This run took 81 seconds.
From eca6fa77d508ec9285ef0fd2bd83687801efc190 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 31 Jan 2023 00:52:02 +0000
Subject: [PATCH] [DNM] there are no updates
Change-Id: I5fb5d00e5e8d7989f0b74ee3681ad98409e1dcee
---
package-lock.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 71c41b4..873d51d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7887,7 +7887,7 @@
"node_modules/wikimedia-kad-fork/node_modules/ms": {
"version": "0.7.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz",
- "integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8="
+ "integrity": "sha512-lrKNzMWqQZgwJahtrtrM+9NgOoDUveDrVmm5aGXrf3BdtL0mq7X6IVzoZaw+TfNti29eHd1/8GI+h45K5cQ6/w=="
},
"node_modules/word-wrap": {
"version": "1.2.3",
@@ -14064,7 +14064,7 @@
"ms": {
"version": "0.7.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz",
- "integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8="
+ "integrity": "sha512-lrKNzMWqQZgwJahtrtrM+9NgOoDUveDrVmm5aGXrf3BdtL0mq7X6IVzoZaw+TfNti29eHd1/8GI+h45K5cQ6/w=="
}
}
},
--
2.30.2
$ date
--- stdout ---
Tue Jan 31 00:51:20 UTC 2023
--- end ---
$ git clone file:///srv/git/mediawiki-services-mathoid.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
a1e488dfbbac83e307f8555dfdd0e2e2b8f93f2b refs/heads/master
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"dom-compare": {
"name": "dom-compare",
"severity": "critical",
"isDirect": true,
"via": [
"xmldom"
],
"effects": [],
"range": ">=0.2.0",
"nodes": [
"node_modules/dom-compare"
],
"fixAvailable": {
"name": "dom-compare",
"version": "0.1.1",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089185,
"name": "jsdom",
"dependency": "jsdom",
"title": "Insufficient Granularity of Access Control in JSDom",
"url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98",
"severity": "moderate",
"cwe": [
"CWE-1220"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=16.4.0"
}
],
"effects": [
"mathoid-mathjax-node"
],
"range": "<=16.4.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": false
},
"limitation": {
"name": "limitation",
"severity": "moderate",
"isDirect": false,
"via": [
"wikimedia-kad-fork"
],
"effects": [
"service-runner"
],
"range": ">=0.2.3",
"nodes": [
"node_modules/limitation"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"mathoid-mathjax-node": {
"name": "mathoid-mathjax-node",
"severity": "moderate",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/mathoid-mathjax-node"
],
"fixAvailable": false
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088664,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"mocha"
],
"range": "<3.0.5",
"nodes": [
"node_modules/mocha/node_modules/minimatch"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"minimatch",
"nanoid"
],
"effects": [],
"range": "5.1.0 - 9.2.1",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"ms": {
"name": "ms",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088818,
"name": "ms",
"dependency": "ms",
"title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.0"
}
],
"effects": [
"wikimedia-kad-fork"
],
"range": "<2.0.0",
"nodes": [
"node_modules/wikimedia-kad-fork/node_modules/ms"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089011,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085945,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"preq": {
"name": "preq",
"severity": "high",
"isDirect": true,
"via": [
"requestretry"
],
"effects": [],
"range": ">=0.5.7",
"nodes": [
"node_modules/preq"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"requestretry": {
"name": "requestretry",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088164,
"name": "requestretry",
"dependency": "requestretry",
"title": "Cookie exposure in requestretry",
"url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<7.0.0"
}
],
"effects": [
"preq"
],
"range": "<7.0.0",
"nodes": [
"node_modules/requestretry"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"service-runner": {
"name": "service-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"limitation"
],
"effects": [],
"range": ">=3.1.0",
"nodes": [
"node_modules/service-runner"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
"css-select"
],
"effects": [],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"swagger-ui-dist": {
"name": "swagger-ui-dist",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1085394,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Server side request forgery in SwaggerUI",
"url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<4.1.3"
},
{
"source": 1088759,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Spoofing attack in swagger-ui-dist",
"url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
"severity": "moderate",
"cwe": [
"CWE-1021"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/swagger-ui-dist"
],
"fixAvailable": {
"name": "swagger-ui-dist",
"version": "4.15.5",
"isSemVerMajor": true
}
},
"wikimedia-kad-fork": {
"name": "wikimedia-kad-fork",
"severity": "moderate",
"isDirect": false,
"via": [
"ms"
],
"effects": [
"limitation"
],
"range": "*",
"nodes": [
"node_modules/wikimedia-kad-fork"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"xmldom": {
"name": "xmldom",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1085814,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-5fg8-2547-mr8q",
"severity": "moderate",
"cwe": [
"CWE-116"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<0.7.0"
},
{
"source": 1087903,
"name": "xmldom",
"dependency": "xmldom",
"title": "xmldom allows multiple root nodes in a DOM",
"url": "https://github.com/advisories/GHSA-crh6-fp67-6883",
"severity": "critical",
"cwe": [
"CWE-20",
"CWE-1288"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=0.6.0"
},
{
"source": 1087920,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-h6q6-9hqw-rwfv",
"severity": "moderate",
"cwe": [
"CWE-115",
"CWE-436"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
"range": "<0.5.0"
}
],
"effects": [
"dom-compare"
],
"range": "*",
"nodes": [
"node_modules/dom-compare/node_modules/xmldom",
"node_modules/xmldom"
],
"fixAvailable": {
"name": "dom-compare",
"version": "0.1.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 8,
"high": 7,
"critical": 2,
"total": 17
},
"dependencies": {
"prod": 329,
"dev": 392,
"optional": 16,
"peer": 0,
"peerOptional": 0,
"total": 735
}
}
}
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"dom-compare": {
"name": "dom-compare",
"severity": "critical",
"isDirect": true,
"via": [
"xmldom"
],
"effects": [],
"range": ">=0.2.0",
"nodes": [
"node_modules/dom-compare"
],
"fixAvailable": {
"name": "dom-compare",
"version": "0.1.1",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089185,
"name": "jsdom",
"dependency": "jsdom",
"title": "Insufficient Granularity of Access Control in JSDom",
"url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98",
"severity": "moderate",
"cwe": [
"CWE-1220"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=16.4.0"
}
],
"effects": [
"mathoid-mathjax-node"
],
"range": "<=16.4.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": false
},
"limitation": {
"name": "limitation",
"severity": "moderate",
"isDirect": false,
"via": [
"wikimedia-kad-fork"
],
"effects": [
"service-runner"
],
"range": ">=0.2.3",
"nodes": [
"node_modules/limitation"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"mathoid-mathjax-node": {
"name": "mathoid-mathjax-node",
"severity": "moderate",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/mathoid-mathjax-node"
],
"fixAvailable": false
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088664,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"mocha"
],
"range": "<3.0.5",
"nodes": [
"node_modules/mocha/node_modules/minimatch"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"minimatch",
"nanoid"
],
"effects": [],
"range": "5.1.0 - 9.2.1",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"ms": {
"name": "ms",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088818,
"name": "ms",
"dependency": "ms",
"title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.0"
}
],
"effects": [
"wikimedia-kad-fork"
],
"range": "<2.0.0",
"nodes": [
"node_modules/wikimedia-kad-fork/node_modules/ms"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089011,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085945,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"preq": {
"name": "preq",
"severity": "high",
"isDirect": true,
"via": [
"requestretry"
],
"effects": [],
"range": ">=0.5.7",
"nodes": [
"node_modules/preq"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"requestretry": {
"name": "requestretry",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088164,
"name": "requestretry",
"dependency": "requestretry",
"title": "Cookie exposure in requestretry",
"url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<7.0.0"
}
],
"effects": [
"preq"
],
"range": "<7.0.0",
"nodes": [
"node_modules/requestretry"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"service-runner": {
"name": "service-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"limitation"
],
"effects": [],
"range": ">=3.1.0",
"nodes": [
"node_modules/service-runner"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
"css-select"
],
"effects": [],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"swagger-ui-dist": {
"name": "swagger-ui-dist",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1085394,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Server side request forgery in SwaggerUI",
"url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<4.1.3"
},
{
"source": 1088759,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Spoofing attack in swagger-ui-dist",
"url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
"severity": "moderate",
"cwe": [
"CWE-1021"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/swagger-ui-dist"
],
"fixAvailable": {
"name": "swagger-ui-dist",
"version": "4.15.5",
"isSemVerMajor": true
}
},
"wikimedia-kad-fork": {
"name": "wikimedia-kad-fork",
"severity": "moderate",
"isDirect": false,
"via": [
"ms"
],
"effects": [
"limitation"
],
"range": "*",
"nodes": [
"node_modules/wikimedia-kad-fork"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"xmldom": {
"name": "xmldom",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1085814,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-5fg8-2547-mr8q",
"severity": "moderate",
"cwe": [
"CWE-116"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<0.7.0"
},
{
"source": 1087903,
"name": "xmldom",
"dependency": "xmldom",
"title": "xmldom allows multiple root nodes in a DOM",
"url": "https://github.com/advisories/GHSA-crh6-fp67-6883",
"severity": "critical",
"cwe": [
"CWE-20",
"CWE-1288"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=0.6.0"
},
{
"source": 1087920,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-h6q6-9hqw-rwfv",
"severity": "moderate",
"cwe": [
"CWE-115",
"CWE-436"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
"range": "<0.5.0"
}
],
"effects": [
"dom-compare"
],
"range": "*",
"nodes": [
"node_modules/dom-compare/node_modules/xmldom",
"node_modules/xmldom"
],
"fixAvailable": {
"name": "dom-compare",
"version": "0.1.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 8,
"high": 7,
"critical": 2,
"total": 17
},
"dependencies": {
"prod": 329,
"dev": 392,
"optional": 16,
"peer": 0,
"peerOptional": 0,
"total": 735
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 735,
"removed": 0,
"changed": 0,
"audited": 736,
"funding": 91,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"dom-compare": {
"name": "dom-compare",
"severity": "critical",
"isDirect": true,
"via": [
"xmldom"
],
"effects": [],
"range": ">=0.2.0",
"nodes": [
"node_modules/dom-compare"
],
"fixAvailable": {
"name": "dom-compare",
"version": "0.1.1",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089185,
"name": "jsdom",
"dependency": "jsdom",
"title": "Insufficient Granularity of Access Control in JSDom",
"url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98",
"severity": "moderate",
"cwe": [
"CWE-1220"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=16.4.0"
}
],
"effects": [
"mathoid-mathjax-node"
],
"range": "<=16.4.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": false
},
"limitation": {
"name": "limitation",
"severity": "moderate",
"isDirect": false,
"via": [
"wikimedia-kad-fork"
],
"effects": [
"service-runner"
],
"range": ">=0.2.3",
"nodes": [
"node_modules/limitation"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"mathoid-mathjax-node": {
"name": "mathoid-mathjax-node",
"severity": "moderate",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/mathoid-mathjax-node"
],
"fixAvailable": false
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088664,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"mocha"
],
"range": "<3.0.5",
"nodes": [
"node_modules/mocha/node_modules/minimatch"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"minimatch",
"nanoid"
],
"effects": [],
"range": "5.1.0 - 9.2.1",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"ms": {
"name": "ms",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088818,
"name": "ms",
"dependency": "ms",
"title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.0"
}
],
"effects": [
"wikimedia-kad-fork"
],
"range": "<2.0.0",
"nodes": [
""
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089011,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": {
"name": "mocha",
"version": "10.2.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1085945,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"preq": {
"name": "preq",
"severity": "high",
"isDirect": true,
"via": [
"requestretry"
],
"effects": [],
"range": ">=0.5.7",
"nodes": [
"node_modules/preq"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"requestretry": {
"name": "requestretry",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088164,
"name": "requestretry",
"dependency": "requestretry",
"title": "Cookie exposure in requestretry",
"url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<7.0.0"
}
],
"effects": [
"preq"
],
"range": "<7.0.0",
"nodes": [
"node_modules/requestretry"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"service-runner": {
"name": "service-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"limitation"
],
"effects": [],
"range": ">=3.1.0",
"nodes": [
"node_modules/service-runner"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
"css-select"
],
"effects": [],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.0.2",
"isSemVerMajor": true
}
},
"swagger-ui-dist": {
"name": "swagger-ui-dist",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1085394,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Server side request forgery in SwaggerUI",
"url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<4.1.3"
},
{
"source": 1088759,
"name": "swagger-ui-dist",
"dependency": "swagger-ui-dist",
"title": "Spoofing attack in swagger-ui-dist",
"url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
"severity": "moderate",
"cwe": [
"CWE-1021"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/swagger-ui-dist"
],
"fixAvailable": {
"name": "swagger-ui-dist",
"version": "4.15.5",
"isSemVerMajor": true
}
},
"wikimedia-kad-fork": {
"name": "wikimedia-kad-fork",
"severity": "moderate",
"isDirect": false,
"via": [
"ms"
],
"effects": [
"limitation"
],
"range": "*",
"nodes": [
"node_modules/wikimedia-kad-fork"
],
"fixAvailable": {
"name": "service-runner",
"version": "3.0.0",
"isSemVerMajor": true
}
},
"xmldom": {
"name": "xmldom",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1085814,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-5fg8-2547-mr8q",
"severity": "moderate",
"cwe": [
"CWE-116"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<0.7.0"
},
{
"source": 1087903,
"name": "xmldom",
"dependency": "xmldom",
"title": "xmldom allows multiple root nodes in a DOM",
"url": "https://github.com/advisories/GHSA-crh6-fp67-6883",
"severity": "critical",
"cwe": [
"CWE-20",
"CWE-1288"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=0.6.0"
},
{
"source": 1087920,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-h6q6-9hqw-rwfv",
"severity": "moderate",
"cwe": [
"CWE-115",
"CWE-436"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
"range": "<0.5.0"
}
],
"effects": [
"dom-compare"
],
"range": "*",
"nodes": [
"node_modules/dom-compare/node_modules/xmldom",
"node_modules/xmldom"
],
"fixAvailable": {
"name": "dom-compare",
"version": "0.1.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 8,
"high": 7,
"critical": 2,
"total": 17
},
"dependencies": {
"prod": 329,
"dev": 392,
"optional": 16,
"peer": 0,
"peerOptional": 0,
"total": 735
}
}
}
}
--- end ---
{"added": 735, "removed": 0, "changed": 0, "audited": 736, "funding": 91, "audit": {"auditReportVersion": 2, "vulnerabilities": {"css-select": {"name": "css-select", "severity": "high", "isDirect": false, "via": ["nth-check"], "effects": ["svgo"], "range": "<=3.1.0", "nodes": ["node_modules/css-select"], "fixAvailable": {"name": "svgo", "version": "3.0.2", "isSemVerMajor": true}}, "dom-compare": {"name": "dom-compare", "severity": "critical", "isDirect": true, "via": ["xmldom"], "effects": [], "range": ">=0.2.0", "nodes": ["node_modules/dom-compare"], "fixAvailable": {"name": "dom-compare", "version": "0.1.1", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "moderate", "isDirect": false, "via": [{"source": 1089185, "name": "jsdom", "dependency": "jsdom", "title": "Insufficient Granularity of Access Control in JSDom", "url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98", "severity": "moderate", "cwe": ["CWE-1220"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<=16.4.0"}], "effects": ["mathoid-mathjax-node"], "range": "<=16.4.0", "nodes": ["node_modules/jsdom"], "fixAvailable": false}, "limitation": {"name": "limitation", "severity": "moderate", "isDirect": false, "via": ["wikimedia-kad-fork"], "effects": ["service-runner"], "range": ">=0.2.3", "nodes": ["node_modules/limitation"], "fixAvailable": {"name": "service-runner", "version": "3.0.0", "isSemVerMajor": true}}, "mathoid-mathjax-node": {"name": "mathoid-mathjax-node", "severity": "moderate", "isDirect": true, "via": ["jsdom"], "effects": [], "range": "*", "nodes": ["node_modules/mathoid-mathjax-node"], "fixAvailable": false}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1088664, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["mocha"], "range": "<3.0.5", "nodes": ["node_modules/mocha/node_modules/minimatch"], "fixAvailable": {"name": "mocha", "version": "10.2.0", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": true, "via": ["minimatch", "nanoid"], "effects": [], "range": "5.1.0 - 9.2.1", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "10.2.0", "isSemVerMajor": true}}, "ms": {"name": "ms", "severity": "moderate", "isDirect": false, "via": [{"source": 1088818, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}], "effects": ["wikimedia-kad-fork"], "range": "<2.0.0", "nodes": [""], "fixAvailable": {"name": "service-runner", "version": "3.0.0", "isSemVerMajor": true}}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1089011, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=3.0.0 <3.1.31"}], "effects": ["mocha"], "range": "3.0.0 - 3.1.30", "nodes": ["node_modules/nanoid"], "fixAvailable": {"name": "mocha", "version": "10.2.0", "isSemVerMajor": true}}, "nth-check": {"name": "nth-check", "severity": "high", "isDirect": false, "via": [{"source": 1085945, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["node_modules/nth-check"], "fixAvailable": {"name": "svgo", "version": "3.0.2", "isSemVerMajor": true}}, "preq": {"name": "preq", "severity": "high", "isDirect": true, "via": ["requestretry"], "effects": [], "range": ">=0.5.7", "nodes": ["node_modules/preq"], "fixAvailable": {"name": "preq", "version": "0.5.6", "isSemVerMajor": true}}, "requestretry": {"name": "requestretry", "severity": "high", "isDirect": false, "via": [{"source": 1088164, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": ["CWE-200"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<7.0.0"}], "effects": ["preq"], "range": "<7.0.0", "nodes": ["node_modules/requestretry"], "fixAvailable": {"name": "preq", "version": "0.5.6", "isSemVerMajor": true}}, "service-runner": {"name": "service-runner", "severity": "moderate", "isDirect": true, "via": ["limitation"], "effects": [], "range": ">=3.1.0", "nodes": ["node_modules/service-runner"], "fixAvailable": {"name": "service-runner", "version": "3.0.0", "isSemVerMajor": true}}, "svgo": {"name": "svgo", "severity": "high", "isDirect": true, "via": ["css-select"], "effects": [], "range": "1.0.0 - 1.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "svgo", "version": "3.0.2", "isSemVerMajor": true}}, "swagger-ui-dist": {"name": "swagger-ui-dist", "severity": "moderate", "isDirect": true, "via": [{"source": 1085394, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Server side request forgery in SwaggerUI", "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<4.1.3"}, {"source": 1088759, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Spoofing attack in swagger-ui-dist", "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "severity": "moderate", "cwe": ["CWE-1021"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": [], "range": "<=4.1.2", "nodes": ["node_modules/swagger-ui-dist"], "fixAvailable": {"name": "swagger-ui-dist", "version": "4.15.5", "isSemVerMajor": true}}, "wikimedia-kad-fork": {"name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": ["ms"], "effects": ["limitation"], "range": "*", "nodes": ["node_modules/wikimedia-kad-fork"], "fixAvailable": {"name": "service-runner", "version": "3.0.0", "isSemVerMajor": true}}, "xmldom": {"name": "xmldom", "severity": "critical", "isDirect": true, "via": [{"source": 1085814, "name": "xmldom", "dependency": "xmldom", "title": "Misinterpretation of malicious XML input", "url": "https://github.com/advisories/GHSA-5fg8-2547-mr8q", "severity": "moderate", "cwe": ["CWE-116"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<0.7.0"}, {"source": 1087903, "name": "xmldom", "dependency": "xmldom", "title": "xmldom allows multiple root nodes in a DOM", "url": "https://github.com/advisories/GHSA-crh6-fp67-6883", "severity": "critical", "cwe": ["CWE-20", "CWE-1288"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=0.6.0"}, {"source": 1087920, "name": "xmldom", "dependency": "xmldom", "title": "Misinterpretation of malicious XML input", "url": "https://github.com/advisories/GHSA-h6q6-9hqw-rwfv", "severity": "moderate", "cwe": ["CWE-115", "CWE-436"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}, "range": "<0.5.0"}], "effects": ["dom-compare"], "range": "*", "nodes": ["node_modules/dom-compare/node_modules/xmldom", "node_modules/xmldom"], "fixAvailable": {"name": "dom-compare", "version": "0.1.1", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 8, "high": 7, "critical": 2, "total": 17}, "dependencies": {"prod": 329, "dev": 392, "optional": 16, "peer": 0, "peerOptional": 0, "total": 735}}}}
$ /usr/bin/npm audit fix --only=dev --legacy-peer-deps
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated xmldom@0.1.19: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
--- stdout ---
added 734 packages, and audited 735 packages in 11s
91 packages are looking for funding
run `npm fund` for details
# npm audit report
jsdom <=16.4.0
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
No fix available
node_modules/jsdom
mathoid-mathjax-node *
Depends on vulnerable versions of jsdom
node_modules/mathoid-mathjax-node
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install mocha@10.2.0, which is a breaking change
node_modules/mocha/node_modules/minimatch
mocha 5.1.0 - 9.2.1
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of nanoid
node_modules/mocha
ms <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix --force`
Will install service-runner@3.0.0, which is a breaking change
node_modules/wikimedia-kad-fork/node_modules/ms
wikimedia-kad-fork *
Depends on vulnerable versions of ms
node_modules/wikimedia-kad-fork
limitation >=0.2.3
Depends on vulnerable versions of wikimedia-kad-fork
node_modules/limitation
service-runner >=3.1.0
Depends on vulnerable versions of limitation
node_modules/service-runner
nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix --force`
Will install mocha@10.2.0, which is a breaking change
node_modules/nanoid
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install svgo@3.0.2, which is a breaking change
node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
requestretry <7.0.0
Severity: high
Cookie exposure in requestretry - https://github.com/advisories/GHSA-hjp8-2cm3-cc45
fix available via `npm audit fix --force`
Will install preq@0.5.6, which is a breaking change
node_modules/requestretry
preq >=0.5.7
Depends on vulnerable versions of requestretry
node_modules/preq
swagger-ui-dist <=4.1.2
Severity: moderate
Server side request forgery in SwaggerUI - https://github.com/advisories/GHSA-qrmm-w75w-3wpx
Spoofing attack in swagger-ui-dist - https://github.com/advisories/GHSA-6c9x-mj3g-h47x
fix available via `npm audit fix --force`
Will install swagger-ui-dist@4.15.5, which is a breaking change
node_modules/swagger-ui-dist
xmldom *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
fix available via `npm audit fix --force`
Will install dom-compare@0.1.1, which is a breaking change
node_modules/dom-compare/node_modules/xmldom
node_modules/xmldom
dom-compare >=0.2.0
Depends on vulnerable versions of xmldom
node_modules/dom-compare
17 vulnerabilities (8 moderate, 7 high, 2 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci --legacy-peer-deps
--- stderr ---
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated xmldom@0.1.19: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
--- stdout ---
added 734 packages, and audited 735 packages in 11s
91 packages are looking for funding
run `npm fund` for details
17 vulnerabilities (8 moderate, 7 high, 2 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
MathML - MathML must be formed by a <math> element, not <#text>
SVG - Unknown character: U+3DF in MathJax_Math-italic,MathJax_Main-italic,MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+3DB in MathJax_Math-italic,MathJax_Main-italic,MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+3D9 in MathJax_Math-italic,MathJax_Main-italic,MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+A7 in MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+B6 in MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+C5 in MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+2423 in MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+3DE in MathJax_Math-italic,MathJax_Main-italic,MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+3DA in MathJax_Math-italic,MathJax_Main-italic,MathJax_Main,MathJax_Size1,MathJax_AMS
SVG - Unknown character: U+3D8 in MathJax_Math-italic,MathJax_Main-italic,MathJax_Main,MathJax_Size1,MathJax_AMS
--- stdout ---
> mathoid@0.7.6 test
> npm run lint && PREQ_CONNECT_TIMEOUT=15 mocha 'test/**/*.js'
> mathoid@0.7.6 lint
> eslint --ext .js,.json .
express app
starting test server
✓ should get robots.txt (38ms)
✓ should set CORS headers
✓ should set CSP headers
Swagger spec
✓ get the spec
✓ spec validation
routes
✓ spec from root
✓ mass-energy equivalence (json) (91ms)
✓ retrieve service info
✓ mass-energy equivalence (complete)
✓ mass-energy equivalence (svg) (41ms)
✓ mass-energy equivalence (mml)
✓ mass-energy equivalence (texvcinfo)
✓ Invalid command (texvcinfo)
service information
✓ should get the service name
✓ should get the service version
✓ should redirect to the service home page
✓ should get the service info
Mathoid CLI tests
✓ get config test
✓ render minimal example (124ms)
✓ try render empty
✓ try render invalid
✓ render failing example
✓ render multiple hash formulae
✓ render to mml format
Mathoid special tests
✓ test invalid output format
✓ render invalid texvcinfo type
✓ render invalid graph type
✓ render json example (83ms)
✓ render invalid outformat
✓ respect the nospeech flag
✓ respect the details speech config
✓ compress svg images (60ms)
Mathoid GET API tests
starting test server
stopping test server
query parameter
✓ missing q parameter should return 400
✓ reject invalid tex input
✓ reject use of \ce commands without chemistry mode enabled
✓ reject invalid input type
✓ display texvcinfo
✓ display graph
✓ get speech text
✓ get svg dimensions in mathml headers
Mathoid compressed GET API tests
✓ get svg for mathML input
✓ get svg for TeX input
Run test for all mathjax-texvc commands:
Run texvc tests
✓ 1 $\thetasym$
✓ 2 $\koppa$
✓ 3 $\stigma$
✓ 4 $\coppa$
✓ 5 $\C$
✓ 6 $\cnums$
✓ 7 $\Complex$
✓ 8 $\H$
✓ 9 $\N$
✓ 10 $\natnums$
✓ 11 $\Q$
✓ 12 $\R$
✓ 13 $\reals$
✓ 14 $\Reals$
✓ 15 $\Z$
✓ 16 $\sect$
✓ 17 $\P$
✓ 18 $\AA$
✓ 19 $\alef$
✓ 20 $\alefsym$
✓ 21 $\weierp$
✓ 22 $\real$
✓ 23 $\part$
✓ 24 $\infin$
✓ 25 $\empty$
✓ 26 $\O$
✓ 27 $\ang$
✓ 28 $\exist$
✓ 29 $\clubs$
✓ 30 $\diamonds$
✓ 31 $\hearts$
✓ 32 $\spades$
✓ 33 $\textvisiblespace$
✓ 34 $\and$
✓ 35 $\or$
✓ 36 $\bull$
✓ 37 $\plusmn$
✓ 38 $\sdot$
✓ 39 $\sup$
✓ 40 $\sub$
✓ 41 $\supe$
✓ 42 $\sube$
✓ 43 $\isin$
✓ 44 $\hArr$
✓ 45 $\harr$
✓ 46 $\Harr$
✓ 47 $\Lrarr$
✓ 48 $\lrArr$
✓ 49 $\lArr$
✓ 50 $\Larr$
✓ 51 $\rArr$
✓ 52 $\Rarr$
✓ 53 $\harr$
✓ 54 $\lrarr$
✓ 55 $\larr$
✓ 56 $\gets$
✓ 57 $\rarr$
✓ 60 $\Alpha$
✓ 61 $\Beta$
✓ 62 $\Epsilon$
✓ 63 $\Zeta$
✓ 64 $\Eta$
✓ 65 $\Iota$
✓ 66 $\Kappa$
✓ 67 $\Mu$
✓ 68 $\Nu$
✓ 69 $\Omicron$
✓ 70 $\Rho$
✓ 71 $\Tau$
✓ 72 $\Chi$
✓ 73 $\Koppa$
✓ 74 $\Stigma$
✓ 75 $\Coppa$
✓ 76 $\uarr$
✓ 77 $\darr$
✓ 78 $\Uarr$
✓ 79 $\uArr$
✓ 80 $\Darr$
✓ 81 $\dArr$
✓ 82 $\rang$
✓ 83 $\lang$
✓ 84 $\arccot$
✓ 85 $\arcsec$
✓ 86 $\arccsc$
✓ 87 $\bold{x}$
✓ 90 $\pagecolor{red}x$
✓ 91 $\vline$
✓ 92 $\image$
✓ 93 ${\displaystyle \left(\left(\sum_A\right)B \right)}$
✓ 94 $\varDelta$
✓ 95 $\varGamma$
✓ 96 $\varLambda$
✓ 97 $\varOmega$
✓ 98 $\varPhi$
✓ 99 $\varPi$
✓ 100 $\varSigma$
✓ 101 $\varTheta$
✓ 102 $\varUpsilon$
✓ 103 $\varXi$
✓ 104 $\sqrt{\phantom{p'}p}$
✓ 105 $\sqrt{\vphantom{p'}p}$
✓ 106 $\sqrt{\hphantom{p'}p}$
Mathoid API tests Simple
Standard input / output pairs
✓ E=mc^{2} (49ms)
✓ \mathbb {R}
✓ x^2 or a_(m n) or a_{m n} or (x+1)/y or sqrtx (89ms)
✓ <math xmlns="http://www.w3.org/1998/Math/MathML" display="block" alttext="upper E equals m c squared">
<mi>E</mi>
<mo>=</mo>
<mi>m</mi>
<msup>
<mi>c</mi>
<mrow class="MJX-TeXAtom-ORD">
<mn>2</mn>
</mrow>
</msup>
</math>
✓ {\overline {A}}^{T}
✓ \sum _{i=0}^{\infty }i^{-2}=2 (41ms)
✓ \pagecolor {Gray}x^{2}
✓ \definecolor {myorange}{rgb}{1,0.6470588235294118,0.39215686274509803}\color {myorange}e^{i\pi }\color {Black}=-1
✓ {{\ce {H2O}}}
annotation security
✓ annotation xml should be properly escaped
query parameter
✓ missing q parameter should return 400
✓ empty q parameter should pass
✓ reject invalid tex input
✓ reject use of \ce commands without chemistry mode enabled
✓ reject invalid commands in chemistry mode
✓ reject invalid input type
✓ display texvcinfo
✓ display graph
✓ get speech text
✓ get svg dimensions in mathml headers
✓ warn on deprecated mhchem syntax
Mathoid API tests No-check
starting test server
stopping test server
Standard input / output pairs
✓ E=mc^{2} (38ms)
✓ \mathbb {R}
✓ x^2 or a_(m n) or a_{m n} or (x+1)/y or sqrtx (62ms)
✓ <math xmlns="http://www.w3.org/1998/Math/MathML" display="block" alttext="upper E equals m c squared">
<mi>E</mi>
<mo>=</mo>
<mi>m</mi>
<msup>
<mi>c</mi>
<mrow class="MJX-TeXAtom-ORD">
<mn>2</mn>
</mrow>
</msup>
</math>
✓ {\overline {A}}^{T}
✓ \sum _{i=0}^{\infty }i^{-2}=2 (46ms)
✓ \pagecolor {Gray}x^{2}
✓ \definecolor {myorange}{rgb}{1,0.6470588235294118,0.39215686274509803}\color {myorange}e^{i\pi }\color {Black}=-1
✓ {{\ce {H2O}}}
annotation security
✓ annotation xml should be properly escaped
query parameter
✓ missing q parameter should return 400
✓ empty q parameter should pass
✓ reject invalid input type
✓ display texvcinfo
✓ display graph
✓ get speech text
✓ get svg dimensions in mathml headers
✓ warn on deprecated mhchem syntax
Mathoids SVG compression
✓ hanlde Unclosed root tag
✓ hanlde Error in parsing SVG
✓ compress from https://en.wikipedia.org/wiki/File:W3C_valid.svg
stopping test server
186 passing (8s)
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpbo5ot6dj
--- stdout ---
[master eca6fa7] [DNM] there are no updates
1 file changed, 2 insertions(+), 2 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From eca6fa77d508ec9285ef0fd2bd83687801efc190 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 31 Jan 2023 00:52:02 +0000
Subject: [PATCH] [DNM] there are no updates
Change-Id: I5fb5d00e5e8d7989f0b74ee3681ad98409e1dcee
---
package-lock.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 71c41b4..873d51d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7887,7 +7887,7 @@
"node_modules/wikimedia-kad-fork/node_modules/ms": {
"version": "0.7.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz",
- "integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8="
+ "integrity": "sha512-lrKNzMWqQZgwJahtrtrM+9NgOoDUveDrVmm5aGXrf3BdtL0mq7X6IVzoZaw+TfNti29eHd1/8GI+h45K5cQ6/w=="
},
"node_modules/word-wrap": {
"version": "1.2.3",
@@ -14064,7 +14064,7 @@
"ms": {
"version": "0.7.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz",
- "integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8="
+ "integrity": "sha512-lrKNzMWqQZgwJahtrtrM+9NgOoDUveDrVmm5aGXrf3BdtL0mq7X6IVzoZaw+TfNti29eHd1/8GI+h45K5cQ6/w=="
}
}
},
--
2.30.2
--- end ---