "range": "5.3.0 - 6.1.0",
      "nodes": [
        "node_modules/glob-stream"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "glob-watcher": {
      "name": "glob-watcher",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [],
      "range": ">=3.0.0",
      "nodes": [
        "node_modules/glob-watcher"
      ],
      "fixAvailable": true
    },
    "gulp": {
      "name": "gulp",
      "severity": "high",
      "via": [
        "vinyl-fs"
      ],
      "effects": [],
      "range": ">=4.0.0",
      "nodes": [
        "node_modules/gulp"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "gulp-compile-handlebars": {
      "name": "gulp-compile-handlebars",
      "severity": "critical",
      "via": [
        "gulp-util"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/gulp-compile-handlebars"
      ],
      "fixAvailable": false
    },
    "gulp-inline": {
      "name": "gulp-inline",
      "severity": "critical",
      "via": [
        "cheerio",
        "gulp-util"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/gulp-inline"
      ],
      "fixAvailable": false
    },
    "gulp-useref": {
      "name": "gulp-useref",
      "severity": "high",
      "via": [
        "vinyl-fs"
      ],
      "effects": [],
      "range": ">=3.1.4",
      "nodes": [
        "node_modules/gulp-useref"
      ],
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
      }
    },
    "gulp-util": {
      "name": "gulp-util",
      "severity": "critical",
      "via": [
        "lodash.template"
      ],
      "effects": [
        "gulp-compile-handlebars",
        "gulp-inline"
      ],
      "range": ">=1.1.0",
      "nodes": [
        "node_modules/gulp-util"
      ],
      "fixAvailable": false
    },
    "handlebars": {
      "name": "handlebars",
      "severity": "critical",
      "via": [
        {
          "source": 1067912,
          "name": "handlebars",
          "dependency": "handlebars",
          "title": "Prototype Pollution in handlebars",
          "url": "https://github.com/advisories/GHSA-765h-qjxv-5f44",
          "severity": "critical",
          "range": "<4.7.7"
        }
      ],
      "effects": [],
      "range": "<4.7.7",
      "nodes": [
        "node_modules/handlebars"
      ],
      "fixAvailable": true
    },
    "hosted-git-info": {
      "name": "hosted-git-info",
      "severity": "moderate",
      "via": [
        {
          "source": 1067956,
          "name": "hosted-git-info",
          "dependency": "hosted-git-info",
          "title": "Regular Expression Denial of Service in hosted-git-info",
          "url": "https://github.com/advisories/GHSA-43f8-2h32-f4cj",
          "severity": "moderate",
          "range": "<2.8.9"
        }
      ],
      "effects": [],
      "range": "<2.8.9",
      "nodes": [
        "node_modules/hosted-git-info"
      ],
      "fixAvailable": true
    },
    "is-svg": {
      "name": "is-svg",
      "severity": "high",
      "via": [
        {
          "source": 1067493,
          "name": "is-svg",
          "dependency": "is-svg",
          "title": "ReDOS in IS-SVG",
          "url": "https://github.com/advisories/GHSA-r8j5-h5cx-65gg",
          "severity": "high",
          "range": ">=2.1.0 <4.3.0"
        },
        {
          "source": 1068202,
          "name": "is-svg",
          "dependency": "is-svg",
          "title": "Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-7r28-3m3f-r2pr",
          "severity": "high",
          "range": ">=2.1.0 <4.2.2"
        }
      ],
      "effects": [
        "postcss-svgo"
      ],
      "range": "2.1.0 - 4.2.2",
      "nodes": [
        "node_modules/is-svg"
      ],
      "fixAvailable": true
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "critical",
      "via": [
        {
          "source": 1070413,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "critical",
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "critical",
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "lodash": {
      "name": "lodash",
      "severity": "high",
      "via": [
        {
          "source": 1070117,
          "name": "lodash",
          "dependency": "lodash",
          "title": "Command Injection in lodash",
          "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
          "severity": "high",
          "range": "<4.17.21"
        }
      ],
      "effects": [],
      "range": "<4.17.21",
      "nodes": [
        "node_modules/lodash"
      ],
      "fixAvailable": true
    },
    "lodash.template": {
      "name": "lodash.template",
      "severity": "critical",
      "via": [
        {
          "source": 1069553,
          "name": "lodash.template",
          "dependency": "lodash.template",
          "title": "Prototype Pollution in lodash",
          "url": "https://github.com/advisories/GHSA-jf85-cpcp-j695",
          "severity": "critical",
          "range": "<4.5.0"
        }
      ],
      "effects": [
        "gulp-util"
      ],
      "range": "<4.5.0",
      "nodes": [
        "node_modules/lodash.template"
      ],
      "fixAvailable": false
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        },
        {
          "source": 1070255,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "range": "<0.2.1"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=1.2.5",
      "nodes": [
        "node_modules/minimist",
        "node_modules/mocha/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "via": [
        "minimist"
      ],
      "effects": [
        "mocha"
      ],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/mocha/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "moderate",
      "via": [
        "mkdirp"
      ],
      "effects": [
        "svg-sprite"
      ],
      "range": "1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": true
    },
    "moment": {
      "name": "moment",
      "severity": "high",
      "via": [
        {
          "source": 1070447,
          "name": "moment",
          "dependency": "moment",
          "title": "Path Traversal: 'dir/../../filename' in moment.locale",
          "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
          "severity": "high",
          "range": "<2.29.2"
        }
      ],
      "effects": [],
      "range": "<2.29.2",
      "nodes": [
        "node_modules/moment"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "via": [
        {
          "source": 1067367,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "high",
      "via": [
        {
          "source": 1070415,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "high",
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check"
      ],
      "fixAvailable": false
    },
    "path-parse": {
      "name": "path-parse",
      "severity": "moderate",
      "via": [
        {
          "source": 1067761,
          "name": "path-parse",
          "dependency": "path-parse",
          "title": "Regular Expression Denial of Service in path-parse",
          "url": "https://github.com/advisories/GHSA-hj48-42vr-x3v9",
          "severity": "moderate",
          "range": "<1.0.7"
        }
      ],
      "effects": [],
      "range": "<1.0.7",
      "nodes": [
        "node_modules/path-parse"
      ],
      "fixAvailable": true
    },
    "pixrem": {
      "name": "pixrem",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/pixrem"
      ],
      "fixAvailable": true
    },
    "pleeease-filters": {
      "name": "pleeease-filters",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/pleeease-filters"
      ],
      "fixAvailable": true
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "via": [
        {
          "source": 1067832,
          "name": "postcss",
          "dependency": "postcss",
          "title": "Regular Expression Denial of Service in postcss",
          "url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3",
          "severity": "moderate",
          "range": ">=7.0.0 <7.0.36"
        },
        {
          "source": 1070012,
          "name": "postcss",
          "dependency": "postcss",
          "title": "Regular Expression Denial of Service in postcss",
          "url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
          "severity": "moderate",
          "range": "<7.0.36"
        }
      ],
      "effects": [
        "autoprefixer",
        "pixrem",
        "pleeease-filters",
        "postcss-apply",
        "postcss-attribute-case-insensitive",
        "postcss-color-function",
        "postcss-color-gray",
        "postcss-color-hex-alpha",
        "postcss-color-hsl",
        "postcss-color-hwb",
        "postcss-color-rebeccapurple",
        "postcss-color-rgb",
        "postcss-color-rgba-fallback",
        "postcss-cssnext",
        "postcss-custom-media",
        "postcss-custom-properties",
        "postcss-custom-selectors",
        "postcss-font-family-system-ui",
        "postcss-font-variant",
        "postcss-image-set-polyfill",
        "postcss-initial",
        "postcss-media-minmax",
        "postcss-nesting",
        "postcss-pseudo-class-any-link",
        "postcss-pseudoelements",
        "postcss-replace-overflow-wrap",
        "postcss-selector-matches",
        "postcss-selector-not"
      ],
      "range": "<=7.0.35",
      "nodes": [
        "node_modules/gulp-postcss/node_modules/postcss",
        "node_modules/pixrem/node_modules/postcss",
        "node_modules/pleeease-filters/node_modules/postcss",
        "node_modules/postcss",
        "node_modules/postcss-apply/node_modules/postcss",
        "node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
        "node_modules/postcss-color-function/node_modules/postcss",
        "node_modules/postcss-color-gray/node_modules/postcss",
        "node_modules/postcss-color-hex-alpha/node_modules/postcss",
        "node_modules/postcss-color-hsl/node_modules/postcss",
        "node_modules/postcss-color-hwb/node_modules/postcss",
        "node_modules/postcss-color-rebeccapurple/node_modules/postcss",
        "node_modules/postcss-color-rgb/node_modules/postcss",
        "node_modules/postcss-color-rgba-fallback/node_modules/postcss",
        "node_modules/postcss-cssnext/node_modules/postcss",
        "node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
        "node_modules/postcss-custom-media/node_modules/postcss",
        "node_modules/postcss-custom-properties/node_modules/postcss",
        "node_modules/postcss-custom-selectors/node_modules/postcss",
        "node_modules/postcss-font-family-system-ui/node_modules/postcss",
        "node_modules/postcss-font-variant/node_modules/postcss",
        "node_modules/postcss-image-set-polyfill/node_modules/postcss",
        "node_modules/postcss-import/node_modules/postcss",
        "node_modules/postcss-initial/node_modules/postcss",
        "node_modules/postcss-media-minmax/node_modules/postcss",
        "node_modules/postcss-nesting/node_modules/postcss",
        "node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
        "node_modules/postcss-pseudoelements/node_modules/postcss",
        "node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
        "node_modules/postcss-reporter/node_modules/postcss",
        "node_modules/postcss-selector-matches/node_modules/postcss",
        "node_modules/postcss-selector-not/node_modules/postcss"
      ],
      "fixAvailable": false
    },
    "postcss-apply": {
      "name": "postcss-apply",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=0.10.0",
      "nodes": [
        "node_modules/postcss-apply"
      ],
      "fixAvailable": false
    },
    "postcss-attribute-case-insensitive": {
      "name": "postcss-attribute-case-insensitive",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-attribute-case-insensitive"
      ],
      "fixAvailable": false
    },
    "postcss-color-function": {
      "name": "postcss-color-function",
      "severity": "moderate",
      "via": [
        "css-color-function",
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-function"
      ],
      "fixAvailable": true
    },
    "postcss-color-gray": {
      "name": "postcss-color-gray",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "3.0.0 - 4.1.0",
      "nodes": [
        "node_modules/postcss-color-gray"
      ],
      "fixAvailable": true
    },
    "postcss-color-hex-alpha": {
      "name": "postcss-color-hex-alpha",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.3.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-color-hex-alpha"
      ],
      "fixAvailable": true
    },
    "postcss-color-hsl": {
      "name": "postcss-color-hsl",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-hsl"
      ],
      "fixAvailable": true
    },
    "postcss-color-hwb": {
      "name": "postcss-color-hwb",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": ">=1.2.0",
      "nodes": [
        "node_modules/postcss-color-hwb"
      ],
      "fixAvailable": true
    },
    "postcss-color-rebeccapurple": {
      "name": "postcss-color-rebeccapurple",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.1.0",
      "nodes": [
        "node_modules/postcss-color-rebeccapurple"
      ],
      "fixAvailable": true
    },
    "postcss-color-rgb": {
      "name": "postcss-color-rgb",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-rgb"
      ],
      "fixAvailable": false
    },
    "postcss-color-rgba-fallback": {
      "name": "postcss-color-rgba-fallback",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.0",
      "nodes": [
        "node_modules/postcss-color-rgba-fallback"
      ],
      "fixAvailable": true
    },
    "postcss-cssnext": {
      "name": "postcss-cssnext",
      "severity": "moderate",
      "via": [
        "postcss",
        "postcss-apply",
        "postcss-attribute-case-insensitive",
        "postcss-color-rgb",
        "postcss-font-family-system-ui",
        "postcss-image-set-polyfill",
        "postcss-initial",
        "postcss-nesting",
        "postcss-replace-overflow-wrap"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-cssnext"
      ],
      "fixAvailable": false
    },
    "postcss-custom-media": {
      "name": "postcss-custom-media",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "4.0.0 - 6.0.0",
      "nodes": [
        "node_modules/postcss-custom-media"
      ],
      "fixAvailable": true
    },
    "postcss-custom-properties": {
      "name": "postcss-custom-properties",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "3.3.0 - 7.0.0",
      "nodes": [
        "node_modules/postcss-custom-properties"
      ],
      "fixAvailable": true
    },
    "postcss-custom-selectors": {
      "name": "postcss-custom-selectors",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "2.3.0 - 4.0.1",
      "nodes": [
        "node_modules/postcss-custom-selectors"
      ],
      "fixAvailable": true
    },
    "postcss-font-family-system-ui": {
      "name": "postcss-font-family-system-ui",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=3.0.0",
      "nodes": [
        "node_modules/postcss-font-family-system-ui"
      ],
      "fixAvailable": false
    },
    "postcss-font-variant": {
      "name": "postcss-font-variant",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-font-variant"
      ],
      "fixAvailable": true
    },
    "postcss-image-set-polyfill": {
      "name": "postcss-image-set-polyfill",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=0.4.4",
      "nodes": [
        "node_modules/postcss-image-set-polyfill"
      ],
      "fixAvailable": false
    },
    "postcss-initial": {
      "name": "postcss-initial",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-initial"
      ],
      "fixAvailable": false
    },
    "postcss-media-minmax": {
      "name": "postcss-media-minmax",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-media-minmax"
      ],
      "fixAvailable": true
    },
    "postcss-nesting": {
      "name": "postcss-nesting",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=6.0.0",
      "nodes": [
        "node_modules/postcss-nesting"
      ],
      "fixAvailable": false
    },
    "postcss-pseudo-class-any-link": {
      "name": "postcss-pseudo-class-any-link",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=5.0.0",
      "nodes": [
        "node_modules/postcss-pseudo-class-any-link"
      ],
      "fixAvailable": true
    },
    "postcss-pseudoelements": {
      "name": "postcss-pseudoelements",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": ">=2.2.0",
      "nodes": [
        "node_modules/postcss-pseudoelements"
      ],
      "fixAvailable": true
    },
    "postcss-replace-overflow-wrap": {
      "name": "postcss-replace-overflow-wrap",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-replace-overflow-wrap"
      ],
      "fixAvailable": false
    },
    "postcss-selector-matches": {
      "name": "postcss-selector-matches",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-selector-matches"
      ],
      "fixAvailable": true
    },
    "postcss-selector-not": {
      "name": "postcss-selector-not",
      "severity": "moderate",
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-selector-not"
      ],
      "fixAvailable": true
    },
    "postcss-svgo": {
      "name": "postcss-svgo",
      "severity": "high",
      "via": [
        "is-svg",
        "svgo"
      ],
      "effects": [],
      "range": "4.0.0-nightly.2020.1.9 - 5.0.0-rc.2",
      "nodes": [
        "node_modules/postcss-svgo"
      ],
      "fixAvailable": true
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "via": [
        "requestretry"
      ],
      "effects": [],
      "range": ">=0.5.7",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": {
        "name": "preq",
        "version": "0.5.6",
        "isSemVerMajor": true
      }
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "via": [
        {
          "source": 1067395,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "range": "<7.0.0"
        }
      ],
      "effects": [
        "preq"
      ],
      "range": "<7.0.0",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": {
        "name": "preq",
        "version": "0.5.6",
        "isSemVerMajor": true
      }
    },
    "simple-get": {
      "name": "simple-get",
      "severity": "high",
      "via": [
        {
          "source": 1067428,
          "name": "simple-get",
          "dependency": "simple-get",
          "title": "Exposure of Sensitive Information in simple-get",
          "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
          "severity": "high",
          "range": ">=3.0.0 <3.1.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.0",
      "nodes": [
        "node_modules/simple-get"
      ],
      "fixAvailable": true
    },
    "svg-sprite": {
      "name": "svg-sprite",
      "severity": "high",
      "via": [
        "mocha",
        "svgo",
        "xmldom",
        "yargs"
      ],
      "effects": [],
      "range": "1.0.0 - 1.5.4",
      "nodes": [
        "node_modules/svg-sprite"
      ],
      "fixAvailable": true
    },
    "svgo": {
      "name": "svgo",
      "severity": "high",
      "via": [
        "css-select"
      ],
      "effects": [
        "postcss-svgo",
        "svg-sprite"
      ],
      "range": "1.0.0 - 1.3.2",
      "nodes": [
        "node_modules/svg-sprite/node_modules/svgo",
        "node_modules/svgo"
      ],
      "fixAvailable": true
    },
    "trim-newlines": {
      "name": "trim-newlines",
      "severity": "high",
      "via": [
        {
          "source": 1070391,
          "name": "trim-newlines",
          "dependency": "trim-newlines",
          "title": "Uncontrolled Resource Consumption in trim-newlines",
          "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
          "severity": "high",
          "range": "<3.0.1"
        }
      ],
      "effects": [],
      "range": "<3.0.1",
      "nodes": [
        "node_modules/trim-newlines"
      ],
      "fixAvailable": true
    },
    "underscore": {
      "name": "underscore",
      "severity": "high",
      "via": [
        {
          "source": 1068134,
          "name": "underscore",
          "dependency": "underscore",
          "title": "Arbitrary Code Execution in underscore",
          "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
          "severity": "high",
          "range": ">=1.3.2 <1.12.1"
        }
      ],
      "effects": [],
      "range": "1.3.2 - 1.12.0",
      "nodes": [
        "node_modules/underscore"
      ],
      "fixAvailable": true
    },
    "vinyl-fs": {
      "name": "vinyl-fs",
      "severity": "high",
      "via": [
        "glob-stream"
      ],
      "effects": [
        "gulp",
        "gulp-useref"
      ],
      "range": ">=2.4.2",
      "nodes": [
        "node_modules/vinyl-fs"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "xmldom": {
      "name": "xmldom",
      "severity": "moderate",
      "via": [
        {
          "source": 1067480,
          "name": "xmldom",
          "dependency": "xmldom",
          "title": "Misinterpretation of malicious XML input",
          "url": "https://github.com/advisories/GHSA-5fg8-2547-mr8q",
          "severity": "moderate",
          "range": "<0.7.0"
        },
        {
          "source": 1070127,
          "name": "xmldom",
          "dependency": "xmldom",
          "title": "Misinterpretation of malicious XML input",
          "url": "https://github.com/advisories/GHSA-h6q6-9hqw-rwfv",
          "severity": "low",
          "range": "<0.5.0"
        }
      ],
      "effects": [
        "svg-sprite"
      ],
      "range": "*",
      "nodes": [
        "node_modules/xmldom"
      ],
      "fixAvailable": true
    },
    "yargs": {
      "name": "yargs",
      "severity": "moderate",
      "via": [
        "yargs-parser"
      ],
      "effects": [
        "svg-sprite"
      ],
      "range": "8.0.0-candidate.0 - 12.0.5",
      "nodes": [
        "node_modules/svg-sprite/node_modules/yargs"
      ],
      "fixAvailable": true
    },
    "yargs-parser": {
      "name": "yargs-parser",
      "severity": "moderate",
      "via": [
        {
          "source": 1068310,
          "name": "yargs-parser",
          "dependency": "yargs-parser",
          "title": "Prototype Pollution in yargs-parser",
          "url": "https://github.com/advisories/GHSA-p9pc-299p-vxgp",
          "severity": "moderate",
          "range": ">=6.0.0 <13.1.2"
        }
      ],
      "effects": [
        "yargs"
      ],
      "range": "6.0.0 - 13.1.1",
      "nodes": [
        "node_modules/svg-sprite/node_modules/yargs-parser"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 41,
      "high": 27,
      "critical": 8,
      "total": 76
    },
    "dependencies": {
      "prod": 1,
      "dev": 1785,
      "optional": 2,
      "peer": 0,
      "peerOptional": 0,
      "total": 1785
    }
  }
}

--- end ---
Upgrading n:eslint-config-wikimedia from 0.17.0 -> 0.22.1
Upgrading n:stylelint-config-wikimedia from 0.10.3 -> 0.13.0
$ /usr/bin/npm install
--- stdout ---

added 1845 packages, and audited 1846 packages in 2m

44 packages are looking for funding
  run `npm fund` for details

72 vulnerabilities (39 moderate, 25 high, 8 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(

ESLint: 7.9.0

ESLint couldn't find the plugin "eslint-plugin-unicorn".

(The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".)

It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:

    npm install eslint-plugin-unicorn@latest --save-dev

The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.json » eslint-config-wikimedia".

If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---

--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(

ESLint: 7.9.0

ESLint couldn't find the plugin "eslint-plugin-unicorn".

(The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".)

It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:

    npm install eslint-plugin-unicorn@latest --save-dev

The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.json » eslint-config-wikimedia".

If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1338, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1046, in npm_upgrade
    hook(update)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1126, in _handle_eslint
    errors = json.loads(self.check_call([
  File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Source code is licensed under the AGPL.