This run took 69 seconds.
$ date --- stdout --- Fri Mar 10 11:52:47 UTC 2023 --- end --- $ git clone file:///srv/git/wikidata-query-builder.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 95a30cfe2c0f6c191b6ddb73e2ec9bf44f9cb68e refs/heads/master --- end --- $ /usr/bin/npm audit --json --legacy-peer-deps --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@netlify/build": { "name": "@netlify/build", "severity": "high", "isDirect": false, "via": [ "@netlify/cache-utils", "@netlify/functions-utils", "got", "update-notifier" ], "effects": [ "netlify-cli" ], "range": ">=0.1.31", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/build" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "@netlify/cache-utils": { "name": "@netlify/cache-utils", "severity": "high", "isDirect": false, "via": [ "cpy" ], "effects": [ "@netlify/build" ], "range": "*", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/cache-utils" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "@netlify/functions-utils": { "name": "@netlify/functions-utils", "severity": "high", "isDirect": false, "via": [ "cpy" ], "effects": [ "@netlify/build" ], "range": "*", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/functions-utils" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "all-node-versions": { "name": "all-node-versions", "severity": "moderate", "isDirect": false, "via": [ "fetch-node-website" ], "effects": [ "node-version-alias", "normalize-node-version" ], "range": "2.0.0 - 8.0.0", "nodes": [ "node_modules/netlify-cli/node_modules/all-node-versions" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "cacheable-request": { "name": "cacheable-request", "severity": "high", "isDirect": false, "via": [ "http-cache-semantics" ], "effects": [ "got" ], "range": "0.1.0 - 2.1.4", "nodes": [ "node_modules/netlify-cli/node_modules/download/node_modules/cacheable-request" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "cpy": { "name": "cpy", "severity": "high", "isDirect": false, "via": [ "globby" ], "effects": [ "@netlify/cache-utils", "@netlify/functions-utils" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/netlify-cli/node_modules/cpy" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "decode-uri-component": { "name": "decode-uri-component", "severity": "low", "isDirect": false, "via": [ { "source": 1088828, "name": "decode-uri-component", "dependency": "decode-uri-component", "title": "decode-uri-component vulnerable to Denial of Service (DoS)", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "severity": "low", "cwe": [ "CWE-20" ], "cvss": { "score": 0, "vectorString": null }, "range": "<0.2.1" } ], "effects": [], "range": "<0.2.1", "nodes": [ "node_modules/netlify-cli/node_modules/decode-uri-component" ], "fixAvailable": true }, "download": { "name": "download", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "gh-release-fetch" ], "range": ">=4.0.0", "nodes": [ "node_modules/netlify-cli/node_modules/download" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "fast-glob": { "name": "fast-glob", "severity": "high", "isDirect": false, "via": [ "glob-parent" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/netlify-cli/node_modules/cpy/node_modules/fast-glob" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "fetch-node-website": { "name": "fetch-node-website", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "all-node-versions" ], "range": "2.0.0 - 5.0.3", "nodes": [ "node_modules/netlify-cli/node_modules/fetch-node-website" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "gh-release-fetch": { "name": "gh-release-fetch", "severity": "moderate", "isDirect": false, "via": [ "download" ], "effects": [ "netlify-cli" ], "range": "*", "nodes": [ "node_modules/netlify-cli/node_modules/gh-release-fetch" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "glob-parent": { "name": "glob-parent", "severity": "high", "isDirect": false, "via": [ { "source": 1091181, "name": "glob-parent", "dependency": "glob-parent", "title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<5.1.2" } ], "effects": [ "fast-glob" ], "range": "<5.1.2", "nodes": [ "node_modules/netlify-cli/node_modules/cpy/node_modules/glob-parent" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "globby": { "name": "globby", "severity": "high", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/netlify-cli/node_modules/cpy/node_modules/globby" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "got": { "name": "got", "severity": "high", "isDirect": false, "via": [ { "source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<11.8.5" }, "cacheable-request" ], "effects": [ "@netlify/build", "download", "fetch-node-website", "package-json" ], "range": "<=11.8.3", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/build/node_modules/got", "node_modules/netlify-cli/node_modules/download/node_modules/got", "node_modules/netlify-cli/node_modules/fetch-node-website/node_modules/got", "node_modules/netlify-cli/node_modules/package-json/node_modules/got" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "http-cache-semantics": { "name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [ { "source": 1090532, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.1.1" } ], "effects": [ "cacheable-request" ], "range": "<4.1.1", "nodes": [ "node_modules/netlify-cli/node_modules/download/node_modules/http-cache-semantics", "node_modules/netlify-cli/node_modules/http-cache-semantics" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "jsonwebtoken": { "name": "jsonwebtoken", "severity": "moderate", "isDirect": false, "via": [ { "source": 1089434, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken unrestricted key type could lead to legacy keys usage ", "url": "https://github.com/advisories/GHSA-8cf7-32gw-wr33", "severity": "moderate", "cwe": [ "CWE-327" ], "cvss": { "score": 0, "vectorString": null }, "range": "<=8.5.1" }, { "source": 1091087, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", "url": "https://github.com/advisories/GHSA-hjrf-2m68-5959", "severity": "moderate", "cwe": [ "CWE-287" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, "range": "<=8.5.1" }, { "source": 1091170, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()", "url": "https://github.com/advisories/GHSA-qwph-4952-7xr6", "severity": "moderate", "cwe": [ "CWE-287", "CWE-327" ], "cvss": { "score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" }, "range": "<9.0.0" } ], "effects": [ "netlify-cli" ], "range": "<=8.5.1", "nodes": [ "node_modules/netlify-cli/node_modules/jsonwebtoken" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "latest-version": { "name": "latest-version", "severity": "moderate", "isDirect": false, "via": [ "package-json" ], "effects": [ "update-notifier" ], "range": "0.2.0 - 5.1.0", "nodes": [ "node_modules/netlify-cli/node_modules/latest-version" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "luxon": { "name": "luxon", "severity": "high", "isDirect": false, "via": [ { "source": 1090160, "name": "luxon", "dependency": "luxon", "title": "Luxon Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-3xq5-wjfh-ppjc", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=3.0.0 <3.2.1" } ], "effects": [], "range": "3.0.0 - 3.2.0", "nodes": [ "node_modules/netlify-cli/node_modules/luxon" ], "fixAvailable": true }, "netlify-cli": { "name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": [ "@netlify/build", "gh-release-fetch", "jsonwebtoken", "node-version-alias" ], "effects": [], "range": ">=2.13.0", "nodes": [ "node_modules/netlify-cli" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "node-version-alias": { "name": "node-version-alias", "severity": "moderate", "isDirect": false, "via": [ "all-node-versions", "normalize-node-version" ], "effects": [ "netlify-cli" ], "range": "<=1.0.1", "nodes": [ "node_modules/netlify-cli/node_modules/node-version-alias" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "normalize-node-version": { "name": "normalize-node-version", "severity": "moderate", "isDirect": false, "via": [ "all-node-versions" ], "effects": [], "range": "2.0.0 - 10.0.0", "nodes": [ "node_modules/netlify-cli/node_modules/normalize-node-version" ], "fixAvailable": true }, "package-json": { "name": "package-json", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "latest-version" ], "range": "<=6.5.0", "nodes": [ "node_modules/netlify-cli/node_modules/package-json" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "update-notifier": { "name": "update-notifier", "severity": "moderate", "isDirect": false, "via": [ "latest-version" ], "effects": [ "@netlify/build" ], "range": "0.2.0 - 5.1.0", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/build/node_modules/update-notifier" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "vite": { "name": "vite", "severity": "moderate", "isDirect": true, "via": [ { "source": 1089122, "name": "vite", "dependency": "vite", "title": "Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service", "url": "https://github.com/advisories/GHSA-mv48-hcvh-8jj8", "severity": "moderate", "cwe": [ "CWE-22" ], "cvss": { "score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, "range": "<2.9.13" } ], "effects": [], "range": "<2.9.13", "nodes": [ "node_modules/vite" ], "fixAvailable": { "name": "vite", "version": "2.9.15", "isSemVerMajor": false } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 12, "high": 11, "critical": 0, "total": 24 }, "dependencies": { "prod": 102, "dev": 2635, "optional": 67, "peer": 63, "peerOptional": 0, "total": 2736 } } } --- end --- $ /usr/bin/npm audit --json --legacy-peer-deps --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@netlify/build": { "name": "@netlify/build", "severity": "high", "isDirect": false, "via": [ "@netlify/cache-utils", "@netlify/functions-utils", "got", "update-notifier" ], "effects": [ "netlify-cli" ], "range": ">=0.1.31", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/build" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "@netlify/cache-utils": { "name": "@netlify/cache-utils", "severity": "high", "isDirect": false, "via": [ "cpy" ], "effects": [ "@netlify/build" ], "range": "*", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/cache-utils" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "@netlify/functions-utils": { "name": "@netlify/functions-utils", "severity": "high", "isDirect": false, "via": [ "cpy" ], "effects": [ "@netlify/build" ], "range": "*", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/functions-utils" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "all-node-versions": { "name": "all-node-versions", "severity": "moderate", "isDirect": false, "via": [ "fetch-node-website" ], "effects": [ "node-version-alias", "normalize-node-version" ], "range": "2.0.0 - 8.0.0", "nodes": [ "node_modules/netlify-cli/node_modules/all-node-versions" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "cacheable-request": { "name": "cacheable-request", "severity": "high", "isDirect": false, "via": [ "http-cache-semantics" ], "effects": [ "got" ], "range": "0.1.0 - 2.1.4", "nodes": [ "node_modules/netlify-cli/node_modules/download/node_modules/cacheable-request" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "cpy": { "name": "cpy", "severity": "high", "isDirect": false, "via": [ "globby" ], "effects": [ "@netlify/cache-utils", "@netlify/functions-utils" ], "range": "7.0.0 - 8.1.2", "nodes": [ "node_modules/netlify-cli/node_modules/cpy" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "decode-uri-component": { "name": "decode-uri-component", "severity": "low", "isDirect": false, "via": [ { "source": 1088828, "name": "decode-uri-component", "dependency": "decode-uri-component", "title": "decode-uri-component vulnerable to Denial of Service (DoS)", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "severity": "low", "cwe": [ "CWE-20" ], "cvss": { "score": 0, "vectorString": null }, "range": "<0.2.1" } ], "effects": [], "range": "<0.2.1", "nodes": [ "node_modules/netlify-cli/node_modules/decode-uri-component" ], "fixAvailable": true }, "download": { "name": "download", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "gh-release-fetch" ], "range": ">=4.0.0", "nodes": [ "node_modules/netlify-cli/node_modules/download" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "fast-glob": { "name": "fast-glob", "severity": "high", "isDirect": false, "via": [ "glob-parent" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/netlify-cli/node_modules/cpy/node_modules/fast-glob" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "fetch-node-website": { "name": "fetch-node-website", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "all-node-versions" ], "range": "2.0.0 - 5.0.3", "nodes": [ "node_modules/netlify-cli/node_modules/fetch-node-website" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "gh-release-fetch": { "name": "gh-release-fetch", "severity": "moderate", "isDirect": false, "via": [ "download" ], "effects": [ "netlify-cli" ], "range": "*", "nodes": [ "node_modules/netlify-cli/node_modules/gh-release-fetch" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "glob-parent": { "name": "glob-parent", "severity": "high", "isDirect": false, "via": [ { "source": 1091181, "name": "glob-parent", "dependency": "glob-parent", "title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<5.1.2" } ], "effects": [ "fast-glob" ], "range": "<5.1.2", "nodes": [ "node_modules/netlify-cli/node_modules/cpy/node_modules/glob-parent" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "globby": { "name": "globby", "severity": "high", "isDirect": false, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/netlify-cli/node_modules/cpy/node_modules/globby" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "got": { "name": "got", "severity": "high", "isDirect": false, "via": [ { "source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<11.8.5" }, "cacheable-request" ], "effects": [ "@netlify/build", "download", "fetch-node-website", "package-json" ], "range": "<=11.8.3", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/build/node_modules/got", "node_modules/netlify-cli/node_modules/download/node_modules/got", "node_modules/netlify-cli/node_modules/fetch-node-website/node_modules/got", "node_modules/netlify-cli/node_modules/package-json/node_modules/got" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "http-cache-semantics": { "name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [ { "source": 1090532, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.1.1" } ], "effects": [ "cacheable-request" ], "range": "<4.1.1", "nodes": [ "node_modules/netlify-cli/node_modules/download/node_modules/http-cache-semantics", "node_modules/netlify-cli/node_modules/http-cache-semantics" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "jsonwebtoken": { "name": "jsonwebtoken", "severity": "moderate", "isDirect": false, "via": [ { "source": 1089434, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken unrestricted key type could lead to legacy keys usage ", "url": "https://github.com/advisories/GHSA-8cf7-32gw-wr33", "severity": "moderate", "cwe": [ "CWE-327" ], "cvss": { "score": 0, "vectorString": null }, "range": "<=8.5.1" }, { "source": 1091087, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", "url": "https://github.com/advisories/GHSA-hjrf-2m68-5959", "severity": "moderate", "cwe": [ "CWE-287" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, "range": "<=8.5.1" }, { "source": 1091170, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()", "url": "https://github.com/advisories/GHSA-qwph-4952-7xr6", "severity": "moderate", "cwe": [ "CWE-287", "CWE-327" ], "cvss": { "score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" }, "range": "<9.0.0" } ], "effects": [ "netlify-cli" ], "range": "<=8.5.1", "nodes": [ "node_modules/netlify-cli/node_modules/jsonwebtoken" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "latest-version": { "name": "latest-version", "severity": "moderate", "isDirect": false, "via": [ "package-json" ], "effects": [ "update-notifier" ], "range": "0.2.0 - 5.1.0", "nodes": [ "node_modules/netlify-cli/node_modules/latest-version" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "luxon": { "name": "luxon", "severity": "high", "isDirect": false, "via": [ { "source": 1090160, "name": "luxon", "dependency": "luxon", "title": "Luxon Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-3xq5-wjfh-ppjc", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=3.0.0 <3.2.1" } ], "effects": [], "range": "3.0.0 - 3.2.0", "nodes": [ "node_modules/netlify-cli/node_modules/luxon" ], "fixAvailable": true }, "netlify-cli": { "name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": [ "@netlify/build", "gh-release-fetch", "jsonwebtoken", "node-version-alias" ], "effects": [], "range": ">=2.13.0", "nodes": [ "node_modules/netlify-cli" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "node-version-alias": { "name": "node-version-alias", "severity": "moderate", "isDirect": false, "via": [ "all-node-versions", "normalize-node-version" ], "effects": [ "netlify-cli" ], "range": "<=1.0.1", "nodes": [ "node_modules/netlify-cli/node_modules/node-version-alias" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "normalize-node-version": { "name": "normalize-node-version", "severity": "moderate", "isDirect": false, "via": [ "all-node-versions" ], "effects": [], "range": "2.0.0 - 10.0.0", "nodes": [ "node_modules/netlify-cli/node_modules/normalize-node-version" ], "fixAvailable": true }, "package-json": { "name": "package-json", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "latest-version" ], "range": "<=6.5.0", "nodes": [ "node_modules/netlify-cli/node_modules/package-json" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "update-notifier": { "name": "update-notifier", "severity": "moderate", "isDirect": false, "via": [ "latest-version" ], "effects": [ "@netlify/build" ], "range": "0.2.0 - 5.1.0", "nodes": [ "node_modules/netlify-cli/node_modules/@netlify/build/node_modules/update-notifier" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "vite": { "name": "vite", "severity": "moderate", "isDirect": true, "via": [ { "source": 1089122, "name": "vite", "dependency": "vite", "title": "Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service", "url": "https://github.com/advisories/GHSA-mv48-hcvh-8jj8", "severity": "moderate", "cwe": [ "CWE-22" ], "cvss": { "score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, "range": "<2.9.13" } ], "effects": [], "range": "<2.9.13", "nodes": [ "node_modules/vite" ], "fixAvailable": { "name": "vite", "version": "2.9.15", "isSemVerMajor": false } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 12, "high": 11, "critical": 0, "total": 24 }, "dependencies": { "prod": 102, "dev": 2635, "optional": 67, "peer": 63, "peerOptional": 0, "total": 2736 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- { "added": 1269, "removed": 0, "changed": 0, "audited": 3373, "funding": 301, "audit": { "auditReportVersion": 2, "vulnerabilities": { "@netlify/build": { "name": "@netlify/build", "severity": "high", "isDirect": false, "via": [ "@netlify/cache-utils", "@netlify/functions-utils", "got", "update-notifier" ], "effects": [ "netlify-cli" ], "range": ">=0.1.31", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "@netlify/cache-utils": { "name": "@netlify/cache-utils", "severity": "high", "isDirect": false, "via": [ "cpy" ], "effects": [ "@netlify/build" ], "range": "*", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "@netlify/functions-utils": { "name": "@netlify/functions-utils", "severity": "high", "isDirect": false, "via": [ "cpy" ], "effects": [ "@netlify/build" ], "range": "*", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "all-node-versions": { "name": "all-node-versions", "severity": "moderate", "isDirect": false, "via": [ "fetch-node-website" ], "effects": [ "node-version-alias", "normalize-node-version" ], "range": "2.0.0 - 8.0.0", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "cacheable-request": { "name": "cacheable-request", "severity": "high", "isDirect": false, "via": [ "http-cache-semantics" ], "effects": [ "got" ], "range": "0.1.0 - 2.1.4", "nodes": [ "node_modules/cacheable-request" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "cpy": { "name": "cpy", "severity": "high", "isDirect": false, "via": [ "globby" ], "effects": [ "@netlify/cache-utils", "@netlify/functions-utils" ], "range": "7.0.0 - 8.1.2", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "decode-uri-component": { "name": "decode-uri-component", "severity": "low", "isDirect": false, "via": [ { "source": 1088828, "name": "decode-uri-component", "dependency": "decode-uri-component", "title": "decode-uri-component vulnerable to Denial of Service (DoS)", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "severity": "low", "cwe": [ "CWE-20" ], "cvss": { "score": 0, "vectorString": null }, "range": "<0.2.1" } ], "effects": [], "range": "<0.2.1", "nodes": [ "" ], "fixAvailable": true }, "download": { "name": "download", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "gh-release-fetch" ], "range": ">=4.0.0", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "fast-glob": { "name": "fast-glob", "severity": "high", "isDirect": false, "via": [ "glob-parent" ], "effects": [ "globby" ], "range": "<=2.2.7", "nodes": [ "node_modules/fast-glob" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "fetch-node-website": { "name": "fetch-node-website", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "all-node-versions" ], "range": "2.0.0 - 5.0.3", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "gh-release-fetch": { "name": "gh-release-fetch", "severity": "moderate", "isDirect": false, "via": [ "download" ], "effects": [ "netlify-cli" ], "range": "*", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "glob-parent": { "name": "glob-parent", "severity": "high", "isDirect": false, "via": [ { "source": 1091181, "name": "glob-parent", "dependency": "glob-parent", "title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<5.1.2" } ], "effects": [ "fast-glob" ], "range": "<5.1.2", "nodes": [ "node_modules/glob-parent" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "globby": { "name": "globby", "severity": "high", "isDirect": true, "via": [ "fast-glob" ], "effects": [ "cpy" ], "range": "8.0.0 - 9.2.0", "nodes": [ "node_modules/globby" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "got": { "name": "got", "severity": "high", "isDirect": true, "via": [ { "source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<11.8.5" }, "cacheable-request" ], "effects": [ "@netlify/build", "download", "fetch-node-website", "package-json" ], "range": "<=11.8.3", "nodes": [ "node_modules/got", "node_modules/got", "node_modules/got", "node_modules/got" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "http-cache-semantics": { "name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [ { "source": 1090532, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.1.1" } ], "effects": [ "cacheable-request" ], "range": "<4.1.1", "nodes": [ "", "node_modules/http-cache-semantics" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "jsonwebtoken": { "name": "jsonwebtoken", "severity": "moderate", "isDirect": false, "via": [ { "source": 1089434, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken unrestricted key type could lead to legacy keys usage ", "url": "https://github.com/advisories/GHSA-8cf7-32gw-wr33", "severity": "moderate", "cwe": [ "CWE-327" ], "cvss": { "score": 0, "vectorString": null }, "range": "<=8.5.1" }, { "source": 1091087, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", "url": "https://github.com/advisories/GHSA-hjrf-2m68-5959", "severity": "moderate", "cwe": [ "CWE-287" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, "range": "<=8.5.1" }, { "source": 1091170, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()", "url": "https://github.com/advisories/GHSA-qwph-4952-7xr6", "severity": "moderate", "cwe": [ "CWE-287", "CWE-327" ], "cvss": { "score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" }, "range": "<9.0.0" } ], "effects": [ "netlify-cli" ], "range": "<=8.5.1", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "latest-version": { "name": "latest-version", "severity": "moderate", "isDirect": false, "via": [ "package-json" ], "effects": [ "update-notifier" ], "range": "0.2.0 - 5.1.0", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "luxon": { "name": "luxon", "severity": "high", "isDirect": false, "via": [ { "source": 1090160, "name": "luxon", "dependency": "luxon", "title": "Luxon Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-3xq5-wjfh-ppjc", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=3.0.0 <3.2.1" } ], "effects": [], "range": "3.0.0 - 3.2.0", "nodes": [ "" ], "fixAvailable": true }, "netlify-cli": { "name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": [ "@netlify/build", "gh-release-fetch", "jsonwebtoken", "node-version-alias" ], "effects": [], "range": ">=2.13.0", "nodes": [ "node_modules/netlify-cli" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "node-version-alias": { "name": "node-version-alias", "severity": "moderate", "isDirect": false, "via": [ "all-node-versions", "normalize-node-version" ], "effects": [ "netlify-cli" ], "range": "<=1.0.1", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "normalize-node-version": { "name": "normalize-node-version", "severity": "moderate", "isDirect": false, "via": [ "all-node-versions" ], "effects": [], "range": "2.0.0 - 10.0.0", "nodes": [ "" ], "fixAvailable": true }, "package-json": { "name": "package-json", "severity": "moderate", "isDirect": false, "via": [ "got" ], "effects": [ "latest-version" ], "range": "<=6.5.0", "nodes": [ "" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "update-notifier": { "name": "update-notifier", "severity": "moderate", "isDirect": true, "via": [ "latest-version" ], "effects": [ "@netlify/build" ], "range": "0.2.0 - 5.1.0", "nodes": [ "node_modules/update-notifier" ], "fixAvailable": { "name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false } }, "vite": { "name": "vite", "severity": "moderate", "isDirect": true, "via": [ { "source": 1089122, "name": "vite", "dependency": "vite", "title": "Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service", "url": "https://github.com/advisories/GHSA-mv48-hcvh-8jj8", "severity": "moderate", "cwe": [ "CWE-22" ], "cvss": { "score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, "range": "<2.9.13" } ], "effects": [], "range": "<2.9.13", "nodes": [ "node_modules/vite" ], "fixAvailable": { "name": "vite", "version": "2.9.15", "isSemVerMajor": false } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 12, "high": 11, "critical": 0, "total": 24 }, "dependencies": { "prod": 102, "dev": 3271, "optional": 706, "peer": 699, "peerOptional": 0, "total": 3372 } } } } --- end --- {"added": 1269, "removed": 0, "changed": 0, "audited": 3373, "funding": 301, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@netlify/build": {"name": "@netlify/build", "severity": "high", "isDirect": false, "via": ["@netlify/cache-utils", "@netlify/functions-utils", "got", "update-notifier"], "effects": ["netlify-cli"], "range": ">=0.1.31", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "@netlify/cache-utils": {"name": "@netlify/cache-utils", "severity": "high", "isDirect": false, "via": ["cpy"], "effects": ["@netlify/build"], "range": "*", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "@netlify/functions-utils": {"name": "@netlify/functions-utils", "severity": "high", "isDirect": false, "via": ["cpy"], "effects": ["@netlify/build"], "range": "*", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "all-node-versions": {"name": "all-node-versions", "severity": "moderate", "isDirect": false, "via": ["fetch-node-website"], "effects": ["node-version-alias", "normalize-node-version"], "range": "2.0.0 - 8.0.0", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "cacheable-request": {"name": "cacheable-request", "severity": "high", "isDirect": false, "via": ["http-cache-semantics"], "effects": ["got"], "range": "0.1.0 - 2.1.4", "nodes": ["node_modules/cacheable-request"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "cpy": {"name": "cpy", "severity": "high", "isDirect": false, "via": ["globby"], "effects": ["@netlify/cache-utils", "@netlify/functions-utils"], "range": "7.0.0 - 8.1.2", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "decode-uri-component": {"name": "decode-uri-component", "severity": "low", "isDirect": false, "via": [{"source": 1088828, "name": "decode-uri-component", "dependency": "decode-uri-component", "title": "decode-uri-component vulnerable to Denial of Service (DoS)", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "severity": "low", "cwe": ["CWE-20"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.2.1"}], "effects": [], "range": "<0.2.1", "nodes": [""], "fixAvailable": true}, "download": {"name": "download", "severity": "moderate", "isDirect": false, "via": ["got"], "effects": ["gh-release-fetch"], "range": ">=4.0.0", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "fast-glob": {"name": "fast-glob", "severity": "high", "isDirect": false, "via": ["glob-parent"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/fast-glob"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "fetch-node-website": {"name": "fetch-node-website", "severity": "moderate", "isDirect": false, "via": ["got"], "effects": ["all-node-versions"], "range": "2.0.0 - 5.0.3", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "gh-release-fetch": {"name": "gh-release-fetch", "severity": "moderate", "isDirect": false, "via": ["download"], "effects": ["netlify-cli"], "range": "*", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "glob-parent": {"name": "glob-parent", "severity": "high", "isDirect": false, "via": [{"source": 1091181, "name": "glob-parent", "dependency": "glob-parent", "title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<5.1.2"}], "effects": ["fast-glob"], "range": "<5.1.2", "nodes": ["node_modules/glob-parent"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "globby": {"name": "globby", "severity": "high", "isDirect": true, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/globby"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "got": {"name": "got", "severity": "high", "isDirect": true, "via": [{"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}, "cacheable-request"], "effects": ["@netlify/build", "download", "fetch-node-website", "package-json"], "range": "<=11.8.3", "nodes": ["node_modules/got", "node_modules/got", "node_modules/got", "node_modules/got"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "http-cache-semantics": {"name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [{"source": 1090532, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.1.1"}], "effects": ["cacheable-request"], "range": "<4.1.1", "nodes": ["", "node_modules/http-cache-semantics"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "jsonwebtoken": {"name": "jsonwebtoken", "severity": "moderate", "isDirect": false, "via": [{"source": 1089434, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken unrestricted key type could lead to legacy keys usage ", "url": "https://github.com/advisories/GHSA-8cf7-32gw-wr33", "severity": "moderate", "cwe": ["CWE-327"], "cvss": {"score": 0, "vectorString": null}, "range": "<=8.5.1"}, {"source": 1091087, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", "url": "https://github.com/advisories/GHSA-hjrf-2m68-5959", "severity": "moderate", "cwe": ["CWE-287"], "cvss": {"score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "range": "<=8.5.1"}, {"source": 1091170, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()", "url": "https://github.com/advisories/GHSA-qwph-4952-7xr6", "severity": "moderate", "cwe": ["CWE-287", "CWE-327"], "cvss": {"score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L"}, "range": "<9.0.0"}], "effects": ["netlify-cli"], "range": "<=8.5.1", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "latest-version": {"name": "latest-version", "severity": "moderate", "isDirect": false, "via": ["package-json"], "effects": ["update-notifier"], "range": "0.2.0 - 5.1.0", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "luxon": {"name": "luxon", "severity": "high", "isDirect": false, "via": [{"source": 1090160, "name": "luxon", "dependency": "luxon", "title": "Luxon Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-3xq5-wjfh-ppjc", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=3.0.0 <3.2.1"}], "effects": [], "range": "3.0.0 - 3.2.0", "nodes": [""], "fixAvailable": true}, "netlify-cli": {"name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": ["@netlify/build", "gh-release-fetch", "jsonwebtoken", "node-version-alias"], "effects": [], "range": ">=2.13.0", "nodes": ["node_modules/netlify-cli"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "node-version-alias": {"name": "node-version-alias", "severity": "moderate", "isDirect": false, "via": ["all-node-versions", "normalize-node-version"], "effects": ["netlify-cli"], "range": "<=1.0.1", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "normalize-node-version": {"name": "normalize-node-version", "severity": "moderate", "isDirect": false, "via": ["all-node-versions"], "effects": [], "range": "2.0.0 - 10.0.0", "nodes": [""], "fixAvailable": true}, "package-json": {"name": "package-json", "severity": "moderate", "isDirect": false, "via": ["got"], "effects": ["latest-version"], "range": "<=6.5.0", "nodes": [""], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "update-notifier": {"name": "update-notifier", "severity": "moderate", "isDirect": true, "via": ["latest-version"], "effects": ["@netlify/build"], "range": "0.2.0 - 5.1.0", "nodes": ["node_modules/update-notifier"], "fixAvailable": {"name": "netlify-cli", "version": "12.14.0", "isSemVerMajor": false}}, "vite": {"name": "vite", "severity": "moderate", "isDirect": true, "via": [{"source": 1089122, "name": "vite", "dependency": "vite", "title": "Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service", "url": "https://github.com/advisories/GHSA-mv48-hcvh-8jj8", "severity": "moderate", "cwe": ["CWE-22"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}, "range": "<2.9.13"}], "effects": [], "range": "<2.9.13", "nodes": ["node_modules/vite"], "fixAvailable": {"name": "vite", "version": "2.9.15", "isSemVerMajor": false}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 12, "high": 11, "critical": 0, "total": 24}, "dependencies": {"prod": 102, "dev": 3271, "optional": 706, "peer": 699, "peerOptional": 0, "total": 3372}}}} {} Upgrading n:netlify-cli from 12.2.8 -> 12.14.0 {} Upgrading n:vite from ~2.8.6 -> 2.9.15 $ /usr/bin/npm audit fix --only=dev --legacy-peer-deps --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN deprecated @types/rdf-js@4.0.2: This is a stub types definition. rdf-js provides its own type definitions, so you do not need this installed. npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.0: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated core-js@2.6.12: core-js@<3.4 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js. --- stdout --- added 3279 packages, and audited 3280 packages in 43s 302 packages are looking for funding run `npm fund` for details # npm audit report decode-uri-component <0.2.1 decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq fix available via `npm audit fix` node_modules/netlify-cli/node_modules/decode-uri-component glob-parent <5.1.2 Severity: high glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install netlify-cli@2.12.0, which is a breaking change node_modules/netlify-cli/node_modules/@netlify/cache-utils/node_modules/glob-parent node_modules/netlify-cli/node_modules/@netlify/functions-utils/node_modules/glob-parent fast-glob <=2.2.7 Depends on vulnerable versions of glob-parent node_modules/netlify-cli/node_modules/@netlify/cache-utils/node_modules/cpy/node_modules/fast-glob node_modules/netlify-cli/node_modules/@netlify/functions-utils/node_modules/fast-glob globby 8.0.0 - 9.2.0 Depends on vulnerable versions of fast-glob node_modules/netlify-cli/node_modules/@netlify/cache-utils/node_modules/cpy/node_modules/globby node_modules/netlify-cli/node_modules/@netlify/functions-utils/node_modules/globby cpy 7.0.0 - 8.1.2 Depends on vulnerable versions of globby node_modules/netlify-cli/node_modules/@netlify/cache-utils/node_modules/cpy node_modules/netlify-cli/node_modules/@netlify/functions-utils/node_modules/cpy @netlify/cache-utils * Depends on vulnerable versions of cpy node_modules/netlify-cli/node_modules/@netlify/cache-utils @netlify/build >=0.1.31 Depends on vulnerable versions of @netlify/cache-utils Depends on vulnerable versions of @netlify/functions-utils node_modules/netlify-cli/node_modules/@netlify/build netlify-cli >=2.13.0 Depends on vulnerable versions of @netlify/build Depends on vulnerable versions of gh-release-fetch node_modules/netlify-cli @netlify/functions-utils * Depends on vulnerable versions of cpy node_modules/netlify-cli/node_modules/@netlify/functions-utils got <=11.8.3 Severity: high Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 Depends on vulnerable versions of cacheable-request fix available via `npm audit fix --force` Will install netlify-cli@2.12.0, which is a breaking change node_modules/netlify-cli/node_modules/download/node_modules/got download >=4.0.0 Depends on vulnerable versions of got node_modules/netlify-cli/node_modules/download gh-release-fetch * Depends on vulnerable versions of download node_modules/netlify-cli/node_modules/gh-release-fetch http-cache-semantics <4.1.1 Severity: high http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j fix available via `npm audit fix --force` Will install netlify-cli@2.12.0, which is a breaking change node_modules/netlify-cli/node_modules/download/node_modules/http-cache-semantics cacheable-request 0.1.0 - 2.1.4 Depends on vulnerable versions of http-cache-semantics node_modules/netlify-cli/node_modules/download/node_modules/cacheable-request 14 vulnerabilities (1 low, 2 moderate, 11 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Verifying that tests still pass $ /usr/bin/npm ci --legacy-peer-deps --- stderr --- npm ERR! code EBADPLATFORM npm ERR! notsup Unsupported platform for @esbuild/android-arm@0.16.17: wanted {"os":"android","arch":"arm"} (current: {"os":"linux","arch":"x64"}) npm ERR! notsup Valid OS: android npm ERR! notsup Valid Arch: arm npm ERR! notsup Actual OS: linux npm ERR! notsup Actual Arch: x64 npm ERR! A complete log of this run can be found in: npm ERR! /cache/_logs/2023-03-10T11_53_46_358Z-debug-0.log --- stdout --- --- end --- Traceback (most recent call last): File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1344, in run self.npm_audit_fix(new_npm_audit) File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 241, in npm_audit_fix self.check_call(['npm', 'ci', '--legacy-peer-deps']) File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call res.check_returncode() File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['/usr/bin/npm', 'ci', '--legacy-peer-deps']' returned non-zero exit status 1.