This run took 102 seconds.
$ date
--- stdout ---
Thu Jan 19 14:26:59 UTC 2023
--- end ---
$ git clone file:///srv/git/wvui.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
a6c699bda81233facf49b99ca949bf9aa05c515e refs/heads/master
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@mdx-js/loader": {
"name": "@mdx-js/loader",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx",
"loader-utils"
],
"effects": [
"@storybook/addon-docs"
],
"range": "0.15.5 - 1.6.22",
"nodes": [
"node_modules/@mdx-js/loader"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@mdx-js/loader",
"@storybook/addon-docs"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": true,
"via": [
"@mdx-js/loader",
"@mdx-js/mdx",
"@storybook/builder-webpack4",
"@storybook/core"
],
"effects": [],
"range": "<=6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-common",
"react-dev-utils"
],
"effects": [
"@storybook/addon-docs",
"@storybook/core-server"
],
"range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [
"@storybook/vue"
],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "high",
"isDirect": false,
"via": [
"glob-base"
],
"effects": [
"@storybook/builder-webpack4",
"@storybook/core-server",
"@storybook/vue"
],
"range": "<=6.4.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"cpy"
],
"effects": [
"@storybook/core"
],
"range": "<=7.0.0-alpha.6",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"@storybook/vue": {
"name": "@storybook/vue",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"ansi-html": {
"name": "ansi-html",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085468,
"name": "ansi-html",
"dependency": "ansi-html",
"title": "Uncontrolled Resource Consumption in ansi-html",
"url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.8"
}
],
"effects": [
"webpack-hot-middleware"
],
"range": "<0.0.8",
"nodes": [
"node_modules/ansi-html"
],
"fixAvailable": true
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088486,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1088487,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"node_modules/@jest/core/node_modules/ansi-regex",
"node_modules/ansi-align/node_modules/ansi-regex",
"node_modules/boxen/node_modules/ansi-regex",
"node_modules/cli-table3/node_modules/ansi-regex",
"node_modules/cli-truncate/node_modules/ansi-regex",
"node_modules/cliui/node_modules/ansi-regex",
"node_modules/doiuse/node_modules/ansi-regex",
"node_modules/eslint/node_modules/ansi-regex",
"node_modules/jest-config/node_modules/ansi-regex",
"node_modules/jest-each/node_modules/ansi-regex",
"node_modules/jest-jasmine2/node_modules/ansi-regex",
"node_modules/jest-leak-detector/node_modules/ansi-regex",
"node_modules/jest-matcher-utils/node_modules/ansi-regex",
"node_modules/jest-message-util/node_modules/ansi-regex",
"node_modules/jest-snapshot/node_modules/ansi-regex",
"node_modules/jest-validate/node_modules/ansi-regex",
"node_modules/listr2/node_modules/ansi-regex",
"node_modules/pretty-format/node_modules/ansi-regex",
"node_modules/react-dev-utils/node_modules/ansi-regex",
"node_modules/string-length/node_modules/ansi-regex",
"node_modules/stylelint/node_modules/ansi-regex",
"node_modules/table/node_modules/ansi-regex",
"node_modules/webpack-cli/node_modules/ansi-regex",
"node_modules/widest-line/node_modules/ansi-regex",
"node_modules/wrap-ansi/node_modules/ansi-regex",
"node_modules/yargs/node_modules/ansi-regex"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085798,
"name": "axios",
"dependency": "axios",
"title": "axios Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.21.2"
}
],
"effects": [
"github-build"
],
"range": "<0.21.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": true
},
"babel-core": {
"name": "babel-core",
"severity": "high",
"isDirect": true,
"via": [
"babel-register",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "1.19.0",
"nodes": [
"node_modules/body-parser"
],
"fixAvailable": true
},
"browserslist": {
"name": "browserslist",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1086127,
"name": "browserslist",
"dependency": "browserslist",
"title": "Regular Expression Denial of Service in browserslist",
"url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=4.0.0 <4.16.5"
}
],
"effects": [
"react-dev-utils"
],
"range": "4.0.0 - 4.16.4",
"nodes": [
"node_modules/react-dev-utils/node_modules/browserslist"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "webpack",
"version": "5.75.0",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "high",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "high",
"isDirect": false,
"via": [
"cssnano-preset-default"
],
"effects": [
"optimize-css-assets-webpack-plugin"
],
"range": "4.0.0-nightly.2020.1.9 - 4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "high",
"isDirect": false,
"via": [
"postcss-svgo"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"decode-uri-component": {
"name": "decode-uri-component",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1087979,
"name": "decode-uri-component",
"dependency": "decode-uri-component",
"title": "decode-uri-component vulnerable to Denial of Service (DoS)",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.2.1"
}
],
"effects": [],
"range": "<0.2.1",
"nodes": [
"node_modules/decode-uri-component"
],
"fixAvailable": true
},
"ejs": {
"name": "ejs",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1085466,
"name": "ejs",
"dependency": "ejs",
"title": "ejs template injection vulnerability",
"url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
"severity": "critical",
"cwe": [
"CWE-74"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<3.1.7"
}
],
"effects": [
"webpack-bundle-analyzer"
],
"range": "<3.1.7",
"nodes": [
"node_modules/ejs",
"node_modules/webpack-bundle-analyzer/node_modules/ejs"
],
"fixAvailable": {
"name": "webpack-bundle-analyzer",
"version": "4.7.0",
"isSemVerMajor": true
}
},
"express": {
"name": "express",
"severity": "high",
"isDirect": false,
"via": [
"body-parser",
"qs"
],
"effects": [],
"range": "4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8",
"nodes": [
"node_modules/express"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"find-babel-config": {
"name": "find-babel-config",
"severity": "high",
"isDirect": false,
"via": [
"json5"
],
"effects": [
"vue-jest"
],
"range": "<=1.2.0",
"nodes": [
"node_modules/find-babel-config"
],
"fixAvailable": {
"name": "vue-jest",
"version": "4.0.1",
"isSemVerMajor": true
}
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088175,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
"url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<1.14.8"
},
{
"source": 1088490,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of sensitive information in follow-redirects",
"url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
"severity": "high",
"cwe": [
"CWE-359"
],
"cvss": {
"score": 8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
},
"range": "<1.14.7"
}
],
"effects": [],
"range": "<=1.14.7",
"nodes": [
"node_modules/follow-redirects"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [],
"range": "<=1.2.2",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-base": {
"name": "glob-base",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"@storybook/core-common"
],
"range": "*",
"nodes": [
"node_modules/glob-base"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088261,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<5.1.2"
}
],
"effects": [
"chokidar",
"fast-glob",
"glob-base"
],
"range": "<5.1.2",
"nodes": [
"node_modules/cpy/node_modules/glob-parent",
"node_modules/glob-base/node_modules/glob-parent",
"node_modules/watchpack-chokidar2/node_modules/glob-parent"
],
"fixAvailable": {
"name": "webpack",
"version": "5.75.0",
"isSemVerMajor": true
}
},
"globby": {
"name": "globby",
"severity": "high",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"immer": {
"name": "immer",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1085478,
"name": "immer",
"dependency": "immer",
"title": "Prototype Pollution in immer",
"url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
"severity": "high",
"cwe": [
"CWE-915",
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<9.0.6"
},
{
"source": 1085992,
"name": "immer",
"dependency": "immer",
"title": "Prototype Pollution in immer",
"url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
"severity": "critical",
"cwe": [
"CWE-843",
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<9.0.6"
}
],
"effects": [
"react-dev-utils"
],
"range": "<=9.0.5",
"nodes": [
"node_modules/immer"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"json-schema": {
"name": "json-schema",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1085579,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "critical",
"cwe": [
"CWE-915",
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088341,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
},
{
"source": 1088342,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": ">=2.0.0 <2.2.2"
}
],
"effects": [
"babel-core",
"find-babel-config"
],
"range": "<1.0.2 || >=2.0.0 <2.2.2",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/loader-utils/node_modules/json5",
"node_modules/@storybook/core-common/node_modules/loader-utils/node_modules/json5",
"node_modules/@storybook/core-server/node_modules/loader-utils/node_modules/json5",
"node_modules/babel-core/node_modules/json5",
"node_modules/babel-loader/node_modules/json5",
"node_modules/find-babel-config/node_modules/json5",
"node_modules/generic-names/node_modules/json5",
"node_modules/html-webpack-plugin/node_modules/json5",
"node_modules/json5",
"node_modules/mini-css-extract-plugin/node_modules/json5",
"node_modules/ts-loader/node_modules/json5",
"node_modules/vue-docgen-loader/node_modules/json5",
"node_modules/vue-loader/node_modules/json5",
"node_modules/vue-style-loader/node_modules/json5",
"node_modules/webpack-cli/node_modules/json5",
"node_modules/webpack/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"jsprim": {
"name": "jsprim",
"severity": "critical",
"isDirect": false,
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"loader-utils": {
"name": "loader-utils",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1087892,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.4"
},
{
"source": 1087893,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
},
{
"source": 1087894,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<1.4.1"
},
{
"source": 1087895,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=2.0.0 <2.0.3"
},
{
"source": 1087985,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.4"
},
{
"source": 1087986,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
}
],
"effects": [
"@mdx-js/loader",
"react-dev-utils"
],
"range": "<=1.4.1 || 2.0.0 - 2.0.3",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/loader-utils",
"node_modules/@storybook/builder-webpack4/node_modules/postcss-loader/node_modules/loader-utils",
"node_modules/@storybook/core-common/node_modules/loader-utils",
"node_modules/@storybook/core-server/node_modules/loader-utils",
"node_modules/babel-loader/node_modules/loader-utils",
"node_modules/generic-names/node_modules/loader-utils",
"node_modules/html-webpack-plugin/node_modules/loader-utils",
"node_modules/loader-utils",
"node_modules/mini-css-extract-plugin/node_modules/loader-utils",
"node_modules/ts-loader/node_modules/loader-utils",
"node_modules/vue-docgen-loader/node_modules/loader-utils",
"node_modules/vue-loader/node_modules/loader-utils",
"node_modules/vue-style-loader/node_modules/loader-utils",
"node_modules/webpack-cli/node_modules/loader-utils",
"node_modules/webpack/node_modules/loader-utils"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088613,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"recursive-readdir"
],
"range": "<3.0.5",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1088106,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<1.2.6"
}
],
"effects": [],
"range": "<1.2.6",
"nodes": [
"node_modules/minimist"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088137,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid",
"node_modules/stylelint-config-wikimedia/node_modules/nanoid"
],
"fixAvailable": true
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085488,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"cwe": [
"CWE-173",
"CWE-200",
"CWE-601"
],
"cvss": {
"score": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<2.6.7"
}
],
"effects": [],
"range": "<2.6.7",
"nodes": [
"node_modules/node-fetch"
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085945,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check",
"node_modules/svgo/node_modules/nth-check"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"optimize-css-assets-webpack-plugin": {
"name": "optimize-css-assets-webpack-plugin",
"severity": "high",
"isDirect": true,
"via": [
"cssnano"
],
"effects": [],
"range": "3.2.1 || 5.0.0 - 5.0.8",
"nodes": [
"node_modules/optimize-css-assets-webpack-plugin"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"svgo"
],
"effects": [
"cssnano-preset-default"
],
"range": "4.0.0-nightly.2020.1.9 - 5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"prismjs": {
"name": "prismjs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085369,
"name": "prismjs",
"dependency": "prismjs",
"title": "prismjs Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<1.25.0"
},
{
"source": 1088168,
"name": "prismjs",
"dependency": "prismjs",
"title": "Cross-site Scripting in Prism",
"url": "https://github.com/advisories/GHSA-3949-f494-cm99",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"
},
"range": ">=1.14.0 <1.27.0"
}
],
"effects": [
"refractor"
],
"range": "<=1.26.0",
"nodes": [
"node_modules/prismjs"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088639,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.5.0 <6.5.3"
},
{
"source": 1088641,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.7.0 <6.7.3"
},
{
"source": 1088644,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.10.0 <6.10.3"
}
],
"effects": [
"body-parser",
"express"
],
"range": "6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 || 6.10.0 - 6.10.2",
"nodes": [
"node_modules/body-parser/node_modules/qs",
"node_modules/express/node_modules/qs",
"node_modules/qs",
"node_modules/request/node_modules/qs"
],
"fixAvailable": true
},
"react-dev-utils": {
"name": "react-dev-utils",
"severity": "critical",
"isDirect": false,
"via": [
"browserslist",
"immer",
"loader-utils",
"recursive-readdir",
"shell-quote"
],
"effects": [
"@storybook/builder-webpack4"
],
"range": "0.5.2 - 12.0.0-next.60",
"nodes": [
"node_modules/react-dev-utils"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"recursive-readdir": {
"name": "recursive-readdir",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"react-dev-utils"
],
"range": "1.2.0 - 2.2.2",
"nodes": [
"node_modules/recursive-readdir"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"refractor": {
"name": "refractor",
"severity": "high",
"isDirect": false,
"via": [
"prismjs"
],
"effects": [],
"range": "2.4.0 - 3.5.0 || 4.0.0 - 4.4.0",
"nodes": [
"node_modules/refractor"
],
"fixAvailable": true
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"shell-quote": {
"name": "shell-quote",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1087917,
"name": "shell-quote",
"dependency": "shell-quote",
"title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
"url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
"severity": "critical",
"cwe": [
"CWE-77"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=1.7.2"
}
],
"effects": [
"react-dev-utils"
],
"range": "<=1.7.2",
"nodes": [
"node_modules/shell-quote"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"simple-get": {
"name": "simple-get",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088192,
"name": "simple-get",
"dependency": "simple-get",
"title": "Exposure of Sensitive Information in simple-get",
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.1"
}
],
"effects": [],
"range": "3.0.0 - 3.1.0",
"nodes": [
"node_modules/simple-get"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085998,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
"url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.9"
},
{
"source": 1086022,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
"url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.1"
},
{
"source": 1088249,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
"url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-23",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.2"
},
{
"source": 1088575,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.9"
},
{
"source": 1088578,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.7"
}
],
"effects": [],
"range": "6.0.0 - 6.1.8",
"nodes": [
"node_modules/tar"
],
"fixAvailable": true
},
"terser": {
"name": "terser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088439,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.14.2"
},
{
"source": 1088440,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.8.1"
}
],
"effects": [],
"range": ">=5.0.0 <5.14.2 || <4.8.1",
"nodes": [
"node_modules/terser",
"node_modules/terser-webpack-plugin/node_modules/terser"
],
"fixAvailable": true
},
"tmpl": {
"name": "tmpl",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085370,
"name": "tmpl",
"dependency": "tmpl",
"title": "tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion",
"url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<1.0.5"
}
],
"effects": [],
"range": "<1.0.5",
"nodes": [
"node_modules/tmpl"
],
"fixAvailable": true
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1086234,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.15",
"isSemVerMajor": false
}
},
"vue-jest": {
"name": "vue-jest",
"severity": "high",
"isDirect": true,
"via": [
"find-babel-config"
],
"effects": [],
"range": "1.0.0 - 3.0.7",
"nodes": [
"node_modules/vue-jest"
],
"fixAvailable": {
"name": "vue-jest",
"version": "4.0.1",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": {
"name": "webpack",
"version": "5.75.0",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "webpack",
"version": "5.75.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": true,
"via": [
"watchpack"
],
"effects": [],
"range": "4.44.0 - 4.46.0",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "webpack",
"version": "5.75.0",
"isSemVerMajor": true
}
},
"webpack-bundle-analyzer": {
"name": "webpack-bundle-analyzer",
"severity": "critical",
"isDirect": true,
"via": [
"ejs"
],
"effects": [],
"range": "1.3.0 - 3.9.0",
"nodes": [
"node_modules/webpack-bundle-analyzer"
],
"fixAvailable": {
"name": "webpack-bundle-analyzer",
"version": "4.7.0",
"isSemVerMajor": true
}
},
"webpack-hot-middleware": {
"name": "webpack-hot-middleware",
"severity": "high",
"isDirect": false,
"via": [
"ansi-html"
],
"effects": [],
"range": "2.9.0 - 2.25.0",
"nodes": [
"node_modules/webpack-hot-middleware"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 3,
"high": 49,
"critical": 9,
"total": 62
},
"dependencies": {
"prod": 1,
"dev": 2783,
"optional": 33,
"peer": 0,
"peerOptional": 0,
"total": 2783
}
}
}
--- end ---
Upgrading n:eslint from 7.31.0 -> 8.31.0
Upgrading n:stylelint from 13.9.0 -> 14.14.0
Upgrading n:stylelint-config-wikimedia from 0.11.1 -> 0.13.1
$ /usr/bin/npm install
--- stderr ---
npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN dev eslint@"8.31.0" from the root project
npm WARN 17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/eslint-plugin@4.2.0
npm WARN node_modules/@typescript-eslint/eslint-plugin
npm WARN dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN dev eslint@"8.31.0" from the root project
npm WARN 17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/parser@4.2.0
npm WARN node_modules/@typescript-eslint/parser
npm WARN dev @typescript-eslint/parser@"4.2.0" from the root project
npm WARN 1 more (@typescript-eslint/eslint-plugin)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN dev eslint@"8.31.0" from the root project
npm WARN 17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/parser@4.2.0
npm WARN node_modules/@typescript-eslint/parser
npm WARN dev @typescript-eslint/parser@"4.2.0" from the root project
npm WARN 1 more (@typescript-eslint/eslint-plugin)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: stylelint@13.9.0
npm WARN node_modules/stylelint
npm WARN dev stylelint@"14.14.0" from the root project
npm WARN 2 more (stylelint-no-unsupported-browser-features, stylelint-order)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer stylelint@"^10.0.1 || ^11.0.0 || ^12.0.0 || ^13.0.0" from stylelint-order@4.1.0
npm WARN node_modules/stylelint-order
npm WARN dev stylelint-order@"4.1.0" from the root project
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js-pure@3.15.2: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure.
--- stdout ---
> @wikimedia/wvui@0.4.0 prepare
> husky install
husky - Git hooks installed
added 2785 packages, and audited 2786 packages in 1m
253 packages are looking for funding
run `npm fund` for details
61 vulnerabilities (1 low, 2 moderate, 49 high, 9 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ ./node_modules/.bin/stylelint src/components/typeahead-suggestion/TypeaheadSuggestion.stories.less src/themes/mixins/binary-input.less src/components/typeahead-search/TypeaheadSearch.stories.less src/themes/wikimedia-ui.less src/components/input/Input.stories.less src/components/toggle-button/ToggleButton.stories.less src/components/button/Button.stories.less src/components/checkbox/Checkbox.stories.less src/components/radio/Radio.stories.less -f json
--- stdout ---
[{"source":"/src/repo/src/components/typeahead-suggestion/TypeaheadSuggestion.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/themes/mixins/binary-input.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/typeahead-search/TypeaheadSearch.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/themes/wikimedia-ui.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/input/Input.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/toggle-button/ToggleButton.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/button/Button.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/checkbox/Checkbox.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]},{"source":"/src/repo/src/components/radio/Radio.stories.less","deprecations":[],"invalidOptionWarnings":[],"parseErrors":[],"errored":false,"warnings":[]}]
--- end ---
$ /usr/bin/npm ci
--- stderr ---
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.14.5
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 99 more (@babel/helper-compilation-targets, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.14.5
npm WARN node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.20.12
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.14.5
npm WARN node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-proposal-class-static-block@7.14.5
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 99 more (@babel/helper-compilation-targets, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.14.5
npm WARN node_modules/@babel/plugin-proposal-class-static-block
npm WARN @babel/plugin-proposal-class-static-block@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.20.12
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.14.5
npm WARN node_modules/@babel/plugin-proposal-class-static-block
npm WARN @babel/plugin-proposal-class-static-block@"^7.14.5" from @babel/preset-env@7.14.7
npm WARN node_modules/@babel/preset-env
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @typescript-eslint/eslint-plugin@4.2.0
npm ERR! Found: eslint@8.31.0
npm ERR! node_modules/eslint
npm ERR! dev eslint@"8.31.0" from the root project
npm ERR! peer eslint@"*" from @typescript-eslint/experimental-utils@4.2.0
npm ERR! node_modules/@typescript-eslint/experimental-utils
npm ERR! @typescript-eslint/experimental-utils@"4.2.0" from @typescript-eslint/eslint-plugin@4.2.0
npm ERR! node_modules/@typescript-eslint/eslint-plugin
npm ERR! dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm ERR! @typescript-eslint/experimental-utils@"^4.0.1" from eslint-plugin-jest@24.0.2
npm ERR! node_modules/eslint-plugin-jest
npm ERR! dev eslint-plugin-jest@"24.0.2" from the root project
npm ERR! 12 more (eslint-plugin-es, eslint-plugin-jest, ...)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/eslint-plugin@4.2.0
npm ERR! node_modules/@typescript-eslint/eslint-plugin
npm ERR! dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: eslint@7.32.0
npm ERR! node_modules/eslint
npm ERR! peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/eslint-plugin@4.2.0
npm ERR! node_modules/@typescript-eslint/eslint-plugin
npm ERR! dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /cache/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2023-01-19T14_28_32_605Z-debug-0.log
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1338, in run
self.npm_upgrade(plan)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1049, in npm_upgrade
self.npm_test()
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 286, in npm_test
self.check_call(['npm', 'ci'])
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
res.check_returncode()
File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'ci']' returned non-zero exit status 1.