This run took 109 seconds.
$ date
--- stdout ---
Sat Mar 18 23:38:49 UTC 2023
--- end ---
$ git clone file:///srv/git/wvui.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
a6c699bda81233facf49b99ca949bf9aa05c515e refs/heads/master
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@mdx-js/loader": {
"name": "@mdx-js/loader",
"severity": "critical",
"isDirect": false,
"via": [
"@mdx-js/mdx",
"loader-utils"
],
"effects": [
"@storybook/addon-docs"
],
"range": "0.15.5 - 1.6.22",
"nodes": [
"node_modules/@mdx-js/loader"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@mdx-js/loader",
"@storybook/addon-docs"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "critical",
"isDirect": true,
"via": [
"@mdx-js/loader",
"@mdx-js/mdx",
"@storybook/builder-webpack4",
"@storybook/core"
],
"effects": [],
"range": "<=6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-common",
"react-dev-utils"
],
"effects": [
"@storybook/addon-docs",
"@storybook/core-server"
],
"range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [
"@storybook/vue"
],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "high",
"isDirect": false,
"via": [
"glob-base"
],
"effects": [
"@storybook/builder-webpack4",
"@storybook/core-server",
"@storybook/vue"
],
"range": "<=6.4.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"cpy"
],
"effects": [
"@storybook/core"
],
"range": "<=7.0.0-alpha.6",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"@storybook/vue": {
"name": "@storybook/vue",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"ansi-html": {
"name": "ansi-html",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091237,
"name": "ansi-html",
"dependency": "ansi-html",
"title": "Uncontrolled Resource Consumption in ansi-html",
"url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.8"
}
],
"effects": [
"webpack-hot-middleware"
],
"range": "<0.0.8",
"nodes": [
"node_modules/ansi-html"
],
"fixAvailable": true
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091189,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1091190,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"node_modules/@jest/core/node_modules/ansi-regex",
"node_modules/ansi-align/node_modules/ansi-regex",
"node_modules/boxen/node_modules/ansi-regex",
"node_modules/cli-table3/node_modules/ansi-regex",
"node_modules/cli-truncate/node_modules/ansi-regex",
"node_modules/cliui/node_modules/ansi-regex",
"node_modules/doiuse/node_modules/ansi-regex",
"node_modules/eslint/node_modules/ansi-regex",
"node_modules/jest-config/node_modules/ansi-regex",
"node_modules/jest-each/node_modules/ansi-regex",
"node_modules/jest-jasmine2/node_modules/ansi-regex",
"node_modules/jest-leak-detector/node_modules/ansi-regex",
"node_modules/jest-matcher-utils/node_modules/ansi-regex",
"node_modules/jest-message-util/node_modules/ansi-regex",
"node_modules/jest-snapshot/node_modules/ansi-regex",
"node_modules/jest-validate/node_modules/ansi-regex",
"node_modules/listr2/node_modules/ansi-regex",
"node_modules/pretty-format/node_modules/ansi-regex",
"node_modules/react-dev-utils/node_modules/ansi-regex",
"node_modules/string-length/node_modules/ansi-regex",
"node_modules/stylelint/node_modules/ansi-regex",
"node_modules/table/node_modules/ansi-regex",
"node_modules/webpack-cli/node_modules/ansi-regex",
"node_modules/widest-line/node_modules/ansi-regex",
"node_modules/wrap-ansi/node_modules/ansi-regex",
"node_modules/yargs/node_modules/ansi-regex"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091366,
"name": "axios",
"dependency": "axios",
"title": "axios Inefficient Regular Expression Complexity vulnerability",
"url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.21.2"
}
],
"effects": [
"github-build"
],
"range": "<0.21.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": true
},
"babel-core": {
"name": "babel-core",
"severity": "high",
"isDirect": true,
"via": [
"babel-register",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "1.19.0",
"nodes": [
"node_modules/body-parser"
],
"fixAvailable": true
},
"browserslist": {
"name": "browserslist",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089762,
"name": "browserslist",
"dependency": "browserslist",
"title": "Regular Expression Denial of Service in browserslist",
"url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=4.0.0 <4.16.5"
}
],
"effects": [
"react-dev-utils"
],
"range": "4.0.0 - 4.16.4",
"nodes": [
"node_modules/react-dev-utils/node_modules/browserslist"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "webpack",
"version": "5.76.2",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "high",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "high",
"isDirect": false,
"via": [
"cssnano-preset-default"
],
"effects": [
"optimize-css-assets-webpack-plugin"
],
"range": "4.0.0-nightly.2020.1.9 - 4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "high",
"isDirect": false,
"via": [
"postcss-svgo"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"decode-uri-component": {
"name": "decode-uri-component",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1088828,
"name": "decode-uri-component",
"dependency": "decode-uri-component",
"title": "decode-uri-component vulnerable to Denial of Service (DoS)",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.2.1"
}
],
"effects": [],
"range": "<0.2.1",
"nodes": [
"node_modules/decode-uri-component"
],
"fixAvailable": true
},
"ejs": {
"name": "ejs",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089270,
"name": "ejs",
"dependency": "ejs",
"title": "ejs template injection vulnerability",
"url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
"severity": "critical",
"cwe": [
"CWE-74"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<3.1.7"
}
],
"effects": [
"webpack-bundle-analyzer"
],
"range": "<3.1.7",
"nodes": [
"node_modules/ejs",
"node_modules/webpack-bundle-analyzer/node_modules/ejs"
],
"fixAvailable": {
"name": "webpack-bundle-analyzer",
"version": "4.8.0",
"isSemVerMajor": true
}
},
"express": {
"name": "express",
"severity": "high",
"isDirect": false,
"via": [
"body-parser",
"qs"
],
"effects": [],
"range": "4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8",
"nodes": [
"node_modules/express"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"find-babel-config": {
"name": "find-babel-config",
"severity": "high",
"isDirect": false,
"via": [
"json5"
],
"effects": [
"vue-jest"
],
"range": "<=1.2.0",
"nodes": [
"node_modules/find-babel-config"
],
"fixAvailable": {
"name": "vue-jest",
"version": "4.0.1",
"isSemVerMajor": true
}
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090431,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
"url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<1.14.8"
},
{
"source": 1091238,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of sensitive information in follow-redirects",
"url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
"severity": "high",
"cwe": [
"CWE-359"
],
"cvss": {
"score": 8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
},
"range": "<1.14.7"
}
],
"effects": [],
"range": "<=1.14.7",
"nodes": [
"node_modules/follow-redirects"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [],
"range": "<=1.2.2",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-base": {
"name": "glob-base",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"@storybook/core-common"
],
"range": "*",
"nodes": [
"node_modules/glob-base"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091181,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<5.1.2"
}
],
"effects": [
"chokidar",
"fast-glob",
"glob-base"
],
"range": "<5.1.2",
"nodes": [
"node_modules/cpy/node_modules/glob-parent",
"node_modules/glob-base/node_modules/glob-parent",
"node_modules/watchpack-chokidar2/node_modules/glob-parent"
],
"fixAvailable": {
"name": "webpack",
"version": "5.76.2",
"isSemVerMajor": true
}
},
"globby": {
"name": "globby",
"severity": "high",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"immer": {
"name": "immer",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089281,
"name": "immer",
"dependency": "immer",
"title": "Prototype Pollution in immer",
"url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
"severity": "high",
"cwe": [
"CWE-915",
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<9.0.6"
},
{
"source": 1089656,
"name": "immer",
"dependency": "immer",
"title": "Prototype Pollution in immer",
"url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
"severity": "critical",
"cwe": [
"CWE-843",
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<9.0.6"
}
],
"effects": [
"react-dev-utils"
],
"range": "<=9.0.5",
"nodes": [
"node_modules/immer"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"json-schema": {
"name": "json-schema",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089513,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "critical",
"cwe": [
"CWE-915",
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091147,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
},
{
"source": 1091148,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": ">=2.0.0 <2.2.2"
}
],
"effects": [
"babel-core",
"find-babel-config"
],
"range": "<1.0.2 || >=2.0.0 <2.2.2",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/loader-utils/node_modules/json5",
"node_modules/@storybook/core-common/node_modules/loader-utils/node_modules/json5",
"node_modules/@storybook/core-server/node_modules/loader-utils/node_modules/json5",
"node_modules/babel-core/node_modules/json5",
"node_modules/babel-loader/node_modules/json5",
"node_modules/find-babel-config/node_modules/json5",
"node_modules/generic-names/node_modules/json5",
"node_modules/html-webpack-plugin/node_modules/json5",
"node_modules/json5",
"node_modules/mini-css-extract-plugin/node_modules/json5",
"node_modules/ts-loader/node_modules/json5",
"node_modules/vue-docgen-loader/node_modules/json5",
"node_modules/vue-loader/node_modules/json5",
"node_modules/vue-style-loader/node_modules/json5",
"node_modules/webpack-cli/node_modules/json5",
"node_modules/webpack/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"jsprim": {
"name": "jsprim",
"severity": "critical",
"isDirect": false,
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"loader-utils": {
"name": "loader-utils",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1091186,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<1.4.1"
},
{
"source": 1091187,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=2.0.0 <2.0.3"
},
{
"source": 1091247,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.4"
},
{
"source": 1091248,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
},
{
"source": 1091250,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.4"
},
{
"source": 1091251,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
}
],
"effects": [
"@mdx-js/loader",
"react-dev-utils"
],
"range": "<=1.4.1 || 2.0.0 - 2.0.3",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/loader-utils",
"node_modules/@storybook/builder-webpack4/node_modules/postcss-loader/node_modules/loader-utils",
"node_modules/@storybook/core-common/node_modules/loader-utils",
"node_modules/@storybook/core-server/node_modules/loader-utils",
"node_modules/babel-loader/node_modules/loader-utils",
"node_modules/generic-names/node_modules/loader-utils",
"node_modules/html-webpack-plugin/node_modules/loader-utils",
"node_modules/loader-utils",
"node_modules/mini-css-extract-plugin/node_modules/loader-utils",
"node_modules/ts-loader/node_modules/loader-utils",
"node_modules/vue-docgen-loader/node_modules/loader-utils",
"node_modules/vue-loader/node_modules/loader-utils",
"node_modules/vue-style-loader/node_modules/loader-utils",
"node_modules/webpack-cli/node_modules/loader-utils",
"node_modules/webpack/node_modules/loader-utils"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091174,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"recursive-readdir"
],
"range": "<3.0.5",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1091173,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [],
"range": "1.0.0 - 1.2.5",
"nodes": [
"node_modules/minimist"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089011,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid",
"node_modules/stylelint-config-wikimedia/node_modules/nanoid"
],
"fixAvailable": true
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091239,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"cwe": [
"CWE-173",
"CWE-200",
"CWE-601"
],
"cvss": {
"score": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<2.6.7"
}
],
"effects": [],
"range": "<2.6.7",
"nodes": [
"node_modules/node-fetch"
],
"fixAvailable": true
},
"node-gyp": {
"name": "node-gyp",
"severity": "moderate",
"isDirect": true,
"via": [
"request"
],
"effects": [],
"range": "<=7.1.2",
"nodes": [
"node_modules/node-gyp"
],
"fixAvailable": {
"name": "node-gyp",
"version": "9.3.1",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091236,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check",
"node_modules/svgo/node_modules/nth-check"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"optimize-css-assets-webpack-plugin": {
"name": "optimize-css-assets-webpack-plugin",
"severity": "high",
"isDirect": true,
"via": [
"cssnano"
],
"effects": [],
"range": "3.2.1 || 5.0.0 - 5.0.8",
"nodes": [
"node_modules/optimize-css-assets-webpack-plugin"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"svgo"
],
"effects": [
"cssnano-preset-default"
],
"range": "4.0.0-nightly.2020.1.9 - 5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"prismjs": {
"name": "prismjs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089189,
"name": "prismjs",
"dependency": "prismjs",
"title": "prismjs Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<1.25.0"
},
{
"source": 1090424,
"name": "prismjs",
"dependency": "prismjs",
"title": "Cross-site Scripting in Prism",
"url": "https://github.com/advisories/GHSA-3949-f494-cm99",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"
},
"range": ">=1.14.0 <1.27.0"
}
],
"effects": [
"refractor"
],
"range": "<=1.26.0",
"nodes": [
"node_modules/prismjs"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090135,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.5.0 <6.5.3"
},
{
"source": 1090137,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.7.0 <6.7.3"
},
{
"source": 1090140,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.10.0 <6.10.3"
}
],
"effects": [
"body-parser",
"express"
],
"range": "6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 || 6.10.0 - 6.10.2",
"nodes": [
"node_modules/body-parser/node_modules/qs",
"node_modules/express/node_modules/qs",
"node_modules/qs",
"node_modules/request/node_modules/qs"
],
"fixAvailable": true
},
"react-dev-utils": {
"name": "react-dev-utils",
"severity": "critical",
"isDirect": false,
"via": [
"browserslist",
"immer",
"loader-utils",
"recursive-readdir",
"shell-quote"
],
"effects": [
"@storybook/builder-webpack4"
],
"range": "0.5.2 - 12.0.0-next.60",
"nodes": [
"node_modules/react-dev-utils"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"recursive-readdir": {
"name": "recursive-readdir",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"react-dev-utils"
],
"range": "1.2.0 - 2.2.2",
"nodes": [
"node_modules/recursive-readdir"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"refractor": {
"name": "refractor",
"severity": "moderate",
"isDirect": false,
"via": [
"prismjs"
],
"effects": [],
"range": "<=3.4.0 || 4.0.0 - 4.1.1",
"nodes": [
"node_modules/refractor"
],
"fixAvailable": true
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1091410,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=2.88.2"
}
],
"effects": [
"node-gyp"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "node-gyp",
"version": "9.3.1",
"isSemVerMajor": true
}
},
"shell-quote": {
"name": "shell-quote",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1090195,
"name": "shell-quote",
"dependency": "shell-quote",
"title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
"url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
"severity": "critical",
"cwe": [
"CWE-77"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=1.7.2"
}
],
"effects": [
"react-dev-utils"
],
"range": "<=1.7.2",
"nodes": [
"node_modules/shell-quote"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"simple-get": {
"name": "simple-get",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090445,
"name": "simple-get",
"dependency": "simple-get",
"title": "Exposure of Sensitive Information in simple-get",
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"severity": "high",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.1"
}
],
"effects": [],
"range": "3.0.0 - 3.1.0",
"nodes": [
"node_modules/simple-get"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "optimize-css-assets-webpack-plugin",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089682,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
"url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.1"
},
{
"source": 1091311,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
"url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-23",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.2"
},
{
"source": 1091341,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.7"
},
{
"source": 1091344,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
"url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.9"
},
{
"source": 1091347,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
"url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
},
"range": ">=6.0.0 <6.1.9"
}
],
"effects": [],
"range": "6.0.0 - 6.1.8",
"nodes": [
"node_modules/tar"
],
"fixAvailable": true
},
"terser": {
"name": "terser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091356,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.14.2"
},
{
"source": 1091357,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.8.1"
}
],
"effects": [],
"range": ">=5.0.0 <5.14.2 || <4.8.1",
"nodes": [
"node_modules/terser",
"node_modules/terser-webpack-plugin/node_modules/terser"
],
"fixAvailable": true
},
"tmpl": {
"name": "tmpl",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089190,
"name": "tmpl",
"dependency": "tmpl",
"title": "tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion",
"url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<1.0.5"
}
],
"effects": [],
"range": "<1.0.5",
"nodes": [
"node_modules/tmpl"
],
"fixAvailable": true
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "6.5.16",
"isSemVerMajor": false
}
},
"vue-jest": {
"name": "vue-jest",
"severity": "high",
"isDirect": true,
"via": [
"find-babel-config"
],
"effects": [],
"range": "1.0.0 - 3.0.7",
"nodes": [
"node_modules/vue-jest"
],
"fixAvailable": {
"name": "vue-jest",
"version": "4.0.1",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": {
"name": "webpack",
"version": "5.76.2",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "webpack",
"version": "5.76.2",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": true,
"via": [
"watchpack"
],
"effects": [],
"range": "4.44.0 - 4.46.0",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "webpack",
"version": "5.76.2",
"isSemVerMajor": true
}
},
"webpack-bundle-analyzer": {
"name": "webpack-bundle-analyzer",
"severity": "critical",
"isDirect": true,
"via": [
"ejs"
],
"effects": [],
"range": "1.3.0 - 3.9.0",
"nodes": [
"node_modules/webpack-bundle-analyzer"
],
"fixAvailable": {
"name": "webpack-bundle-analyzer",
"version": "4.8.0",
"isSemVerMajor": true
}
},
"webpack-hot-middleware": {
"name": "webpack-hot-middleware",
"severity": "high",
"isDirect": false,
"via": [
"ansi-html"
],
"effects": [],
"range": "2.9.0 - 2.25.0",
"nodes": [
"node_modules/webpack-hot-middleware"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 6,
"high": 46,
"critical": 11,
"total": 64
},
"dependencies": {
"prod": 1,
"dev": 2783,
"optional": 33,
"peer": 0,
"peerOptional": 0,
"total": 2783
}
}
}
--- end ---
Upgrading n:eslint from 7.31.0 -> 8.31.0
Upgrading n:eslint-config-wikimedia from 0.20.0 -> 0.24.0
Upgrading n:stylelint from 13.9.0 -> 14.14.0
Upgrading n:stylelint-config-wikimedia from 0.11.1 -> 0.14.0
$ /usr/bin/npm install
--- stderr ---
npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN dev eslint@"8.31.0" from the root project
npm WARN 17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/eslint-plugin@4.2.0
npm WARN node_modules/@typescript-eslint/eslint-plugin
npm WARN dev @typescript-eslint/eslint-plugin@"4.2.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN dev eslint@"8.31.0" from the root project
npm WARN 17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/parser@4.2.0
npm WARN node_modules/@typescript-eslint/parser
npm WARN dev @typescript-eslint/parser@"4.2.0" from the root project
npm WARN 1 more (@typescript-eslint/eslint-plugin)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: eslint@7.31.0
npm WARN node_modules/eslint
npm WARN dev eslint@"8.31.0" from the root project
npm WARN 17 more (@typescript-eslint/eslint-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer eslint@"^5.0.0 || ^6.0.0 || ^7.0.0" from @typescript-eslint/parser@4.2.0
npm WARN node_modules/@typescript-eslint/parser
npm WARN dev @typescript-eslint/parser@"4.2.0" from the root project
npm WARN 1 more (@typescript-eslint/eslint-plugin)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @wikimedia/wvui@0.4.0
npm WARN Found: stylelint@13.9.0
npm WARN node_modules/stylelint
npm WARN dev stylelint@"14.14.0" from the root project
npm WARN 2 more (stylelint-no-unsupported-browser-features, stylelint-order)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer stylelint@"^10.0.1 || ^11.0.0 || ^12.0.0 || ^13.0.0" from stylelint-order@4.1.0
npm WARN node_modules/stylelint-order
npm WARN dev stylelint-order@"4.1.0" from the root project
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js-pure@3.15.2: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure.
npm WARN deprecated core-js@3.15.2: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
> @wikimedia/wvui@0.4.0 prepare
> husky install
husky - Git hooks installed
added 2768 packages, and audited 2769 packages in 1m
255 packages are looking for funding
run `npm fund` for details
63 vulnerabilities (1 low, 5 moderate, 46 high, 11 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(
ESLint: 8.31.0
TypeError: Failed to load plugin '@typescript-eslint' declared in '.eslintrc.json#overrides[0]': Class extends value undefined is not a constructor or null
Referenced from: /src/repo/.eslintrc.json
at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/CLIEngine.js:12:34)
at Module._compile (node:internal/modules/cjs/loader:1126:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1180:10)
at Module.load (node:internal/modules/cjs/loader:1004:32)
at Function.Module._load (node:internal/modules/cjs/loader:839:12)
at Module.require (node:internal/modules/cjs/loader:1028:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/index.js:14:14)
at Module._compile (node:internal/modules/cjs/loader:1126:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1180:10)
--- stdout ---
--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(
ESLint: 8.31.0
TypeError: Failed to load plugin '@typescript-eslint' declared in '.eslintrc.json#overrides[0]': Class extends value undefined is not a constructor or null
Referenced from: /src/repo/.eslintrc.json
at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/CLIEngine.js:12:34)
at Module._compile (node:internal/modules/cjs/loader:1126:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1180:10)
at Module.load (node:internal/modules/cjs/loader:1004:32)
at Function.Module._load (node:internal/modules/cjs/loader:839:12)
at Module.require (node:internal/modules/cjs/loader:1028:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/experimental-utils/dist/ts-eslint/index.js:14:14)
at Module._compile (node:internal/modules/cjs/loader:1126:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1180:10)
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1338, in run
self.npm_upgrade(plan)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1046, in npm_upgrade
hook(update)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1126, in _handle_eslint
errors = json.loads(self.check_call([
File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)