wvui: main (log #787558)

sourcepatches

This run took 98 seconds.

$ date
--- stdout ---
Thu Nov 24 15:03:17 UTC 2022

--- end ---
$ git clone file:///srv/git/wvui.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
a6c699bda81233facf49b99ca949bf9aa05c515e refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@mdx-js/loader": {
      "name": "@mdx-js/loader",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "@mdx-js/mdx",
        "loader-utils"
      ],
      "effects": [
        "@storybook/addon-docs"
      ],
      "range": "0.15.5 - 1.6.22",
      "nodes": [
        "node_modules/@mdx-js/loader"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "@mdx-js/mdx": {
      "name": "@mdx-js/mdx",
      "severity": "high",
      "isDirect": false,
      "via": [
        "remark-mdx",
        "remark-parse"
      ],
      "effects": [
        "@mdx-js/loader",
        "@storybook/addon-docs"
      ],
      "range": "<=1.6.22",
      "nodes": [
        "node_modules/@mdx-js/mdx"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "@storybook/addon-docs": {
      "name": "@storybook/addon-docs",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "@mdx-js/loader",
        "@mdx-js/mdx",
        "@storybook/builder-webpack4",
        "@storybook/core"
      ],
      "effects": [],
      "range": "<=6.5.0-rc.1",
      "nodes": [
        "node_modules/@storybook/addon-docs"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "@storybook/builder-webpack4": {
      "name": "@storybook/builder-webpack4",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/core-common",
        "react-dev-utils"
      ],
      "effects": [
        "@storybook/addon-docs",
        "@storybook/core-server"
      ],
      "range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
      "nodes": [
        "node_modules/@storybook/builder-webpack4"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@storybook/core-server"
      ],
      "effects": [
        "@storybook/vue"
      ],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-common": {
      "name": "@storybook/core-common",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-base"
      ],
      "effects": [
        "@storybook/builder-webpack4",
        "@storybook/core-server",
        "@storybook/vue"
      ],
      "range": "<=6.4.0-rc.11",
      "nodes": [
        "node_modules/@storybook/core-common"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-server": {
      "name": "@storybook/core-server",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/builder-webpack4",
        "@storybook/core-common",
        "cpy"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=7.0.0-alpha.6",
      "nodes": [
        "node_modules/@storybook/core-server"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "@storybook/vue": {
      "name": "@storybook/vue",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@storybook/core",
        "@storybook/core-common"
      ],
      "effects": [],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
      "nodes": [
        "node_modules/@storybook/vue"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "ansi-html": {
      "name": "ansi-html",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1082045,
          "name": "ansi-html",
          "dependency": "ansi-html",
          "title": "Uncontrolled Resource Consumption in ansi-html",
          "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.0.8"
        }
      ],
      "effects": [
        "webpack-hot-middleware"
      ],
      "range": "<0.0.8",
      "nodes": [
        "node_modules/ansi-html"
      ],
      "fixAvailable": true
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1084696,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1084697,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/@jest/core/node_modules/ansi-regex",
        "node_modules/ansi-align/node_modules/ansi-regex",
        "node_modules/boxen/node_modules/ansi-regex",
        "node_modules/cli-table3/node_modules/ansi-regex",
        "node_modules/cli-truncate/node_modules/ansi-regex",
        "node_modules/cliui/node_modules/ansi-regex",
        "node_modules/doiuse/node_modules/ansi-regex",
        "node_modules/eslint/node_modules/ansi-regex",
        "node_modules/jest-config/node_modules/ansi-regex",
        "node_modules/jest-each/node_modules/ansi-regex",
        "node_modules/jest-jasmine2/node_modules/ansi-regex",
        "node_modules/jest-leak-detector/node_modules/ansi-regex",
        "node_modules/jest-matcher-utils/node_modules/ansi-regex",
        "node_modules/jest-message-util/node_modules/ansi-regex",
        "node_modules/jest-snapshot/node_modules/ansi-regex",
        "node_modules/jest-validate/node_modules/ansi-regex",
        "node_modules/listr2/node_modules/ansi-regex",
        "node_modules/pretty-format/node_modules/ansi-regex",
        "node_modules/react-dev-utils/node_modules/ansi-regex",
        "node_modules/string-length/node_modules/ansi-regex",
        "node_modules/stylelint/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/webpack-cli/node_modules/ansi-regex",
        "node_modules/widest-line/node_modules/ansi-regex",
        "node_modules/wrap-ansi/node_modules/ansi-regex",
        "node_modules/yargs/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1084436,
          "name": "axios",
          "dependency": "axios",
          "title": "axios Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.21.2"
        }
      ],
      "effects": [
        "github-build"
      ],
      "range": "<0.21.2",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1082132,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/chokidar"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.75.0",
        "isSemVerMajor": true
      }
    },
    "cpy": {
      "name": "cpy",
      "severity": "high",
      "isDirect": false,
      "via": [
        "globby"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "isDirect": false,
      "via": [
        "nth-check"
      ],
      "effects": [
        "svgo"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "cssnano": {
      "name": "cssnano",
      "severity": "high",
      "isDirect": false,
      "via": [
        "cssnano-preset-default"
      ],
      "effects": [
        "optimize-css-assets-webpack-plugin"
      ],
      "range": "4.0.0-nightly.2020.1.9 - 4.1.11",
      "nodes": [
        "node_modules/cssnano"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "cssnano-preset-default": {
      "name": "cssnano-preset-default",
      "severity": "high",
      "isDirect": false,
      "via": [
        "postcss-svgo"
      ],
      "effects": [
        "cssnano"
      ],
      "range": "<=4.0.8",
      "nodes": [
        "node_modules/cssnano-preset-default"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "ejs": {
      "name": "ejs",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1083256,
          "name": "ejs",
          "dependency": "ejs",
          "title": "ejs template injection vulnerability",
          "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
          "severity": "critical",
          "cwe": [
            "CWE-74"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<3.1.7"
        }
      ],
      "effects": [
        "webpack-bundle-analyzer"
      ],
      "range": "<3.1.7",
      "nodes": [
        "node_modules/ejs",
        "node_modules/webpack-bundle-analyzer/node_modules/ejs"
      ],
      "fixAvailable": {
        "name": "webpack-bundle-analyzer",
        "version": "4.7.0",
        "isSemVerMajor": true
      }
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/cpy/node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1067407,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
          "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<1.14.8"
        },
        {
          "source": 1084497,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of sensitive information in follow-redirects",
          "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
          "severity": "high",
          "cwe": [
            "CWE-359"
          ],
          "cvss": {
            "score": 8,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
          },
          "range": "<1.14.7"
        }
      ],
      "effects": [],
      "range": "<=1.14.7",
      "nodes": [
        "node_modules/follow-redirects"
      ],
      "fixAvailable": true
    },
    "github-build": {
      "name": "github-build",
      "severity": "high",
      "isDirect": false,
      "via": [
        "axios"
      ],
      "effects": [],
      "range": "<=1.2.2",
      "nodes": [
        "node_modules/github-build"
      ],
      "fixAvailable": true
    },
    "glob-base": {
      "name": "glob-base",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "@storybook/core-common"
      ],
      "range": "*",
      "nodes": [
        "node_modules/glob-base"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1081884,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob",
        "glob-base"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/cpy/node_modules/glob-parent",
        "node_modules/glob-base/node_modules/glob-parent",
        "node_modules/watchpack-chokidar2/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.75.0",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "isDirect": false,
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/cpy/node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "immer": {
      "name": "immer",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1067720,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
          "severity": "critical",
          "cwe": [
            "CWE-843",
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<9.0.6"
        },
        {
          "source": 1084348,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
          "severity": "high",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<9.0.6"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=9.0.5",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1081993,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "critical",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "loader-utils": {
      "name": "loader-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1084924,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<1.4.1"
        },
        {
          "source": 1084925,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=2.0.0 <2.0.3"
        },
        {
          "source": 1084992,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.4"
        },
        {
          "source": 1084993,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        },
        {
          "source": 1085033,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.4"
        },
        {
          "source": 1085034,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        }
      ],
      "effects": [
        "@mdx-js/loader",
        "react-dev-utils"
      ],
      "range": "<=1.4.1 || 2.0.0 - 2.0.3",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/loader-utils",
        "node_modules/@storybook/builder-webpack4/node_modules/postcss-loader/node_modules/loader-utils",
        "node_modules/@storybook/core-common/node_modules/loader-utils",
        "node_modules/@storybook/core-server/node_modules/loader-utils",
        "node_modules/babel-loader/node_modules/loader-utils",
        "node_modules/generic-names/node_modules/loader-utils",
        "node_modules/html-webpack-plugin/node_modules/loader-utils",
        "node_modules/loader-utils",
        "node_modules/mini-css-extract-plugin/node_modules/loader-utils",
        "node_modules/ts-loader/node_modules/loader-utils",
        "node_modules/vue-docgen-loader/node_modules/loader-utils",
        "node_modules/vue-loader/node_modules/loader-utils",
        "node_modules/vue-style-loader/node_modules/loader-utils",
        "node_modules/webpack-cli/node_modules/loader-utils",
        "node_modules/webpack/node_modules/loader-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1084765,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "recursive-readdir"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1081481,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid",
        "node_modules/stylelint-config-wikimedia/node_modules/nanoid"
      ],
      "fixAvailable": true
    },
    "node-fetch": {
      "name": "node-fetch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1084495,
          "name": "node-fetch",
          "dependency": "node-fetch",
          "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
          "severity": "high",
          "cwe": [
            "CWE-173",
            "CWE-200",
            "CWE-601"
          ],
          "cvss": {
            "score": 8.8,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<2.6.7"
        }
      ],
      "effects": [],
      "range": "<2.6.7",
      "nodes": [
        "node_modules/node-fetch"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1070415,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check",
        "node_modules/svgo/node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "optimize-css-assets-webpack-plugin": {
      "name": "optimize-css-assets-webpack-plugin",
      "severity": "high",
      "isDirect": true,
      "via": [
        "cssnano"
      ],
      "effects": [],
      "range": "3.2.1 || 5.0.0 - 5.0.8",
      "nodes": [
        "node_modules/optimize-css-assets-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "postcss-svgo": {
      "name": "postcss-svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
        "svgo"
      ],
      "effects": [
        "cssnano-preset-default"
      ],
      "range": "4.0.0-nightly.2020.1.9 - 5.0.0-rc.2",
      "nodes": [
        "node_modules/postcss-svgo"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1067401,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"
          },
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1081996,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "prismjs Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<1.25.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/prismjs"
      ],
      "fixAvailable": true
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "browserslist",
        "immer",
        "loader-utils",
        "recursive-readdir",
        "shell-quote"
      ],
      "effects": [
        "@storybook/builder-webpack4"
      ],
      "range": ">=0.5.2",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "recursive-readdir": {
      "name": "recursive-readdir",
      "severity": "high",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "1.2.0 - 2.2.2",
      "nodes": [
        "node_modules/recursive-readdir"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "prismjs"
      ],
      "effects": [],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": true
    },
    "remark-mdx": {
      "name": "remark-mdx",
      "severity": "high",
      "isDirect": false,
      "via": [
        "remark-parse"
      ],
      "effects": [
        "@mdx-js/mdx"
      ],
      "range": "<=1.6.22",
      "nodes": [
        "node_modules/remark-mdx"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "remark-parse": {
      "name": "remark-parse",
      "severity": "high",
      "isDirect": false,
      "via": [
        "trim"
      ],
      "effects": [
        "@mdx-js/mdx",
        "remark-mdx"
      ],
      "range": "<=8.0.3",
      "nodes": [
        "node_modules/remark-parse"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "shell-quote": {
      "name": "shell-quote",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1084769,
          "name": "shell-quote",
          "dependency": "shell-quote",
          "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
          "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
          "severity": "critical",
          "cwe": [
            "CWE-77"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=1.7.2"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=1.7.2",
      "nodes": [
        "node_modules/shell-quote"
      ],
      "fixAvailable": {
        "name": "@storybook/vue",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "simple-get": {
      "name": "simple-get",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1067428,
          "name": "simple-get",
          "dependency": "simple-get",
          "title": "Exposure of Sensitive Information in simple-get",
          "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.0",
      "nodes": [
        "node_modules/simple-get"
      ],
      "fixAvailable": true
    },
    "svgo": {
      "name": "svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
        "css-select"
      ],
      "effects": [
        "postcss-svgo"
      ],
      "range": "1.0.0 - 1.3.2",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "optimize-css-assets-webpack-plugin",
        "version": "6.0.1",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1070361,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=6.0.0 <6.1.9"
        },
        {
          "source": 1070364,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=6.0.0 <6.1.9"
        },
        {
          "source": 1070367,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=6.0.0 <6.1.7"
        },
        {
          "source": 1070370,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=6.0.0 <6.1.1"
        },
        {
          "source": 1080909,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=6.0.0 <6.1.2"
        }
      ],
      "effects": [],
      "range": "6.0.0 - 6.1.8",
      "nodes": [
        "node_modules/tar"
      ],
      "fixAvailable": true
    },
    "terser": {
      "name": "terser",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1081698,
          "name": "terser",
          "dependency": "terser",
          "title": "Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS",
          "url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
          "severity": "high",
          "cwe": [],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=5.0.0 <5.14.2"
        },
        {
          "source": 1081699,
          "name": "terser",
          "dependency": "terser",
          "title": "Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS",
          "url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
          "severity": "high",
          "cwe": [],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.8.1"
        }
      ],
      "effects": [],
      "range": ">=5.0.0 <5.14.2 || <4.8.1",
      "nodes": [
        "node_modules/terser",
        "node_modules/terser-webpack-plugin/node_modules/terser"
      ],
      "fixAvailable": true
    },
    "tmpl": {
      "name": "tmpl",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1081997,
          "name": "tmpl",
          "dependency": "tmpl",
          "title": "tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion",
          "url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<1.0.5"
        }
      ],
      "effects": [],
      "range": "<1.0.5",
      "nodes": [
        "node_modules/tmpl"
      ],
      "fixAvailable": true
    },
    "trim": {
      "name": "trim",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1070259,
          "name": "trim",
          "dependency": "trim",
          "title": "Regular Expression Denial of Service in trim",
          "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.0.3"
        }
      ],
      "effects": [
        "remark-parse"
      ],
      "range": "<0.0.3",
      "nodes": [
        "node_modules/trim"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-docs",
        "version": "6.5.13",
        "isSemVerMajor": false
      }
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [
        "webpack"
      ],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.75.0",
        "isSemVerMajor": true
      }
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.75.0",
        "isSemVerMajor": true
      }
    },
    "webpack": {
      "name": "webpack",
      "severity": "high",
      "isDirect": true,
      "via": [
        "watchpack"
      ],
      "effects": [],
      "range": "4.44.0 - 4.46.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.75.0",
        "isSemVerMajor": true
      }
    },
    "webpack-bundle-analyzer": {
      "name": "webpack-bundle-analyzer",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "ejs"
      ],
      "effects": [],
      "range": "1.3.0 - 3.9.0",
      "nodes": [
        "node_modules/webpack-bundle-analyzer"
      ],
      "fixAvailable": {
        "name": "webpack-bundle-analyzer",
        "version": "4.7.0",
        "isSemVerMajor": true
      }
    },
    "webpack-hot-middleware": {
      "name": "webpack-hot-middleware",
      "severity": "high",
      "isDirect": false,
      "via": [
        "ansi-html"
      ],
      "effects": [],
      "range": "2.9.0 - 2.25.0",
      "nodes": [
        "node_modules/webpack-hot-middleware"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 4,
      "high": 38,
      "critical": 11,
      "total": 53
    },
    "dependencies": {
      "prod": 1,
      "dev": 2783,
      "optional": 33,
      "peer": 0,
      "peerOptional": 0,
      "total": 2783
    }
  }
}

--- end ---
Upgrading n:eslint from 7.31.0 -> 8.9.0
Upgrading n:stylelint from 13.9.0 -> 14.14.0
Upgrading n:stylelint-config-wikimedia from 0.11.1 -> 0.13.1
$ /usr/bin/npm install
--- stderr ---
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN   dev eslint@"8.9.0" from the root project
npm WARN   17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/eslint-plugin@4.2.0
npm WARN node_modules/@typescript-eslint/eslint-plugin
npm WARN   dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN   dev eslint@"8.9.0" from the root project
npm WARN   17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/parser@4.2.0
npm WARN node_modules/@typescript-eslint/parser
npm WARN   dev @typescript-eslint/parser@"4.2.0" from the root project
npm WARN   1 more (@typescript-eslint/eslint-plugin)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN   dev eslint@"8.9.0" from the root project
npm WARN   17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/parser@4.2.0
npm WARN node_modules/@typescript-eslint/parser
npm WARN   dev @typescript-eslint/parser@"4.2.0" from the root project
npm WARN   1 more (@typescript-eslint/eslint-plugin)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: stylelint@13.9.0
npm WARN node_modules/stylelint
npm WARN   dev stylelint@"14.14.0" from the root project
npm WARN   2 more (stylelint-no-unsupported-browser-features, stylelint-order)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer stylelint@"^10.0.1 || ^11.0.0 || ^12.0.0 || ^13.0.0" from stylelint-order@4.1.0
npm WARN node_modules/stylelint-order
npm WARN   dev stylelint-order@"4.1.0" from the root project
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js-pure@3.15.2: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure.
--- stdout ---

> @wikimedia/wvui@0.4.0 prepare
> husky install

husky - Git hooks installed

added 2775 packages, and audited 2776 packages in 1m

252 packages are looking for funding
  run `npm fund` for details

52 vulnerabilities (3 moderate, 38 high, 11 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ ./node_modules/.bin/stylelint src/components/typeahead-suggestion/TypeaheadSuggestion.stories.less src/themes/wikimedia-ui.less src/components/checkbox/Checkbox.stories.less src/components/radio/Radio.stories.less src/components/typeahead-search/TypeaheadSearch.stories.less src/components/input/Input.stories.less src/components/button/Button.stories.less src/components/toggle-button/ToggleButton.stories.less src/themes/mixins/binary-input.less -f json
--- stdout ---
[{"source":"/src/repo/src/components/typeahead-suggestion/TypeaheadSuggestion.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/themes/wikimedia-ui.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/checkbox/Checkbox.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/radio/Radio.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/typeahead-search/TypeaheadSearch.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/input/Input.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/button/Button.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/toggle-button/ToggleButton.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/themes/mixins/binary-input.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]}]
--- end ---
$ /usr/bin/npm ci
--- stderr ---
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.14.5
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.11.6" from the root project
npm WARN   99 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.14.5
npm WARN node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN   @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.20.2
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.14.5
npm WARN   node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN     @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN     node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-proposal-class-static-block@7.14.5
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.11.6" from the root project
npm WARN   99 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.14.5
npm WARN node_modules/@babel/plugin-proposal-class-static-block
npm WARN   @babel/plugin-proposal-class-static-block@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.20.2
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.14.5
npm WARN   node_modules/@babel/plugin-proposal-class-static-block
npm WARN     @babel/plugin-proposal-class-static-block@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN     node_modules/@babel/preset-env
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @typescript-eslint/eslint-plugin@4.2.0
npm ERR! Found: eslint@8.9.0
npm ERR! node_modules/eslint
npm ERR!   dev eslint@"8.9.0" from the root project
npm ERR!   peer eslint@"*" from @typescript-eslint/experimental-utils@4.2.0
npm ERR!   node_modules/@typescript-eslint/experimental-utils
npm ERR!     @typescript-eslint/experimental-utils@"4.2.0" from @typescript-eslint/eslint-plugin@4.2.0
npm ERR!     node_modules/@typescript-eslint/eslint-plugin
npm ERR!       dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm ERR!     @typescript-eslint/experimental-utils@"^4.0.1" from eslint-plugin-jest@24.0.2
npm ERR!     node_modules/eslint-plugin-jest
npm ERR!       dev eslint-plugin-jest@"24.0.2" from the root project
npm ERR!   12 more (eslint-plugin-es, eslint-plugin-jest, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/eslint-plugin@4.2.0
npm ERR! node_modules/@typescript-eslint/eslint-plugin
npm ERR!   dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: eslint@7.32.0
npm ERR! node_modules/eslint
npm ERR!   peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/eslint-plugin@4.2.0
npm ERR!   node_modules/@typescript-eslint/eslint-plugin
npm ERR!     dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /cache/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /cache/_logs/2022-11-24T15_04_48_529Z-debug-0.log
--- stdout ---

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1338, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1049, in npm_upgrade
    self.npm_test()
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 286, in npm_test
    self.check_call(['npm', 'ci'])
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
    res.check_returncode()
  File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'ci']' returned non-zero exit status 1.
Source code is licensed under the AGPL.