$ date
--- stdout ---
Fri Apr 15 00:28:11 UTC 2022
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-MobileFrontend.git repo --depth=1 -b REL1_37
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_37
--- stdout ---
f1faaa1a7a023b05eebdb3fd7968d5efc7764b13 refs/heads/REL1_37
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"via": [
"@storybook/core-common",
"react-dev-utils"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "moderate",
"via": [
"@storybook/core-server"
],
"effects": [
"@storybook/html"
],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "high",
"via": [
"glob-base"
],
"effects": [
"@storybook/builder-webpack4",
"@storybook/core-server",
"@storybook/html"
],
"range": "<=6.4.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"cpy"
],
"effects": [
"@storybook/core"
],
"range": "*",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/html": {
"name": "@storybook/html",
"severity": "high",
"via": [
"@storybook/core",
"@storybook/core-common"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/html"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@wikimedia/mw-node-qunit": {
"name": "@wikimedia/mw-node-qunit",
"severity": "moderate",
"via": [
"jquery"
],
"effects": [],
"range": "6.0.0 - 6.1.2",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.3.0",
"isSemVerMajor": false
}
},
"ansi-html": {
"name": "ansi-html",
"severity": "high",
"via": [
{
"source": 1067382,
"name": "ansi-html",
"dependency": "ansi-html",
"title": "Uncontrolled Resource Consumption in ansi-html",
"url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
"severity": "high",
"range": "<0.0.8"
}
],
"effects": [
"webpack-hot-middleware"
],
"range": "<0.0.8",
"nodes": [
"node_modules/ansi-html"
],
"fixAvailable": true
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "moderate",
"via": [
{
"source": 1067300,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=3.0.0 <3.0.1"
},
{
"source": 1067301,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1067302,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"node_modules/@wdio/logger/node_modules/ansi-regex",
"node_modules/ansi-align/node_modules/ansi-regex",
"node_modules/boxen/node_modules/ansi-regex",
"node_modules/cli-table3/node_modules/ansi-regex",
"node_modules/cliui/node_modules/ansi-regex",
"node_modules/cucumber/node_modules/ansi-regex",
"node_modules/doiuse/node_modules/ansi-regex",
"node_modules/eslint/node_modules/ansi-regex",
"node_modules/inquirer/node_modules/ansi-regex",
"node_modules/mocha/node_modules/ansi-regex",
"node_modules/pretty-format/node_modules/ansi-regex",
"node_modules/react-dev-utils/node_modules/ansi-regex",
"node_modules/stylelint/node_modules/ansi-regex",
"node_modules/table/node_modules/ansi-regex",
"node_modules/webpack-cli/node_modules/ansi-regex",
"node_modules/widest-line/node_modules/ansi-regex",
"node_modules/wrap-ansi/node_modules/ansi-regex",
"node_modules/yargs/node_modules/ansi-regex"
],
"fixAvailable": true
},
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1069985,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
},
{
"source": 1069986,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": ">=3.0.0 <3.2.2"
}
],
"effects": [
"jake"
],
"range": ">=3.0.0 <3.2.2 || <2.6.4",
"nodes": [
"node_modules/archiver/node_modules/async",
"node_modules/async"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"via": [
{
"source": 1067343,
"name": "axios",
"dependency": "axios",
"title": "Incorrect Comparison in axios",
"url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
"severity": "high",
"range": "<0.21.2"
}
],
"effects": [
"github-build"
],
"range": "<0.21.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": true
},
"browserslist": {
"name": "browserslist",
"severity": "moderate",
"via": [
{
"source": 1067902,
"name": "browserslist",
"dependency": "browserslist",
"title": "Regular Expression Denial of Service in browserslist",
"url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
"severity": "moderate",
"range": ">=4.0.0 <4.16.5"
}
],
"effects": [
"react-dev-utils"
],
"range": "4.0.0 - 4.16.4",
"nodes": [
"node_modules/react-dev-utils/node_modules/browserslist"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"cpy": {
"name": "cpy",
"severity": "high",
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"via": [
"css-what",
"nth-check"
],
"effects": [
"renderkid",
"svgo"
],
"range": "<=3.1.2",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"css-what": {
"name": "css-what",
"severity": "high",
"via": [
{
"source": 1067850,
"name": "css-what",
"dependency": "css-what",
"title": "Denial of service in css-what",
"url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc",
"severity": "high",
"range": ">=4.0.0 <=5.0.0"
}
],
"effects": [
"css-select"
],
"range": "4.0.0 - 5.0.0",
"nodes": [
"node_modules/svgo/node_modules/css-what"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"ejs": {
"name": "ejs",
"severity": "high",
"via": [
"jake"
],
"effects": [],
"range": ">=3.1.2",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "high",
"via": [
{
"source": 1067407,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
"url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
"severity": "moderate",
"range": "<1.14.8"
},
{
"source": 1067459,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of sensitive information in follow-redirects",
"url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
"severity": "high",
"range": "<1.14.7"
}
],
"effects": [],
"range": "<=1.14.7",
"nodes": [
"node_modules/follow-redirects"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"via": [
"axios"
],
"effects": [],
"range": "<=1.2.2",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-base": {
"name": "glob-base",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"@storybook/core-common"
],
"range": "*",
"nodes": [
"node_modules/glob-base"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"via": [
{
"source": 1067329,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "Regular expression denial of service in glob-parent",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"range": "<5.1.2"
}
],
"effects": [
"chokidar",
"fast-glob",
"glob-base"
],
"range": "<5.1.2",
"nodes": [
"node_modules/cpy/node_modules/glob-parent",
"node_modules/glob-base/node_modules/glob-parent",
"node_modules/watchpack-chokidar2/node_modules/glob-parent"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"globby": {
"name": "globby",
"severity": "high",
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"immer": {
"name": "immer",
"severity": "critical",
"via": [
{
"source": 1067720,
"name": "immer",
"dependency": "immer",
"title": "Prototype Pollution in immer",
"url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
"severity": "critical",
"range": "<9.0.6"
}
],
"effects": [
"react-dev-utils"
],
"range": "<9.0.6",
"nodes": [
"node_modules/immer"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"jake": {
"name": "jake",
"severity": "high",
"via": [
"async"
],
"effects": [
"ejs"
],
"range": ">=8.0.1",
"nodes": [
"node_modules/jake"
],
"fixAvailable": true
},
"jquery": {
"name": "jquery",
"severity": "moderate",
"via": [
{
"source": 1069417,
"name": "jquery",
"dependency": "jquery",
"title": "Potential XSS vulnerability in jQuery",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"severity": "moderate",
"range": ">=1.2 <3.5.0"
},
{
"source": 1069418,
"name": "jquery",
"dependency": "jquery",
"title": "Potential XSS vulnerability in jQuery",
"url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
"severity": "moderate",
"range": ">=1.0.3 <3.5.0"
}
],
"effects": [
"@wikimedia/mw-node-qunit"
],
"range": "<=3.4.1",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.3.0",
"isSemVerMajor": false
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"via": [
"markdown-it",
"marked"
],
"effects": [],
"range": "3.2.0-dev - 3.6.7",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"json-schema": {
"name": "json-schema",
"severity": "moderate",
"via": [
{
"source": 1067524,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "moderate",
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "moderate",
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"via": [
{
"source": 1067456,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"range": "<12.3.2"
}
],
"effects": [
"jsdoc"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"marked": {
"name": "marked",
"severity": "high",
"via": [
{
"source": 1067450,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
"severity": "high",
"range": "<4.0.10"
}
],
"effects": [
"jsdoc"
],
"range": "<4.0.10",
"nodes": [
"node_modules/marked"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"via": [
{
"source": 1067342,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"range": "<1.2.6"
}
],
"effects": [],
"range": "<1.2.6",
"nodes": [
"node_modules/minimist"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"via": [
"nanoid"
],
"effects": [],
"range": "8.2.0 - 9.1.4",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/doiuse/node_modules/nanoid",
"node_modules/nanoid",
"node_modules/stylelint-no-unsupported-browser-features/node_modules/nanoid"
],
"fixAvailable": true
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"via": [
{
"source": 1067442,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"range": "<2.6.7"
}
],
"effects": [],
"range": "<2.6.7",
"nodes": [
"node_modules/node-fetch"
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "moderate",
"via": [
{
"source": 1067654,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "moderate",
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check",
"node_modules/svgo/node_modules/nth-check"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"prismjs": {
"name": "prismjs",
"severity": "high",
"via": [
{
"source": 1067401,
"name": "prismjs",
"dependency": "prismjs",
"title": "Cross-site Scripting in Prism",
"url": "https://github.com/advisories/GHSA-3949-f494-cm99",
"severity": "high",
"range": ">=1.14.0 <1.27.0"
},
{
"source": 1067653,
"name": "prismjs",
"dependency": "prismjs",
"title": "Regular Expression Denial of Service in prismjs",
"url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
"severity": "moderate",
"range": "<1.25.0"
}
],
"effects": [
"refractor"
],
"range": "<=1.26.0",
"nodes": [
"node_modules/prismjs",
"node_modules/refractor/node_modules/prismjs"
],
"fixAvailable": true
},
"react-dev-utils": {
"name": "react-dev-utils",
"severity": "critical",
"via": [
"browserslist",
"immer"
],
"effects": [
"@storybook/builder-webpack4"
],
"range": "6.0.0-next.03604a46 - 12.0.0-next.60",
"nodes": [
"node_modules/react-dev-utils"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"refractor": {
"name": "refractor",
"severity": "moderate",
"via": [
"prismjs"
],
"effects": [],
"range": "<=3.4.0 || 4.0.0 - 4.1.1",
"nodes": [
"node_modules/refractor"
],
"fixAvailable": true
},
"renderkid": {
"name": "renderkid",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [],
"range": "1.0.0 - 2.0.5",
"nodes": [
"node_modules/renderkid"
],
"fixAvailable": true
},
"simple-get": {
"name": "simple-get",
"severity": "high",
"via": [
{
"source": 1067428,
"name": "simple-get",
"dependency": "simple-get",
"title": "Exposure of Sensitive Information in simple-get",
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"severity": "high",
"range": ">=3.0.0 <3.1.1"
}
],
"effects": [],
"range": "3.0.0 - 3.1.0",
"nodes": [
"node_modules/simple-get"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"via": [
"css-select"
],
"effects": [],
"range": "2.0.0 - 2.3.0",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"tmpl": {
"name": "tmpl",
"severity": "moderate",
"via": [
{
"source": 1067697,
"name": "tmpl",
"dependency": "tmpl",
"title": "Regular Expression Denial of Service in tmpl",
"url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
"severity": "moderate",
"range": "<1.0.5"
}
],
"effects": [],
"range": "<1.0.5",
"nodes": [
"node_modules/tmpl"
],
"fixAvailable": true
},
"validator": {
"name": "validator",
"severity": "moderate",
"via": [
{
"source": 1067532,
"name": "validator",
"dependency": "validator",
"title": " Inefficient Regular Expression Complexity in Validator.js",
"url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6",
"severity": "moderate",
"range": ">=11.1.0 <13.7.0"
},
{
"source": 1067560,
"name": "validator",
"dependency": "validator",
"title": "Inefficient Regular Expression Complexity in validator.js",
"url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5",
"severity": "moderate",
"range": "<13.7.0"
}
],
"effects": [],
"range": "<=13.6.0",
"nodes": [
"node_modules/validator"
],
"fixAvailable": true
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack-hot-middleware": {
"name": "webpack-hot-middleware",
"severity": "high",
"via": [
"ansi-html"
],
"effects": [],
"range": "2.9.0 - 2.25.0",
"nodes": [
"node_modules/webpack-hot-middleware"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "moderate",
"via": [
{
"source": 1067853,
"name": "ws",
"dependency": "ws",
"title": "ReDoS in Sec-Websocket-Protocol header",
"url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693",
"severity": "moderate",
"range": ">=6.0.0 <6.2.2"
}
],
"effects": [],
"range": "6.0.0 - 6.2.1",
"nodes": [
"node_modules/jsdom/node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 16,
"high": 28,
"critical": 3,
"total": 47
},
"dependencies": {
"prod": 1,
"dev": 2405,
"optional": 29,
"peer": 0,
"peerOptional": 0,
"total": 2405
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
Loading composer repositories with package information
Info from https://repo.packagist.org: [37;44m#StandWith[30;43mUkraine[0m
Updating dependencies
Lock file operations: 35 installs, 0 updates, 0 removals
- Locking composer/pcre (1.0.1)
- Locking composer/semver (3.3.2)
- Locking composer/spdx-licenses (1.5.6)
- Locking composer/xdebug-handler (2.0.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v37.0.0)
- Locking mediawiki/mediawiki-phan-config (0.11.0)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (3.3.2)
- Locking microsoft/tolerant-php-parser (v0.1.1)
- Locking netresearch/jsonmapper (v4.0.0)
- Locking phan/phan (5.2.0)
- Locking php-parallel-lint/php-console-color (v0.3)
- Locking php-parallel-lint/php-console-highlighter (v0.5)
- Locking php-parallel-lint/php-parallel-lint (v1.3.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.3.0)
- Locking phpdocumentor/type-resolver (1.6.1)
- Locking psr/container (1.1.2)
- Locking psr/log (1.1.4)
- Locking sabre/event (5.1.4)
- Locking sebastian/diff (3.0.3)
- Locking squizlabs/php_codesniffer (3.6.0)
- Locking symfony/console (v5.4.7)
- Locking symfony/deprecation-contracts (v2.5.1)
- Locking symfony/polyfill-ctype (v1.25.0)
- Locking symfony/polyfill-intl-grapheme (v1.25.0)
- Locking symfony/polyfill-intl-normalizer (v1.25.0)
- Locking symfony/polyfill-mbstring (v1.25.0)
- Locking symfony/polyfill-php73 (v1.25.0)
- Locking symfony/polyfill-php80 (v1.25.0)
- Locking symfony/service-contracts (v2.5.1)
- Locking symfony/string (v5.4.3)
- Locking tysonandre/var_representation_polyfill (0.1.1)
- Locking webmozart/assert (1.10.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 35 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------] 0 [--->------------------------] - Installing composer/pcre (1.0.1): Extracting archive
- Installing squizlabs/php_codesniffer (3.6.0): Extracting archive
- Installing sebastian/diff (3.0.3): Extracting archive
- Installing symfony/polyfill-mbstring (v1.25.0): Extracting archive
- Installing composer/spdx-licenses (1.5.6): Extracting archive
- Installing composer/semver (3.3.2): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v37.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.1): Extracting archive
- Installing symfony/polyfill-php80 (v1.25.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.25.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.25.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.25.0): Extracting archive
- Installing symfony/string (v5.4.3): Extracting archive
- Installing symfony/deprecation-contracts (v2.5.1): Extracting archive
- Installing psr/container (1.1.2): Extracting archive
- Installing symfony/service-contracts (v2.5.1): Extracting archive
- Installing symfony/polyfill-php73 (v1.25.0): Extracting archive
- Installing symfony/console (v5.4.7): Extracting archive
- Installing sabre/event (5.1.4): Extracting archive
- Installing netresearch/jsonmapper (v4.0.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.1): Extracting archive
- Installing webmozart/assert (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.6.1): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (1.1.4): Extracting archive
- Installing composer/xdebug-handler (2.0.5): Extracting archive
- Installing phan/phan (5.2.0): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (3.3.2): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.11.0): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.3.1): Extracting archive
0/26 [>---------------------------] 0%
10/26 [==========>-----------------] 38%
20/26 [=====================>------] 76%
25/26 [==========================>-] 96%
26/26 [============================] 100%7 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
15 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"via": [
"@storybook/core-common",
"react-dev-utils"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "moderate",
"via": [
"@storybook/core-server"
],
"effects": [
"@storybook/html"
],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "high",
"via": [
"glob-base"
],
"effects": [
"@storybook/builder-webpack4",
"@storybook/core-server",
"@storybook/html"
],
"range": "<=6.4.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"cpy"
],
"effects": [
"@storybook/core"
],
"range": "*",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/html": {
"name": "@storybook/html",
"severity": "high",
"via": [
"@storybook/core",
"@storybook/core-common"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/html"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@wikimedia/mw-node-qunit": {
"name": "@wikimedia/mw-node-qunit",
"severity": "moderate",
"via": [
"jquery"
],
"effects": [],
"range": "6.0.0 - 6.1.2",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.3.0",
"isSemVerMajor": false
}
},
"ansi-html": {
"name": "ansi-html",
"severity": "high",
"via": [
{
"source": 1067382,
"name": "ansi-html",
"dependency": "ansi-html",
"title": "Uncontrolled Resource Consumption in ansi-html",
"url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
"severity": "high",
"range": "<0.0.8"
}
],
"effects": [
"webpack-hot-middleware"
],
"range": "<0.0.8",
"nodes": [
"node_modules/ansi-html"
],
"fixAvailable": true
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "moderate",
"via": [
{
"source": 1067300,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=3.0.0 <3.0.1"
},
{
"source": 1067301,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1067302,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"node_modules/@wdio/logger/node_modules/ansi-regex",
"node_modules/ansi-align/node_modules/ansi-regex",
"node_modules/boxen/node_modules/ansi-regex",
"node_modules/cli-table3/node_modules/ansi-regex",
"node_modules/cliui/node_modules/ansi-regex",
"node_modules/cucumber/node_modules/ansi-regex",
"node_modules/doiuse/node_modules/ansi-regex",
"node_modules/eslint/node_modules/ansi-regex",
"node_modules/inquirer/node_modules/ansi-regex",
"node_modules/mocha/node_modules/ansi-regex",
"node_modules/pretty-format/node_modules/ansi-regex",
"node_modules/react-dev-utils/node_modules/ansi-regex",
"node_modules/stylelint/node_modules/ansi-regex",
"node_modules/table/node_modules/ansi-regex",
"node_modules/webpack-cli/node_modules/ansi-regex",
"node_modules/widest-line/node_modules/ansi-regex",
"node_modules/wrap-ansi/node_modules/ansi-regex",
"node_modules/yargs/node_modules/ansi-regex"
],
"fixAvailable": true
},
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1069985,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
},
{
"source": 1069986,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": ">=3.0.0 <3.2.2"
}
],
"effects": [
"jake"
],
"range": ">=3.0.0 <3.2.2 || <2.6.4",
"nodes": [
"node_modules/archiver/node_modules/async",
"node_modules/async"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"via": [
{
"source": 1067343,
"name": "axios",
"dependency": "axios",
"title": "Incorrect Comparison in axios",
"url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
"severity": "high",
"range": "<0.21.2"
}
],
"effects": [
"github-build"
],
"range": "<0.21.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": true
},
"browserslist": {
"name": "browserslist",
"severity": "moderate",
"via": [
{
"source": 1067902,
"name": "browserslist",
"dependency": "browserslist",
"title": "Regular Expression Denial of Service in browserslist",
"url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
"severity": "moderate",
"range": ">=4.0.0 <4.16.5"
}
],
"effects": [
"react-dev-utils"
],
"range": "4.0.0 - 4.16.4",
"nodes": [
"node_modules/react-dev-utils/node_modules/browserslist"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"cpy": {
"name": "cpy",
"severity": "high",
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"via": [
"css-what",
"nth-check"
],
"effects": [
"renderkid",
"svgo"
],
"range": "<=3.1.2",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"css-what": {
"name": "css-what",
"severity": "high",
"via": [
{
"source": 1067850,
"name": "css-what",
"dependency": "css-what",
"title": "Denial of service in css-what",
"url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc",
"severity": "high",
"range": ">=4.0.0 <=5.0.0"
}
],
"effects": [
"css-select"
],
"range": "4.0.0 - 5.0.0",
"nodes": [
"node_modules/svgo/node_modules/css-what"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"ejs": {
"name": "ejs",
"severity": "high",
"via": [
"jake"
],
"effects": [],
"range": ">=3.1.2",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "high",
"via": [
{
"source": 1067407,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
"url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
"severity": "moderate",
"range": "<1.14.8"
},
{
"source": 1067459,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of sensitive information in follow-redirects",
"url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
"severity": "high",
"range": "<1.14.7"
}
],
"effects": [],
"range": "<=1.14.7",
"nodes": [
"node_modules/follow-redirects"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"via": [
"axios"
],
"effects": [],
"range": "<=1.2.2",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-base": {
"name": "glob-base",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"@storybook/core-common"
],
"range": "*",
"nodes": [
"node_modules/glob-base"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"via": [
{
"source": 1067329,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "Regular expression denial of service in glob-parent",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"range": "<5.1.2"
}
],
"effects": [
"chokidar",
"fast-glob",
"glob-base"
],
"range": "<5.1.2",
"nodes": [
"node_modules/cpy/node_modules/glob-parent",
"node_modules/glob-base/node_modules/glob-parent",
"node_modules/watchpack-chokidar2/node_modules/glob-parent"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"globby": {
"name": "globby",
"severity": "high",
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"immer": {
"name": "immer",
"severity": "critical",
"via": [
{
"source": 1067720,
"name": "immer",
"dependency": "immer",
"title": "Prototype Pollution in immer",
"url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
"severity": "critical",
"range": "<9.0.6"
}
],
"effects": [
"react-dev-utils"
],
"range": "<9.0.6",
"nodes": [
"node_modules/immer"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"jake": {
"name": "jake",
"severity": "high",
"via": [
"async"
],
"effects": [
"ejs"
],
"range": ">=8.0.1",
"nodes": [
"node_modules/jake"
],
"fixAvailable": true
},
"jquery": {
"name": "jquery",
"severity": "moderate",
"via": [
{
"source": 1069417,
"name": "jquery",
"dependency": "jquery",
"title": "Potential XSS vulnerability in jQuery",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"severity": "moderate",
"range": ">=1.2 <3.5.0"
},
{
"source": 1069418,
"name": "jquery",
"dependency": "jquery",
"title": "Potential XSS vulnerability in jQuery",
"url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
"severity": "moderate",
"range": ">=1.0.3 <3.5.0"
}
],
"effects": [
"@wikimedia/mw-node-qunit"
],
"range": "<=3.4.1",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.3.0",
"isSemVerMajor": false
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"via": [
"markdown-it",
"marked"
],
"effects": [],
"range": "3.2.0-dev - 3.6.7",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"json-schema": {
"name": "json-schema",
"severity": "moderate",
"via": [
{
"source": 1067524,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "moderate",
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "moderate",
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"via": [
{
"source": 1067456,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"range": "<12.3.2"
}
],
"effects": [
"jsdoc"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"marked": {
"name": "marked",
"severity": "high",
"via": [
{
"source": 1067450,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
"severity": "high",
"range": "<4.0.10"
}
],
"effects": [
"jsdoc"
],
"range": "<4.0.10",
"nodes": [
"node_modules/marked"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"via": [
{
"source": 1067342,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"range": "<1.2.6"
}
],
"effects": [],
"range": "<1.2.6",
"nodes": [
"node_modules/minimist"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"via": [
"nanoid"
],
"effects": [],
"range": "8.2.0 - 9.1.4",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/doiuse/node_modules/nanoid",
"node_modules/nanoid",
"node_modules/stylelint-no-unsupported-browser-features/node_modules/nanoid"
],
"fixAvailable": true
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"via": [
{
"source": 1067442,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"range": "<2.6.7"
}
],
"effects": [],
"range": "<2.6.7",
"nodes": [
"node_modules/node-fetch"
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "moderate",
"via": [
{
"source": 1067654,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "moderate",
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check",
"node_modules/svgo/node_modules/nth-check"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"prismjs": {
"name": "prismjs",
"severity": "high",
"via": [
{
"source": 1067401,
"name": "prismjs",
"dependency": "prismjs",
"title": "Cross-site Scripting in Prism",
"url": "https://github.com/advisories/GHSA-3949-f494-cm99",
"severity": "high",
"range": ">=1.14.0 <1.27.0"
},
{
"source": 1067653,
"name": "prismjs",
"dependency": "prismjs",
"title": "Regular Expression Denial of Service in prismjs",
"url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
"severity": "moderate",
"range": "<1.25.0"
}
],
"effects": [
"refractor"
],
"range": "<=1.26.0",
"nodes": [
"node_modules/prismjs",
"node_modules/refractor/node_modules/prismjs"
],
"fixAvailable": true
},
"react-dev-utils": {
"name": "react-dev-utils",
"severity": "critical",
"via": [
"browserslist",
"immer"
],
"effects": [
"@storybook/builder-webpack4"
],
"range": "6.0.0-next.03604a46 - 12.0.0-next.60",
"nodes": [
"node_modules/react-dev-utils"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"refractor": {
"name": "refractor",
"severity": "moderate",
"via": [
"prismjs"
],
"effects": [],
"range": "<=3.4.0 || 4.0.0 - 4.1.1",
"nodes": [
"node_modules/refractor"
],
"fixAvailable": true
},
"renderkid": {
"name": "renderkid",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [],
"range": "1.0.0 - 2.0.5",
"nodes": [
"node_modules/renderkid"
],
"fixAvailable": true
},
"simple-get": {
"name": "simple-get",
"severity": "high",
"via": [
{
"source": 1067428,
"name": "simple-get",
"dependency": "simple-get",
"title": "Exposure of Sensitive Information in simple-get",
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"severity": "high",
"range": ">=3.0.0 <3.1.1"
}
],
"effects": [],
"range": "3.0.0 - 3.1.0",
"nodes": [
"node_modules/simple-get"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"via": [
"css-select"
],
"effects": [],
"range": "2.0.0 - 2.3.0",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"tmpl": {
"name": "tmpl",
"severity": "moderate",
"via": [
{
"source": 1067697,
"name": "tmpl",
"dependency": "tmpl",
"title": "Regular Expression Denial of Service in tmpl",
"url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
"severity": "moderate",
"range": "<1.0.5"
}
],
"effects": [],
"range": "<1.0.5",
"nodes": [
"node_modules/tmpl"
],
"fixAvailable": true
},
"validator": {
"name": "validator",
"severity": "moderate",
"via": [
{
"source": 1067532,
"name": "validator",
"dependency": "validator",
"title": " Inefficient Regular Expression Complexity in Validator.js",
"url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6",
"severity": "moderate",
"range": ">=11.1.0 <13.7.0"
},
{
"source": 1067560,
"name": "validator",
"dependency": "validator",
"title": "Inefficient Regular Expression Complexity in validator.js",
"url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5",
"severity": "moderate",
"range": "<13.7.0"
}
],
"effects": [],
"range": "<=13.6.0",
"nodes": [
"node_modules/validator"
],
"fixAvailable": true
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack-hot-middleware": {
"name": "webpack-hot-middleware",
"severity": "high",
"via": [
"ansi-html"
],
"effects": [],
"range": "2.9.0 - 2.25.0",
"nodes": [
"node_modules/webpack-hot-middleware"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "moderate",
"via": [
{
"source": 1067853,
"name": "ws",
"dependency": "ws",
"title": "ReDoS in Sec-Websocket-Protocol header",
"url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693",
"severity": "moderate",
"range": ">=6.0.0 <6.2.2"
}
],
"effects": [],
"range": "6.0.0 - 6.2.1",
"nodes": [
"node_modules/jsdom/node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 16,
"high": 28,
"critical": 3,
"total": 47
},
"dependencies": {
"prod": 1,
"dev": 2405,
"optional": 29,
"peer": 0,
"peerOptional": 0,
"total": 2405
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps
--- stderr ---
npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
--- stdout ---
{
"added": 2425,
"removed": 0,
"changed": 0,
"audited": 2426,
"funding": 210,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"via": [
"@storybook/core-common",
"react-dev-utils"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "moderate",
"via": [
"@storybook/core-server"
],
"effects": [
"@storybook/html"
],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "high",
"via": [
"glob-base"
],
"effects": [
"@storybook/builder-webpack4",
"@storybook/core-server",
"@storybook/html"
],
"range": "<=6.4.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"cpy"
],
"effects": [
"@storybook/core"
],
"range": "*",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@storybook/html": {
"name": "@storybook/html",
"severity": "high",
"via": [
"@storybook/core",
"@storybook/core-common"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
"nodes": [
"node_modules/@storybook/html"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"@wikimedia/mw-node-qunit": {
"name": "@wikimedia/mw-node-qunit",
"severity": "moderate",
"via": [
"jquery"
],
"effects": [],
"range": "6.0.0 - 6.1.2",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.3.0",
"isSemVerMajor": false
}
},
"ansi-html": {
"name": "ansi-html",
"severity": "high",
"via": [
{
"source": 1067382,
"name": "ansi-html",
"dependency": "ansi-html",
"title": "Uncontrolled Resource Consumption in ansi-html",
"url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
"severity": "high",
"range": "<0.0.8"
}
],
"effects": [
"webpack-hot-middleware"
],
"range": "<0.0.8",
"nodes": [
""
],
"fixAvailable": true
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "moderate",
"via": [
{
"source": 1067300,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=3.0.0 <3.0.1"
},
{
"source": 1067301,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1067302,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "moderate",
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
""
],
"fixAvailable": true
},
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1069985,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
},
{
"source": 1069986,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": ">=3.0.0 <3.2.2"
}
],
"effects": [
"jake"
],
"range": ">=3.0.0 <3.2.2 || <2.6.4",
"nodes": [
"",
"node_modules/async"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"via": [
{
"source": 1067343,
"name": "axios",
"dependency": "axios",
"title": "Incorrect Comparison in axios",
"url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
"severity": "high",
"range": "<0.21.2"
}
],
"effects": [
"github-build"
],
"range": "<0.21.2",
"nodes": [
""
],
"fixAvailable": true
},
"browserslist": {
"name": "browserslist",
"severity": "moderate",
"via": [
{
"source": 1067902,
"name": "browserslist",
"dependency": "browserslist",
"title": "Regular Expression Denial of Service in browserslist",
"url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
"severity": "moderate",
"range": ">=4.0.0 <4.16.5"
}
],
"effects": [
"react-dev-utils"
],
"range": "4.0.0 - 4.16.4",
"nodes": [
"node_modules/react-dev-utils/node_modules/browserslist"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"cpy": {
"name": "cpy",
"severity": "high",
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"css-select": {
"name": "css-select",
"severity": "high",
"via": [
"css-what",
"nth-check"
],
"effects": [
"renderkid",
"svgo"
],
"range": "<=3.1.2",
"nodes": [
"",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"css-what": {
"name": "css-what",
"severity": "high",
"via": [
{
"source": 1067850,
"name": "css-what",
"dependency": "css-what",
"title": "Denial of service in css-what",
"url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc",
"severity": "high",
"range": ">=4.0.0 <=5.0.0"
}
],
"effects": [
"css-select"
],
"range": "4.0.0 - 5.0.0",
"nodes": [
"node_modules/svgo/node_modules/css-what"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"ejs": {
"name": "ejs",
"severity": "high",
"via": [
"jake"
],
"effects": [],
"range": ">=3.1.2",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "high",
"via": [
{
"source": 1067407,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
"url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
"severity": "moderate",
"range": "<1.14.8"
},
{
"source": 1067459,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of sensitive information in follow-redirects",
"url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
"severity": "high",
"range": "<1.14.7"
}
],
"effects": [],
"range": "<=1.14.7",
"nodes": [
""
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"via": [
"axios"
],
"effects": [],
"range": "<=1.2.2",
"nodes": [
""
],
"fixAvailable": true
},
"glob-base": {
"name": "glob-base",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"@storybook/core-common"
],
"range": "*",
"nodes": [
"node_modules/glob-base"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"via": [
{
"source": 1067329,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "Regular expression denial of service in glob-parent",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"range": "<5.1.2"
}
],
"effects": [
"chokidar",
"fast-glob",
"glob-base"
],
"range": "<5.1.2",
"nodes": [
"node_modules/cpy/node_modules/glob-parent",
"node_modules/glob-base/node_modules/glob-parent",
"node_modules/watchpack-chokidar2/node_modules/glob-parent"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"globby": {
"name": "globby",
"severity": "high",
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"immer": {
"name": "immer",
"severity": "critical",
"via": [
{
"source": 1067720,
"name": "immer",
"dependency": "immer",
"title": "Prototype Pollution in immer",
"url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
"severity": "critical",
"range": "<9.0.6"
}
],
"effects": [
"react-dev-utils"
],
"range": "<9.0.6",
"nodes": [
"node_modules/immer"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"jake": {
"name": "jake",
"severity": "high",
"via": [
"async"
],
"effects": [
"ejs"
],
"range": ">=8.0.1",
"nodes": [
""
],
"fixAvailable": true
},
"jquery": {
"name": "jquery",
"severity": "moderate",
"via": [
{
"source": 1069417,
"name": "jquery",
"dependency": "jquery",
"title": "Potential XSS vulnerability in jQuery",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"severity": "moderate",
"range": ">=1.2 <3.5.0"
},
{
"source": 1069418,
"name": "jquery",
"dependency": "jquery",
"title": "Potential XSS vulnerability in jQuery",
"url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
"severity": "moderate",
"range": ">=1.0.3 <3.5.0"
}
],
"effects": [
"@wikimedia/mw-node-qunit"
],
"range": "<=3.4.1",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.3.0",
"isSemVerMajor": false
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"via": [
"markdown-it",
"marked"
],
"effects": [],
"range": "3.2.0-dev - 3.6.7",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"json-schema": {
"name": "json-schema",
"severity": "moderate",
"via": [
{
"source": 1067524,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "moderate",
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
""
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "moderate",
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
""
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"via": [
{
"source": 1067456,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"range": "<12.3.2"
}
],
"effects": [
"jsdoc"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"marked": {
"name": "marked",
"severity": "high",
"via": [
{
"source": 1067450,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
"severity": "high",
"range": "<4.0.10"
}
],
"effects": [
"jsdoc"
],
"range": "<4.0.10",
"nodes": [
""
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.10",
"isSemVerMajor": false
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"via": [
{
"source": 1067342,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"range": "<1.2.6"
}
],
"effects": [],
"range": "<1.2.6",
"nodes": [
""
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"via": [
"nanoid"
],
"effects": [],
"range": "8.2.0 - 9.1.4",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"",
"",
"node_modules/nanoid"
],
"fixAvailable": true
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"via": [
{
"source": 1067442,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"range": "<2.6.7"
}
],
"effects": [],
"range": "<2.6.7",
"nodes": [
""
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "moderate",
"via": [
{
"source": 1067654,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "moderate",
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"",
""
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"prismjs": {
"name": "prismjs",
"severity": "high",
"via": [
{
"source": 1067401,
"name": "prismjs",
"dependency": "prismjs",
"title": "Cross-site Scripting in Prism",
"url": "https://github.com/advisories/GHSA-3949-f494-cm99",
"severity": "high",
"range": ">=1.14.0 <1.27.0"
},
{
"source": 1067653,
"name": "prismjs",
"dependency": "prismjs",
"title": "Regular Expression Denial of Service in prismjs",
"url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
"severity": "moderate",
"range": "<1.25.0"
}
],
"effects": [
"refractor"
],
"range": "<=1.26.0",
"nodes": [
"",
""
],
"fixAvailable": true
},
"react-dev-utils": {
"name": "react-dev-utils",
"severity": "critical",
"via": [
"browserslist",
"immer"
],
"effects": [
"@storybook/builder-webpack4"
],
"range": "6.0.0-next.03604a46 - 12.0.0-next.60",
"nodes": [
"node_modules/react-dev-utils"
],
"fixAvailable": {
"name": "@storybook/html",
"version": "6.4.22",
"isSemVerMajor": false
}
},
"refractor": {
"name": "refractor",
"severity": "moderate",
"via": [
"prismjs"
],
"effects": [],
"range": "<=3.4.0 || 4.0.0 - 4.1.1",
"nodes": [
""
],
"fixAvailable": true
},
"renderkid": {
"name": "renderkid",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [],
"range": "1.0.0 - 2.0.5",
"nodes": [
""
],
"fixAvailable": true
},
"simple-get": {
"name": "simple-get",
"severity": "high",
"via": [
{
"source": 1067428,
"name": "simple-get",
"dependency": "simple-get",
"title": "Exposure of Sensitive Information in simple-get",
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"severity": "high",
"range": ">=3.0.0 <3.1.1"
}
],
"effects": [],
"range": "3.0.0 - 3.1.0",
"nodes": [
""
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"via": [
"css-select"
],
"effects": [],
"range": "2.0.0 - 2.3.0",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "2.8.0",
"isSemVerMajor": false
}
},
"tmpl": {
"name": "tmpl",
"severity": "moderate",
"via": [
{
"source": 1067697,
"name": "tmpl",
"dependency": "tmpl",
"title": "Regular Expression Denial of Service in tmpl",
"url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
"severity": "moderate",
"range": "<1.0.5"
}
],
"effects": [],
"range": "<1.0.5",
"nodes": [
""
],
"fixAvailable": true
},
"validator": {
"name": "validator",
"severity": "moderate",
"via": [
{
"source": 1067532,
"name": "validator",
"dependency": "validator",
"title": " Inefficient Regular Expression Complexity in Validator.js",
"url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6",
"severity": "moderate",
"range": ">=11.1.0 <13.7.0"
},
{
"source": 1067560,
"name": "validator",
"dependency": "validator",
"title": "Inefficient Regular Expression Complexity in validator.js",
"url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5",
"severity": "moderate",
"range": "<13.7.0"
}
],
"effects": [],
"range": "<=13.6.0",
"nodes": [
""
],
"fixAvailable": true
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack-hot-middleware": {
"name": "webpack-hot-middleware",
"severity": "high",
"via": [
"ansi-html"
],
"effects": [],
"range": "2.9.0 - 2.25.0",
"nodes": [
""
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "moderate",
"via": [
{
"source": 1067853,
"name": "ws",
"dependency": "ws",
"title": "ReDoS in Sec-Websocket-Protocol header",
"url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693",
"severity": "moderate",
"range": ">=6.0.0 <6.2.2"
}
],
"effects": [],
"range": "6.0.0 - 6.2.1",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 16,
"high": 28,
"critical": 3,
"total": 47
},
"dependencies": {
"prod": 1,
"dev": 2425,
"optional": 29,
"peer": 0,
"peerOptional": 0,
"total": 2425
}
}
}
}
--- end ---
{"added": 2425, "removed": 0, "changed": 0, "audited": 2426, "funding": 210, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "via": ["@storybook/core-common", "react-dev-utils"], "effects": ["@storybook/core-server"], "range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/core": {"name": "@storybook/core", "severity": "moderate", "via": ["@storybook/core-server"], "effects": ["@storybook/html"], "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5", "nodes": ["node_modules/@storybook/core"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "high", "via": ["glob-base"], "effects": ["@storybook/builder-webpack4", "@storybook/core-server", "@storybook/html"], "range": "<=6.4.0-rc.11", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "via": ["@storybook/builder-webpack4", "@storybook/core-common", "cpy"], "effects": ["@storybook/core"], "range": "*", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/html": {"name": "@storybook/html", "severity": "high", "via": ["@storybook/core", "@storybook/core-common"], "effects": [], "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5", "nodes": ["node_modules/@storybook/html"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@wikimedia/mw-node-qunit": {"name": "@wikimedia/mw-node-qunit", "severity": "moderate", "via": ["jquery"], "effects": [], "range": "6.0.0 - 6.1.2", "nodes": ["node_modules/@wikimedia/mw-node-qunit"], "fixAvailable": {"name": "@wikimedia/mw-node-qunit", "version": "6.3.0", "isSemVerMajor": false}}, "ansi-html": {"name": "ansi-html", "severity": "high", "via": [{"source": 1067382, "name": "ansi-html", "dependency": "ansi-html", "title": "Uncontrolled Resource Consumption in ansi-html", "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9", "severity": "high", "range": "<0.0.8"}], "effects": ["webpack-hot-middleware"], "range": "<0.0.8", "nodes": [""], "fixAvailable": true}, "ansi-regex": {"name": "ansi-regex", "severity": "moderate", "via": [{"source": 1067300, "name": "ansi-regex", "dependency": "ansi-regex", "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "moderate", "range": ">=3.0.0 <3.0.1"}, {"source": 1067301, "name": "ansi-regex", "dependency": "ansi-regex", "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "moderate", "range": ">=4.0.0 <4.1.1"}, {"source": 1067302, "name": "ansi-regex", "dependency": "ansi-regex", "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "moderate", "range": ">=5.0.0 <5.0.1"}], "effects": [], "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0", "nodes": ["", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""], "fixAvailable": true}, "async": {"name": "async", "severity": "high", "via": [{"source": 1069985, "name": "async", "dependency": "async", "title": "Prototype Pollution in async", "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25", "severity": "high", "range": "<2.6.4"}, {"source": 1069986, "name": "async", "dependency": "async", "title": "Prototype Pollution in async", "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25", "severity": "high", "range": ">=3.0.0 <3.2.2"}], "effects": ["jake"], "range": ">=3.0.0 <3.2.2 || <2.6.4", "nodes": ["", "node_modules/async"], "fixAvailable": true}, "axios": {"name": "axios", "severity": "high", "via": [{"source": 1067343, "name": "axios", "dependency": "axios", "title": "Incorrect Comparison in axios", "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x", "severity": "high", "range": "<0.21.2"}], "effects": ["github-build"], "range": "<0.21.2", "nodes": [""], "fixAvailable": true}, "browserslist": {"name": "browserslist", "severity": "moderate", "via": [{"source": 1067902, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "range": ">=4.0.0 <4.16.5"}], "effects": ["react-dev-utils"], "range": "4.0.0 - 4.16.4", "nodes": ["node_modules/react-dev-utils/node_modules/browserslist"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "chokidar": {"name": "chokidar", "severity": "high", "via": ["glob-parent"], "effects": ["watchpack-chokidar2"], "range": "1.0.0-rc1 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": true}, "cpy": {"name": "cpy", "severity": "high", "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "css-select": {"name": "css-select", "severity": "high", "via": ["css-what", "nth-check"], "effects": ["renderkid", "svgo"], "range": "<=3.1.2", "nodes": ["", "node_modules/svgo/node_modules/css-select"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "css-what": {"name": "css-what", "severity": "high", "via": [{"source": 1067850, "name": "css-what", "dependency": "css-what", "title": "Denial of service in css-what", "url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc", "severity": "high", "range": ">=4.0.0 <=5.0.0"}], "effects": ["css-select"], "range": "4.0.0 - 5.0.0", "nodes": ["node_modules/svgo/node_modules/css-what"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "ejs": {"name": "ejs", "severity": "high", "via": ["jake"], "effects": [], "range": ">=3.1.2", "nodes": ["node_modules/ejs"], "fixAvailable": true}, "fast-glob": {"name": "fast-glob", "severity": "high", "via": ["glob-parent"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/cpy/node_modules/fast-glob"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "follow-redirects": {"name": "follow-redirects", "severity": "high", "via": [{"source": 1067407, "name": "follow-redirects", "dependency": "follow-redirects", "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects", "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c", "severity": "moderate", "range": "<1.14.8"}, {"source": 1067459, "name": "follow-redirects", "dependency": "follow-redirects", "title": "Exposure of sensitive information in follow-redirects", "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q", "severity": "high", "range": "<1.14.7"}], "effects": [], "range": "<=1.14.7", "nodes": [""], "fixAvailable": true}, "github-build": {"name": "github-build", "severity": "high", "via": ["axios"], "effects": [], "range": "<=1.2.2", "nodes": [""], "fixAvailable": true}, "glob-base": {"name": "glob-base", "severity": "high", "via": ["glob-parent"], "effects": ["@storybook/core-common"], "range": "*", "nodes": ["node_modules/glob-base"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "glob-parent": {"name": "glob-parent", "severity": "high", "via": [{"source": 1067329, "name": "glob-parent", "dependency": "glob-parent", "title": "Regular expression denial of service in glob-parent", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "range": "<5.1.2"}], "effects": ["chokidar", "fast-glob", "glob-base"], "range": "<5.1.2", "nodes": ["node_modules/cpy/node_modules/glob-parent", "node_modules/glob-base/node_modules/glob-parent", "node_modules/watchpack-chokidar2/node_modules/glob-parent"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "globby": {"name": "globby", "severity": "high", "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/cpy/node_modules/globby"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "immer": {"name": "immer", "severity": "critical", "via": [{"source": 1067720, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h", "severity": "critical", "range": "<9.0.6"}], "effects": ["react-dev-utils"], "range": "<9.0.6", "nodes": ["node_modules/immer"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "jake": {"name": "jake", "severity": "high", "via": ["async"], "effects": ["ejs"], "range": ">=8.0.1", "nodes": [""], "fixAvailable": true}, "jquery": {"name": "jquery", "severity": "moderate", "via": [{"source": 1069417, "name": "jquery", "dependency": "jquery", "title": "Potential XSS vulnerability in jQuery", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "severity": "moderate", "range": ">=1.2 <3.5.0"}, {"source": 1069418, "name": "jquery", "dependency": "jquery", "title": "Potential XSS vulnerability in jQuery", "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6", "severity": "moderate", "range": ">=1.0.3 <3.5.0"}], "effects": ["@wikimedia/mw-node-qunit"], "range": "<=3.4.1", "nodes": ["node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"], "fixAvailable": {"name": "@wikimedia/mw-node-qunit", "version": "6.3.0", "isSemVerMajor": false}}, "jsdoc": {"name": "jsdoc", "severity": "high", "via": ["markdown-it", "marked"], "effects": [], "range": "3.2.0-dev - 3.6.7", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "3.6.10", "isSemVerMajor": false}}, "json-schema": {"name": "json-schema", "severity": "moderate", "via": [{"source": 1067524, "name": "json-schema", "dependency": "json-schema", "title": "json-schema is vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-896r-f27r-55mw", "severity": "moderate", "range": "<0.4.0"}], "effects": ["jsprim"], "range": "<0.4.0", "nodes": [""], "fixAvailable": true}, "jsprim": {"name": "jsprim", "severity": "moderate", "via": ["json-schema"], "effects": [], "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1", "nodes": [""], "fixAvailable": true}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "via": [{"source": 1067456, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "range": "<12.3.2"}], "effects": ["jsdoc"], "range": "<12.3.2", "nodes": ["node_modules/markdown-it"], "fixAvailable": {"name": "jsdoc", "version": "3.6.10", "isSemVerMajor": false}}, "marked": {"name": "marked", "severity": "high", "via": [{"source": 1067450, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "range": "<4.0.10"}], "effects": ["jsdoc"], "range": "<4.0.10", "nodes": [""], "fixAvailable": {"name": "jsdoc", "version": "3.6.10", "isSemVerMajor": false}}, "minimist": {"name": "minimist", "severity": "critical", "via": [{"source": 1067342, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "range": "<1.2.6"}], "effects": [], "range": "<1.2.6", "nodes": [""], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "moderate", "via": ["nanoid"], "effects": [], "range": "8.2.0 - 9.1.4", "nodes": ["node_modules/mocha"], "fixAvailable": true}, "nanoid": {"name": "nanoid", "severity": "moderate", "via": [{"source": 1067367, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "range": ">=3.0.0 <3.1.31"}], "effects": ["mocha"], "range": "3.0.0 - 3.1.30", "nodes": ["", "", "node_modules/nanoid"], "fixAvailable": true}, "node-fetch": {"name": "node-fetch", "severity": "high", "via": [{"source": 1067442, "name": "node-fetch", "dependency": "node-fetch", "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor", "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g", "severity": "high", "range": "<2.6.7"}], "effects": [], "range": "<2.6.7", "nodes": [""], "fixAvailable": true}, "nth-check": {"name": "nth-check", "severity": "moderate", "via": [{"source": 1067654, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "moderate", "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["", ""], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "prismjs": {"name": "prismjs", "severity": "high", "via": [{"source": 1067401, "name": "prismjs", "dependency": "prismjs", "title": "Cross-site Scripting in Prism", "url": "https://github.com/advisories/GHSA-3949-f494-cm99", "severity": "high", "range": ">=1.14.0 <1.27.0"}, {"source": 1067653, "name": "prismjs", "dependency": "prismjs", "title": "Regular Expression Denial of Service in prismjs", "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96", "severity": "moderate", "range": "<1.25.0"}], "effects": ["refractor"], "range": "<=1.26.0", "nodes": ["", ""], "fixAvailable": true}, "react-dev-utils": {"name": "react-dev-utils", "severity": "critical", "via": ["browserslist", "immer"], "effects": ["@storybook/builder-webpack4"], "range": "6.0.0-next.03604a46 - 12.0.0-next.60", "nodes": ["node_modules/react-dev-utils"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "refractor": {"name": "refractor", "severity": "moderate", "via": ["prismjs"], "effects": [], "range": "<=3.4.0 || 4.0.0 - 4.1.1", "nodes": [""], "fixAvailable": true}, "renderkid": {"name": "renderkid", "severity": "moderate", "via": ["css-select"], "effects": [], "range": "1.0.0 - 2.0.5", "nodes": [""], "fixAvailable": true}, "simple-get": {"name": "simple-get", "severity": "high", "via": [{"source": 1067428, "name": "simple-get", "dependency": "simple-get", "title": "Exposure of Sensitive Information in simple-get", "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv", "severity": "high", "range": ">=3.0.0 <3.1.1"}], "effects": [], "range": "3.0.0 - 3.1.0", "nodes": [""], "fixAvailable": true}, "svgo": {"name": "svgo", "severity": "high", "via": ["css-select"], "effects": [], "range": "2.0.0 - 2.3.0", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "tmpl": {"name": "tmpl", "severity": "moderate", "via": [{"source": 1067697, "name": "tmpl", "dependency": "tmpl", "title": "Regular Expression Denial of Service in tmpl", "url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v", "severity": "moderate", "range": "<1.0.5"}], "effects": [], "range": "<1.0.5", "nodes": [""], "fixAvailable": true}, "validator": {"name": "validator", "severity": "moderate", "via": [{"source": 1067532, "name": "validator", "dependency": "validator", "title": " Inefficient Regular Expression Complexity in Validator.js", "url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6", "severity": "moderate", "range": ">=11.1.0 <13.7.0"}, {"source": 1067560, "name": "validator", "dependency": "validator", "title": "Inefficient Regular Expression Complexity in validator.js", "url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5", "severity": "moderate", "range": "<13.7.0"}], "effects": [], "range": "<=13.6.0", "nodes": [""], "fixAvailable": true}, "watchpack": {"name": "watchpack", "severity": "high", "via": ["watchpack-chokidar2"], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/watchpack"], "fixAvailable": true}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": true}, "webpack-hot-middleware": {"name": "webpack-hot-middleware", "severity": "high", "via": ["ansi-html"], "effects": [], "range": "2.9.0 - 2.25.0", "nodes": [""], "fixAvailable": true}, "ws": {"name": "ws", "severity": "moderate", "via": [{"source": 1067853, "name": "ws", "dependency": "ws", "title": "ReDoS in Sec-Websocket-Protocol header", "url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693", "severity": "moderate", "range": ">=6.0.0 <6.2.2"}], "effects": [], "range": "6.0.0 - 6.2.1", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 16, "high": 28, "critical": 3, "total": 47}, "dependencies": {"prod": 1, "dev": 2425, "optional": 29, "peer": 0, "peerOptional": 0, "total": 2425}}}}
{}
Upgrading n:@storybook/html from 6.2.3 -> 6.4.22
{}
Upgrading n:@wikimedia/mw-node-qunit from 6.1.2 -> 6.3.0
{}
Upgrading n:jsdoc from 3.6.7 -> 3.6.10
{}
Upgrading n:svgo from 2.3.0 -> 2.8.0
$ /usr/bin/npm audit fix --only=dev --legacy-peer-deps
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'klaw@4.0.1',
npm WARN EBADENGINE required: { node: '>=14.14.0' },
npm WARN EBADENGINE current: { node: 'v12.22.5', npm: '7.5.2' }
npm WARN EBADENGINE }
--- stdout ---
added 2589 packages, and audited 2590 packages in 2m
151 packages are looking for funding
run `npm fund` for details
# npm audit report
async <2.6.4
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
jake >=8.0.1
Depends on vulnerable versions of async
node_modules/jake
ejs >=3.1.2
Depends on vulnerable versions of jake
node_modules/ejs
glob-parent <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @storybook/html@6.1.21, which is a breaking change
node_modules/cpy/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/cpy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/cpy/node_modules/globby
cpy 7.0.0 - 8.1.2
Depends on vulnerable versions of globby
node_modules/cpy
@storybook/core-server *
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of cpy
node_modules/@storybook/core-server
@storybook/core >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
@storybook/html >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core
node_modules/@storybook/html
nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid
mocha 8.2.0 - 9.1.4
Depends on vulnerable versions of nanoid
node_modules/mocha
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix --force`
Will install @storybook/html@6.1.21, which is a breaking change
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/@mdx-js/mdx/node_modules/remark-parse
node_modules/remark-mdx/node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
@storybook/csf-tools <=6.5.0-alpha.42
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/csf-tools
@storybook/core-server *
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of cpy
node_modules/@storybook/core-server
@storybook/core >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
@storybook/html >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core
node_modules/@storybook/html
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
20 vulnerabilities (2 moderate, 18 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'klaw@4.0.1',
npm WARN EBADENGINE required: { node: '>=14.14.0' },
npm WARN EBADENGINE current: { node: 'v12.22.5', npm: '7.5.2' }
npm WARN EBADENGINE }
--- stdout ---
added 2589 packages, and audited 2590 packages in 2m
152 packages are looking for funding
run `npm fund` for details
20 vulnerabilities (2 moderate, 18 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
npm ERR! code 1
npm ERR! path /src/repo
npm ERR! command failed
npm ERR! command sh -c npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2022-04-15T00_34_41_479Z-debug.log
--- stdout ---
> test
> npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc
Checked 1 message directory.
/src/repo/src/mobile.editor.overlay/SourceEditorOverlay.js
26:2 warning Unused eslint-disable directive (no problems were reported from 'compat/compat')
/src/repo/src/mobile.init/editor.js
165:7 error document.body() is not supported in Firefox 27 compat/compat
221:7 error document.body() is not supported in Firefox 27 compat/compat
/src/repo/src/mobile.startup/Browser.js
106:3 warning Unused eslint-disable directive (no problems were reported from 'compat/compat')
✖ 4 problems (2 errors, 2 warnings)
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1396, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1340, in run
self.npm_audit_fix(new_npm_audit)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 242, in npm_audit_fix
self.check_call(['npm', 'test'])
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
res.check_returncode()
File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.