wikimedia/portals: main (log #788662)

sourcepatches

This run took 2712 seconds.

$ date
--- stdout ---
Fri Nov 25 05:12:27 UTC 2022

--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' (https://gerrit.wikimedia.org/r/wikimedia/portals/deploy) registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
f1028d67ec8a0f3d1241b9f5a9b90660075a8a8d refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@xmldom/xmldom": {
      "name": "@xmldom/xmldom",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1084900,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom allows multiple root nodes in a DOM",
          "url": "https://github.com/advisories/GHSA-crh6-fp67-6883",
          "severity": "critical",
          "cwe": [
            "CWE-20",
            "CWE-1288"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.7.7"
        }
      ],
      "effects": [],
      "range": "<0.7.7",
      "nodes": [
        "node_modules/@xmldom/xmldom"
      ],
      "fixAvailable": true
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.0.20131222 - 8.6.5",
      "nodes": [
        "node_modules/autoprefixer"
      ],
      "fixAvailable": true
    },
    "cheerio": {
      "name": "cheerio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "css-select"
      ],
      "effects": [
        "gulp-inline"
      ],
      "range": "0.19.0 - 1.0.0-rc.3",
      "nodes": [
        "node_modules/cheerio"
      ],
      "fixAvailable": false
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "glob-watcher"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/glob-watcher/node_modules/chokidar"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "color": {
      "name": "color",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "color-string"
      ],
      "effects": [
        "css-color-function"
      ],
      "range": "<=0.11.4",
      "nodes": [
        "node_modules/color"
      ],
      "fixAvailable": true
    },
    "color-string": {
      "name": "color-string",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1082075,
          "name": "color-string",
          "dependency": "color-string",
          "title": "Regular Expression Denial of Service (ReDOS)",
          "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
          "severity": "moderate",
          "cwe": [
            "CWE-770"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<1.5.5"
        }
      ],
      "effects": [
        "color"
      ],
      "range": "<1.5.5",
      "nodes": [
        "node_modules/color/node_modules/color-string"
      ],
      "fixAvailable": true
    },
    "css-color-function": {
      "name": "css-color-function",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "color"
      ],
      "effects": [
        "postcss-color-function"
      ],
      "range": "*",
      "nodes": [
        "node_modules/css-color-function"
      ],
      "fixAvailable": true
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "isDirect": false,
      "via": [
        "nth-check"
      ],
      "effects": [
        "cheerio",
        "svgo"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/css-select",
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.1",
        "isSemVerMajor": true
      }
    },
    "cssnano": {
      "name": "cssnano",
      "severity": "high",
      "isDirect": true,
      "via": [
        "cssnano-preset-default"
      ],
      "effects": [],
      "range": "4.0.0-nightly.2020.1.9 - 4.1.11",
      "nodes": [
        "node_modules/cssnano"
      ],
      "fixAvailable": {
        "name": "cssnano",
        "version": "5.1.14",
        "isSemVerMajor": true
      }
    },
    "cssnano-preset-default": {
      "name": "cssnano-preset-default",
      "severity": "high",
      "isDirect": false,
      "via": [
        "postcss-svgo"
      ],
      "effects": [
        "cssnano"
      ],
      "range": "<=4.0.8",
      "nodes": [
        "node_modules/cssnano-preset-default"
      ],
      "fixAvailable": {
        "name": "cssnano",
        "version": "5.1.14",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1081884,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "glob-stream"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/glob-stream/node_modules/glob-parent",
        "node_modules/glob-watcher/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "glob-stream": {
      "name": "glob-stream",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "vinyl-fs"
      ],
      "range": "5.3.0 - 6.1.0",
      "nodes": [
        "node_modules/glob-stream"
      ],
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
      }
    },
    "glob-watcher": {
      "name": "glob-watcher",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "gulp"
      ],
      "range": ">=3.0.0",
      "nodes": [
        "node_modules/glob-watcher"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "gulp": {
      "name": "gulp",
      "severity": "high",
      "isDirect": true,
      "via": [
        "glob-watcher",
        "vinyl-fs"
      ],
      "effects": [],
      "range": ">=4.0.0",
      "nodes": [
        "node_modules/gulp"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "3.9.1",
        "isSemVerMajor": true
      }
    },
    "gulp-compile-handlebars": {
      "name": "gulp-compile-handlebars",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "gulp-util"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/gulp-compile-handlebars"
      ],
      "fixAvailable": false
    },
    "gulp-inline": {
      "name": "gulp-inline",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "cheerio",
        "gulp-util"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/gulp-inline"
      ],
      "fixAvailable": false
    },
    "gulp-svg-sprite": {
      "name": "gulp-svg-sprite",
      "severity": "high",
      "isDirect": true,
      "via": [
        "svg-sprite"
      ],
      "effects": [],
      "range": "1.4.0 - 1.5.0",
      "nodes": [
        "node_modules/gulp-svg-sprite"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.1",
        "isSemVerMajor": true
      }
    },
    "gulp-useref": {
      "name": "gulp-useref",
      "severity": "high",
      "isDirect": true,
      "via": [
        "vinyl-fs"
      ],
      "effects": [],
      "range": ">=3.1.4",
      "nodes": [
        "node_modules/gulp-useref"
      ],
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
      }
    },
    "gulp-util": {
      "name": "gulp-util",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "lodash.template"
      ],
      "effects": [
        "gulp-compile-handlebars",
        "gulp-inline"
      ],
      "range": ">=1.1.0",
      "nodes": [
        "node_modules/gulp-util"
      ],
      "fixAvailable": false
    },
    "lodash.template": {
      "name": "lodash.template",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1069553,
          "name": "lodash.template",
          "dependency": "lodash.template",
          "title": "Prototype Pollution in lodash",
          "url": "https://github.com/advisories/GHSA-jf85-cpcp-j695",
          "severity": "critical",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 9.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
          },
          "range": "<4.5.0"
        }
      ],
      "effects": [
        "gulp-util"
      ],
      "range": "<4.5.0",
      "nodes": [
        "node_modules/lodash.template"
      ],
      "fixAvailable": false
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1070415,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.1",
        "isSemVerMajor": true
      }
    },
    "pixrem": {
      "name": "pixrem",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/pixrem"
      ],
      "fixAvailable": true
    },
    "pleeease-filters": {
      "name": "pleeease-filters",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/pleeease-filters"
      ],
      "fixAvailable": true
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1070012,
          "name": "postcss",
          "dependency": "postcss",
          "title": "Regular Expression Denial of Service in postcss",
          "url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<7.0.36"
        }
      ],
      "effects": [
        "autoprefixer",
        "pixrem",
        "pleeease-filters",
        "postcss-apply",
        "postcss-attribute-case-insensitive",
        "postcss-color-function",
        "postcss-color-gray",
        "postcss-color-hex-alpha",
        "postcss-color-hsl",
        "postcss-color-hwb",
        "postcss-color-rebeccapurple",
        "postcss-color-rgb",
        "postcss-color-rgba-fallback",
        "postcss-cssnext",
        "postcss-custom-media",
        "postcss-custom-properties",
        "postcss-custom-selectors",
        "postcss-font-family-system-ui",
        "postcss-font-variant",
        "postcss-image-set-polyfill",
        "postcss-initial",
        "postcss-media-minmax",
        "postcss-nesting",
        "postcss-pseudo-class-any-link",
        "postcss-pseudoelements",
        "postcss-replace-overflow-wrap",
        "postcss-selector-matches",
        "postcss-selector-not"
      ],
      "range": "<7.0.36",
      "nodes": [
        "node_modules/autoprefixer/node_modules/postcss",
        "node_modules/pixrem/node_modules/postcss",
        "node_modules/pleeease-filters/node_modules/postcss",
        "node_modules/postcss-apply/node_modules/postcss",
        "node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
        "node_modules/postcss-color-function/node_modules/postcss",
        "node_modules/postcss-color-gray/node_modules/postcss",
        "node_modules/postcss-color-hex-alpha/node_modules/postcss",
        "node_modules/postcss-color-hsl/node_modules/postcss",
        "node_modules/postcss-color-hwb/node_modules/postcss",
        "node_modules/postcss-color-rebeccapurple/node_modules/postcss",
        "node_modules/postcss-color-rgb/node_modules/postcss",
        "node_modules/postcss-color-rgba-fallback/node_modules/postcss",
        "node_modules/postcss-cssnext/node_modules/postcss",
        "node_modules/postcss-custom-media/node_modules/postcss",
        "node_modules/postcss-custom-properties/node_modules/postcss",
        "node_modules/postcss-custom-selectors/node_modules/postcss",
        "node_modules/postcss-font-family-system-ui/node_modules/postcss",
        "node_modules/postcss-font-variant/node_modules/postcss",
        "node_modules/postcss-image-set-polyfill/node_modules/postcss",
        "node_modules/postcss-initial/node_modules/postcss",
        "node_modules/postcss-media-minmax/node_modules/postcss",
        "node_modules/postcss-nesting/node_modules/postcss",
        "node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
        "node_modules/postcss-pseudoelements/node_modules/postcss",
        "node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
        "node_modules/postcss-selector-matches/node_modules/postcss",
        "node_modules/postcss-selector-not/node_modules/postcss"
      ],
      "fixAvailable": false
    },
    "postcss-apply": {
      "name": "postcss-apply",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=0.10.0",
      "nodes": [
        "node_modules/postcss-apply"
      ],
      "fixAvailable": false
    },
    "postcss-attribute-case-insensitive": {
      "name": "postcss-attribute-case-insensitive",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-attribute-case-insensitive"
      ],
      "fixAvailable": false
    },
    "postcss-color-function": {
      "name": "postcss-color-function",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "css-color-function",
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-function"
      ],
      "fixAvailable": true
    },
    "postcss-color-gray": {
      "name": "postcss-color-gray",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "3.0.0 - 4.1.0",
      "nodes": [
        "node_modules/postcss-color-gray"
      ],
      "fixAvailable": true
    },
    "postcss-color-hex-alpha": {
      "name": "postcss-color-hex-alpha",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.3.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-color-hex-alpha"
      ],
      "fixAvailable": true
    },
    "postcss-color-hsl": {
      "name": "postcss-color-hsl",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-hsl"
      ],
      "fixAvailable": false
    },
    "postcss-color-hwb": {
      "name": "postcss-color-hwb",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": ">=1.2.0",
      "nodes": [
        "node_modules/postcss-color-hwb"
      ],
      "fixAvailable": true
    },
    "postcss-color-rebeccapurple": {
      "name": "postcss-color-rebeccapurple",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.1.0",
      "nodes": [
        "node_modules/postcss-color-rebeccapurple"
      ],
      "fixAvailable": true
    },
    "postcss-color-rgb": {
      "name": "postcss-color-rgb",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-rgb"
      ],
      "fixAvailable": true
    },
    "postcss-color-rgba-fallback": {
      "name": "postcss-color-rgba-fallback",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.0",
      "nodes": [
        "node_modules/postcss-color-rgba-fallback"
      ],
      "fixAvailable": true
    },
    "postcss-cssnext": {
      "name": "postcss-cssnext",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "autoprefixer",
        "pixrem",
        "pleeease-filters",
        "postcss",
        "postcss-apply",
        "postcss-attribute-case-insensitive",
        "postcss-color-function",
        "postcss-color-gray",
        "postcss-color-hex-alpha",
        "postcss-color-hsl",
        "postcss-color-hwb",
        "postcss-color-rebeccapurple",
        "postcss-color-rgb",
        "postcss-color-rgba-fallback",
        "postcss-custom-media",
        "postcss-custom-properties",
        "postcss-custom-selectors",
        "postcss-font-family-system-ui",
        "postcss-font-variant",
        "postcss-image-set-polyfill",
        "postcss-initial",
        "postcss-media-minmax",
        "postcss-nesting",
        "postcss-pseudo-class-any-link",
        "postcss-pseudoelements",
        "postcss-replace-overflow-wrap",
        "postcss-selector-matches",
        "postcss-selector-not"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-cssnext"
      ],
      "fixAvailable": false
    },
    "postcss-custom-media": {
      "name": "postcss-custom-media",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "4.0.0 - 6.0.0",
      "nodes": [
        "node_modules/postcss-custom-media"
      ],
      "fixAvailable": true
    },
    "postcss-custom-properties": {
      "name": "postcss-custom-properties",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "3.3.0 - 7.0.0",
      "nodes": [
        "node_modules/postcss-custom-properties"
      ],
      "fixAvailable": true
    },
    "postcss-custom-selectors": {
      "name": "postcss-custom-selectors",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss",
        "postcss-selector-matches"
      ],
      "effects": [],
      "range": "2.3.0 - 4.0.1",
      "nodes": [
        "node_modules/postcss-custom-selectors"
      ],
      "fixAvailable": true
    },
    "postcss-font-family-system-ui": {
      "name": "postcss-font-family-system-ui",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=3.0.0",
      "nodes": [
        "node_modules/postcss-font-family-system-ui"
      ],
      "fixAvailable": false
    },
    "postcss-font-variant": {
      "name": "postcss-font-variant",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-font-variant"
      ],
      "fixAvailable": true
    },
    "postcss-image-set-polyfill": {
      "name": "postcss-image-set-polyfill",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=0.4.4",
      "nodes": [
        "node_modules/postcss-image-set-polyfill"
      ],
      "fixAvailable": false
    },
    "postcss-initial": {
      "name": "postcss-initial",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-initial"
      ],
      "fixAvailable": false
    },
    "postcss-media-minmax": {
      "name": "postcss-media-minmax",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-media-minmax"
      ],
      "fixAvailable": true
    },
    "postcss-nesting": {
      "name": "postcss-nesting",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=6.0.0",
      "nodes": [
        "node_modules/postcss-nesting"
      ],
      "fixAvailable": false
    },
    "postcss-pseudo-class-any-link": {
      "name": "postcss-pseudo-class-any-link",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=5.0.0",
      "nodes": [
        "node_modules/postcss-pseudo-class-any-link"
      ],
      "fixAvailable": true
    },
    "postcss-pseudoelements": {
      "name": "postcss-pseudoelements",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": ">=2.2.0",
      "nodes": [
        "node_modules/postcss-pseudoelements"
      ],
      "fixAvailable": true
    },
    "postcss-replace-overflow-wrap": {
      "name": "postcss-replace-overflow-wrap",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-replace-overflow-wrap"
      ],
      "fixAvailable": false
    },
    "postcss-selector-matches": {
      "name": "postcss-selector-matches",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-selector-matches"
      ],
      "fixAvailable": true
    },
    "postcss-selector-not": {
      "name": "postcss-selector-not",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-selector-not"
      ],
      "fixAvailable": true
    },
    "postcss-svgo": {
      "name": "postcss-svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
        "svgo"
      ],
      "effects": [
        "cssnano-preset-default"
      ],
      "range": "4.0.0-nightly.2020.1.9 - 5.0.0-rc.2",
      "nodes": [
        "node_modules/postcss-svgo"
      ],
      "fixAvailable": {
        "name": "cssnano",
        "version": "5.1.14",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "requestretry"
      ],
      "effects": [],
      "range": ">=0.5.7",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": {
        "name": "preq",
        "version": "0.5.6",
        "isSemVerMajor": true
      }
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1067395,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        }
      ],
      "effects": [
        "preq"
      ],
      "range": "<7.0.0",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": {
        "name": "preq",
        "version": "0.5.6",
        "isSemVerMajor": true
      }
    },
    "svg-sprite": {
      "name": "svg-sprite",
      "severity": "high",
      "isDirect": false,
      "via": [
        "svgo"
      ],
      "effects": [
        "gulp-svg-sprite"
      ],
      "range": "1.4.0 - 1.5.4",
      "nodes": [
        "node_modules/svg-sprite"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.1",
        "isSemVerMajor": true
      }
    },
    "svgo": {
      "name": "svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
        "css-select"
      ],
      "effects": [
        "postcss-svgo",
        "svg-sprite"
      ],
      "range": "1.0.0 - 1.3.2",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.1",
        "isSemVerMajor": true
      }
    },
    "vinyl-fs": {
      "name": "vinyl-fs",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-stream"
      ],
      "effects": [
        "gulp-useref"
      ],
      "range": ">=2.4.2",
      "nodes": [
        "node_modules/vinyl-fs"
      ],
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 32,
      "high": 18,
      "critical": 5,
      "total": 55
    },
    "dependencies": {
      "prod": 1,
      "dev": 1790,
      "optional": 4,
      "peer": 0,
      "peerOptional": 0,
      "total": 1790
    }
  }
}

--- end ---
$ /usr/bin/npm install
--- stderr ---
npm WARN deprecated @types/browserslist@4.15.0: This is a stub types definition. browserslist provides its own type definitions, so you do not need this installed.
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @stylelint/postcss-markdown@0.36.2: Use the original unforked package instead: postcss-markdown
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at https://moox.io/blog/deprecating-cssnext/
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---

added 1696 packages, and audited 1697 packages in 60s

148 packages are looking for funding
  run `npm fund` for details

54 vulnerabilities (32 moderate, 18 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Upgrading n:stylelint-config-wikimedia from 0.10.3 -> 0.13.1
$ /usr/bin/npm install
--- stdout ---

added 24 packages, removed 48 packages, changed 7 packages, and audited 1673 packages in 4s

126 packages are looking for funding
  run `npm fund` for details

54 vulnerabilities (32 moderate, 18 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Source code is licensed under the AGPL.