$ date
--- stdout ---
Thu May 2 08:22:56 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-MobileFrontend.git repo --depth=1 -b REL1_40
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_40
--- stdout ---
f7553a534eca4aad07e45d9f1c8f1847ebfa649e refs/heads/REL1_40
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/traverse": {
"name": "@babel/traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096886,
"name": "@babel/traverse",
"dependency": "@babel/traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [],
"range": "<7.23.2",
"nodes": [
"node_modules/@babel/traverse"
],
"fixAvailable": true
},
"@wikimedia/mw-node-qunit": {
"name": "@wikimedia/mw-node-qunit",
"severity": "moderate",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "<=6.2.1",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.4.2",
"isSemVerMajor": false
}
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094091,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [],
"range": "4.0.0 - 4.1.0",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit/node_modules/ansi-regex",
"node_modules/webpack-cli/node_modules/ansi-regex"
],
"fixAvailable": true
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096644,
"name": "browserify-sign",
"dependency": "browserify-sign",
"title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
"url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
"severity": "high",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.6.0 <=4.2.1"
}
],
"effects": [],
"range": "2.6.0 - 4.2.1",
"nodes": [
"node_modules/browserify-sign"
],
"fixAvailable": true
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"decode-uri-component": {
"name": "decode-uri-component",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094087,
"name": "decode-uri-component",
"dependency": "decode-uri-component",
"title": "decode-uri-component vulnerable to Denial of Service (DoS)",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.2.1"
}
],
"effects": [],
"range": "<0.2.1",
"nodes": [
"node_modules/decode-uri-component"
],
"fixAvailable": true
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095007,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<5.1.2"
}
],
"effects": [
"chokidar"
],
"range": "<5.1.2",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/glob-parent"
],
"fixAvailable": true
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"markdown-it",
"marked",
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"jsdom": {
"name": "jsdom",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1089185,
"name": "jsdom",
"dependency": "jsdom",
"title": "Insufficient Granularity of Access Control in JSDom",
"url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98",
"severity": "moderate",
"cwe": [
"CWE-1220"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=16.4.0"
},
"request",
"request-promise-native",
"tough-cookie"
],
"effects": [
"@wikimedia/mw-node-qunit"
],
"range": "<=16.5.3",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"json-schema": {
"name": "json-schema",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1095057,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "critical",
"cwe": [
"CWE-915",
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
},
{
"source": 1096544,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": ">=2.0.0 <2.2.2"
}
],
"effects": [],
"range": "<1.0.2 || >=2.0.0 <2.2.2",
"nodes": [
"node_modules/json5",
"node_modules/loader-utils/node_modules/json5",
"node_modules/webpack-cli/node_modules/json5"
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "critical",
"isDirect": false,
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"less": {
"name": "less",
"severity": "moderate",
"isDirect": true,
"via": [
"request"
],
"effects": [],
"range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
"nodes": [
"node_modules/less"
],
"fixAvailable": {
"name": "less",
"version": "3.13.1",
"isSemVerMajor": false
}
},
"loader-utils": {
"name": "loader-utils",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1094088,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<1.4.1"
},
{
"source": 1095055,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
},
{
"source": 1097143,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
}
],
"effects": [
"webpack-cli"
],
"range": "<=1.4.1",
"nodes": [
"node_modules/loader-utils",
"node_modules/webpack-cli/node_modules/loader-utils"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "3.3.12",
"isSemVerMajor": false
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1092663,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<12.3.2"
}
],
"effects": [
"jsdoc"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"marked": {
"name": "marked",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095051,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
},
{
"source": 1095052,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
}
],
"effects": [
"jsdoc"
],
"range": "<=4.0.9",
"nodes": [
"node_modules/marked"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [],
"range": "<3.0.5",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": true
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096549,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [],
"range": "1.0.0 - 1.2.5",
"nodes": [
"node_modules/minimist"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089011,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/doiuse/node_modules/nanoid",
"node_modules/stylelint-no-unsupported-browser-features/node_modules/nanoid"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.4.31",
"nodes": [
"node_modules/doiuse/node_modules/postcss",
"node_modules/postcss",
"node_modules/stylelint-no-unsupported-browser-features/node_modules/postcss"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": true
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096470,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.5.0 <6.5.3"
}
],
"effects": [],
"range": "6.5.0 - 6.5.2",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"jsdom",
"less",
"request-promise-core",
"request-promise-native"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"request-promise-core": {
"name": "request-promise-core",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"request-promise-native"
],
"range": "*",
"nodes": [
"node_modules/request-promise-core"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"request-promise-native": {
"name": "request-promise-native",
"severity": "moderate",
"isDirect": false,
"via": [
"request",
"request-promise-core",
"tough-cookie"
],
"effects": [
"jsdom"
],
"range": ">=1.0.0",
"nodes": [
"node_modules/request-promise-native"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1096483,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.7.2"
},
{
"source": 1096484,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.0.0 <6.3.1"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1",
"nodes": [
"node_modules/@babel/helper-compilation-targets/node_modules/semver",
"node_modules/@stylelint/postcss-css-in-js/node_modules/semver",
"node_modules/@wikimedia/mw-node-qunit/node_modules/semver",
"node_modules/eslint-plugin-compat/node_modules/semver",
"node_modules/eslint-plugin-jsdoc/node_modules/semver",
"node_modules/eslint-plugin-mediawiki/node_modules/semver",
"node_modules/eslint-plugin-node/node_modules/semver",
"node_modules/eslint-plugin-unicorn/node_modules/semver",
"node_modules/eslint-plugin-vue/node_modules/semver",
"node_modules/eslint-template-visitor/node_modules/semver",
"node_modules/eslint/node_modules/semver",
"node_modules/istanbul-lib-instrument/node_modules/semver",
"node_modules/make-dir/node_modules/semver",
"node_modules/meow/node_modules/semver",
"node_modules/nyc/node_modules/semver",
"node_modules/semver",
"node_modules/vue-eslint-parser/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"isDirect": false,
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"sugarss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint"
],
"effects": [],
"range": "<=0.11.1",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"terser": {
"name": "terser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091691,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.8.1"
}
],
"effects": [],
"range": "<4.8.1",
"nodes": [
"node_modules/terser"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096643,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"jsdom",
"request",
"request-promise-native"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack-cli": {
"name": "webpack-cli",
"severity": "critical",
"isDirect": true,
"via": [
"loader-utils"
],
"effects": [],
"range": "1.3.0 - 1.3.3 || 3.3.5 - 3.3.11",
"nodes": [
"node_modules/webpack-cli"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "3.3.12",
"isSemVerMajor": false
}
},
"word-wrap": {
"name": "word-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1095091,
"name": "word-wrap",
"dependency": "word-wrap",
"title": "word-wrap vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.2.4"
}
],
"effects": [],
"range": "<1.2.4",
"nodes": [
"node_modules/word-wrap"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 22,
"high": 14,
"critical": 6,
"total": 42
},
"dependencies": {
"prod": 1,
"dev": 1366,
"optional": 39,
"peer": 0,
"peerOptional": 0,
"total": 1366
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 36 installs, 0 updates, 0 removals
- Locking composer/pcre (1.0.1)
- Locking composer/semver (3.4.0)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (2.0.5)
- Locking doctrine/deprecations (1.1.3)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v38.0.0)
- Locking mediawiki/mediawiki-phan-config (0.11.1)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (3.3.2)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.4.1)
- Locking phan/phan (5.2.0)
- Locking php-parallel-lint/php-console-color (v0.3)
- Locking php-parallel-lint/php-console-highlighter (v0.5)
- Locking php-parallel-lint/php-parallel-lint (v1.3.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.4.0)
- Locking phpdocumentor/type-resolver (1.8.2)
- Locking phpstan/phpdoc-parser (1.28.0)
- Locking psr/container (2.0.2)
- Locking psr/log (2.0.0)
- Locking sabre/event (5.1.4)
- Locking squizlabs/php_codesniffer (3.6.1)
- Locking symfony/console (v5.4.39)
- Locking symfony/deprecation-contracts (v3.4.0)
- Locking symfony/polyfill-ctype (v1.29.0)
- Locking symfony/polyfill-intl-grapheme (v1.29.0)
- Locking symfony/polyfill-intl-normalizer (v1.29.0)
- Locking symfony/polyfill-mbstring (v1.29.0)
- Locking symfony/polyfill-php73 (v1.29.0)
- Locking symfony/polyfill-php80 (v1.29.0)
- Locking symfony/service-contracts (v3.4.2)
- Locking symfony/string (v6.4.7)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 36 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing composer/pcre (1.0.1): Extracting archive
- Installing squizlabs/php_codesniffer (3.6.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.29.0): Extracting archive
- Installing composer/spdx-licenses (1.5.8): Extracting archive
- Installing composer/semver (3.4.0): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v38.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.29.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.29.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.29.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.29.0): Extracting archive
- Installing symfony/string (v6.4.7): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.4.2): Extracting archive
- Installing symfony/polyfill-php73 (v1.29.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.4.0): Extracting archive
- Installing symfony/console (v5.4.39): Extracting archive
- Installing sabre/event (5.1.4): Extracting archive
- Installing netresearch/jsonmapper (v4.4.1): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (1.28.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.3): Extracting archive
- Installing phpdocumentor/type-resolver (1.8.2): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.4.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (2.0.0): Extracting archive
- Installing composer/xdebug-handler (2.0.5): Extracting archive
- Installing phan/phan (5.2.0): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (3.3.2): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.11.1): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.3.1): Extracting archive
0/36 [>---------------------------] 0%
22/36 [=================>----------] 61%
35/36 [===========================>] 97%
36/36 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
15 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/traverse": {
"name": "@babel/traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096886,
"name": "@babel/traverse",
"dependency": "@babel/traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [],
"range": "<7.23.2",
"nodes": [
"node_modules/@babel/traverse"
],
"fixAvailable": true
},
"@wikimedia/mw-node-qunit": {
"name": "@wikimedia/mw-node-qunit",
"severity": "moderate",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "<=6.2.1",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.4.2",
"isSemVerMajor": false
}
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094091,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [],
"range": "4.0.0 - 4.1.0",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit/node_modules/ansi-regex",
"node_modules/webpack-cli/node_modules/ansi-regex"
],
"fixAvailable": true
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096644,
"name": "browserify-sign",
"dependency": "browserify-sign",
"title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
"url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
"severity": "high",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.6.0 <=4.2.1"
}
],
"effects": [],
"range": "2.6.0 - 4.2.1",
"nodes": [
"node_modules/browserify-sign"
],
"fixAvailable": true
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"decode-uri-component": {
"name": "decode-uri-component",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094087,
"name": "decode-uri-component",
"dependency": "decode-uri-component",
"title": "decode-uri-component vulnerable to Denial of Service (DoS)",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.2.1"
}
],
"effects": [],
"range": "<0.2.1",
"nodes": [
"node_modules/decode-uri-component"
],
"fixAvailable": true
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095007,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<5.1.2"
}
],
"effects": [
"chokidar"
],
"range": "<5.1.2",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/glob-parent"
],
"fixAvailable": true
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"markdown-it",
"marked",
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"jsdom": {
"name": "jsdom",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1089185,
"name": "jsdom",
"dependency": "jsdom",
"title": "Insufficient Granularity of Access Control in JSDom",
"url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98",
"severity": "moderate",
"cwe": [
"CWE-1220"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=16.4.0"
},
"request",
"request-promise-native",
"tough-cookie"
],
"effects": [
"@wikimedia/mw-node-qunit"
],
"range": "<=16.5.3",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"json-schema": {
"name": "json-schema",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1095057,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "critical",
"cwe": [
"CWE-915",
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
},
{
"source": 1096544,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": ">=2.0.0 <2.2.2"
}
],
"effects": [],
"range": "<1.0.2 || >=2.0.0 <2.2.2",
"nodes": [
"node_modules/json5",
"node_modules/loader-utils/node_modules/json5",
"node_modules/webpack-cli/node_modules/json5"
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "critical",
"isDirect": false,
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"less": {
"name": "less",
"severity": "moderate",
"isDirect": true,
"via": [
"request"
],
"effects": [],
"range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
"nodes": [
"node_modules/less"
],
"fixAvailable": {
"name": "less",
"version": "3.13.1",
"isSemVerMajor": false
}
},
"loader-utils": {
"name": "loader-utils",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1094088,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<1.4.1"
},
{
"source": 1095055,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
},
{
"source": 1097143,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
}
],
"effects": [
"webpack-cli"
],
"range": "<=1.4.1",
"nodes": [
"node_modules/loader-utils",
"node_modules/webpack-cli/node_modules/loader-utils"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "3.3.12",
"isSemVerMajor": false
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1092663,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<12.3.2"
}
],
"effects": [
"jsdoc"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"marked": {
"name": "marked",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095051,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
},
{
"source": 1095052,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
}
],
"effects": [
"jsdoc"
],
"range": "<=4.0.9",
"nodes": [
"node_modules/marked"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [],
"range": "<3.0.5",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": true
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096549,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [],
"range": "1.0.0 - 1.2.5",
"nodes": [
"node_modules/minimist"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089011,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/doiuse/node_modules/nanoid",
"node_modules/stylelint-no-unsupported-browser-features/node_modules/nanoid"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.4.31",
"nodes": [
"node_modules/doiuse/node_modules/postcss",
"node_modules/postcss",
"node_modules/stylelint-no-unsupported-browser-features/node_modules/postcss"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096470,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.5.0 <6.5.3"
}
],
"effects": [],
"range": "6.5.0 - 6.5.2",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"jsdom",
"less",
"request-promise-core",
"request-promise-native"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"request-promise-core": {
"name": "request-promise-core",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"request-promise-native"
],
"range": "*",
"nodes": [
"node_modules/request-promise-core"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"request-promise-native": {
"name": "request-promise-native",
"severity": "moderate",
"isDirect": false,
"via": [
"request",
"request-promise-core",
"tough-cookie"
],
"effects": [
"jsdom"
],
"range": ">=1.0.0",
"nodes": [
"node_modules/request-promise-native"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1096483,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.7.2"
},
{
"source": 1096484,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.0.0 <6.3.1"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1",
"nodes": [
"node_modules/@babel/helper-compilation-targets/node_modules/semver",
"node_modules/@stylelint/postcss-css-in-js/node_modules/semver",
"node_modules/@wikimedia/mw-node-qunit/node_modules/semver",
"node_modules/eslint-plugin-compat/node_modules/semver",
"node_modules/eslint-plugin-jsdoc/node_modules/semver",
"node_modules/eslint-plugin-mediawiki/node_modules/semver",
"node_modules/eslint-plugin-node/node_modules/semver",
"node_modules/eslint-plugin-unicorn/node_modules/semver",
"node_modules/eslint-plugin-vue/node_modules/semver",
"node_modules/eslint-template-visitor/node_modules/semver",
"node_modules/eslint/node_modules/semver",
"node_modules/istanbul-lib-instrument/node_modules/semver",
"node_modules/make-dir/node_modules/semver",
"node_modules/meow/node_modules/semver",
"node_modules/nyc/node_modules/semver",
"node_modules/semver",
"node_modules/vue-eslint-parser/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"isDirect": false,
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"sugarss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint"
],
"effects": [],
"range": "<=0.11.1",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": true
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"terser": {
"name": "terser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091691,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.8.1"
}
],
"effects": [],
"range": "<4.8.1",
"nodes": [
"node_modules/terser"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096643,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"jsdom",
"request",
"request-promise-native"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack-cli": {
"name": "webpack-cli",
"severity": "critical",
"isDirect": true,
"via": [
"loader-utils"
],
"effects": [],
"range": "1.3.0 - 1.3.3 || 3.3.5 - 3.3.11",
"nodes": [
"node_modules/webpack-cli"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "3.3.12",
"isSemVerMajor": false
}
},
"word-wrap": {
"name": "word-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1095091,
"name": "word-wrap",
"dependency": "word-wrap",
"title": "word-wrap vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.2.4"
}
],
"effects": [],
"range": "<1.2.4",
"nodes": [
"node_modules/word-wrap"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 22,
"high": 14,
"critical": 6,
"total": 42
},
"dependencies": {
"prod": 1,
"dev": 1366,
"optional": 39,
"peer": 0,
"peerOptional": 0,
"total": 1366
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.12.0',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@37.0.3',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1375,
"removed": 0,
"changed": 0,
"audited": 1376,
"funding": 133,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/traverse": {
"name": "@babel/traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096886,
"name": "@babel/traverse",
"dependency": "@babel/traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [],
"range": "<7.23.2",
"nodes": [
""
],
"fixAvailable": true
},
"@wikimedia/mw-node-qunit": {
"name": "@wikimedia/mw-node-qunit",
"severity": "moderate",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "<=6.2.1",
"nodes": [
"node_modules/@wikimedia/mw-node-qunit"
],
"fixAvailable": {
"name": "@wikimedia/mw-node-qunit",
"version": "6.4.2",
"isSemVerMajor": false
}
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094091,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [],
"range": "4.0.0 - 4.1.0",
"nodes": [
"",
""
],
"fixAvailable": true
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096644,
"name": "browserify-sign",
"dependency": "browserify-sign",
"title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
"url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
"severity": "high",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.6.0 <=4.2.1"
}
],
"effects": [],
"range": "2.6.0 - 4.2.1",
"nodes": [
""
],
"fixAvailable": true
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"glob-parent"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"decode-uri-component": {
"name": "decode-uri-component",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094087,
"name": "decode-uri-component",
"dependency": "decode-uri-component",
"title": "decode-uri-component vulnerable to Denial of Service (DoS)",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.2.1"
}
],
"effects": [],
"range": "<0.2.1",
"nodes": [
""
],
"fixAvailable": true
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095007,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<5.1.2"
}
],
"effects": [
"chokidar"
],
"range": "<5.1.2",
"nodes": [
""
],
"fixAvailable": true
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"markdown-it",
"marked",
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"jsdom": {
"name": "jsdom",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1089185,
"name": "jsdom",
"dependency": "jsdom",
"title": "Insufficient Granularity of Access Control in JSDom",
"url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98",
"severity": "moderate",
"cwe": [
"CWE-1220"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=16.4.0"
},
"request",
"request-promise-native",
"tough-cookie"
],
"effects": [
"@wikimedia/mw-node-qunit"
],
"range": "<=16.5.3",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"json-schema": {
"name": "json-schema",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1095057,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "critical",
"cwe": [
"CWE-915",
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
""
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
},
{
"source": 1096544,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": ">=2.0.0 <2.2.2"
}
],
"effects": [],
"range": "<1.0.2 || >=2.0.0 <2.2.2",
"nodes": [
"",
"",
""
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "critical",
"isDirect": false,
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
""
],
"fixAvailable": true
},
"less": {
"name": "less",
"severity": "moderate",
"isDirect": true,
"via": [
"request"
],
"effects": [],
"range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
"nodes": [
"node_modules/less"
],
"fixAvailable": {
"name": "less",
"version": "3.13.1",
"isSemVerMajor": false
}
},
"loader-utils": {
"name": "loader-utils",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1094088,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<1.4.1"
},
{
"source": 1095055,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
},
{
"source": 1097143,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
}
],
"effects": [
"webpack-cli"
],
"range": "<=1.4.1",
"nodes": [
"",
"node_modules/webpack-cli/node_modules/loader-utils"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "3.3.12",
"isSemVerMajor": false
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1092663,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<12.3.2"
}
],
"effects": [
"jsdoc"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"marked": {
"name": "marked",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095051,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
},
{
"source": 1095052,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
}
],
"effects": [
"jsdoc"
],
"range": "<=4.0.9",
"nodes": [
"node_modules/marked"
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [],
"range": "<3.0.5",
"nodes": [
""
],
"fixAvailable": true
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096549,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [],
"range": "1.0.0 - 1.2.5",
"nodes": [
""
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089011,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [],
"range": "3.0.0 - 3.1.30",
"nodes": [
"",
""
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.4.31",
"nodes": [
"",
"",
"node_modules/postcss"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096470,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.5.0 <6.5.3"
}
],
"effects": [],
"range": "6.5.0 - 6.5.2",
"nodes": [
""
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"jsdom",
"less",
"request-promise-core",
"request-promise-native"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"request-promise-core": {
"name": "request-promise-core",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"request-promise-native"
],
"range": "*",
"nodes": [
"node_modules/request-promise-core"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"request-promise-native": {
"name": "request-promise-native",
"severity": "moderate",
"isDirect": false,
"via": [
"request",
"request-promise-core",
"tough-cookie"
],
"effects": [
"jsdom"
],
"range": ">=1.0.0",
"nodes": [
"node_modules/request-promise-native"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1096483,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.7.2"
},
{
"source": 1096484,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.0.0 <6.3.1"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"node_modules/eslint-plugin-compat/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"isDirect": false,
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"sugarss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint"
],
"effects": [],
"range": "<=0.11.1",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": true
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc"
],
"range": "*",
"nodes": [
""
],
"fixAvailable": {
"name": "jsdoc",
"version": "3.6.11",
"isSemVerMajor": false
}
},
"terser": {
"name": "terser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091691,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.8.1"
}
],
"effects": [],
"range": "<4.8.1",
"nodes": [
""
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096643,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"jsdom",
"request",
"request-promise-native"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "jsdom",
"version": "24.0.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack-cli": {
"name": "webpack-cli",
"severity": "critical",
"isDirect": true,
"via": [
"loader-utils"
],
"effects": [],
"range": "1.3.0 - 1.3.3 || 3.3.5 - 3.3.11",
"nodes": [
"node_modules/webpack-cli"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "3.3.12",
"isSemVerMajor": false
}
},
"word-wrap": {
"name": "word-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1095091,
"name": "word-wrap",
"dependency": "word-wrap",
"title": "word-wrap vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.2.4"
}
],
"effects": [],
"range": "<1.2.4",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 22,
"high": 14,
"critical": 6,
"total": 42
},
"dependencies": {
"prod": 1,
"dev": 1375,
"optional": 39,
"peer": 0,
"peerOptional": 0,
"total": 1375
}
}
}
}
--- end ---
{"added": 1375, "removed": 0, "changed": 0, "audited": 1376, "funding": 133, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/traverse": {"name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": [], "range": "<7.23.2", "nodes": [""], "fixAvailable": true}, "@wikimedia/mw-node-qunit": {"name": "@wikimedia/mw-node-qunit", "severity": "moderate", "isDirect": true, "via": ["jsdom"], "effects": [], "range": "<=6.2.1", "nodes": ["node_modules/@wikimedia/mw-node-qunit"], "fixAvailable": {"name": "@wikimedia/mw-node-qunit", "version": "6.4.2", "isSemVerMajor": false}}, "ansi-regex": {"name": "ansi-regex", "severity": "high", "isDirect": false, "via": [{"source": 1094091, "name": "ansi-regex", "dependency": "ansi-regex", "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "high", "cwe": ["CWE-697", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.1.1"}], "effects": [], "range": "4.0.0 - 4.1.0", "nodes": ["", ""], "fixAvailable": true}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "browserify-sign": {"name": "browserify-sign", "severity": "high", "isDirect": false, "via": [{"source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": ["CWE-347"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=2.6.0 <=4.2.1"}], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [""], "fixAvailable": true}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["glob-parent"], "effects": ["watchpack-chokidar2"], "range": "1.0.0-rc1 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": true}, "decode-uri-component": {"name": "decode-uri-component", "severity": "high", "isDirect": false, "via": [{"source": 1094087, "name": "decode-uri-component", "dependency": "decode-uri-component", "title": "decode-uri-component vulnerable to Denial of Service (DoS)", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "severity": "high", "cwe": ["CWE-20"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.2.1"}], "effects": [], "range": "<0.2.1", "nodes": [""], "fixAvailable": true}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint-plugin-compat"], "effects": [], "range": "0.18.0 - 0.21.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "eslint-plugin-compat": {"name": "eslint-plugin-compat", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["eslint-config-wikimedia"], "range": "3.6.0-0 - 4.1.4", "nodes": ["node_modules/eslint-plugin-compat"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "glob-parent": {"name": "glob-parent", "severity": "high", "isDirect": false, "via": [{"source": 1095007, "name": "glob-parent", "dependency": "glob-parent", "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<5.1.2"}], "effects": ["chokidar"], "range": "<5.1.2", "nodes": [""], "fixAvailable": true}, "jsdoc": {"name": "jsdoc", "severity": "high", "isDirect": true, "via": ["markdown-it", "marked", "taffydb"], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "jsdom": {"name": "jsdom", "severity": "moderate", "isDirect": true, "via": [{"source": 1089185, "name": "jsdom", "dependency": "jsdom", "title": "Insufficient Granularity of Access Control in JSDom", "url": "https://github.com/advisories/GHSA-f4c9-cqv8-9v98", "severity": "moderate", "cwe": ["CWE-1220"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<=16.4.0"}, "request", "request-promise-native", "tough-cookie"], "effects": ["@wikimedia/mw-node-qunit"], "range": "<=16.5.3", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jsdom", "version": "24.0.0", "isSemVerMajor": true}}, "json-schema": {"name": "json-schema", "severity": "critical", "isDirect": false, "via": [{"source": 1095057, "name": "json-schema", "dependency": "json-schema", "title": "json-schema is vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-896r-f27r-55mw", "severity": "critical", "cwe": ["CWE-915", "CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.4.0"}], "effects": ["jsprim"], "range": "<0.4.0", "nodes": [""], "fixAvailable": true}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096543, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": "<1.0.2"}, {"source": 1096544, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": ">=2.0.0 <2.2.2"}], "effects": [], "range": "<1.0.2 || >=2.0.0 <2.2.2", "nodes": ["", "", ""], "fixAvailable": true}, "jsprim": {"name": "jsprim", "severity": "critical", "isDirect": false, "via": ["json-schema"], "effects": [], "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1", "nodes": [""], "fixAvailable": true}, "less": {"name": "less", "severity": "moderate", "isDirect": true, "via": ["request"], "effects": [], "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3", "nodes": ["node_modules/less"], "fixAvailable": {"name": "less", "version": "3.13.1", "isSemVerMajor": false}}, "loader-utils": {"name": "loader-utils", "severity": "critical", "isDirect": false, "via": [{"source": 1094088, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<1.4.1"}, {"source": 1095055, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}, {"source": 1097143, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}], "effects": ["webpack-cli"], "range": "<=1.4.1", "nodes": ["", "node_modules/webpack-cli/node_modules/loader-utils"], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<12.3.2"}], "effects": ["jsdoc"], "range": "<12.3.2", "nodes": ["node_modules/markdown-it"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "marked": {"name": "marked", "severity": "high", "isDirect": false, "via": [{"source": 1095051, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.0.10"}, {"source": 1095052, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.0.10"}], "effects": ["jsdoc"], "range": "<=4.0.9", "nodes": ["node_modules/marked"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": [], "range": "<3.0.5", "nodes": [""], "fixAvailable": true}, "minimist": {"name": "minimist", "severity": "critical", "isDirect": false, "via": [{"source": 1096549, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}], "effects": [], "range": "1.0.0 - 1.2.5", "nodes": [""], "fixAvailable": true}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1089011, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=3.0.0 <3.1.31"}], "effects": [], "range": "3.0.0 - 3.1.30", "nodes": ["", ""], "fixAvailable": true}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["autoprefixer", "postcss-less", "postcss-safe-parser", "postcss-sass", "postcss-scss", "stylelint", "sugarss"], "range": "<8.4.31", "nodes": ["", "", "node_modules/postcss"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "postcss-less": {"name": "postcss-less", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=3.1.4", "nodes": ["node_modules/postcss-less"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "postcss-safe-parser": {"name": "postcss-safe-parser", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=4.0.2", "nodes": ["node_modules/postcss-safe-parser"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "postcss-sass": {"name": "postcss-sass", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=0.4.4", "nodes": ["node_modules/postcss-sass"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "postcss-scss": {"name": "postcss-scss", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=2.1.1", "nodes": ["node_modules/postcss-scss"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "qs": {"name": "qs", "severity": "high", "isDirect": false, "via": [{"source": 1096470, "name": "qs", "dependency": "qs", "title": "qs vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.5.0 <6.5.3"}], "effects": [], "range": "6.5.0 - 6.5.2", "nodes": [""], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["jsdom", "less", "request-promise-core", "request-promise-native"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "jsdom", "version": "24.0.0", "isSemVerMajor": true}}, "request-promise-core": {"name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["request-promise-native"], "range": "*", "nodes": ["node_modules/request-promise-core"], "fixAvailable": {"name": "jsdom", "version": "24.0.0", "isSemVerMajor": true}}, "request-promise-native": {"name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": ["request", "request-promise-core", "tough-cookie"], "effects": ["jsdom"], "range": ">=1.0.0", "nodes": ["node_modules/request-promise-native"], "fixAvailable": {"name": "jsdom", "version": "24.0.0", "isSemVerMajor": true}}, "semver": {"name": "semver", "severity": "moderate", "isDirect": false, "via": [{"source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=7.0.0 <7.5.2"}, {"source": 1096483, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<5.7.2"}, {"source": 1096484, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=6.0.0 <6.3.1"}], "effects": ["eslint-plugin-compat"], "range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1", "nodes": ["", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "node_modules/eslint-plugin-compat/node_modules/semver"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "stylelint": {"name": "stylelint", "severity": "moderate", "isDirect": false, "via": ["autoprefixer", "postcss", "postcss-less", "postcss-safe-parser", "postcss-sass", "postcss-scss", "sugarss"], "effects": ["stylelint-config-wikimedia"], "range": "0.1.0 - 13.13.1", "nodes": ["node_modules/stylelint"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "stylelint-config-wikimedia": {"name": "stylelint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["stylelint"], "effects": [], "range": "<=0.11.1", "nodes": ["node_modules/stylelint-config-wikimedia"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "sugarss": {"name": "sugarss", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/sugarss"], "fixAvailable": true}, "taffydb": {"name": "taffydb", "severity": "high", "isDirect": false, "via": [{"source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": ["CWE-20", "CWE-668"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<=2.7.3"}], "effects": ["jsdoc"], "range": "*", "nodes": [""], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "terser": {"name": "terser", "severity": "high", "isDirect": false, "via": [{"source": 1091691, "name": "terser", "dependency": "terser", "title": "Terser insecure use of regular expressions leads to ReDoS", "url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.8.1"}], "effects": [], "range": "<4.8.1", "nodes": [""], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["jsdom", "request", "request-promise-native"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "jsdom", "version": "24.0.0", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/watchpack"], "fixAvailable": true}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": true}, "webpack-cli": {"name": "webpack-cli", "severity": "critical", "isDirect": true, "via": ["loader-utils"], "effects": [], "range": "1.3.0 - 1.3.3 || 3.3.5 - 3.3.11", "nodes": ["node_modules/webpack-cli"], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "word-wrap": {"name": "word-wrap", "severity": "moderate", "isDirect": false, "via": [{"source": 1095091, "name": "word-wrap", "dependency": "word-wrap", "title": "word-wrap vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.2.4"}], "effects": [], "range": "<1.2.4", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 22, "high": 14, "critical": 6, "total": 42}, "dependencies": {"prod": 1, "dev": 1375, "optional": 39, "peer": 0, "peerOptional": 0, "total": 1375}}}}
{}
Upgrading n:@wikimedia/mw-node-qunit from 6.2.1 -> 6.4.2
{}
Upgrading n:jsdoc from 3.6.7 -> 3.6.11
{}
Upgrading n:less from 3.8.1 -> 3.13.1
{}
Upgrading n:webpack-cli from 3.3.11 -> 3.3.12
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.12.0',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@37.0.3',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated @stylelint/postcss-markdown@0.36.2: Use the original unforked package instead: postcss-markdown
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated sinon@12.0.1: 16.1.1
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1300 packages, and audited 1301 packages in 16s
130 packages are looking for funding
run `npm fund` for details
# npm audit report
glob-parent <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
jsdom <=16.5.3
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install jsdom@24.0.0, which is a breaking change
node_modules/jsdom
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install stylelint-config-wikimedia@0.16.1, which is a breaking change
node_modules/postcss
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
stylelint 0.1.0 - 13.13.1
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-less
Depends on vulnerable versions of postcss-safe-parser
Depends on vulnerable versions of postcss-sass
Depends on vulnerable versions of postcss-scss
Depends on vulnerable versions of sugarss
node_modules/stylelint
stylelint-config-wikimedia <=0.11.1
Depends on vulnerable versions of stylelint
node_modules/stylelint-config-wikimedia
postcss-less <=3.1.4
Depends on vulnerable versions of postcss
node_modules/postcss-less
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-sass <=0.4.4
Depends on vulnerable versions of postcss
node_modules/postcss-sass
postcss-scss <=2.1.1
Depends on vulnerable versions of postcss
node_modules/postcss-scss
sugarss <=2.0.0
Depends on vulnerable versions of postcss
node_modules/sugarss
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install jsdom@24.0.0, which is a breaking change
node_modules/request
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install eslint-config-wikimedia@0.27.0, which is a breaking change
node_modules/eslint-plugin-compat/node_modules/semver
eslint-plugin-compat 3.6.0-0 - 4.1.4
Depends on vulnerable versions of semver
node_modules/eslint-plugin-compat
eslint-config-wikimedia 0.18.0 - 0.21.0
Depends on vulnerable versions of eslint-plugin-compat
node_modules/eslint-config-wikimedia
taffydb *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
fix available via `npm audit fix --force`
Will install jsdoc@4.0.3, which is a breaking change
node_modules/taffydb
jsdoc 3.2.0-dev - 3.6.11
Depends on vulnerable versions of taffydb
node_modules/jsdoc
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install jsdom@24.0.0, which is a breaking change
node_modules/tough-cookie
23 vulnerabilities (17 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.12.0',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@37.0.3',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated @stylelint/postcss-markdown@0.36.2: Use the original unforked package instead: postcss-markdown
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated sinon@12.0.1: 16.1.1
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1300 packages, and audited 1301 packages in 16s
130 packages are looking for funding
run `npm fund` for details
23 vulnerabilities (17 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc
Checked 1 message directory.
TAP version 13
ok 1 MobileFrontend imports > All our code is importable in headless Node.js
ok 2 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent (no section)
ok 3 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent
ok 4 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent, new page
ok 5 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent, missing section
ok 6 MobileFrontend mobile.editor.overlay/EditorGateway > #getBlockInfo
ok 7 MobileFrontend mobile.editor.overlay/EditorGateway > #save, success
ok 8 MobileFrontend mobile.editor.overlay/EditorGateway > #save, new page
ok 9 MobileFrontend mobile.editor.overlay/EditorGateway > #save, submit CAPTCHA
ok 10 MobileFrontend mobile.editor.overlay/EditorGateway > #save, request failure
ok 11 MobileFrontend mobile.editor.overlay/EditorGateway > #save, API failure
ok 12 MobileFrontend mobile.editor.overlay/EditorGateway > #save, CAPTCHA response with image URL
ok 13 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter warning
ok 14 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter disallow
ok 15 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter other
ok 16 MobileFrontend mobile.editor.overlay/EditorGateway > #save, extension errors
ok 17 MobileFrontend mobile.editor.overlay/EditorGateway > #save, read-only error
ok 18 MobileFrontend mobile.editor.overlay/EditorGateway > #save, unknown errors
ok 19 MobileFrontend mobile.editor.overlay/EditorGateway > #save, without changes
ok 20 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway
ok 21 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check without sectionLine
ok 22 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check with sectionLine
ok 23 MobileFrontend mobile.editor.overlay/EditorGateway > #save, when token has expired
ok 24 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, blocked user
ok 25 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, with given page and section
ok 26 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, without a section
ok 27 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #preview
ok 28 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, as anonymous
ok 29 MobileFrontend mobile.editor.overlay/identifyLeadParagraph > identifyLeadParagraph
ok 30 MobileFrontend editorLoadingOverlay.js > editorLoadingOverlay calls the callbacks
ok 31 MobileFrontend LanguageSearcher.js > renders output
ok 32 MobileFrontend LanguageSearcher.js > saves the language count when link is clicked
ok 33 MobileFrontend LanguageSearcher.js > without variants, input event filters languages
ok 34 MobileFrontend LanguageSearcher.js > with variants, input event filters languages
ok 35 MobileFrontend mobile.languages.structured/util.test.js > #getFrequentlyUsedLanguages
ok 36 MobileFrontend mobile.languages.structured/util.test.js > #saveLanguageUsageCount
ok 37 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages
ok 38 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages device language
ok 39 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages variants
ok 40 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows details bar and image with successful api response
ok 41 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows error message with failed api response
ok 42 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is disabled when overlay has load failure
ok 43 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is enabled when overlay loads successfully
ok 44 MobileFrontend mobile.mediaViewer/ImageGateway > #findSizeBucket
ok 45 MobileFrontend mobile.mediaViewer/ImageGateway > ImageGateway#getThumb (missing page)
ok 46 MobileFrontend WatchList.js > In watched mode
ok 47 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the first page
ok 48 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the second page from last item of first
ok 49 MobileFrontend WatchListGateway.js > loadWatchlist() doesn't throw an error when no pages are returned
ok 50 MobileFrontend WatchListGateway.js > loadWatchlist() marks pages as new if necessary
ok 51 MobileFrontend Browser.js > isIos()
ok 52 MobileFrontend Browser.js > Methods are cached
ok 53 MobileFrontend Browser.js > isWideScreen()
ok 54 MobileFrontend Browser.js > supportsTouchEvents()
ok 55 MobileFrontend Button.js > creates a link if passed href option
ok 56 MobileFrontend Button.js > does not add href attribute when not a link
ok 57 MobileFrontend CtaDrawer.js > redirectParams() > empty props, default URL
ok 58 MobileFrontend CtaDrawer.js > redirectParams() > empty props, nondefault URL
ok 59 MobileFrontend CtaDrawer.js > redirectParams() > nonempty props
ok 60 MobileFrontend CtaDrawer.js > signUpParams() > empty props
ok 61 MobileFrontend CtaDrawer.js > signUpParams() > nonempty props
ok 62 MobileFrontend CtaDrawer.js > HTML > defaults
ok 63 MobileFrontend CtaDrawer.js > HTML > overrides
ok 64 MobileFrontend Drawer.js > visible on show()
ok 65 MobileFrontend Drawer.js > accepts onShow and events
ok 66 MobileFrontend Drawer.js > hidden on hide()
ok 67 MobileFrontend Drawer.js > hidden on mask click
ok 68 MobileFrontend Drawer.js > HTML is valid
ok 69 MobileFrontend Icon.js > creates a link if passed href option
ok 70 MobileFrontend Icon.js > does not add href attribute when not a link
ok 71 MobileFrontend Icon.js > adds disabled attribute when a button
ok 72 MobileFrontend Icon.js > does not add disabled attribute when not a button
ok 73 MobileFrontend Icon.js > getIconClasses generates icon classes using icon name
ok 74 MobileFrontend Icon.js > getIconClasses generates icon classes using custom icon prefix
ok 75 MobileFrontend Icon.js > getIconClasses generates icon classes using icon type
ok 76 MobileFrontend Icon.js > getIconClasses adds button classes using icon type element
ok 77 MobileFrontend Icon.js > getIconClasses adds additional classes
ok 78 MobileFrontend Icon.js > getRotationClasses returns rotation classes
ok 79 MobileFrontend Icon.js > getGlyphClassName uses icon prefix
ok 80 MobileFrontend Icon.js > getGlyphClassName does not use icon prefix if not provided
ok 81 MobileFrontend Icon.js > adds small classes
ok 82 MobileFrontend: Overlay.js > Simple overlay
ok 83 MobileFrontend: Overlay.js > #make
ok 84 MobileFrontend: Overlay.js > HTML overlay
ok 85 MobileFrontend: Overlay.js > headerActions property
ok 86 MobileFrontend: Overlay.js > onBeforeExit
ok 87 MobileFrontend: Overlay.js > Close overlay
ok 88 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay not managed)
ok 89 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay managed)
ok 90 MobileFrontend mobile.startup/OverlayManager > #getSingleton
ok 91 MobileFrontend mobile.startup/OverlayManager > #add
ok 92 MobileFrontend mobile.startup/OverlayManager > #show
ok 93 MobileFrontend mobile.startup/OverlayManager > #add, with current path
ok 94 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (matching)
ok 95 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (not matching)
ok 96 MobileFrontend mobile.startup/OverlayManager > #replaceCurrent
ok 97 MobileFrontend mobile.startup/OverlayManager > route with params
ok 98 MobileFrontend mobile.startup/OverlayManager > hide when route changes
ok 99 MobileFrontend mobile.startup/OverlayManager > go back (change route) if overlay hidden but not by route change
ok 100 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches
ok 101 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches (non-regex)
ok 102 MobileFrontend mobile.startup/OverlayManager > do not go back (change route) if overlay hidden by change in route
ok 103 MobileFrontend mobile.startup/OverlayManager > preventDefault called when you cancel an exit request
ok 104 MobileFrontend mobile.startup/OverlayManager > Browser back can be overidden
ok 105 MobileFrontend mobile.startup/OverlayManager > stacked overlays
ok 106 MobileFrontend mobile.startup/OverlayManager > prevent route change
ok 107 MobileFrontend mobile.startup/OverlayManager > stack increases and decreases at right times
ok 108 MobileFrontend mobile.startup/OverlayManager > replace overlay when route event path is equal to current path
ok 109 MobileFrontend Page.js > #isMainPage
ok 110 MobileFrontend PageGateway > #getPageLanguages (response)
ok 111 MobileFrontend PageGateway > #getPageLanguages (call)
ok 112 MobileFrontend PageHTMLParser.js > #findInSectionLead
ok 113 MobileFrontend PageHTMLParser.js > #getThumbnails
ok 114 MobileFrontend ScrollEndEventEmitter.js > initializes properly
ok 115 MobileFrontend ScrollEndEventEmitter.js > emits scroll end event
ok 116 MobileFrontend ScrollEndEventEmitter.js > doesn't emit when disabled
ok 117 MobileFrontend Section.js > initialize with options
ok 118 MobileFrontend Section.js > initialize with subsections
ok 119 MobileFrontend Toggler.js > Mobile mode - Toggle section
ok 120 MobileFrontend Toggler.js > Mobile mode - Clicking a hash link to reveal an already open section
ok 121 MobileFrontend Toggler.js > Mobile mode - Reveal element
ok 122 MobileFrontend Toggler.js > Mobile mode - Clicking hash links
ok 123 MobileFrontend Toggler.js > Mobile mode - Tap event toggles section
ok 124 MobileFrontend Toggler.js > Accessibility - Verify ARIA attributes
ok 125 MobileFrontend Toggler.js > Tablet mode - Open by default
ok 126 MobileFrontend Toggler.js > Tablet mode - Open by default 2
ok 127 MobileFrontend Toggler.js > Accessibility - Pressing space/ enter toggles a heading
ok 128 MobileFrontend Toggler.js > Clicking a link within a heading isn't triggering a toggle
ok 129 MobileFrontend Toggler.js > Toggling a section stores its state.
ok 130 MobileFrontend Toggler.js > Expanding already expanded section does not toggle it.
ok 131 MobileFrontend Toggler.js > MobileFrontend toggle.js - Expand stored sections.
ok 132 MobileFrontend Toggler.js > MobileFrontend toggle.js - T320753: Presence of class disables toggling.
ok 133 MobileFrontend mobile.startup/View > View
ok 134 MobileFrontend mobile.startup/View > View, jQuery proxy functions
ok 135 MobileFrontend mobile.startup/View > View#preRender
ok 136 MobileFrontend mobile.startup/View > View#postRender
ok 137 MobileFrontend mobile.startup/View > View#delegateEvents
ok 138 MobileFrontend mobile.startup/View > View#render (with isTemplateMode)
ok 139 MobileFrontend mobile.startup/View > View#render events (with isTemplateMode)
ok 140 MobileFrontend mobile.startup/View > View with className option
ok 141 MobileFrontend mobile.startup/View > View.make()
ok 142 MobileFrontend amcOutreach/AmcEnableForm.js > renders correctly
ok 143 MobileFrontend amcOutreachDrawer.js > returns a drawer
ok 144 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and onBeforeHide callback when dismissed
ok 145 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and toast.showOnPageReload when user enables
ok 146 MobileFrontend cache.js > cache set() and get()
ok 147 MobileFrontend extendSearchParams.js > it throws if the feature is invalid
ok 148 MobileFrontend extendSearchParams.js > it extends the parameters
ok 149 MobileFrontend extendSearchParams.js > it doesn't include Wikibase-specific parameters if the feature is disabled
ok 150 MobileFrontend extendSearchParams.js > it adds the MobileFrontend configuration to given terms types
ok 151 MobileFrontend extendSearchParams.js > it prioritizes MobileFrontend configuration
ok 152 MobileFrontend extendSearchParams.js > it is variadic
ok 153 MobileFrontend icons.js > #cancel()
ok 154 MobileFrontend icons.js > #cancel(variant)
ok 155 MobileFrontend icons.js > #cancel(, props)
ok 156 MobileFrontend icons.js > #spinner(props)
ok 157 MobileFrontend icons.js > #spinner()
ok 158 MobileFrontend getDeviceLanguage > returns language code of device in lowercase
ok 159 MobileFrontend languageOverlay.js > #constructor
ok 160 MobileFrontend lazyImageLoader.js > #queryPlaceholders() empty
ok 161 MobileFrontend lazyImageLoader.js > #queryPlaceholders() nonempty
ok 162 MobileFrontend lazyImageLoader.js > #loadImage() copy attributes
ok 163 MobileFrontend lazyImageLoader.js > #loadImage() loaded
ok 164 MobileFrontend lazyImageLoader.js > #loadImage() load error
ok 165 MobileFrontend lazyImageLoader.js > #loadImages() empty
ok 166 MobileFrontend lazyImageLoader.js > #loadImages() nonempty
ok 167 MobileFrontend lazyImageLoader.js > #loadImages() plural
ok 168 MobileFrontend lazyImageLoader.js > #loadImages() one fails to load, one succeeds
ok 169 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor
ok 170 MobileFrontend mfExtend.test.js > mfExtend() - extending from object
ok 171 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor with overrides
ok 172 MobileFrontend ModuleLoader > #require
ok 173 MobileFrontend ModuleLoader > #define
ok 174 MobileFrontend pageJSONParser > .parse()
ok 175 MobileFrontend promisedView.js > #constructor happyView
ok 176 MobileFrontend promisedView.js > #constructor when promise rejects but not to a sadView
ok 177 MobileFrontend promisedView.js > #constructor when promise rejects to a sadView
ok 178 MobileFrontend promoCampaign.js > #showIfEligible throws when invalid
ok 179 MobileFrontend promoCampaign.js > #showIfEligible when campaign off
ok 180 MobileFrontend promoCampaign.js > #showIfEligible when user ineligible
ok 181 MobileFrontend promoCampaign.js > #showIfEligible when storage is not available
ok 182 MobileFrontend promoCampaign.js > #showIfEligible when storage key is ineligible
ok 183 MobileFrontend promoCampaign.js > #showIfEligible when eligible
ok 184 MobileFrontend promoCampaign.js > #showIfEligible when eligible and passed additional args
ok 185 MobileFrontend promoCampaign.js > #makeActionIneligible when successful
ok 186 MobileFrontend promoCampaign.js > #makeActionIneligible when unsuccessful
ok 187 MobileFrontend promoCampaign.js > #makeActionIneligible when invalid action
ok 188 MobileFrontend promoCampaign.js > #makeAllActionsIneligible
ok 189 MobileFrontend promoCampaign.js > #isCampaignActive when true
ok 190 MobileFrontend promoCampaign.js > #isCampaignActive when false
ok 191 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking good reference
ok 192 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking bad reference
ok 193 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() adds an extra class for external links
ok 194 MobileFrontend: references > Bad reference not shown
ok 195 MobileFrontend: references > Good reference causes render
ok 196 MobileFrontend: references > Reference failure renders error in drawer
ok 197 MobileFrontend: references > makeOnNestedReferenceClickHandler runs when associated with link
ok 198 MobileFrontend: SearchGateway > ._highlightSearchTerm
ok 199 MobileFrontend: SearchGateway > show redirect targets
ok 200 MobileFrontend: SearchGateway > MobileFrontend SearchGateway (Wikidata Descriptions) > Wikidata Description in search results
ok 201 MobileFrontend mobile.startup/SearchOverlay.js > renders correctly
ok 202 MobileFrontend mobile.startup/SearchOverlay.js > resetSearch
ok 203 MobileFrontend mobile.startup/SearchOverlay.js > onClickOverlayContent
ok 204 MobileFrontend mobile.startup/SearchResultsView.js > renders correctly
ok 205 MobileFrontend time.js > timeAgo()
ok 206 MobileFrontend util.js > Promise.all() success
ok 207 MobileFrontend util.js > Promise.all() reject
ok 208 MobileFrontend util.js > escapeSelector()
ok 209 MobileFrontend util.js > docReady()
ok 210 MobileFrontend util.js > Deferred() - resolve
ok 211 MobileFrontend util.js > Deferred() - reject
ok 212 MobileFrontend util.js > getDocument()
ok 213 MobileFrontend util.js > getWindow()
ok 214 MobileFrontend util.js > parseHTML()
ok 215 MobileFrontend util.js > extend()
ok 216 MobileFrontend Watchstar.js > Render a watchstar
ok 217 MobileFrontend: WatchstarGateway.js > getStatuses(nonempty)
ok 218 MobileFrontend: WatchstarGateway.js > getStatuses(empty)
ok 219 MobileFrontend: WatchstarGateway.js > getStatusesByID(nonempty)
ok 220 MobileFrontend: WatchstarGateway.js > getStatusesByID(empty)
ok 221 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(nonempty)
ok 222 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(empty)
ok 223 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(nonempty)
ok 224 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(empty)
ok 225 MobileFrontend mobile.startup/WatchstarPageList > Watchlist status check if no ids
ok 226 MobileFrontend mobile.startup/WatchstarPageList > Checks watchlist status once
ok 227 MobileFrontend AddTopicForm > makePanel()
ok 228 MobileFrontend AddTopicForm > AddTopicForm
ok 229 MobileFrontend TalkSectionAddOverlay > save()
ok 230 MobileFrontend TalkSectionOverlay.js - logged in > Check comment box for logged in users
ok 231 MobileFrontend TalkSectionOverlay.js - logged in > Check disabled property on textarea
ok 232 MobileFrontend TalkSectionOverlay.js - logged in > Check api request on save
ok 233 MobileFrontend TalkSectionOverlay.js - anonymous (logged out) > Check comment box for logged out users
ok 234 MobileFrontend autosign.js > #autosign
ok 235 MobileFrontend makeAddTopicForm > makeAddTopicForm
1..235
# pass 235
# skip 0
# todo 0
# fail 0
--------------------------------------|---------|----------|---------|---------|--------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
--------------------------------------|---------|----------|---------|---------|--------------------
All files | 63.45 | 48.78 | 59.12 | 63.44 |
src | 100 | 100 | 100 | 100 |
constants.js | 100 | 100 | 100 | 100 |
src/mobile.editor.overlay | 41.09 | 32.13 | 31.81 | 41 |
BlockMessageDetails.js | 9.43 | 0 | 0 | 9.43 | 13-140
EditorGateway.js | 92.4 | 84.48 | 93.33 | 92.4 | ...106,212,269-272
EditorOverlayBase.js | 40.84 | 16.66 | 28.57 | 40.84 | ...555,632,687-721
SourceEditorOverlay.js | 40.29 | 31.08 | 28.94 | 40.29 | ...373-378,427-623
VisualEditorOverlay.js | 12 | 0 | 0 | 12 | 25-85,119-302
blockMessageDrawer.js | 21.73 | 0 | 25 | 21.73 | 29-56
identifyLeadParagraph.js | 94.11 | 83.33 | 100 | 93.75 | 22
parseBlockInfo.js | 69.56 | 62.5 | 75 | 69.56 | 28,38,47-48,62-66
saveFailureMessage.js | 11.11 | 0 | 0 | 11.11 | 12-28
setPreferredEditor.js | 20 | 0 | 0 | 20 | 7-12
src/mobile.init | 15.91 | 0 | 11.53 | 15.91 |
editor.js | 6.95 | 0 | 0 | 6.95 | 30-524,528-553
editorLoadingOverlay.js | 100 | 100 | 100 | 100 |
fakeToolbar.js | 100 | 100 | 100 | 100 |
lazyLoadedImages.js | 9.52 | 0 | 0 | 9.52 | 11-66,73
toggling.js | 7.14 | 0 | 0 | 7.14 | 3-45
src/mobile.init/eventLogging | 2.04 | 0 | 0 | 2.04 |
schemaEditAttemptStep.js | 1.25 | 0 | 0 | 1.25 | 2-219
schemaVisualEditorFeatureUse.js | 5.55 | 0 | 0 | 5.55 | 2-71
src/mobile.languages.structured | 91.37 | 83.33 | 90.9 | 91.37 |
LanguageSearcher.js | 93.75 | 100 | 88.88 | 93.75 | 150-152
mobile.languages.structured.js | 100 | 100 | 100 | 100 |
rtlLanguages.js | 100 | 100 | 100 | 100 |
util.js | 89.06 | 76.19 | 92.3 | 89.06 | ...130-132,164,174
src/mobile.mediaViewer | 81.34 | 52 | 81.81 | 81.34 |
ImageCarousel.js | 78.43 | 41.66 | 80 | 78.43 | ...334-335,342,363
ImageGateway.js | 95.23 | 78.57 | 100 | 95.23 | 57
LoadErrorMessage.js | 81.81 | 100 | 66.66 | 81.81 | 74-76
src/mobile.special.watchlist.scripts | 85.48 | 83.33 | 64.28 | 85.48 |
WatchList.js | 74.19 | 50 | 44.44 | 74.19 | 34,92-125
WatchListGateway.js | 96.77 | 87.5 | 100 | 96.77 | 49
src/mobile.startup | 83.84 | 75.7 | 77.93 | 83.84 |
Anchor.js | 100 | 100 | 100 | 100 |
Browser.js | 96.66 | 93.75 | 100 | 96.66 | 69
Button.js | 100 | 100 | 100 | 100 |
CtaDrawer.js | 100 | 100 | 100 | 100 |
Drawer.js | 100 | 100 | 90.9 | 100 |
Icon.js | 95 | 90 | 100 | 95 | 57-59
LanguageInfo.js | 20 | 0 | 0 | 20 | 11,25-65
MessageBox.js | 100 | 100 | 100 | 100 |
Overlay.js | 89.79 | 70 | 84.61 | 89.79 | 54,110,113,164-165
OverlayManager.js | 99.05 | 94.73 | 100 | 99.05 | 59
Page.js | 52.63 | 84.61 | 44.44 | 52.63 | ...110-119,138-145
PageGateway.js | 90.62 | 75 | 85.71 | 90.62 | 24,46,61
PageHTMLParser.js | 95.65 | 97.14 | 87.5 | 95.65 | 36,201
PageList.js | 100 | 50 | 100 | 100 | 60
ScrollEndEventEmitter.js | 85.71 | 81.81 | 87.5 | 85.71 | 130-133
Section.js | 100 | 100 | 100 | 100 |
Skin.js | 24.32 | 0 | 0 | 24.32 | ...,50-119,129-136
Thumbnail.js | 88.88 | 100 | 75 | 88.88 | 47
Toggler.js | 87.6 | 75 | 80 | 87.6 | ...362,374-377,381
View.js | 92.42 | 78.57 | 88.23 | 92.42 | 184,198-201,353
actionParams.js | 100 | 50 | 100 | 100 | 16
cache.js | 100 | 100 | 50 | 100 |
currentPage.js | 18.18 | 0 | 0 | 18.18 | 17-44
currentPageHTMLParser.js | 33.33 | 0 | 0 | 33.33 | 18-24
eventBusSingleton.js | 100 | 100 | 100 | 100 |
extendSearchParams.js | 94.44 | 70 | 100 | 94.44 | 70
headers.js | 100 | 100 | 100 | 100 |
icons.js | 100 | 78.57 | 100 | 100 | 104,121-122
loadingOverlay.js | 50 | 100 | 0 | 50 | 12-17
mfExtend.js | 100 | 100 | 100 | 100 |
mobile.startup.js | 83.33 | 100 | 0 | 83.33 | 44
moduleLoader.js | 78.26 | 62.5 | 66.66 | 78.26 | 45,78-100
moduleLoaderSingleton.js | 100 | 100 | 100 | 100 |
promisedView.js | 100 | 100 | 100 | 100 |
showOnPageReload.js | 41.66 | 25 | 50 | 41.66 | 14-16,39-46
time.js | 24.24 | 9.09 | 16.66 | 24.24 | 35-149
util.js | 100 | 83.33 | 100 | 100 | 17
src/mobile.startup/amcOutreach | 84.37 | 50 | 75 | 84.37 |
AmcEnableForm.js | 100 | 100 | 100 | 100 |
amcOutreach.js | 61.53 | 0 | 0 | 61.53 | 34-77
amcOutreachDrawer.js | 100 | 100 | 100 | 100 |
src/mobile.startup/languageOverlay | 77.77 | 100 | 54.54 | 77.77 |
getDeviceLanguage.js | 100 | 100 | 100 | 100 |
languageInfoOverlay.js | 54.54 | 100 | 0 | 54.54 | 15-38
languageOverlay.js | 92.3 | 100 | 83.33 | 92.3 | 28
src/mobile.startup/lazyImages | 92.3 | 88.88 | 100 | 92.3 |
lazyImageLoader.js | 92.3 | 88.88 | 100 | 92.3 | 55,62
src/mobile.startup/mediaViewer | 63.63 | 100 | 0 | 63.63 |
overlay.js | 63.63 | 100 | 0 | 63.63 | 15-32
src/mobile.startup/page | 86.66 | 80 | 100 | 86.66 |
pageJSONParser.js | 86.66 | 80 | 100 | 86.66 | 37-38
src/mobile.startup/promoCampaign | 100 | 100 | 100 | 100 |
promoCampaign.js | 100 | 100 | 100 | 100 |
src/mobile.startup/references | 82.69 | 77.27 | 78.57 | 82.69 |
ReferencesGateway.js | 100 | 100 | 100 | 100 |
ReferencesHtmlScraperGateway.js | 94.73 | 87.5 | 100 | 94.73 | 40
references.js | 71.42 | 71.42 | 66.66 | 71.42 | 54,119-132
src/mobile.startup/search | 61.71 | 31.25 | 53.33 | 61.71 |
SearchGateway.js | 91.3 | 50 | 84.61 | 91.3 | 49-50,169,175
SearchHeaderView.js | 57.14 | 0 | 66.66 | 57.14 | 33-38,66-71
SearchOverlay.js | 36.47 | 16.66 | 19.04 | 36.47 | ...208-212,226-304
SearchResultsView.js | 100 | 100 | 100 | 100 |
searchHeader.js | 100 | 100 | 100 | 100 |
src/mobile.startup/watchstar | 91.66 | 75 | 91.3 | 91.66 |
WatchstarGateway.js | 84 | 80 | 90 | 84 | 113-120
WatchstarPageList.js | 95.45 | 75 | 100 | 95.45 | 93,126
watchstar.js | 93.33 | 66.66 | 50 | 93.33 | 26
src/mobile.talk.overlays | 67.72 | 25.92 | 60.6 | 67.72 |
AddTopicForm.js | 100 | 100 | 100 | 100 |
TalkSectionAddOverlay.js | 48.43 | 0 | 41.66 | 48.43 | 83-152,188
TalkSectionOverlay.js | 70.96 | 25 | 53.84 | 70.96 | ...193,211,229-254
autosign.js | 100 | 100 | 100 | 100 |
makeAddTopicForm.js | 100 | 100 | 100 | 100 |
--------------------------------------|---------|----------|---------|---------|--------------------
Checking the contents of resources/dist
I will now check that you built them using the correct Node.js version v16.19.1.
Note: You are using v18.19.0.
Building assets...
You are not running the required node version
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1584, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1528, in run
self.npm_audit_fix(new_npm_audit)
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 249, in npm_audit_fix
self.check_call(['npm', 'test'])
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 54, in check_call
res.check_returncode()
File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.