mediawiki/extensions/MobileFrontend (REL1_37)

sourcepatches
$ date
--- stdout ---
Fri Apr 15 00:28:11 UTC 2022

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-MobileFrontend.git repo --depth=1 -b REL1_37
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_37
--- stdout ---
f1faaa1a7a023b05eebdb3fd7968d5efc7764b13 refs/heads/REL1_37

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@storybook/builder-webpack4": {
      "name": "@storybook/builder-webpack4",
      "severity": "high",
      "via": [
        "@storybook/core-common",
        "react-dev-utils"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/builder-webpack4"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "moderate",
      "via": [
        "@storybook/core-server"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-common": {
      "name": "@storybook/core-common",
      "severity": "high",
      "via": [
        "glob-base"
      ],
      "effects": [
        "@storybook/builder-webpack4",
        "@storybook/core-server",
        "@storybook/html"
      ],
      "range": "<=6.4.0-rc.11",
      "nodes": [
        "node_modules/@storybook/core-common"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-server": {
      "name": "@storybook/core-server",
      "severity": "high",
      "via": [
        "@storybook/builder-webpack4",
        "@storybook/core-common",
        "cpy"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/core-server"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "via": [
        "@storybook/core",
        "@storybook/core-common"
      ],
      "effects": [],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@wikimedia/mw-node-qunit": {
      "name": "@wikimedia/mw-node-qunit",
      "severity": "moderate",
      "via": [
        "jquery"
      ],
      "effects": [],
      "range": "6.0.0 - 6.1.2",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit"
      ],
      "fixAvailable": {
        "name": "@wikimedia/mw-node-qunit",
        "version": "6.3.0",
        "isSemVerMajor": false
      }
    },
    "ansi-html": {
      "name": "ansi-html",
      "severity": "high",
      "via": [
        {
          "source": 1067382,
          "name": "ansi-html",
          "dependency": "ansi-html",
          "title": "Uncontrolled Resource Consumption in ansi-html",
          "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
          "severity": "high",
          "range": "<0.0.8"
        }
      ],
      "effects": [
        "webpack-hot-middleware"
      ],
      "range": "<0.0.8",
      "nodes": [
        "node_modules/ansi-html"
      ],
      "fixAvailable": true
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "moderate",
      "via": [
        {
          "source": 1067300,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "moderate",
          "range": ">=3.0.0 <3.0.1"
        },
        {
          "source": 1067301,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "moderate",
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1067302,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "moderate",
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/@wdio/logger/node_modules/ansi-regex",
        "node_modules/ansi-align/node_modules/ansi-regex",
        "node_modules/boxen/node_modules/ansi-regex",
        "node_modules/cli-table3/node_modules/ansi-regex",
        "node_modules/cliui/node_modules/ansi-regex",
        "node_modules/cucumber/node_modules/ansi-regex",
        "node_modules/doiuse/node_modules/ansi-regex",
        "node_modules/eslint/node_modules/ansi-regex",
        "node_modules/inquirer/node_modules/ansi-regex",
        "node_modules/mocha/node_modules/ansi-regex",
        "node_modules/pretty-format/node_modules/ansi-regex",
        "node_modules/react-dev-utils/node_modules/ansi-regex",
        "node_modules/stylelint/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/webpack-cli/node_modules/ansi-regex",
        "node_modules/widest-line/node_modules/ansi-regex",
        "node_modules/wrap-ansi/node_modules/ansi-regex",
        "node_modules/yargs/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1069985,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": "<2.6.4"
        },
        {
          "source": 1069986,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": ">=3.0.0 <3.2.2"
        }
      ],
      "effects": [
        "jake"
      ],
      "range": ">=3.0.0 <3.2.2 || <2.6.4",
      "nodes": [
        "node_modules/archiver/node_modules/async",
        "node_modules/async"
      ],
      "fixAvailable": true
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "via": [
        {
          "source": 1067343,
          "name": "axios",
          "dependency": "axios",
          "title": "Incorrect Comparison in axios",
          "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
          "severity": "high",
          "range": "<0.21.2"
        }
      ],
      "effects": [
        "github-build"
      ],
      "range": "<0.21.2",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "via": [
        {
          "source": 1067902,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/chokidar"
      ],
      "fixAvailable": true
    },
    "cpy": {
      "name": "cpy",
      "severity": "high",
      "via": [
        "globby"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "via": [
        "css-what",
        "nth-check"
      ],
      "effects": [
        "renderkid",
        "svgo"
      ],
      "range": "<=3.1.2",
      "nodes": [
        "node_modules/css-select",
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "css-what": {
      "name": "css-what",
      "severity": "high",
      "via": [
        {
          "source": 1067850,
          "name": "css-what",
          "dependency": "css-what",
          "title": "Denial of service in css-what",
          "url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc",
          "severity": "high",
          "range": ">=4.0.0 <=5.0.0"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "4.0.0 - 5.0.0",
      "nodes": [
        "node_modules/svgo/node_modules/css-what"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "ejs": {
      "name": "ejs",
      "severity": "high",
      "via": [
        "jake"
      ],
      "effects": [],
      "range": ">=3.1.2",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": true
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/cpy/node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "high",
      "via": [
        {
          "source": 1067407,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
          "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
          "severity": "moderate",
          "range": "<1.14.8"
        },
        {
          "source": 1067459,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of sensitive information in follow-redirects",
          "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
          "severity": "high",
          "range": "<1.14.7"
        }
      ],
      "effects": [],
      "range": "<=1.14.7",
      "nodes": [
        "node_modules/follow-redirects"
      ],
      "fixAvailable": true
    },
    "github-build": {
      "name": "github-build",
      "severity": "high",
      "via": [
        "axios"
      ],
      "effects": [],
      "range": "<=1.2.2",
      "nodes": [
        "node_modules/github-build"
      ],
      "fixAvailable": true
    },
    "glob-base": {
      "name": "glob-base",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "@storybook/core-common"
      ],
      "range": "*",
      "nodes": [
        "node_modules/glob-base"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "via": [
        {
          "source": 1067329,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service in glob-parent",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob",
        "glob-base"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/cpy/node_modules/glob-parent",
        "node_modules/glob-base/node_modules/glob-parent",
        "node_modules/watchpack-chokidar2/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/cpy/node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "immer": {
      "name": "immer",
      "severity": "critical",
      "via": [
        {
          "source": 1067720,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
          "severity": "critical",
          "range": "<9.0.6"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<9.0.6",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "jake": {
      "name": "jake",
      "severity": "high",
      "via": [
        "async"
      ],
      "effects": [
        "ejs"
      ],
      "range": ">=8.0.1",
      "nodes": [
        "node_modules/jake"
      ],
      "fixAvailable": true
    },
    "jquery": {
      "name": "jquery",
      "severity": "moderate",
      "via": [
        {
          "source": 1069417,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
          "severity": "moderate",
          "range": ">=1.2 <3.5.0"
        },
        {
          "source": 1069418,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
          "severity": "moderate",
          "range": ">=1.0.3 <3.5.0"
        }
      ],
      "effects": [
        "@wikimedia/mw-node-qunit"
      ],
      "range": "<=3.4.1",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"
      ],
      "fixAvailable": {
        "name": "@wikimedia/mw-node-qunit",
        "version": "6.3.0",
        "isSemVerMajor": false
      }
    },
    "jsdoc": {
      "name": "jsdoc",
      "severity": "high",
      "via": [
        "markdown-it",
        "marked"
      ],
      "effects": [],
      "range": "3.2.0-dev - 3.6.7",
      "nodes": [
        "node_modules/jsdoc"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.10",
        "isSemVerMajor": false
      }
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "moderate",
      "via": [
        {
          "source": 1067524,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "moderate",
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "moderate",
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "markdown-it": {
      "name": "markdown-it",
      "severity": "moderate",
      "via": [
        {
          "source": 1067456,
          "name": "markdown-it",
          "dependency": "markdown-it",
          "title": "Uncontrolled Resource Consumption in markdown-it",
          "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
          "severity": "moderate",
          "range": "<12.3.2"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<12.3.2",
      "nodes": [
        "node_modules/markdown-it"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.10",
        "isSemVerMajor": false
      }
    },
    "marked": {
      "name": "marked",
      "severity": "high",
      "via": [
        {
          "source": 1067450,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
          "severity": "high",
          "range": "<4.0.10"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<4.0.10",
      "nodes": [
        "node_modules/marked"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.10",
        "isSemVerMajor": false
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "moderate",
      "via": [
        "nanoid"
      ],
      "effects": [],
      "range": "8.2.0 - 9.1.4",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "via": [
        {
          "source": 1067367,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/doiuse/node_modules/nanoid",
        "node_modules/nanoid",
        "node_modules/stylelint-no-unsupported-browser-features/node_modules/nanoid"
      ],
      "fixAvailable": true
    },
    "node-fetch": {
      "name": "node-fetch",
      "severity": "high",
      "via": [
        {
          "source": 1067442,
          "name": "node-fetch",
          "dependency": "node-fetch",
          "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
          "severity": "high",
          "range": "<2.6.7"
        }
      ],
      "effects": [],
      "range": "<2.6.7",
      "nodes": [
        "node_modules/node-fetch"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "moderate",
      "via": [
        {
          "source": 1067654,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "moderate",
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check",
        "node_modules/svgo/node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "via": [
        {
          "source": 1067401,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1067653,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service in prismjs",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "range": "<1.25.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/prismjs",
        "node_modules/refractor/node_modules/prismjs"
      ],
      "fixAvailable": true
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "via": [
        "browserslist",
        "immer"
      ],
      "effects": [
        "@storybook/builder-webpack4"
      ],
      "range": "6.0.0-next.03604a46 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "via": [
        "prismjs"
      ],
      "effects": [],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": true
    },
    "renderkid": {
      "name": "renderkid",
      "severity": "moderate",
      "via": [
        "css-select"
      ],
      "effects": [],
      "range": "1.0.0 - 2.0.5",
      "nodes": [
        "node_modules/renderkid"
      ],
      "fixAvailable": true
    },
    "simple-get": {
      "name": "simple-get",
      "severity": "high",
      "via": [
        {
          "source": 1067428,
          "name": "simple-get",
          "dependency": "simple-get",
          "title": "Exposure of Sensitive Information in simple-get",
          "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
          "severity": "high",
          "range": ">=3.0.0 <3.1.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.0",
      "nodes": [
        "node_modules/simple-get"
      ],
      "fixAvailable": true
    },
    "svgo": {
      "name": "svgo",
      "severity": "high",
      "via": [
        "css-select"
      ],
      "effects": [],
      "range": "2.0.0 - 2.3.0",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "tmpl": {
      "name": "tmpl",
      "severity": "moderate",
      "via": [
        {
          "source": 1067697,
          "name": "tmpl",
          "dependency": "tmpl",
          "title": "Regular Expression Denial of Service in tmpl",
          "url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
          "severity": "moderate",
          "range": "<1.0.5"
        }
      ],
      "effects": [],
      "range": "<1.0.5",
      "nodes": [
        "node_modules/tmpl"
      ],
      "fixAvailable": true
    },
    "validator": {
      "name": "validator",
      "severity": "moderate",
      "via": [
        {
          "source": 1067532,
          "name": "validator",
          "dependency": "validator",
          "title": " Inefficient Regular Expression Complexity in Validator.js",
          "url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6",
          "severity": "moderate",
          "range": ">=11.1.0 <13.7.0"
        },
        {
          "source": 1067560,
          "name": "validator",
          "dependency": "validator",
          "title": "Inefficient Regular Expression Complexity in validator.js",
          "url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5",
          "severity": "moderate",
          "range": "<13.7.0"
        }
      ],
      "effects": [],
      "range": "<=13.6.0",
      "nodes": [
        "node_modules/validator"
      ],
      "fixAvailable": true
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack-hot-middleware": {
      "name": "webpack-hot-middleware",
      "severity": "high",
      "via": [
        "ansi-html"
      ],
      "effects": [],
      "range": "2.9.0 - 2.25.0",
      "nodes": [
        "node_modules/webpack-hot-middleware"
      ],
      "fixAvailable": true
    },
    "ws": {
      "name": "ws",
      "severity": "moderate",
      "via": [
        {
          "source": 1067853,
          "name": "ws",
          "dependency": "ws",
          "title": "ReDoS in Sec-Websocket-Protocol header",
          "url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693",
          "severity": "moderate",
          "range": ">=6.0.0 <6.2.2"
        }
      ],
      "effects": [],
      "range": "6.0.0 - 6.2.1",
      "nodes": [
        "node_modules/jsdom/node_modules/ws"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 16,
      "high": 28,
      "critical": 3,
      "total": 47
    },
    "dependencies": {
      "prod": 1,
      "dev": 2405,
      "optional": 29,
      "peer": 0,
      "peerOptional": 0,
      "total": 2405
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 35 installs, 0 updates, 0 removals
  - Locking composer/pcre (1.0.1)
  - Locking composer/semver (3.3.2)
  - Locking composer/spdx-licenses (1.5.6)
  - Locking composer/xdebug-handler (2.0.5)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v37.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.11.0)
  - Locking mediawiki/minus-x (1.1.1)
  - Locking mediawiki/phan-taint-check-plugin (3.3.2)
  - Locking microsoft/tolerant-php-parser (v0.1.1)
  - Locking netresearch/jsonmapper (v4.0.0)
  - Locking phan/phan (5.2.0)
  - Locking php-parallel-lint/php-console-color (v0.3)
  - Locking php-parallel-lint/php-console-highlighter (v0.5)
  - Locking php-parallel-lint/php-parallel-lint (v1.3.1)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.3.0)
  - Locking phpdocumentor/type-resolver (1.6.1)
  - Locking psr/container (1.1.2)
  - Locking psr/log (1.1.4)
  - Locking sabre/event (5.1.4)
  - Locking sebastian/diff (3.0.3)
  - Locking squizlabs/php_codesniffer (3.6.0)
  - Locking symfony/console (v5.4.7)
  - Locking symfony/deprecation-contracts (v2.5.1)
  - Locking symfony/polyfill-ctype (v1.25.0)
  - Locking symfony/polyfill-intl-grapheme (v1.25.0)
  - Locking symfony/polyfill-intl-normalizer (v1.25.0)
  - Locking symfony/polyfill-mbstring (v1.25.0)
  - Locking symfony/polyfill-php73 (v1.25.0)
  - Locking symfony/polyfill-php80 (v1.25.0)
  - Locking symfony/service-contracts (v2.5.1)
  - Locking symfony/string (v5.4.3)
  - Locking tysonandre/var_representation_polyfill (0.1.1)
  - Locking webmozart/assert (1.10.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 35 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]    0 [--->------------------------]  - Installing composer/pcre (1.0.1): Extracting archive
  - Installing squizlabs/php_codesniffer (3.6.0): Extracting archive
  - Installing sebastian/diff (3.0.3): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.25.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.6): Extracting archive
  - Installing composer/semver (3.3.2): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v37.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.1): Extracting archive
  - Installing symfony/polyfill-php80 (v1.25.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.25.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.25.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.25.0): Extracting archive
  - Installing symfony/string (v5.4.3): Extracting archive
  - Installing symfony/deprecation-contracts (v2.5.1): Extracting archive
  - Installing psr/container (1.1.2): Extracting archive
  - Installing symfony/service-contracts (v2.5.1): Extracting archive
  - Installing symfony/polyfill-php73 (v1.25.0): Extracting archive
  - Installing symfony/console (v5.4.7): Extracting archive
  - Installing sabre/event (5.1.4): Extracting archive
  - Installing netresearch/jsonmapper (v4.0.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.1): Extracting archive
  - Installing webmozart/assert (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.6.1): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing composer/xdebug-handler (2.0.5): Extracting archive
  - Installing phan/phan (5.2.0): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (3.3.2): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.11.0): Extracting archive
  - Installing mediawiki/minus-x (1.1.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.3.1): Extracting archive
  0/26 [>---------------------------]   0%
 10/26 [==========>-----------------]  38%
 20/26 [=====================>------]  76%
 25/26 [==========================>-]  96%
 26/26 [============================] 100%7 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
15 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@storybook/builder-webpack4": {
      "name": "@storybook/builder-webpack4",
      "severity": "high",
      "via": [
        "@storybook/core-common",
        "react-dev-utils"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/builder-webpack4"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "moderate",
      "via": [
        "@storybook/core-server"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-common": {
      "name": "@storybook/core-common",
      "severity": "high",
      "via": [
        "glob-base"
      ],
      "effects": [
        "@storybook/builder-webpack4",
        "@storybook/core-server",
        "@storybook/html"
      ],
      "range": "<=6.4.0-rc.11",
      "nodes": [
        "node_modules/@storybook/core-common"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/core-server": {
      "name": "@storybook/core-server",
      "severity": "high",
      "via": [
        "@storybook/builder-webpack4",
        "@storybook/core-common",
        "cpy"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/core-server"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "via": [
        "@storybook/core",
        "@storybook/core-common"
      ],
      "effects": [],
      "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "@wikimedia/mw-node-qunit": {
      "name": "@wikimedia/mw-node-qunit",
      "severity": "moderate",
      "via": [
        "jquery"
      ],
      "effects": [],
      "range": "6.0.0 - 6.1.2",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit"
      ],
      "fixAvailable": {
        "name": "@wikimedia/mw-node-qunit",
        "version": "6.3.0",
        "isSemVerMajor": false
      }
    },
    "ansi-html": {
      "name": "ansi-html",
      "severity": "high",
      "via": [
        {
          "source": 1067382,
          "name": "ansi-html",
          "dependency": "ansi-html",
          "title": "Uncontrolled Resource Consumption in ansi-html",
          "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
          "severity": "high",
          "range": "<0.0.8"
        }
      ],
      "effects": [
        "webpack-hot-middleware"
      ],
      "range": "<0.0.8",
      "nodes": [
        "node_modules/ansi-html"
      ],
      "fixAvailable": true
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "moderate",
      "via": [
        {
          "source": 1067300,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "moderate",
          "range": ">=3.0.0 <3.0.1"
        },
        {
          "source": 1067301,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "moderate",
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1067302,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "moderate",
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/@wdio/logger/node_modules/ansi-regex",
        "node_modules/ansi-align/node_modules/ansi-regex",
        "node_modules/boxen/node_modules/ansi-regex",
        "node_modules/cli-table3/node_modules/ansi-regex",
        "node_modules/cliui/node_modules/ansi-regex",
        "node_modules/cucumber/node_modules/ansi-regex",
        "node_modules/doiuse/node_modules/ansi-regex",
        "node_modules/eslint/node_modules/ansi-regex",
        "node_modules/inquirer/node_modules/ansi-regex",
        "node_modules/mocha/node_modules/ansi-regex",
        "node_modules/pretty-format/node_modules/ansi-regex",
        "node_modules/react-dev-utils/node_modules/ansi-regex",
        "node_modules/stylelint/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/webpack-cli/node_modules/ansi-regex",
        "node_modules/widest-line/node_modules/ansi-regex",
        "node_modules/wrap-ansi/node_modules/ansi-regex",
        "node_modules/yargs/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1069985,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": "<2.6.4"
        },
        {
          "source": 1069986,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": ">=3.0.0 <3.2.2"
        }
      ],
      "effects": [
        "jake"
      ],
      "range": ">=3.0.0 <3.2.2 || <2.6.4",
      "nodes": [
        "node_modules/archiver/node_modules/async",
        "node_modules/async"
      ],
      "fixAvailable": true
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "via": [
        {
          "source": 1067343,
          "name": "axios",
          "dependency": "axios",
          "title": "Incorrect Comparison in axios",
          "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
          "severity": "high",
          "range": "<0.21.2"
        }
      ],
      "effects": [
        "github-build"
      ],
      "range": "<0.21.2",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "via": [
        {
          "source": 1067902,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/chokidar"
      ],
      "fixAvailable": true
    },
    "cpy": {
      "name": "cpy",
      "severity": "high",
      "via": [
        "globby"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "via": [
        "css-what",
        "nth-check"
      ],
      "effects": [
        "renderkid",
        "svgo"
      ],
      "range": "<=3.1.2",
      "nodes": [
        "node_modules/css-select",
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "css-what": {
      "name": "css-what",
      "severity": "high",
      "via": [
        {
          "source": 1067850,
          "name": "css-what",
          "dependency": "css-what",
          "title": "Denial of service in css-what",
          "url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc",
          "severity": "high",
          "range": ">=4.0.0 <=5.0.0"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "4.0.0 - 5.0.0",
      "nodes": [
        "node_modules/svgo/node_modules/css-what"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "ejs": {
      "name": "ejs",
      "severity": "high",
      "via": [
        "jake"
      ],
      "effects": [],
      "range": ">=3.1.2",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": true
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/cpy/node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "high",
      "via": [
        {
          "source": 1067407,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
          "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
          "severity": "moderate",
          "range": "<1.14.8"
        },
        {
          "source": 1067459,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of sensitive information in follow-redirects",
          "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
          "severity": "high",
          "range": "<1.14.7"
        }
      ],
      "effects": [],
      "range": "<=1.14.7",
      "nodes": [
        "node_modules/follow-redirects"
      ],
      "fixAvailable": true
    },
    "github-build": {
      "name": "github-build",
      "severity": "high",
      "via": [
        "axios"
      ],
      "effects": [],
      "range": "<=1.2.2",
      "nodes": [
        "node_modules/github-build"
      ],
      "fixAvailable": true
    },
    "glob-base": {
      "name": "glob-base",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "@storybook/core-common"
      ],
      "range": "*",
      "nodes": [
        "node_modules/glob-base"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "via": [
        {
          "source": 1067329,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service in glob-parent",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob",
        "glob-base"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/cpy/node_modules/glob-parent",
        "node_modules/glob-base/node_modules/glob-parent",
        "node_modules/watchpack-chokidar2/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/cpy/node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "immer": {
      "name": "immer",
      "severity": "critical",
      "via": [
        {
          "source": 1067720,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
          "severity": "critical",
          "range": "<9.0.6"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<9.0.6",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "jake": {
      "name": "jake",
      "severity": "high",
      "via": [
        "async"
      ],
      "effects": [
        "ejs"
      ],
      "range": ">=8.0.1",
      "nodes": [
        "node_modules/jake"
      ],
      "fixAvailable": true
    },
    "jquery": {
      "name": "jquery",
      "severity": "moderate",
      "via": [
        {
          "source": 1069417,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
          "severity": "moderate",
          "range": ">=1.2 <3.5.0"
        },
        {
          "source": 1069418,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
          "severity": "moderate",
          "range": ">=1.0.3 <3.5.0"
        }
      ],
      "effects": [
        "@wikimedia/mw-node-qunit"
      ],
      "range": "<=3.4.1",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"
      ],
      "fixAvailable": {
        "name": "@wikimedia/mw-node-qunit",
        "version": "6.3.0",
        "isSemVerMajor": false
      }
    },
    "jsdoc": {
      "name": "jsdoc",
      "severity": "high",
      "via": [
        "markdown-it",
        "marked"
      ],
      "effects": [],
      "range": "3.2.0-dev - 3.6.7",
      "nodes": [
        "node_modules/jsdoc"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.10",
        "isSemVerMajor": false
      }
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "moderate",
      "via": [
        {
          "source": 1067524,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "moderate",
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "moderate",
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "markdown-it": {
      "name": "markdown-it",
      "severity": "moderate",
      "via": [
        {
          "source": 1067456,
          "name": "markdown-it",
          "dependency": "markdown-it",
          "title": "Uncontrolled Resource Consumption in markdown-it",
          "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
          "severity": "moderate",
          "range": "<12.3.2"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<12.3.2",
      "nodes": [
        "node_modules/markdown-it"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.10",
        "isSemVerMajor": false
      }
    },
    "marked": {
      "name": "marked",
      "severity": "high",
      "via": [
        {
          "source": 1067450,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
          "severity": "high",
          "range": "<4.0.10"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<4.0.10",
      "nodes": [
        "node_modules/marked"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.10",
        "isSemVerMajor": false
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "moderate",
      "via": [
        "nanoid"
      ],
      "effects": [],
      "range": "8.2.0 - 9.1.4",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "via": [
        {
          "source": 1067367,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/doiuse/node_modules/nanoid",
        "node_modules/nanoid",
        "node_modules/stylelint-no-unsupported-browser-features/node_modules/nanoid"
      ],
      "fixAvailable": true
    },
    "node-fetch": {
      "name": "node-fetch",
      "severity": "high",
      "via": [
        {
          "source": 1067442,
          "name": "node-fetch",
          "dependency": "node-fetch",
          "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
          "severity": "high",
          "range": "<2.6.7"
        }
      ],
      "effects": [],
      "range": "<2.6.7",
      "nodes": [
        "node_modules/node-fetch"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "moderate",
      "via": [
        {
          "source": 1067654,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "moderate",
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check",
        "node_modules/svgo/node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "via": [
        {
          "source": 1067401,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1067653,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service in prismjs",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "range": "<1.25.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/prismjs",
        "node_modules/refractor/node_modules/prismjs"
      ],
      "fixAvailable": true
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "via": [
        "browserslist",
        "immer"
      ],
      "effects": [
        "@storybook/builder-webpack4"
      ],
      "range": "6.0.0-next.03604a46 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.4.22",
        "isSemVerMajor": false
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "via": [
        "prismjs"
      ],
      "effects": [],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": true
    },
    "renderkid": {
      "name": "renderkid",
      "severity": "moderate",
      "via": [
        "css-select"
      ],
      "effects": [],
      "range": "1.0.0 - 2.0.5",
      "nodes": [
        "node_modules/renderkid"
      ],
      "fixAvailable": true
    },
    "simple-get": {
      "name": "simple-get",
      "severity": "high",
      "via": [
        {
          "source": 1067428,
          "name": "simple-get",
          "dependency": "simple-get",
          "title": "Exposure of Sensitive Information in simple-get",
          "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
          "severity": "high",
          "range": ">=3.0.0 <3.1.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.0",
      "nodes": [
        "node_modules/simple-get"
      ],
      "fixAvailable": true
    },
    "svgo": {
      "name": "svgo",
      "severity": "high",
      "via": [
        "css-select"
      ],
      "effects": [],
      "range": "2.0.0 - 2.3.0",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": false
      }
    },
    "tmpl": {
      "name": "tmpl",
      "severity": "moderate",
      "via": [
        {
          "source": 1067697,
          "name": "tmpl",
          "dependency": "tmpl",
          "title": "Regular Expression Denial of Service in tmpl",
          "url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
          "severity": "moderate",
          "range": "<1.0.5"
        }
      ],
      "effects": [],
      "range": "<1.0.5",
      "nodes": [
        "node_modules/tmpl"
      ],
      "fixAvailable": true
    },
    "validator": {
      "name": "validator",
      "severity": "moderate",
      "via": [
        {
          "source": 1067532,
          "name": "validator",
          "dependency": "validator",
          "title": " Inefficient Regular Expression Complexity in Validator.js",
          "url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6",
          "severity": "moderate",
          "range": ">=11.1.0 <13.7.0"
        },
        {
          "source": 1067560,
          "name": "validator",
          "dependency": "validator",
          "title": "Inefficient Regular Expression Complexity in validator.js",
          "url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5",
          "severity": "moderate",
          "range": "<13.7.0"
        }
      ],
      "effects": [],
      "range": "<=13.6.0",
      "nodes": [
        "node_modules/validator"
      ],
      "fixAvailable": true
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack-hot-middleware": {
      "name": "webpack-hot-middleware",
      "severity": "high",
      "via": [
        "ansi-html"
      ],
      "effects": [],
      "range": "2.9.0 - 2.25.0",
      "nodes": [
        "node_modules/webpack-hot-middleware"
      ],
      "fixAvailable": true
    },
    "ws": {
      "name": "ws",
      "severity": "moderate",
      "via": [
        {
          "source": 1067853,
          "name": "ws",
          "dependency": "ws",
          "title": "ReDoS in Sec-Websocket-Protocol header",
          "url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693",
          "severity": "moderate",
          "range": ">=6.0.0 <6.2.2"
        }
      ],
      "effects": [],
      "range": "6.0.0 - 6.2.1",
      "nodes": [
        "node_modules/jsdom/node_modules/ws"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 16,
      "high": 28,
      "critical": 3,
      "total": 47
    },
    "dependencies": {
      "prod": 1,
      "dev": 2405,
      "optional": 29,
      "peer": 0,
      "peerOptional": 0,
      "total": 2405
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps
--- stderr ---
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
--- stdout ---
{
  "added": 2425,
  "removed": 0,
  "changed": 0,
  "audited": 2426,
  "funding": 210,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@storybook/builder-webpack4": {
        "name": "@storybook/builder-webpack4",
        "severity": "high",
        "via": [
          "@storybook/core-common",
          "react-dev-utils"
        ],
        "effects": [
          "@storybook/core-server"
        ],
        "range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
        "nodes": [
          "node_modules/@storybook/builder-webpack4"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "@storybook/core": {
        "name": "@storybook/core",
        "severity": "moderate",
        "via": [
          "@storybook/core-server"
        ],
        "effects": [
          "@storybook/html"
        ],
        "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
        "nodes": [
          "node_modules/@storybook/core"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "@storybook/core-common": {
        "name": "@storybook/core-common",
        "severity": "high",
        "via": [
          "glob-base"
        ],
        "effects": [
          "@storybook/builder-webpack4",
          "@storybook/core-server",
          "@storybook/html"
        ],
        "range": "<=6.4.0-rc.11",
        "nodes": [
          "node_modules/@storybook/core-common"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "@storybook/core-server": {
        "name": "@storybook/core-server",
        "severity": "high",
        "via": [
          "@storybook/builder-webpack4",
          "@storybook/core-common",
          "cpy"
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "*",
        "nodes": [
          "node_modules/@storybook/core-server"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "@storybook/html": {
        "name": "@storybook/html",
        "severity": "high",
        "via": [
          "@storybook/core",
          "@storybook/core-common"
        ],
        "effects": [],
        "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5",
        "nodes": [
          "node_modules/@storybook/html"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "@wikimedia/mw-node-qunit": {
        "name": "@wikimedia/mw-node-qunit",
        "severity": "moderate",
        "via": [
          "jquery"
        ],
        "effects": [],
        "range": "6.0.0 - 6.1.2",
        "nodes": [
          "node_modules/@wikimedia/mw-node-qunit"
        ],
        "fixAvailable": {
          "name": "@wikimedia/mw-node-qunit",
          "version": "6.3.0",
          "isSemVerMajor": false
        }
      },
      "ansi-html": {
        "name": "ansi-html",
        "severity": "high",
        "via": [
          {
            "source": 1067382,
            "name": "ansi-html",
            "dependency": "ansi-html",
            "title": "Uncontrolled Resource Consumption in ansi-html",
            "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
            "severity": "high",
            "range": "<0.0.8"
          }
        ],
        "effects": [
          "webpack-hot-middleware"
        ],
        "range": "<0.0.8",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "ansi-regex": {
        "name": "ansi-regex",
        "severity": "moderate",
        "via": [
          {
            "source": 1067300,
            "name": "ansi-regex",
            "dependency": "ansi-regex",
            "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
            "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
            "severity": "moderate",
            "range": ">=3.0.0 <3.0.1"
          },
          {
            "source": 1067301,
            "name": "ansi-regex",
            "dependency": "ansi-regex",
            "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
            "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
            "severity": "moderate",
            "range": ">=4.0.0 <4.1.1"
          },
          {
            "source": 1067302,
            "name": "ansi-regex",
            "dependency": "ansi-regex",
            "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
            "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
            "severity": "moderate",
            "range": ">=5.0.0 <5.0.1"
          }
        ],
        "effects": [],
        "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
        "nodes": [
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          ""
        ],
        "fixAvailable": true
      },
      "async": {
        "name": "async",
        "severity": "high",
        "via": [
          {
            "source": 1069985,
            "name": "async",
            "dependency": "async",
            "title": "Prototype Pollution in async",
            "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
            "severity": "high",
            "range": "<2.6.4"
          },
          {
            "source": 1069986,
            "name": "async",
            "dependency": "async",
            "title": "Prototype Pollution in async",
            "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
            "severity": "high",
            "range": ">=3.0.0 <3.2.2"
          }
        ],
        "effects": [
          "jake"
        ],
        "range": ">=3.0.0 <3.2.2 || <2.6.4",
        "nodes": [
          "",
          "node_modules/async"
        ],
        "fixAvailable": true
      },
      "axios": {
        "name": "axios",
        "severity": "high",
        "via": [
          {
            "source": 1067343,
            "name": "axios",
            "dependency": "axios",
            "title": "Incorrect Comparison in axios",
            "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
            "severity": "high",
            "range": "<0.21.2"
          }
        ],
        "effects": [
          "github-build"
        ],
        "range": "<0.21.2",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "browserslist": {
        "name": "browserslist",
        "severity": "moderate",
        "via": [
          {
            "source": 1067902,
            "name": "browserslist",
            "dependency": "browserslist",
            "title": "Regular Expression Denial of Service in browserslist",
            "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
            "severity": "moderate",
            "range": ">=4.0.0 <4.16.5"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "4.0.0 - 4.16.4",
        "nodes": [
          "node_modules/react-dev-utils/node_modules/browserslist"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "chokidar": {
        "name": "chokidar",
        "severity": "high",
        "via": [
          "glob-parent"
        ],
        "effects": [
          "watchpack-chokidar2"
        ],
        "range": "1.0.0-rc1 - 2.1.8",
        "nodes": [
          "node_modules/watchpack-chokidar2/node_modules/chokidar"
        ],
        "fixAvailable": true
      },
      "cpy": {
        "name": "cpy",
        "severity": "high",
        "via": [
          "globby"
        ],
        "effects": [
          "@storybook/core-server"
        ],
        "range": "7.0.0 - 8.1.2",
        "nodes": [
          "node_modules/cpy"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "css-select": {
        "name": "css-select",
        "severity": "high",
        "via": [
          "css-what",
          "nth-check"
        ],
        "effects": [
          "renderkid",
          "svgo"
        ],
        "range": "<=3.1.2",
        "nodes": [
          "",
          "node_modules/svgo/node_modules/css-select"
        ],
        "fixAvailable": {
          "name": "svgo",
          "version": "2.8.0",
          "isSemVerMajor": false
        }
      },
      "css-what": {
        "name": "css-what",
        "severity": "high",
        "via": [
          {
            "source": 1067850,
            "name": "css-what",
            "dependency": "css-what",
            "title": "Denial of service in css-what",
            "url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc",
            "severity": "high",
            "range": ">=4.0.0 <=5.0.0"
          }
        ],
        "effects": [
          "css-select"
        ],
        "range": "4.0.0 - 5.0.0",
        "nodes": [
          "node_modules/svgo/node_modules/css-what"
        ],
        "fixAvailable": {
          "name": "svgo",
          "version": "2.8.0",
          "isSemVerMajor": false
        }
      },
      "ejs": {
        "name": "ejs",
        "severity": "high",
        "via": [
          "jake"
        ],
        "effects": [],
        "range": ">=3.1.2",
        "nodes": [
          "node_modules/ejs"
        ],
        "fixAvailable": true
      },
      "fast-glob": {
        "name": "fast-glob",
        "severity": "high",
        "via": [
          "glob-parent"
        ],
        "effects": [
          "globby"
        ],
        "range": "<=2.2.7",
        "nodes": [
          "node_modules/cpy/node_modules/fast-glob"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "follow-redirects": {
        "name": "follow-redirects",
        "severity": "high",
        "via": [
          {
            "source": 1067407,
            "name": "follow-redirects",
            "dependency": "follow-redirects",
            "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
            "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
            "severity": "moderate",
            "range": "<1.14.8"
          },
          {
            "source": 1067459,
            "name": "follow-redirects",
            "dependency": "follow-redirects",
            "title": "Exposure of sensitive information in follow-redirects",
            "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
            "severity": "high",
            "range": "<1.14.7"
          }
        ],
        "effects": [],
        "range": "<=1.14.7",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "github-build": {
        "name": "github-build",
        "severity": "high",
        "via": [
          "axios"
        ],
        "effects": [],
        "range": "<=1.2.2",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "glob-base": {
        "name": "glob-base",
        "severity": "high",
        "via": [
          "glob-parent"
        ],
        "effects": [
          "@storybook/core-common"
        ],
        "range": "*",
        "nodes": [
          "node_modules/glob-base"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "glob-parent": {
        "name": "glob-parent",
        "severity": "high",
        "via": [
          {
            "source": 1067329,
            "name": "glob-parent",
            "dependency": "glob-parent",
            "title": "Regular expression denial of service in glob-parent",
            "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
            "severity": "high",
            "range": "<5.1.2"
          }
        ],
        "effects": [
          "chokidar",
          "fast-glob",
          "glob-base"
        ],
        "range": "<5.1.2",
        "nodes": [
          "node_modules/cpy/node_modules/glob-parent",
          "node_modules/glob-base/node_modules/glob-parent",
          "node_modules/watchpack-chokidar2/node_modules/glob-parent"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "globby": {
        "name": "globby",
        "severity": "high",
        "via": [
          "fast-glob"
        ],
        "effects": [
          "cpy"
        ],
        "range": "8.0.0 - 9.2.0",
        "nodes": [
          "node_modules/cpy/node_modules/globby"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "immer": {
        "name": "immer",
        "severity": "critical",
        "via": [
          {
            "source": 1067720,
            "name": "immer",
            "dependency": "immer",
            "title": "Prototype Pollution in immer",
            "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
            "severity": "critical",
            "range": "<9.0.6"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "<9.0.6",
        "nodes": [
          "node_modules/immer"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "jake": {
        "name": "jake",
        "severity": "high",
        "via": [
          "async"
        ],
        "effects": [
          "ejs"
        ],
        "range": ">=8.0.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "jquery": {
        "name": "jquery",
        "severity": "moderate",
        "via": [
          {
            "source": 1069417,
            "name": "jquery",
            "dependency": "jquery",
            "title": "Potential XSS vulnerability in jQuery",
            "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
            "severity": "moderate",
            "range": ">=1.2 <3.5.0"
          },
          {
            "source": 1069418,
            "name": "jquery",
            "dependency": "jquery",
            "title": "Potential XSS vulnerability in jQuery",
            "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
            "severity": "moderate",
            "range": ">=1.0.3 <3.5.0"
          }
        ],
        "effects": [
          "@wikimedia/mw-node-qunit"
        ],
        "range": "<=3.4.1",
        "nodes": [
          "node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"
        ],
        "fixAvailable": {
          "name": "@wikimedia/mw-node-qunit",
          "version": "6.3.0",
          "isSemVerMajor": false
        }
      },
      "jsdoc": {
        "name": "jsdoc",
        "severity": "high",
        "via": [
          "markdown-it",
          "marked"
        ],
        "effects": [],
        "range": "3.2.0-dev - 3.6.7",
        "nodes": [
          "node_modules/jsdoc"
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "3.6.10",
          "isSemVerMajor": false
        }
      },
      "json-schema": {
        "name": "json-schema",
        "severity": "moderate",
        "via": [
          {
            "source": 1067524,
            "name": "json-schema",
            "dependency": "json-schema",
            "title": "json-schema is vulnerable to Prototype Pollution",
            "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
            "severity": "moderate",
            "range": "<0.4.0"
          }
        ],
        "effects": [
          "jsprim"
        ],
        "range": "<0.4.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "jsprim": {
        "name": "jsprim",
        "severity": "moderate",
        "via": [
          "json-schema"
        ],
        "effects": [],
        "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "markdown-it": {
        "name": "markdown-it",
        "severity": "moderate",
        "via": [
          {
            "source": 1067456,
            "name": "markdown-it",
            "dependency": "markdown-it",
            "title": "Uncontrolled Resource Consumption in markdown-it",
            "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
            "severity": "moderate",
            "range": "<12.3.2"
          }
        ],
        "effects": [
          "jsdoc"
        ],
        "range": "<12.3.2",
        "nodes": [
          "node_modules/markdown-it"
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "3.6.10",
          "isSemVerMajor": false
        }
      },
      "marked": {
        "name": "marked",
        "severity": "high",
        "via": [
          {
            "source": 1067450,
            "name": "marked",
            "dependency": "marked",
            "title": "Inefficient Regular Expression Complexity in marked",
            "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
            "severity": "high",
            "range": "<4.0.10"
          }
        ],
        "effects": [
          "jsdoc"
        ],
        "range": "<4.0.10",
        "nodes": [
          ""
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "3.6.10",
          "isSemVerMajor": false
        }
      },
      "minimist": {
        "name": "minimist",
        "severity": "critical",
        "via": [
          {
            "source": 1067342,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "range": "<1.2.6"
          }
        ],
        "effects": [],
        "range": "<1.2.6",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "mocha": {
        "name": "mocha",
        "severity": "moderate",
        "via": [
          "nanoid"
        ],
        "effects": [],
        "range": "8.2.0 - 9.1.4",
        "nodes": [
          "node_modules/mocha"
        ],
        "fixAvailable": true
      },
      "nanoid": {
        "name": "nanoid",
        "severity": "moderate",
        "via": [
          {
            "source": 1067367,
            "name": "nanoid",
            "dependency": "nanoid",
            "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
            "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
            "severity": "moderate",
            "range": ">=3.0.0 <3.1.31"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "3.0.0 - 3.1.30",
        "nodes": [
          "",
          "",
          "node_modules/nanoid"
        ],
        "fixAvailable": true
      },
      "node-fetch": {
        "name": "node-fetch",
        "severity": "high",
        "via": [
          {
            "source": 1067442,
            "name": "node-fetch",
            "dependency": "node-fetch",
            "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
            "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
            "severity": "high",
            "range": "<2.6.7"
          }
        ],
        "effects": [],
        "range": "<2.6.7",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "nth-check": {
        "name": "nth-check",
        "severity": "moderate",
        "via": [
          {
            "source": 1067654,
            "name": "nth-check",
            "dependency": "nth-check",
            "title": "Inefficient Regular Expression Complexity in nth-check",
            "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
            "severity": "moderate",
            "range": "<2.0.1"
          }
        ],
        "effects": [
          "css-select"
        ],
        "range": "<2.0.1",
        "nodes": [
          "",
          ""
        ],
        "fixAvailable": {
          "name": "svgo",
          "version": "2.8.0",
          "isSemVerMajor": false
        }
      },
      "prismjs": {
        "name": "prismjs",
        "severity": "high",
        "via": [
          {
            "source": 1067401,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Cross-site Scripting in Prism",
            "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
            "severity": "high",
            "range": ">=1.14.0 <1.27.0"
          },
          {
            "source": 1067653,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Regular Expression Denial of Service in prismjs",
            "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
            "severity": "moderate",
            "range": "<1.25.0"
          }
        ],
        "effects": [
          "refractor"
        ],
        "range": "<=1.26.0",
        "nodes": [
          "",
          ""
        ],
        "fixAvailable": true
      },
      "react-dev-utils": {
        "name": "react-dev-utils",
        "severity": "critical",
        "via": [
          "browserslist",
          "immer"
        ],
        "effects": [
          "@storybook/builder-webpack4"
        ],
        "range": "6.0.0-next.03604a46 - 12.0.0-next.60",
        "nodes": [
          "node_modules/react-dev-utils"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.4.22",
          "isSemVerMajor": false
        }
      },
      "refractor": {
        "name": "refractor",
        "severity": "moderate",
        "via": [
          "prismjs"
        ],
        "effects": [],
        "range": "<=3.4.0 || 4.0.0 - 4.1.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "renderkid": {
        "name": "renderkid",
        "severity": "moderate",
        "via": [
          "css-select"
        ],
        "effects": [],
        "range": "1.0.0 - 2.0.5",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "simple-get": {
        "name": "simple-get",
        "severity": "high",
        "via": [
          {
            "source": 1067428,
            "name": "simple-get",
            "dependency": "simple-get",
            "title": "Exposure of Sensitive Information in simple-get",
            "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
            "severity": "high",
            "range": ">=3.0.0 <3.1.1"
          }
        ],
        "effects": [],
        "range": "3.0.0 - 3.1.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "svgo": {
        "name": "svgo",
        "severity": "high",
        "via": [
          "css-select"
        ],
        "effects": [],
        "range": "2.0.0 - 2.3.0",
        "nodes": [
          "node_modules/svgo"
        ],
        "fixAvailable": {
          "name": "svgo",
          "version": "2.8.0",
          "isSemVerMajor": false
        }
      },
      "tmpl": {
        "name": "tmpl",
        "severity": "moderate",
        "via": [
          {
            "source": 1067697,
            "name": "tmpl",
            "dependency": "tmpl",
            "title": "Regular Expression Denial of Service in tmpl",
            "url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v",
            "severity": "moderate",
            "range": "<1.0.5"
          }
        ],
        "effects": [],
        "range": "<1.0.5",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "validator": {
        "name": "validator",
        "severity": "moderate",
        "via": [
          {
            "source": 1067532,
            "name": "validator",
            "dependency": "validator",
            "title": " Inefficient Regular Expression Complexity in Validator.js",
            "url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6",
            "severity": "moderate",
            "range": ">=11.1.0 <13.7.0"
          },
          {
            "source": 1067560,
            "name": "validator",
            "dependency": "validator",
            "title": "Inefficient Regular Expression Complexity in validator.js",
            "url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5",
            "severity": "moderate",
            "range": "<13.7.0"
          }
        ],
        "effects": [],
        "range": "<=13.6.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "watchpack": {
        "name": "watchpack",
        "severity": "high",
        "via": [
          "watchpack-chokidar2"
        ],
        "effects": [],
        "range": "1.7.2 - 1.7.5",
        "nodes": [
          "node_modules/watchpack"
        ],
        "fixAvailable": true
      },
      "watchpack-chokidar2": {
        "name": "watchpack-chokidar2",
        "severity": "high",
        "via": [
          "chokidar"
        ],
        "effects": [
          "watchpack"
        ],
        "range": "*",
        "nodes": [
          "node_modules/watchpack-chokidar2"
        ],
        "fixAvailable": true
      },
      "webpack-hot-middleware": {
        "name": "webpack-hot-middleware",
        "severity": "high",
        "via": [
          "ansi-html"
        ],
        "effects": [],
        "range": "2.9.0 - 2.25.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "ws": {
        "name": "ws",
        "severity": "moderate",
        "via": [
          {
            "source": 1067853,
            "name": "ws",
            "dependency": "ws",
            "title": "ReDoS in Sec-Websocket-Protocol header",
            "url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693",
            "severity": "moderate",
            "range": ">=6.0.0 <6.2.2"
          }
        ],
        "effects": [],
        "range": "6.0.0 - 6.2.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 16,
        "high": 28,
        "critical": 3,
        "total": 47
      },
      "dependencies": {
        "prod": 1,
        "dev": 2425,
        "optional": 29,
        "peer": 0,
        "peerOptional": 0,
        "total": 2425
      }
    }
  }
}

--- end ---
{"added": 2425, "removed": 0, "changed": 0, "audited": 2426, "funding": 210, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "via": ["@storybook/core-common", "react-dev-utils"], "effects": ["@storybook/core-server"], "range": "<=6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/core": {"name": "@storybook/core", "severity": "moderate", "via": ["@storybook/core-server"], "effects": ["@storybook/html"], "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5", "nodes": ["node_modules/@storybook/core"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "high", "via": ["glob-base"], "effects": ["@storybook/builder-webpack4", "@storybook/core-server", "@storybook/html"], "range": "<=6.4.0-rc.11", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "via": ["@storybook/builder-webpack4", "@storybook/core-common", "cpy"], "effects": ["@storybook/core"], "range": "*", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@storybook/html": {"name": "@storybook/html", "severity": "high", "via": ["@storybook/core", "@storybook/core-common"], "effects": [], "range": "6.2.0-alpha.0 - 6.4.12 || 6.5.0-alpha.1 - 6.5.0-alpha.5", "nodes": ["node_modules/@storybook/html"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "@wikimedia/mw-node-qunit": {"name": "@wikimedia/mw-node-qunit", "severity": "moderate", "via": ["jquery"], "effects": [], "range": "6.0.0 - 6.1.2", "nodes": ["node_modules/@wikimedia/mw-node-qunit"], "fixAvailable": {"name": "@wikimedia/mw-node-qunit", "version": "6.3.0", "isSemVerMajor": false}}, "ansi-html": {"name": "ansi-html", "severity": "high", "via": [{"source": 1067382, "name": "ansi-html", "dependency": "ansi-html", "title": "Uncontrolled Resource Consumption in ansi-html", "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9", "severity": "high", "range": "<0.0.8"}], "effects": ["webpack-hot-middleware"], "range": "<0.0.8", "nodes": [""], "fixAvailable": true}, "ansi-regex": {"name": "ansi-regex", "severity": "moderate", "via": [{"source": 1067300, "name": "ansi-regex", "dependency": "ansi-regex", "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "moderate", "range": ">=3.0.0 <3.0.1"}, {"source": 1067301, "name": "ansi-regex", "dependency": "ansi-regex", "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "moderate", "range": ">=4.0.0 <4.1.1"}, {"source": 1067302, "name": "ansi-regex", "dependency": "ansi-regex", "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "moderate", "range": ">=5.0.0 <5.0.1"}], "effects": [], "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0", "nodes": ["", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""], "fixAvailable": true}, "async": {"name": "async", "severity": "high", "via": [{"source": 1069985, "name": "async", "dependency": "async", "title": "Prototype Pollution in async", "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25", "severity": "high", "range": "<2.6.4"}, {"source": 1069986, "name": "async", "dependency": "async", "title": "Prototype Pollution in async", "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25", "severity": "high", "range": ">=3.0.0 <3.2.2"}], "effects": ["jake"], "range": ">=3.0.0 <3.2.2 || <2.6.4", "nodes": ["", "node_modules/async"], "fixAvailable": true}, "axios": {"name": "axios", "severity": "high", "via": [{"source": 1067343, "name": "axios", "dependency": "axios", "title": "Incorrect Comparison in axios", "url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x", "severity": "high", "range": "<0.21.2"}], "effects": ["github-build"], "range": "<0.21.2", "nodes": [""], "fixAvailable": true}, "browserslist": {"name": "browserslist", "severity": "moderate", "via": [{"source": 1067902, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "range": ">=4.0.0 <4.16.5"}], "effects": ["react-dev-utils"], "range": "4.0.0 - 4.16.4", "nodes": ["node_modules/react-dev-utils/node_modules/browserslist"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "chokidar": {"name": "chokidar", "severity": "high", "via": ["glob-parent"], "effects": ["watchpack-chokidar2"], "range": "1.0.0-rc1 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": true}, "cpy": {"name": "cpy", "severity": "high", "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "css-select": {"name": "css-select", "severity": "high", "via": ["css-what", "nth-check"], "effects": ["renderkid", "svgo"], "range": "<=3.1.2", "nodes": ["", "node_modules/svgo/node_modules/css-select"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "css-what": {"name": "css-what", "severity": "high", "via": [{"source": 1067850, "name": "css-what", "dependency": "css-what", "title": "Denial of service in css-what", "url": "https://github.com/advisories/GHSA-q8pj-2vqx-8ggc", "severity": "high", "range": ">=4.0.0 <=5.0.0"}], "effects": ["css-select"], "range": "4.0.0 - 5.0.0", "nodes": ["node_modules/svgo/node_modules/css-what"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "ejs": {"name": "ejs", "severity": "high", "via": ["jake"], "effects": [], "range": ">=3.1.2", "nodes": ["node_modules/ejs"], "fixAvailable": true}, "fast-glob": {"name": "fast-glob", "severity": "high", "via": ["glob-parent"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/cpy/node_modules/fast-glob"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "follow-redirects": {"name": "follow-redirects", "severity": "high", "via": [{"source": 1067407, "name": "follow-redirects", "dependency": "follow-redirects", "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects", "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c", "severity": "moderate", "range": "<1.14.8"}, {"source": 1067459, "name": "follow-redirects", "dependency": "follow-redirects", "title": "Exposure of sensitive information in follow-redirects", "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q", "severity": "high", "range": "<1.14.7"}], "effects": [], "range": "<=1.14.7", "nodes": [""], "fixAvailable": true}, "github-build": {"name": "github-build", "severity": "high", "via": ["axios"], "effects": [], "range": "<=1.2.2", "nodes": [""], "fixAvailable": true}, "glob-base": {"name": "glob-base", "severity": "high", "via": ["glob-parent"], "effects": ["@storybook/core-common"], "range": "*", "nodes": ["node_modules/glob-base"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "glob-parent": {"name": "glob-parent", "severity": "high", "via": [{"source": 1067329, "name": "glob-parent", "dependency": "glob-parent", "title": "Regular expression denial of service in glob-parent", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "range": "<5.1.2"}], "effects": ["chokidar", "fast-glob", "glob-base"], "range": "<5.1.2", "nodes": ["node_modules/cpy/node_modules/glob-parent", "node_modules/glob-base/node_modules/glob-parent", "node_modules/watchpack-chokidar2/node_modules/glob-parent"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "globby": {"name": "globby", "severity": "high", "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/cpy/node_modules/globby"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "immer": {"name": "immer", "severity": "critical", "via": [{"source": 1067720, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h", "severity": "critical", "range": "<9.0.6"}], "effects": ["react-dev-utils"], "range": "<9.0.6", "nodes": ["node_modules/immer"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "jake": {"name": "jake", "severity": "high", "via": ["async"], "effects": ["ejs"], "range": ">=8.0.1", "nodes": [""], "fixAvailable": true}, "jquery": {"name": "jquery", "severity": "moderate", "via": [{"source": 1069417, "name": "jquery", "dependency": "jquery", "title": "Potential XSS vulnerability in jQuery", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "severity": "moderate", "range": ">=1.2 <3.5.0"}, {"source": 1069418, "name": "jquery", "dependency": "jquery", "title": "Potential XSS vulnerability in jQuery", "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6", "severity": "moderate", "range": ">=1.0.3 <3.5.0"}], "effects": ["@wikimedia/mw-node-qunit"], "range": "<=3.4.1", "nodes": ["node_modules/@wikimedia/mw-node-qunit/node_modules/jquery"], "fixAvailable": {"name": "@wikimedia/mw-node-qunit", "version": "6.3.0", "isSemVerMajor": false}}, "jsdoc": {"name": "jsdoc", "severity": "high", "via": ["markdown-it", "marked"], "effects": [], "range": "3.2.0-dev - 3.6.7", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "3.6.10", "isSemVerMajor": false}}, "json-schema": {"name": "json-schema", "severity": "moderate", "via": [{"source": 1067524, "name": "json-schema", "dependency": "json-schema", "title": "json-schema is vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-896r-f27r-55mw", "severity": "moderate", "range": "<0.4.0"}], "effects": ["jsprim"], "range": "<0.4.0", "nodes": [""], "fixAvailable": true}, "jsprim": {"name": "jsprim", "severity": "moderate", "via": ["json-schema"], "effects": [], "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1", "nodes": [""], "fixAvailable": true}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "via": [{"source": 1067456, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "range": "<12.3.2"}], "effects": ["jsdoc"], "range": "<12.3.2", "nodes": ["node_modules/markdown-it"], "fixAvailable": {"name": "jsdoc", "version": "3.6.10", "isSemVerMajor": false}}, "marked": {"name": "marked", "severity": "high", "via": [{"source": 1067450, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "range": "<4.0.10"}], "effects": ["jsdoc"], "range": "<4.0.10", "nodes": [""], "fixAvailable": {"name": "jsdoc", "version": "3.6.10", "isSemVerMajor": false}}, "minimist": {"name": "minimist", "severity": "critical", "via": [{"source": 1067342, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "range": "<1.2.6"}], "effects": [], "range": "<1.2.6", "nodes": [""], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "moderate", "via": ["nanoid"], "effects": [], "range": "8.2.0 - 9.1.4", "nodes": ["node_modules/mocha"], "fixAvailable": true}, "nanoid": {"name": "nanoid", "severity": "moderate", "via": [{"source": 1067367, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "range": ">=3.0.0 <3.1.31"}], "effects": ["mocha"], "range": "3.0.0 - 3.1.30", "nodes": ["", "", "node_modules/nanoid"], "fixAvailable": true}, "node-fetch": {"name": "node-fetch", "severity": "high", "via": [{"source": 1067442, "name": "node-fetch", "dependency": "node-fetch", "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor", "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g", "severity": "high", "range": "<2.6.7"}], "effects": [], "range": "<2.6.7", "nodes": [""], "fixAvailable": true}, "nth-check": {"name": "nth-check", "severity": "moderate", "via": [{"source": 1067654, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "moderate", "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["", ""], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "prismjs": {"name": "prismjs", "severity": "high", "via": [{"source": 1067401, "name": "prismjs", "dependency": "prismjs", "title": "Cross-site Scripting in Prism", "url": "https://github.com/advisories/GHSA-3949-f494-cm99", "severity": "high", "range": ">=1.14.0 <1.27.0"}, {"source": 1067653, "name": "prismjs", "dependency": "prismjs", "title": "Regular Expression Denial of Service in prismjs", "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96", "severity": "moderate", "range": "<1.25.0"}], "effects": ["refractor"], "range": "<=1.26.0", "nodes": ["", ""], "fixAvailable": true}, "react-dev-utils": {"name": "react-dev-utils", "severity": "critical", "via": ["browserslist", "immer"], "effects": ["@storybook/builder-webpack4"], "range": "6.0.0-next.03604a46 - 12.0.0-next.60", "nodes": ["node_modules/react-dev-utils"], "fixAvailable": {"name": "@storybook/html", "version": "6.4.22", "isSemVerMajor": false}}, "refractor": {"name": "refractor", "severity": "moderate", "via": ["prismjs"], "effects": [], "range": "<=3.4.0 || 4.0.0 - 4.1.1", "nodes": [""], "fixAvailable": true}, "renderkid": {"name": "renderkid", "severity": "moderate", "via": ["css-select"], "effects": [], "range": "1.0.0 - 2.0.5", "nodes": [""], "fixAvailable": true}, "simple-get": {"name": "simple-get", "severity": "high", "via": [{"source": 1067428, "name": "simple-get", "dependency": "simple-get", "title": "Exposure of Sensitive Information in simple-get", "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv", "severity": "high", "range": ">=3.0.0 <3.1.1"}], "effects": [], "range": "3.0.0 - 3.1.0", "nodes": [""], "fixAvailable": true}, "svgo": {"name": "svgo", "severity": "high", "via": ["css-select"], "effects": [], "range": "2.0.0 - 2.3.0", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": false}}, "tmpl": {"name": "tmpl", "severity": "moderate", "via": [{"source": 1067697, "name": "tmpl", "dependency": "tmpl", "title": "Regular Expression Denial of Service in tmpl", "url": "https://github.com/advisories/GHSA-jgrx-mgxx-jf9v", "severity": "moderate", "range": "<1.0.5"}], "effects": [], "range": "<1.0.5", "nodes": [""], "fixAvailable": true}, "validator": {"name": "validator", "severity": "moderate", "via": [{"source": 1067532, "name": "validator", "dependency": "validator", "title": " Inefficient Regular Expression Complexity in Validator.js", "url": "https://github.com/advisories/GHSA-xx4c-jj58-r7x6", "severity": "moderate", "range": ">=11.1.0 <13.7.0"}, {"source": 1067560, "name": "validator", "dependency": "validator", "title": "Inefficient Regular Expression Complexity in validator.js", "url": "https://github.com/advisories/GHSA-qgmg-gppg-76g5", "severity": "moderate", "range": "<13.7.0"}], "effects": [], "range": "<=13.6.0", "nodes": [""], "fixAvailable": true}, "watchpack": {"name": "watchpack", "severity": "high", "via": ["watchpack-chokidar2"], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/watchpack"], "fixAvailable": true}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": true}, "webpack-hot-middleware": {"name": "webpack-hot-middleware", "severity": "high", "via": ["ansi-html"], "effects": [], "range": "2.9.0 - 2.25.0", "nodes": [""], "fixAvailable": true}, "ws": {"name": "ws", "severity": "moderate", "via": [{"source": 1067853, "name": "ws", "dependency": "ws", "title": "ReDoS in Sec-Websocket-Protocol header", "url": "https://github.com/advisories/GHSA-6fc8-4gx4-v693", "severity": "moderate", "range": ">=6.0.0 <6.2.2"}], "effects": [], "range": "6.0.0 - 6.2.1", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 16, "high": 28, "critical": 3, "total": 47}, "dependencies": {"prod": 1, "dev": 2425, "optional": 29, "peer": 0, "peerOptional": 0, "total": 2425}}}}
{}
Upgrading n:@storybook/html from 6.2.3 -> 6.4.22
{}
Upgrading n:@wikimedia/mw-node-qunit from 6.1.2 -> 6.3.0
{}
Upgrading n:jsdoc from 3.6.7 -> 3.6.10
{}
Upgrading n:svgo from 2.3.0 -> 2.8.0
$ /usr/bin/npm audit fix --only=dev --legacy-peer-deps
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'klaw@4.0.1',
npm WARN EBADENGINE   required: { node: '>=14.14.0' },
npm WARN EBADENGINE   current: { node: 'v12.22.5', npm: '7.5.2' }
npm WARN EBADENGINE }
--- stdout ---

added 2589 packages, and audited 2590 packages in 2m

151 packages are looking for funding
  run `npm fund` for details

# npm audit report

async  <2.6.4
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
  jake  >=8.0.1
  Depends on vulnerable versions of async
  node_modules/jake
    ejs  >=3.1.2
    Depends on vulnerable versions of jake
    node_modules/ejs

glob-parent  <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @storybook/html@6.1.21, which is a breaking change
node_modules/cpy/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/watchpack-chokidar2/node_modules/chokidar
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/cpy/node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/cpy/node_modules/globby
      cpy  7.0.0 - 8.1.2
      Depends on vulnerable versions of globby
      node_modules/cpy
        @storybook/core-server  *
        Depends on vulnerable versions of @storybook/csf-tools
        Depends on vulnerable versions of cpy
        node_modules/@storybook/core-server
          @storybook/core  >=6.2.0-alpha.0
          Depends on vulnerable versions of @storybook/core-server
          node_modules/@storybook/core
            @storybook/html  >=6.2.0-alpha.0
            Depends on vulnerable versions of @storybook/core
            node_modules/@storybook/html

nanoid  3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid
  mocha  8.2.0 - 9.1.4
  Depends on vulnerable versions of nanoid
  node_modules/mocha

trim  <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix --force`
Will install @storybook/html@6.1.21, which is a breaking change
node_modules/trim
  remark-parse  <=8.0.3
  Depends on vulnerable versions of trim
  node_modules/@mdx-js/mdx/node_modules/remark-parse
  node_modules/remark-mdx/node_modules/remark-parse
    @mdx-js/mdx  <=1.6.22
    Depends on vulnerable versions of remark-mdx
    Depends on vulnerable versions of remark-parse
    node_modules/@mdx-js/mdx
      @storybook/csf-tools  <=6.5.0-alpha.42
      Depends on vulnerable versions of @mdx-js/mdx
      node_modules/@storybook/csf-tools
        @storybook/core-server  *
        Depends on vulnerable versions of @storybook/csf-tools
        Depends on vulnerable versions of cpy
        node_modules/@storybook/core-server
          @storybook/core  >=6.2.0-alpha.0
          Depends on vulnerable versions of @storybook/core-server
          node_modules/@storybook/core
            @storybook/html  >=6.2.0-alpha.0
            Depends on vulnerable versions of @storybook/core
            node_modules/@storybook/html
    remark-mdx  <=1.6.22
    Depends on vulnerable versions of remark-parse
    node_modules/remark-mdx

20 vulnerabilities (2 moderate, 18 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'klaw@4.0.1',
npm WARN EBADENGINE   required: { node: '>=14.14.0' },
npm WARN EBADENGINE   current: { node: 'v12.22.5', npm: '7.5.2' }
npm WARN EBADENGINE }
--- stdout ---

added 2589 packages, and audited 2590 packages in 2m

152 packages are looking for funding
  run `npm fund` for details

20 vulnerabilities (2 moderate, 18 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
npm ERR! code 1
npm ERR! path /src/repo
npm ERR! command failed
npm ERR! command sh -c npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc

npm ERR! A complete log of this run can be found in:
npm ERR!     /cache/_logs/2022-04-15T00_34_41_479Z-debug.log
--- stdout ---

> test
> npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc

Checked 1 message directory.

/src/repo/src/mobile.editor.overlay/SourceEditorOverlay.js
  26:2  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')

/src/repo/src/mobile.init/editor.js
  165:7  error  document.body() is not supported in Firefox 27  compat/compat
  221:7  error  document.body() is not supported in Firefox 27  compat/compat

/src/repo/src/mobile.startup/Browser.js
  106:3  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')

✖ 4 problems (2 errors, 2 warnings)


--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1396, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1340, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 242, in npm_audit_fix
    self.check_call(['npm', 'test'])
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
    res.check_returncode()
  File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.

composer dependencies

Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.