mediawiki/extensions/MobileFrontend (REL1_41)

sourcepatches
$ date
--- stdout ---
Sun Oct  6 06:33:16 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-MobileFrontend.git repo --depth=1 -b REL1_41
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_41
--- stdout ---
677e94d7cc41218ecb0843a0ff0ae3e276812902 refs/heads/REL1_41

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@babel/traverse": {
      "name": "@babel/traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096886,
          "name": "@babel/traverse",
          "dependency": "@babel/traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [],
      "range": "<7.23.2",
      "nodes": [
        "node_modules/@babel/traverse"
      ],
      "fixAvailable": true
    },
    "@storybook/builder-webpack4": {
      "name": "@storybook/builder-webpack4",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/core-common",
        "autoprefixer",
        "css-loader",
        "fork-ts-checker-webpack-plugin",
        "postcss",
        "postcss-flexbugs-fixes",
        "react-dev-utils",
        "webpack",
        "webpack-dev-middleware"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/builder-webpack4"
      ],
      "fixAvailable": true
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/core-server"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "6.2.0-alpha.0 - 6.3.0-rc.12",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/core-common": {
      "name": "@storybook/core-common",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "webpack"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "<=6.5.17-alpha.0",
      "nodes": [
        "node_modules/@storybook/core-common"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/core-server": {
      "name": "@storybook/core-server",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/builder-webpack4",
        "@storybook/core-common",
        "cpy",
        "css-loader",
        "webpack",
        "webpack-dev-middleware"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=7.0.0-rc.11",
      "nodes": [
        "node_modules/@storybook/core-server"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@storybook/core",
        "@storybook/core-common"
      ],
      "effects": [],
      "range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "anymatch": {
      "name": "anymatch",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "chokidar"
      ],
      "range": "1.2.0 - 2.0.0",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/anymatch"
      ],
      "fixAvailable": true
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
        "node_modules/autoprefixer"
      ],
      "fixAvailable": true
    },
    "body-parser": {
      "name": "body-parser",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1099520,
          "name": "body-parser",
          "dependency": "body-parser",
          "title": "body-parser vulnerable to denial of service when url encoding is enabled",
          "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7",
          "severity": "high",
          "cwe": [
            "CWE-405"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<1.20.3"
        }
      ],
      "effects": [
        "express"
      ],
      "range": "<1.20.3",
      "nodes": [
        "node_modules/body-parser"
      ],
      "fixAvailable": true
    },
    "braces": {
      "name": "braces",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098094,
          "name": "braces",
          "dependency": "braces",
          "title": "Uncontrolled resource consumption in braces",
          "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1050"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.3"
        }
      ],
      "effects": [
        "chokidar",
        "micromatch"
      ],
      "range": "<3.0.3",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/braces",
        "node_modules/braces",
        "node_modules/fast-glob/node_modules/braces",
        "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces",
        "node_modules/watchpack-chokidar2/node_modules/braces",
        "node_modules/webpack-cli/node_modules/braces",
        "node_modules/webpack/node_modules/braces"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "browserify-sign": {
      "name": "browserify-sign",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096644,
          "name": "browserify-sign",
          "dependency": "browserify-sign",
          "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
          "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
          "severity": "high",
          "cwe": [
            "CWE-347"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=2.6.0 <=4.2.1"
        }
      ],
      "effects": [],
      "range": "2.6.0 - 4.2.1",
      "nodes": [
        "node_modules/browserify-sign"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1093035,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": true
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "anymatch",
        "braces",
        "readdirp"
      ],
      "effects": [
        "watchpack-chokidar2"
      ],
      "range": "1.3.0 - 2.1.8",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/chokidar"
      ],
      "fixAvailable": true
    },
    "cookie": {
      "name": "cookie",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1099846,
          "name": "cookie",
          "dependency": "cookie",
          "title": "cookie accepts cookie name, path, and domain with out of bounds characters",
          "url": "https://github.com/advisories/GHSA-pxg6-pf52-xh8x",
          "severity": "low",
          "cwe": [
            "CWE-74"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.7.0"
        }
      ],
      "effects": [
        "express"
      ],
      "range": "<0.7.0",
      "nodes": [
        "node_modules/cookie"
      ],
      "fixAvailable": true
    },
    "cpy": {
      "name": "cpy",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "globby"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "css-loader": {
      "name": "css-loader",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "effects": [],
      "range": "0.15.0 - 4.3.0",
      "nodes": [
        "node_modules/css-loader"
      ],
      "fixAvailable": true
    },
    "elliptic": {
      "name": "elliptic",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1098593,
          "name": "elliptic",
          "dependency": "elliptic",
          "title": "Elliptic's EDDSA missing signature length check",
          "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p",
          "severity": "low",
          "cwe": [
            "CWE-347"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": ">=4.0.0 <=6.5.6"
        },
        {
          "source": 1098594,
          "name": "elliptic",
          "dependency": "elliptic",
          "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero",
          "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw",
          "severity": "low",
          "cwe": [
            "CWE-130"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": ">=2.0.0 <=6.5.6"
        },
        {
          "source": 1098595,
          "name": "elliptic",
          "dependency": "elliptic",
          "title": "Elliptic allows BER-encoded signatures",
          "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m",
          "severity": "low",
          "cwe": [
            "CWE-347"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": ">=5.2.1 <=6.5.6"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 6.5.6",
      "nodes": [
        "node_modules/elliptic"
      ],
      "fixAvailable": true
    },
    "express": {
      "name": "express",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096820,
          "name": "express",
          "dependency": "express",
          "title": "Express.js Open Redirect in malformed URLs",
          "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc",
          "severity": "moderate",
          "cwe": [
            "CWE-601",
            "CWE-1286"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.19.2"
        },
        {
          "source": 1099529,
          "name": "express",
          "dependency": "express",
          "title": "express vulnerable to XSS via response.redirect()",
          "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
          },
          "range": "<4.20.0"
        },
        "body-parser",
        "cookie",
        "path-to-regexp",
        "send",
        "serve-static"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/express"
      ],
      "fixAvailable": true
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "findup-sync": {
      "name": "findup-sync",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "webpack-cli"
      ],
      "range": "0.4.0 - 3.0.0",
      "nodes": [
        "node_modules/webpack-cli/node_modules/findup-sync"
      ],
      "fixAvailable": {
        "name": "webpack-cli",
        "version": "3.3.12",
        "isSemVerMajor": false
      }
    },
    "fork-ts-checker-webpack-plugin": {
      "name": "fork-ts-checker-webpack-plugin",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "0.4.14 - 4.1.6",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin",
        "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin"
      ],
      "fixAvailable": true
    },
    "globby": {
      "name": "globby",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "icss-utils": {
      "name": "icss-utils",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "css-loader",
        "postcss-modules-local-by-default",
        "postcss-modules-values"
      ],
      "range": "<=4.1.1",
      "nodes": [
        "node_modules/icss-utils"
      ],
      "fixAvailable": true
    },
    "immer": {
      "name": "immer",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1097196,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
          "severity": "high",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=7.0.0 <9.0.6"
        },
        {
          "source": 1097209,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
          "severity": "critical",
          "cwe": [
            "CWE-843",
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=7.0.0 <9.0.6"
        }
      ],
      "effects": [],
      "range": "7.0.0 - 9.0.5",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": true
    },
    "ip": {
      "name": "ip",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097720,
          "name": "ip",
          "dependency": "ip",
          "title": "NPM IP package incorrectly identifies some private IP addresses as public",
          "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22",
          "severity": "low",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<1.1.9"
        },
        {
          "source": 1099357,
          "name": "ip",
          "dependency": "ip",
          "title": "ip SSRF improper categorization in isPublic",
          "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=2.0.1"
        }
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/ip"
      ],
      "fixAvailable": true
    },
    "jsdoc": {
      "name": "jsdoc",
      "severity": "high",
      "isDirect": true,
      "via": [
        "markdown-it",
        "marked",
        "taffydb"
      ],
      "effects": [],
      "range": "3.2.0-dev - 3.6.11",
      "nodes": [
        "node_modules/jsdoc"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "jsdom": {
      "name": "jsdom",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request",
        "tough-cookie"
      ],
      "effects": [],
      "range": "0.1.20 || 0.2.0 - 16.5.3",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "less": {
      "name": "less",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
      "nodes": [
        "node_modules/less"
      ],
      "fixAvailable": {
        "name": "less",
        "version": "3.13.1",
        "isSemVerMajor": false
      }
    },
    "loader-utils": {
      "name": "loader-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1094088,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<1.4.1"
        },
        {
          "source": 1094089,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=2.0.0 <2.0.3"
        },
        {
          "source": 1095054,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.4"
        },
        {
          "source": 1095055,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        },
        {
          "source": 1097142,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.4"
        },
        {
          "source": 1097143,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        }
      ],
      "effects": [
        "react-dev-utils",
        "webpack-cli"
      ],
      "range": "<=1.4.1 || 2.0.0 - 2.0.3",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/loader-utils",
        "node_modules/webpack-cli/node_modules/loader-utils"
      ],
      "fixAvailable": {
        "name": "webpack-cli",
        "version": "3.3.12",
        "isSemVerMajor": false
      }
    },
    "markdown-it": {
      "name": "markdown-it",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1092663,
          "name": "markdown-it",
          "dependency": "markdown-it",
          "title": "Uncontrolled Resource Consumption in markdown-it",
          "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<12.3.2"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<12.3.2",
      "nodes": [
        "node_modules/markdown-it"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "marked": {
      "name": "marked",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095051,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.0.10"
        },
        {
          "source": 1095052,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.0.10"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<=4.0.9",
      "nodes": [
        "node_modules/marked"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "micromatch": {
      "name": "micromatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098681,
          "name": "micromatch",
          "dependency": "micromatch",
          "title": "Regular Expression Denial of Service (ReDoS) in micromatch",
          "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<4.0.8"
        },
        "braces"
      ],
      "effects": [
        "anymatch",
        "fast-glob",
        "findup-sync",
        "fork-ts-checker-webpack-plugin",
        "readdirp",
        "webpack"
      ],
      "range": "<=4.0.7",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/micromatch",
        "node_modules/fast-glob/node_modules/micromatch",
        "node_modules/micromatch",
        "node_modules/react-dev-utils/node_modules/fast-glob/node_modules/micromatch",
        "node_modules/react-dev-utils/node_modules/micromatch",
        "node_modules/watchpack-chokidar2/node_modules/micromatch",
        "node_modules/webpack-cli/node_modules/micromatch",
        "node_modules/webpack/node_modules/micromatch"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "recursive-readdir"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/minimatch"
      ],
      "fixAvailable": true
    },
    "path-to-regexp": {
      "name": "path-to-regexp",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1099561,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=0.2.0 <1.9.0"
        },
        {
          "source": 1099562,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.1.10"
        }
      ],
      "effects": [
        "express"
      ],
      "range": "<=0.1.9 || 0.2.0 - 1.8.0",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/path-to-regexp",
        "node_modules/nise/node_modules/path-to-regexp",
        "node_modules/path-to-regexp"
      ],
      "fixAvailable": true
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "@storybook/builder-webpack4",
        "autoprefixer",
        "css-loader",
        "icss-utils",
        "postcss-flexbugs-fixes",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/postcss",
        "node_modules/autoprefixer/node_modules/postcss",
        "node_modules/css-loader/node_modules/postcss",
        "node_modules/icss-utils/node_modules/postcss",
        "node_modules/postcss",
        "node_modules/postcss-flexbugs-fixes/node_modules/postcss",
        "node_modules/postcss-modules-extract-imports/node_modules/postcss",
        "node_modules/postcss-modules-local-by-default/node_modules/postcss",
        "node_modules/postcss-modules-scope/node_modules/postcss",
        "node_modules/postcss-modules-values/node_modules/postcss"
      ],
      "fixAvailable": true
    },
    "postcss-flexbugs-fixes": {
      "name": "postcss-flexbugs-fixes",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.2.1",
      "nodes": [
        "node_modules/postcss-flexbugs-fixes"
      ],
      "fixAvailable": true
    },
    "postcss-modules-extract-imports": {
      "name": "postcss-modules-extract-imports",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-modules-extract-imports"
      ],
      "fixAvailable": true
    },
    "postcss-modules-local-by-default": {
      "name": "postcss-modules-local-by-default",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.0-rc.4",
      "nodes": [
        "node_modules/postcss-modules-local-by-default"
      ],
      "fixAvailable": true
    },
    "postcss-modules-scope": {
      "name": "postcss-modules-scope",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.2.0",
      "nodes": [
        "node_modules/postcss-modules-scope"
      ],
      "fixAvailable": true
    },
    "postcss-modules-values": {
      "name": "postcss-modules-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [
        "css-loader"
      ],
      "range": "<=4.0.0-rc.5",
      "nodes": [
        "node_modules/postcss-modules-values"
      ],
      "fixAvailable": true
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "browserslist",
        "fork-ts-checker-webpack-plugin",
        "immer",
        "loader-utils",
        "recursive-readdir",
        "shell-quote"
      ],
      "effects": [
        "@storybook/builder-webpack4"
      ],
      "range": "0.5.2 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": true
    },
    "readdirp": {
      "name": "readdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "chokidar"
      ],
      "range": "2.2.0 - 2.2.1",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/readdirp"
      ],
      "fixAvailable": true
    },
    "recursive-readdir": {
      "name": "recursive-readdir",
      "severity": "high",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "1.2.0 - 2.2.2",
      "nodes": [
        "node_modules/recursive-readdir"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "jsdom",
        "less",
        "request-promise-core",
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "request-promise-core": {
      "name": "request-promise-core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request-promise-core"
      ],
      "fixAvailable": true
    },
    "request-promise-native": {
      "name": "request-promise-native",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request",
        "request-promise-core",
        "tough-cookie"
      ],
      "effects": [],
      "range": ">=1.0.0",
      "nodes": [
        "node_modules/request-promise-native"
      ],
      "fixAvailable": true
    },
    "send": {
      "name": "send",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1099525,
          "name": "send",
          "dependency": "send",
          "title": "send vulnerable to template injection that can lead to XSS",
          "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
          },
          "range": "<0.19.0"
        }
      ],
      "effects": [
        "express",
        "serve-static"
      ],
      "range": "<0.19.0",
      "nodes": [
        "node_modules/send"
      ],
      "fixAvailable": true
    },
    "serve-static": {
      "name": "serve-static",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1099527,
          "name": "serve-static",
          "dependency": "serve-static",
          "title": "serve-static vulnerable to template injection that can lead to XSS",
          "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
          },
          "range": "<1.16.0"
        },
        "send"
      ],
      "effects": [],
      "range": "<=1.16.0",
      "nodes": [
        "node_modules/serve-static"
      ],
      "fixAvailable": true
    },
    "shell-quote": {
      "name": "shell-quote",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096375,
          "name": "shell-quote",
          "dependency": "shell-quote",
          "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
          "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
          "severity": "critical",
          "cwe": [
            "CWE-77"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=1.7.2"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=1.7.2",
      "nodes": [
        "node_modules/shell-quote"
      ],
      "fixAvailable": true
    },
    "taffydb": {
      "name": "taffydb",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089386,
          "name": "taffydb",
          "dependency": "taffydb",
          "title": "TaffyDB can allow access to any data items in the DB",
          "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
          "severity": "high",
          "cwe": [
            "CWE-20",
            "CWE-668"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<=2.7.3"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "*",
      "nodes": [
        "node_modules/taffydb"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "tar": {
      "name": "tar",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097493,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [],
      "range": "<6.2.1",
      "nodes": [
        "node_modules/tar"
      ],
      "fixAvailable": true
    },
    "terser-webpack-plugin": {
      "name": "terser-webpack-plugin",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "webpack"
      ],
      "effects": [
        "webpack"
      ],
      "range": "<=2.2.1",
      "nodes": [
        "node_modules/webpack/node_modules/terser-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "jsdom",
        "request",
        "request-promise-native"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack": {
      "name": "webpack",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "micromatch",
        "terser-webpack-plugin"
      ],
      "effects": [
        "@storybook/core-common",
        "@storybook/core-server",
        "terser-webpack-plugin",
        "webpack-cli"
      ],
      "range": "4.0.0-alpha.0 - 5.0.0-rc.6",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "webpack-cli": {
      "name": "webpack-cli",
      "severity": "high",
      "isDirect": true,
      "via": [
        "findup-sync",
        "loader-utils",
        "webpack"
      ],
      "effects": [],
      "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1",
      "nodes": [
        "node_modules/webpack-cli"
      ],
      "fixAvailable": {
        "name": "webpack-cli",
        "version": "3.3.12",
        "isSemVerMajor": false
      }
    },
    "webpack-dev-middleware": {
      "name": "webpack-dev-middleware",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096729,
          "name": "webpack-dev-middleware",
          "dependency": "webpack-dev-middleware",
          "title": "Path traversal in webpack-dev-middleware",
          "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
          },
          "range": "<=5.3.3"
        }
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "<=5.3.3",
      "nodes": [
        "node_modules/webpack-dev-middleware"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "ws": {
      "name": "ws",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098392,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.17.1"
        },
        {
          "source": 1098394,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.0.0 <6.2.3"
        }
      ],
      "effects": [],
      "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/ws",
        "node_modules/ws"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 2,
      "moderate": 30,
      "high": 22,
      "critical": 5,
      "total": 59
    },
    "dependencies": {
      "prod": 1,
      "dev": 1979,
      "optional": 35,
      "peer": 16,
      "peerOptional": 0,
      "total": 1979
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 36 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.1)
  - Locking composer/semver (3.3.2)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking doctrine/deprecations (1.1.3)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v41.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.12.1)
  - Locking mediawiki/minus-x (1.1.1)
  - Locking mediawiki/phan-taint-check-plugin (4.0.0)
  - Locking microsoft/tolerant-php-parser (v0.1.1)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking phan/phan (5.4.1)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.3.2)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.4.1)
  - Locking phpdocumentor/type-resolver (1.8.2)
  - Locking phpstan/phpdoc-parser (1.32.0)
  - Locking psr/container (2.0.2)
  - Locking psr/log (2.0.0)
  - Locking sabre/event (5.1.7)
  - Locking squizlabs/php_codesniffer (3.7.2)
  - Locking symfony/console (v5.4.44)
  - Locking symfony/deprecation-contracts (v3.5.0)
  - Locking symfony/polyfill-ctype (v1.31.0)
  - Locking symfony/polyfill-intl-grapheme (v1.31.0)
  - Locking symfony/polyfill-intl-normalizer (v1.31.0)
  - Locking symfony/polyfill-mbstring (v1.31.0)
  - Locking symfony/polyfill-php73 (v1.31.0)
  - Locking symfony/polyfill-php80 (v1.31.0)
  - Locking symfony/service-contracts (v3.5.0)
  - Locking symfony/string (v6.4.12)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 36 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing composer/pcre (3.3.1): Extracting archive
  - Installing symfony/polyfill-php80 (v1.31.0): Extracting archive
  - Installing squizlabs/php_codesniffer (3.7.2): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing composer/semver (3.3.2): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v41.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.31.0): Extracting archive
  - Installing symfony/string (v6.4.12): Extracting archive
  - Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.5.0): Extracting archive
  - Installing symfony/polyfill-php73 (v1.31.0): Extracting archive
  - Installing symfony/console (v5.4.44): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.1): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (1.32.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.3): Extracting archive
  - Installing phpdocumentor/type-resolver (1.8.2): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.4.1): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (2.0.0): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.1): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (4.0.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.12.1): Extracting archive
  - Installing mediawiki/minus-x (1.1.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive
  0/36 [>---------------------------]   0%
 18/36 [==============>-------------]  50%
 29/36 [======================>-----]  80%
 35/36 [===========================>]  97%
 36/36 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
15 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@babel/traverse": {
      "name": "@babel/traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096886,
          "name": "@babel/traverse",
          "dependency": "@babel/traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [],
      "range": "<7.23.2",
      "nodes": [
        "node_modules/@babel/traverse"
      ],
      "fixAvailable": true
    },
    "@storybook/builder-webpack4": {
      "name": "@storybook/builder-webpack4",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/core-common",
        "autoprefixer",
        "css-loader",
        "fork-ts-checker-webpack-plugin",
        "postcss",
        "postcss-flexbugs-fixes",
        "react-dev-utils",
        "webpack",
        "webpack-dev-middleware"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/builder-webpack4"
      ],
      "fixAvailable": true
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/core-server"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "6.2.0-alpha.0 - 6.3.0-rc.12",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/core-common": {
      "name": "@storybook/core-common",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "webpack"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "<=6.5.17-alpha.0",
      "nodes": [
        "node_modules/@storybook/core-common"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/core-server": {
      "name": "@storybook/core-server",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/builder-webpack4",
        "@storybook/core-common",
        "cpy",
        "css-loader",
        "webpack",
        "webpack-dev-middleware"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=7.0.0-rc.11",
      "nodes": [
        "node_modules/@storybook/core-server"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@storybook/core",
        "@storybook/core-common"
      ],
      "effects": [],
      "range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "anymatch": {
      "name": "anymatch",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "chokidar"
      ],
      "range": "1.2.0 - 2.0.0",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/anymatch"
      ],
      "fixAvailable": true
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
        "node_modules/autoprefixer"
      ],
      "fixAvailable": true
    },
    "body-parser": {
      "name": "body-parser",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1099520,
          "name": "body-parser",
          "dependency": "body-parser",
          "title": "body-parser vulnerable to denial of service when url encoding is enabled",
          "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7",
          "severity": "high",
          "cwe": [
            "CWE-405"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<1.20.3"
        }
      ],
      "effects": [
        "express"
      ],
      "range": "<1.20.3",
      "nodes": [
        "node_modules/body-parser"
      ],
      "fixAvailable": true
    },
    "braces": {
      "name": "braces",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098094,
          "name": "braces",
          "dependency": "braces",
          "title": "Uncontrolled resource consumption in braces",
          "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1050"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.3"
        }
      ],
      "effects": [
        "chokidar",
        "micromatch"
      ],
      "range": "<3.0.3",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/braces",
        "node_modules/braces",
        "node_modules/fast-glob/node_modules/braces",
        "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces",
        "node_modules/watchpack-chokidar2/node_modules/braces",
        "node_modules/webpack-cli/node_modules/braces",
        "node_modules/webpack/node_modules/braces"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "browserify-sign": {
      "name": "browserify-sign",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096644,
          "name": "browserify-sign",
          "dependency": "browserify-sign",
          "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
          "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
          "severity": "high",
          "cwe": [
            "CWE-347"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=2.6.0 <=4.2.1"
        }
      ],
      "effects": [],
      "range": "2.6.0 - 4.2.1",
      "nodes": [
        "node_modules/browserify-sign"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1093035,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": true
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "anymatch",
        "braces",
        "readdirp"
      ],
      "effects": [
        "watchpack-chokidar2"
      ],
      "range": "1.3.0 - 2.1.8",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/chokidar"
      ],
      "fixAvailable": true
    },
    "cookie": {
      "name": "cookie",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1099846,
          "name": "cookie",
          "dependency": "cookie",
          "title": "cookie accepts cookie name, path, and domain with out of bounds characters",
          "url": "https://github.com/advisories/GHSA-pxg6-pf52-xh8x",
          "severity": "low",
          "cwe": [
            "CWE-74"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.7.0"
        }
      ],
      "effects": [
        "express"
      ],
      "range": "<0.7.0",
      "nodes": [
        "node_modules/cookie"
      ],
      "fixAvailable": true
    },
    "cpy": {
      "name": "cpy",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "globby"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "css-loader": {
      "name": "css-loader",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "effects": [],
      "range": "0.15.0 - 4.3.0",
      "nodes": [
        "node_modules/css-loader"
      ],
      "fixAvailable": true
    },
    "elliptic": {
      "name": "elliptic",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1098593,
          "name": "elliptic",
          "dependency": "elliptic",
          "title": "Elliptic's EDDSA missing signature length check",
          "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p",
          "severity": "low",
          "cwe": [
            "CWE-347"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": ">=4.0.0 <=6.5.6"
        },
        {
          "source": 1098594,
          "name": "elliptic",
          "dependency": "elliptic",
          "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero",
          "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw",
          "severity": "low",
          "cwe": [
            "CWE-130"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": ">=2.0.0 <=6.5.6"
        },
        {
          "source": 1098595,
          "name": "elliptic",
          "dependency": "elliptic",
          "title": "Elliptic allows BER-encoded signatures",
          "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m",
          "severity": "low",
          "cwe": [
            "CWE-347"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          "range": ">=5.2.1 <=6.5.6"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 6.5.6",
      "nodes": [
        "node_modules/elliptic"
      ],
      "fixAvailable": true
    },
    "express": {
      "name": "express",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096820,
          "name": "express",
          "dependency": "express",
          "title": "Express.js Open Redirect in malformed URLs",
          "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc",
          "severity": "moderate",
          "cwe": [
            "CWE-601",
            "CWE-1286"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.19.2"
        },
        {
          "source": 1099529,
          "name": "express",
          "dependency": "express",
          "title": "express vulnerable to XSS via response.redirect()",
          "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
          },
          "range": "<4.20.0"
        },
        "body-parser",
        "cookie",
        "path-to-regexp",
        "send",
        "serve-static"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/express"
      ],
      "fixAvailable": true
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "findup-sync": {
      "name": "findup-sync",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "webpack-cli"
      ],
      "range": "0.4.0 - 3.0.0",
      "nodes": [
        "node_modules/webpack-cli/node_modules/findup-sync"
      ],
      "fixAvailable": {
        "name": "webpack-cli",
        "version": "3.3.12",
        "isSemVerMajor": false
      }
    },
    "fork-ts-checker-webpack-plugin": {
      "name": "fork-ts-checker-webpack-plugin",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "0.4.14 - 4.1.6",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin",
        "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin"
      ],
      "fixAvailable": true
    },
    "globby": {
      "name": "globby",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "icss-utils": {
      "name": "icss-utils",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "css-loader",
        "postcss-modules-local-by-default",
        "postcss-modules-values"
      ],
      "range": "<=4.1.1",
      "nodes": [
        "node_modules/icss-utils"
      ],
      "fixAvailable": true
    },
    "immer": {
      "name": "immer",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1097196,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
          "severity": "high",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=7.0.0 <9.0.6"
        },
        {
          "source": 1097209,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
          "severity": "critical",
          "cwe": [
            "CWE-843",
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=7.0.0 <9.0.6"
        }
      ],
      "effects": [],
      "range": "7.0.0 - 9.0.5",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": true
    },
    "ip": {
      "name": "ip",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097720,
          "name": "ip",
          "dependency": "ip",
          "title": "NPM IP package incorrectly identifies some private IP addresses as public",
          "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22",
          "severity": "low",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<1.1.9"
        },
        {
          "source": 1099357,
          "name": "ip",
          "dependency": "ip",
          "title": "ip SSRF improper categorization in isPublic",
          "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=2.0.1"
        }
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/ip"
      ],
      "fixAvailable": true
    },
    "jsdoc": {
      "name": "jsdoc",
      "severity": "high",
      "isDirect": true,
      "via": [
        "markdown-it",
        "marked",
        "taffydb"
      ],
      "effects": [],
      "range": "3.2.0-dev - 3.6.11",
      "nodes": [
        "node_modules/jsdoc"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "jsdom": {
      "name": "jsdom",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request",
        "tough-cookie"
      ],
      "effects": [],
      "range": "0.1.20 || 0.2.0 - 16.5.3",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "less": {
      "name": "less",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
      "nodes": [
        "node_modules/less"
      ],
      "fixAvailable": {
        "name": "less",
        "version": "3.13.1",
        "isSemVerMajor": false
      }
    },
    "loader-utils": {
      "name": "loader-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1094088,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<1.4.1"
        },
        {
          "source": 1094089,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=2.0.0 <2.0.3"
        },
        {
          "source": 1095054,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.4"
        },
        {
          "source": 1095055,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        },
        {
          "source": 1097142,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.4"
        },
        {
          "source": 1097143,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        }
      ],
      "effects": [
        "react-dev-utils",
        "webpack-cli"
      ],
      "range": "<=1.4.1 || 2.0.0 - 2.0.3",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/loader-utils",
        "node_modules/webpack-cli/node_modules/loader-utils"
      ],
      "fixAvailable": {
        "name": "webpack-cli",
        "version": "3.3.12",
        "isSemVerMajor": false
      }
    },
    "markdown-it": {
      "name": "markdown-it",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1092663,
          "name": "markdown-it",
          "dependency": "markdown-it",
          "title": "Uncontrolled Resource Consumption in markdown-it",
          "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<12.3.2"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<12.3.2",
      "nodes": [
        "node_modules/markdown-it"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "marked": {
      "name": "marked",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095051,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.0.10"
        },
        {
          "source": 1095052,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.0.10"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<=4.0.9",
      "nodes": [
        "node_modules/marked"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "micromatch": {
      "name": "micromatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098681,
          "name": "micromatch",
          "dependency": "micromatch",
          "title": "Regular Expression Denial of Service (ReDoS) in micromatch",
          "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<4.0.8"
        },
        "braces"
      ],
      "effects": [
        "anymatch",
        "fast-glob",
        "findup-sync",
        "fork-ts-checker-webpack-plugin",
        "readdirp",
        "webpack"
      ],
      "range": "<=4.0.7",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/micromatch",
        "node_modules/fast-glob/node_modules/micromatch",
        "node_modules/micromatch",
        "node_modules/react-dev-utils/node_modules/fast-glob/node_modules/micromatch",
        "node_modules/react-dev-utils/node_modules/micromatch",
        "node_modules/watchpack-chokidar2/node_modules/micromatch",
        "node_modules/webpack-cli/node_modules/micromatch",
        "node_modules/webpack/node_modules/micromatch"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "recursive-readdir"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/minimatch"
      ],
      "fixAvailable": true
    },
    "path-to-regexp": {
      "name": "path-to-regexp",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1099561,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=0.2.0 <1.9.0"
        },
        {
          "source": 1099562,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.1.10"
        }
      ],
      "effects": [
        "express"
      ],
      "range": "<=0.1.9 || 0.2.0 - 1.8.0",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/path-to-regexp",
        "node_modules/nise/node_modules/path-to-regexp",
        "node_modules/path-to-regexp"
      ],
      "fixAvailable": true
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "@storybook/builder-webpack4",
        "autoprefixer",
        "css-loader",
        "icss-utils",
        "postcss-flexbugs-fixes",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/postcss",
        "node_modules/autoprefixer/node_modules/postcss",
        "node_modules/css-loader/node_modules/postcss",
        "node_modules/icss-utils/node_modules/postcss",
        "node_modules/postcss",
        "node_modules/postcss-flexbugs-fixes/node_modules/postcss",
        "node_modules/postcss-modules-extract-imports/node_modules/postcss",
        "node_modules/postcss-modules-local-by-default/node_modules/postcss",
        "node_modules/postcss-modules-scope/node_modules/postcss",
        "node_modules/postcss-modules-values/node_modules/postcss"
      ],
      "fixAvailable": true
    },
    "postcss-flexbugs-fixes": {
      "name": "postcss-flexbugs-fixes",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.2.1",
      "nodes": [
        "node_modules/postcss-flexbugs-fixes"
      ],
      "fixAvailable": true
    },
    "postcss-modules-extract-imports": {
      "name": "postcss-modules-extract-imports",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-modules-extract-imports"
      ],
      "fixAvailable": true
    },
    "postcss-modules-local-by-default": {
      "name": "postcss-modules-local-by-default",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.0-rc.4",
      "nodes": [
        "node_modules/postcss-modules-local-by-default"
      ],
      "fixAvailable": true
    },
    "postcss-modules-scope": {
      "name": "postcss-modules-scope",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.2.0",
      "nodes": [
        "node_modules/postcss-modules-scope"
      ],
      "fixAvailable": true
    },
    "postcss-modules-values": {
      "name": "postcss-modules-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [
        "css-loader"
      ],
      "range": "<=4.0.0-rc.5",
      "nodes": [
        "node_modules/postcss-modules-values"
      ],
      "fixAvailable": true
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "browserslist",
        "fork-ts-checker-webpack-plugin",
        "immer",
        "loader-utils",
        "recursive-readdir",
        "shell-quote"
      ],
      "effects": [
        "@storybook/builder-webpack4"
      ],
      "range": "0.5.2 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": true
    },
    "readdirp": {
      "name": "readdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "micromatch"
      ],
      "effects": [
        "chokidar"
      ],
      "range": "2.2.0 - 2.2.1",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/readdirp"
      ],
      "fixAvailable": true
    },
    "recursive-readdir": {
      "name": "recursive-readdir",
      "severity": "high",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "1.2.0 - 2.2.2",
      "nodes": [
        "node_modules/recursive-readdir"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "jsdom",
        "less",
        "request-promise-core",
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "request-promise-core": {
      "name": "request-promise-core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request-promise-core"
      ],
      "fixAvailable": true
    },
    "request-promise-native": {
      "name": "request-promise-native",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request",
        "request-promise-core",
        "tough-cookie"
      ],
      "effects": [],
      "range": ">=1.0.0",
      "nodes": [
        "node_modules/request-promise-native"
      ],
      "fixAvailable": true
    },
    "send": {
      "name": "send",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1099525,
          "name": "send",
          "dependency": "send",
          "title": "send vulnerable to template injection that can lead to XSS",
          "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
          },
          "range": "<0.19.0"
        }
      ],
      "effects": [
        "express",
        "serve-static"
      ],
      "range": "<0.19.0",
      "nodes": [
        "node_modules/send"
      ],
      "fixAvailable": true
    },
    "serve-static": {
      "name": "serve-static",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1099527,
          "name": "serve-static",
          "dependency": "serve-static",
          "title": "serve-static vulnerable to template injection that can lead to XSS",
          "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
          },
          "range": "<1.16.0"
        },
        "send"
      ],
      "effects": [],
      "range": "<=1.16.0",
      "nodes": [
        "node_modules/serve-static"
      ],
      "fixAvailable": true
    },
    "shell-quote": {
      "name": "shell-quote",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096375,
          "name": "shell-quote",
          "dependency": "shell-quote",
          "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
          "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
          "severity": "critical",
          "cwe": [
            "CWE-77"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=1.7.2"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=1.7.2",
      "nodes": [
        "node_modules/shell-quote"
      ],
      "fixAvailable": true
    },
    "taffydb": {
      "name": "taffydb",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089386,
          "name": "taffydb",
          "dependency": "taffydb",
          "title": "TaffyDB can allow access to any data items in the DB",
          "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
          "severity": "high",
          "cwe": [
            "CWE-20",
            "CWE-668"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<=2.7.3"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "*",
      "nodes": [
        "node_modules/taffydb"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "3.6.11",
        "isSemVerMajor": false
      }
    },
    "tar": {
      "name": "tar",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097493,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [],
      "range": "<6.2.1",
      "nodes": [
        "node_modules/tar"
      ],
      "fixAvailable": true
    },
    "terser-webpack-plugin": {
      "name": "terser-webpack-plugin",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "webpack"
      ],
      "effects": [
        "webpack"
      ],
      "range": "<=2.2.1",
      "nodes": [
        "node_modules/webpack/node_modules/terser-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "jsdom",
        "request",
        "request-promise-native"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack": {
      "name": "webpack",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "micromatch",
        "terser-webpack-plugin"
      ],
      "effects": [
        "@storybook/core-common",
        "@storybook/core-server",
        "terser-webpack-plugin",
        "webpack-cli"
      ],
      "range": "4.0.0-alpha.0 - 5.0.0-rc.6",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.95.0",
        "isSemVerMajor": true
      }
    },
    "webpack-cli": {
      "name": "webpack-cli",
      "severity": "high",
      "isDirect": true,
      "via": [
        "findup-sync",
        "loader-utils",
        "webpack"
      ],
      "effects": [],
      "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1",
      "nodes": [
        "node_modules/webpack-cli"
      ],
      "fixAvailable": {
        "name": "webpack-cli",
        "version": "3.3.12",
        "isSemVerMajor": false
      }
    },
    "webpack-dev-middleware": {
      "name": "webpack-dev-middleware",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096729,
          "name": "webpack-dev-middleware",
          "dependency": "webpack-dev-middleware",
          "title": "Path traversal in webpack-dev-middleware",
          "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
          },
          "range": "<=5.3.3"
        }
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "<=5.3.3",
      "nodes": [
        "node_modules/webpack-dev-middleware"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.3.5",
        "isSemVerMajor": true
      }
    },
    "ws": {
      "name": "ws",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098392,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.17.1"
        },
        {
          "source": 1098394,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.0.0 <6.2.3"
        }
      ],
      "effects": [],
      "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/ws",
        "node_modules/ws"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 2,
      "moderate": 30,
      "high": 22,
      "critical": 5,
      "total": 59
    },
    "dependencies": {
      "prod": 1,
      "dev": 1979,
      "optional": 35,
      "peer": 16,
      "peerOptional": 0,
      "total": 1979
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: babel-loader@8.2.3
npm WARN Found: webpack@4.43.0
npm WARN node_modules/webpack
npm WARN   dev webpack@"4.43.0" from the root project
npm WARN   24 more (@storybook/builder-webpack4, babel-loader, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2" from babel-loader@8.2.3
npm WARN node_modules/@storybook/builder-webpack4/node_modules/babel-loader
npm WARN   babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3
npm WARN   node_modules/@storybook/builder-webpack4
npm WARN 
npm WARN Conflicting peer dependency: webpack@5.95.0
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from babel-loader@8.2.3
npm WARN   node_modules/@storybook/builder-webpack4/node_modules/babel-loader
npm WARN     babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3
npm WARN     node_modules/@storybook/builder-webpack4
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: babel-loader@8.2.3
npm WARN Found: webpack@4.43.0
npm WARN node_modules/webpack
npm WARN   dev webpack@"4.43.0" from the root project
npm WARN   24 more (@storybook/builder-webpack4, babel-loader, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2" from babel-loader@8.2.3
npm WARN node_modules/@storybook/core-common/node_modules/babel-loader
npm WARN   babel-loader@"^8.2.2" from @storybook/core-common@6.2.3
npm WARN   node_modules/@storybook/core-common
npm WARN 
npm WARN Conflicting peer dependency: webpack@5.95.0
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from babel-loader@8.2.3
npm WARN   node_modules/@storybook/core-common/node_modules/babel-loader
npm WARN     babel-loader@"^8.2.2" from @storybook/core-common@6.2.3
npm WARN     node_modules/@storybook/core-common
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: babel-loader@8.2.3
npm WARN Found: webpack@4.43.0
npm WARN node_modules/webpack
npm WARN   dev webpack@"4.43.0" from the root project
npm WARN   24 more (@storybook/builder-webpack4, babel-loader, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2" from babel-loader@8.2.3
npm WARN node_modules/@storybook/core-server/node_modules/babel-loader
npm WARN   babel-loader@"^8.2.2" from @storybook/core-server@6.2.3
npm WARN   node_modules/@storybook/core-server
npm WARN 
npm WARN Conflicting peer dependency: webpack@5.95.0
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from babel-loader@8.2.3
npm WARN   node_modules/@storybook/core-server/node_modules/babel-loader
npm WARN     babel-loader@"^8.2.2" from @storybook/core-server@6.2.3
npm WARN     node_modules/@storybook/core-server
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3
npm WARN   node_modules/babel-plugin-polyfill-corejs2
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN   node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3
npm WARN     node_modules/babel-plugin-polyfill-corejs2
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.1.5
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5
npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7
npm WARN   node_modules/babel-plugin-polyfill-corejs3
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5
npm WARN   node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7
npm WARN     node_modules/babel-plugin-polyfill-corejs3
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3
npm WARN   node_modules/babel-plugin-polyfill-regenerator
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN   node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3
npm WARN     node_modules/babel-plugin-polyfill-regenerator
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '14.17.5' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE   required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 1983,
  "removed": 0,
  "changed": 0,
  "audited": 1984,
  "funding": 208,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@babel/traverse": {
        "name": "@babel/traverse",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096886,
            "name": "@babel/traverse",
            "dependency": "@babel/traverse",
            "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
            "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
            "severity": "critical",
            "cwe": [
              "CWE-184",
              "CWE-697"
            ],
            "cvss": {
              "score": 9.4,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
            },
            "range": "<7.23.2"
          }
        ],
        "effects": [],
        "range": "<7.23.2",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "@storybook/builder-webpack4": {
        "name": "@storybook/builder-webpack4",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@storybook/core-common",
          "autoprefixer",
          "css-loader",
          "fork-ts-checker-webpack-plugin",
          "postcss",
          "postcss-flexbugs-fixes",
          "react-dev-utils",
          "webpack",
          "webpack-dev-middleware"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/@storybook/builder-webpack4"
        ],
        "fixAvailable": true
      },
      "@storybook/core": {
        "name": "@storybook/core",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@storybook/core-server"
        ],
        "effects": [
          "@storybook/html"
        ],
        "range": "6.2.0-alpha.0 - 6.3.0-rc.12",
        "nodes": [
          "node_modules/@storybook/core"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "@storybook/core-common": {
        "name": "@storybook/core-common",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "webpack"
        ],
        "effects": [
          "@storybook/html"
        ],
        "range": "<=6.5.17-alpha.0",
        "nodes": [
          "node_modules/@storybook/core-common"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "@storybook/core-server": {
        "name": "@storybook/core-server",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@storybook/builder-webpack4",
          "@storybook/core-common",
          "cpy",
          "css-loader",
          "webpack",
          "webpack-dev-middleware"
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "<=7.0.0-rc.11",
        "nodes": [
          "node_modules/@storybook/core-server"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "@storybook/html": {
        "name": "@storybook/html",
        "severity": "high",
        "isDirect": true,
        "via": [
          "@storybook/core",
          "@storybook/core-common"
        ],
        "effects": [],
        "range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
        "nodes": [
          "node_modules/@storybook/html"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "anymatch": {
        "name": "anymatch",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "micromatch"
        ],
        "effects": [
          "chokidar"
        ],
        "range": "1.2.0 - 2.0.0",
        "nodes": [
          "node_modules/watchpack-chokidar2/node_modules/anymatch"
        ],
        "fixAvailable": true
      },
      "autoprefixer": {
        "name": "autoprefixer",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "1.0.20131222 - 9.8.8",
        "nodes": [
          "node_modules/autoprefixer"
        ],
        "fixAvailable": true
      },
      "body-parser": {
        "name": "body-parser",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1099520,
            "name": "body-parser",
            "dependency": "body-parser",
            "title": "body-parser vulnerable to denial of service when url encoding is enabled",
            "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7",
            "severity": "high",
            "cwe": [
              "CWE-405"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<1.20.3"
          }
        ],
        "effects": [
          "express"
        ],
        "range": "<1.20.3",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "braces": {
        "name": "braces",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1098094,
            "name": "braces",
            "dependency": "braces",
            "title": "Uncontrolled resource consumption in braces",
            "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1050"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.0.3"
          }
        ],
        "effects": [
          "chokidar",
          "micromatch"
        ],
        "range": "<3.0.3",
        "nodes": [
          "",
          "",
          "node_modules/@storybook/builder-webpack4/node_modules/braces",
          "node_modules/fast-glob/node_modules/braces",
          "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces",
          "node_modules/watchpack-chokidar2/node_modules/braces",
          "node_modules/webpack/node_modules/braces"
        ],
        "fixAvailable": {
          "name": "webpack",
          "version": "5.95.0",
          "isSemVerMajor": true
        }
      },
      "browserify-sign": {
        "name": "browserify-sign",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096644,
            "name": "browserify-sign",
            "dependency": "browserify-sign",
            "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
            "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
            "severity": "high",
            "cwe": [
              "CWE-347"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
            },
            "range": ">=2.6.0 <=4.2.1"
          }
        ],
        "effects": [],
        "range": "2.6.0 - 4.2.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "browserslist": {
        "name": "browserslist",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1093035,
            "name": "browserslist",
            "dependency": "browserslist",
            "title": "Regular Expression Denial of Service in browserslist",
            "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
            "severity": "moderate",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=4.0.0 <4.16.5"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "4.0.0 - 4.16.4",
        "nodes": [
          "node_modules/react-dev-utils/node_modules/browserslist"
        ],
        "fixAvailable": true
      },
      "chokidar": {
        "name": "chokidar",
        "severity": "high",
        "isDirect": false,
        "via": [
          "anymatch",
          "braces",
          "readdirp"
        ],
        "effects": [
          "watchpack-chokidar2"
        ],
        "range": "1.3.0 - 2.1.8",
        "nodes": [
          "node_modules/watchpack-chokidar2/node_modules/chokidar"
        ],
        "fixAvailable": true
      },
      "cookie": {
        "name": "cookie",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1099846,
            "name": "cookie",
            "dependency": "cookie",
            "title": "cookie accepts cookie name, path, and domain with out of bounds characters",
            "url": "https://github.com/advisories/GHSA-pxg6-pf52-xh8x",
            "severity": "low",
            "cwe": [
              "CWE-74"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.7.0"
          }
        ],
        "effects": [
          "express"
        ],
        "range": "<0.7.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "cpy": {
        "name": "cpy",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "globby"
        ],
        "effects": [
          "@storybook/core-server"
        ],
        "range": "7.0.0 - 8.1.2",
        "nodes": [
          "node_modules/cpy"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "css-loader": {
        "name": "css-loader",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "icss-utils",
          "postcss",
          "postcss-modules-extract-imports",
          "postcss-modules-local-by-default",
          "postcss-modules-scope",
          "postcss-modules-values"
        ],
        "effects": [],
        "range": "0.15.0 - 4.3.0",
        "nodes": [
          "node_modules/css-loader"
        ],
        "fixAvailable": true
      },
      "elliptic": {
        "name": "elliptic",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1098593,
            "name": "elliptic",
            "dependency": "elliptic",
            "title": "Elliptic's EDDSA missing signature length check",
            "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p",
            "severity": "low",
            "cwe": [
              "CWE-347"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
            },
            "range": ">=4.0.0 <=6.5.6"
          },
          {
            "source": 1098594,
            "name": "elliptic",
            "dependency": "elliptic",
            "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero",
            "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw",
            "severity": "low",
            "cwe": [
              "CWE-130"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
            },
            "range": ">=2.0.0 <=6.5.6"
          },
          {
            "source": 1098595,
            "name": "elliptic",
            "dependency": "elliptic",
            "title": "Elliptic allows BER-encoded signatures",
            "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m",
            "severity": "low",
            "cwe": [
              "CWE-347"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
            },
            "range": ">=5.2.1 <=6.5.6"
          }
        ],
        "effects": [],
        "range": "2.0.0 - 6.5.6",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "express": {
        "name": "express",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096820,
            "name": "express",
            "dependency": "express",
            "title": "Express.js Open Redirect in malformed URLs",
            "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc",
            "severity": "moderate",
            "cwe": [
              "CWE-601",
              "CWE-1286"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<4.19.2"
          },
          {
            "source": 1099529,
            "name": "express",
            "dependency": "express",
            "title": "express vulnerable to XSS via response.redirect()",
            "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 5,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
            },
            "range": "<4.20.0"
          },
          "body-parser",
          "cookie",
          "path-to-regexp",
          "send",
          "serve-static"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "",
          "node_modules/express"
        ],
        "fixAvailable": true
      },
      "fast-glob": {
        "name": "fast-glob",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "micromatch"
        ],
        "effects": [
          "globby"
        ],
        "range": "<=2.2.7",
        "nodes": [
          "node_modules/fast-glob"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "findup-sync": {
        "name": "findup-sync",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "micromatch"
        ],
        "effects": [
          "webpack-cli"
        ],
        "range": "0.4.0 - 3.0.0",
        "nodes": [
          ""
        ],
        "fixAvailable": {
          "name": "webpack-cli",
          "version": "3.3.12",
          "isSemVerMajor": false
        }
      },
      "fork-ts-checker-webpack-plugin": {
        "name": "fork-ts-checker-webpack-plugin",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "micromatch"
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "0.4.14 - 4.1.6",
        "nodes": [
          "node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin",
          "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin"
        ],
        "fixAvailable": true
      },
      "globby": {
        "name": "globby",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "fast-glob"
        ],
        "effects": [
          "cpy"
        ],
        "range": "8.0.0 - 9.2.0",
        "nodes": [
          "node_modules/globby"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "icss-utils": {
        "name": "icss-utils",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [
          "css-loader",
          "postcss-modules-local-by-default",
          "postcss-modules-values"
        ],
        "range": "<=4.1.1",
        "nodes": [
          "node_modules/icss-utils"
        ],
        "fixAvailable": true
      },
      "immer": {
        "name": "immer",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1097196,
            "name": "immer",
            "dependency": "immer",
            "title": "Prototype Pollution in immer",
            "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
            "severity": "high",
            "cwe": [
              "CWE-915",
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=7.0.0 <9.0.6"
          },
          {
            "source": 1097209,
            "name": "immer",
            "dependency": "immer",
            "title": "Prototype Pollution in immer",
            "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h",
            "severity": "critical",
            "cwe": [
              "CWE-843",
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=7.0.0 <9.0.6"
          }
        ],
        "effects": [],
        "range": "7.0.0 - 9.0.5",
        "nodes": [
          "node_modules/immer"
        ],
        "fixAvailable": true
      },
      "ip": {
        "name": "ip",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1097720,
            "name": "ip",
            "dependency": "ip",
            "title": "NPM IP package incorrectly identifies some private IP addresses as public",
            "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22",
            "severity": "low",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<1.1.9"
          },
          {
            "source": 1099357,
            "name": "ip",
            "dependency": "ip",
            "title": "ip SSRF improper categorization in isPublic",
            "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
            "severity": "high",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 8.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<=2.0.1"
          }
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "jsdoc": {
        "name": "jsdoc",
        "severity": "high",
        "isDirect": true,
        "via": [
          "markdown-it",
          "marked",
          "taffydb"
        ],
        "effects": [],
        "range": "3.2.0-dev - 3.6.11",
        "nodes": [
          "node_modules/jsdoc"
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "3.6.11",
          "isSemVerMajor": false
        }
      },
      "jsdom": {
        "name": "jsdom",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "request",
          "tough-cookie"
        ],
        "effects": [],
        "range": "0.1.20 || 0.2.0 - 16.5.3",
        "nodes": [
          "node_modules/jsdom"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "25.0.1",
          "isSemVerMajor": true
        }
      },
      "less": {
        "name": "less",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "request"
        ],
        "effects": [],
        "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
        "nodes": [
          "node_modules/less"
        ],
        "fixAvailable": {
          "name": "less",
          "version": "3.13.1",
          "isSemVerMajor": false
        }
      },
      "loader-utils": {
        "name": "loader-utils",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1094088,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "Prototype pollution in webpack loader-utils",
            "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<1.4.1"
          },
          {
            "source": 1094089,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "Prototype pollution in webpack loader-utils",
            "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=2.0.0 <2.0.3"
          },
          {
            "source": 1095054,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
            "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=2.0.0 <2.0.4"
          },
          {
            "source": 1095055,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
            "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=1.0.0 <1.4.2"
          },
          {
            "source": 1097142,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
            "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=2.0.0 <2.0.4"
          },
          {
            "source": 1097143,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
            "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=1.0.0 <1.4.2"
          }
        ],
        "effects": [
          "react-dev-utils",
          "webpack-cli"
        ],
        "range": "<=1.4.1 || 2.0.0 - 2.0.3",
        "nodes": [
          "node_modules/react-dev-utils/node_modules/loader-utils",
          "node_modules/webpack-cli/node_modules/loader-utils"
        ],
        "fixAvailable": {
          "name": "webpack-cli",
          "version": "3.3.12",
          "isSemVerMajor": false
        }
      },
      "markdown-it": {
        "name": "markdown-it",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1092663,
            "name": "markdown-it",
            "dependency": "markdown-it",
            "title": "Uncontrolled Resource Consumption in markdown-it",
            "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
            "severity": "moderate",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<12.3.2"
          }
        ],
        "effects": [
          "jsdoc"
        ],
        "range": "<12.3.2",
        "nodes": [
          "node_modules/markdown-it"
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "3.6.11",
          "isSemVerMajor": false
        }
      },
      "marked": {
        "name": "marked",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1095051,
            "name": "marked",
            "dependency": "marked",
            "title": "Inefficient Regular Expression Complexity in marked",
            "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<4.0.10"
          },
          {
            "source": 1095052,
            "name": "marked",
            "dependency": "marked",
            "title": "Inefficient Regular Expression Complexity in marked",
            "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<4.0.10"
          }
        ],
        "effects": [
          "jsdoc"
        ],
        "range": "<=4.0.9",
        "nodes": [
          "node_modules/marked"
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "3.6.11",
          "isSemVerMajor": false
        }
      },
      "micromatch": {
        "name": "micromatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1098681,
            "name": "micromatch",
            "dependency": "micromatch",
            "title": "Regular Expression Denial of Service (ReDoS) in micromatch",
            "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<4.0.8"
          },
          "braces"
        ],
        "effects": [
          "anymatch",
          "fast-glob",
          "findup-sync",
          "fork-ts-checker-webpack-plugin",
          "readdirp",
          "webpack"
        ],
        "range": "<=4.0.7",
        "nodes": [
          "",
          "",
          "",
          "node_modules/@storybook/builder-webpack4/node_modules/micromatch",
          "node_modules/fast-glob/node_modules/micromatch",
          "node_modules/react-dev-utils/node_modules/micromatch",
          "node_modules/watchpack-chokidar2/node_modules/micromatch",
          "node_modules/webpack/node_modules/micromatch"
        ],
        "fixAvailable": {
          "name": "webpack",
          "version": "5.95.0",
          "isSemVerMajor": true
        }
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096485,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS vulnerability",
            "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.0.5"
          }
        ],
        "effects": [
          "recursive-readdir"
        ],
        "range": "<3.0.5",
        "nodes": [
          "node_modules/minimatch"
        ],
        "fixAvailable": true
      },
      "path-to-regexp": {
        "name": "path-to-regexp",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1099561,
            "name": "path-to-regexp",
            "dependency": "path-to-regexp",
            "title": "path-to-regexp outputs backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=0.2.0 <1.9.0"
          },
          {
            "source": 1099562,
            "name": "path-to-regexp",
            "dependency": "path-to-regexp",
            "title": "path-to-regexp outputs backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<0.1.10"
          }
        ],
        "effects": [
          "express"
        ],
        "range": "<=0.1.9 || 0.2.0 - 1.8.0",
        "nodes": [
          "",
          "",
          ""
        ],
        "fixAvailable": true
      },
      "postcss": {
        "name": "postcss",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1094544,
            "name": "postcss",
            "dependency": "postcss",
            "title": "PostCSS line return parsing error",
            "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
            "severity": "moderate",
            "cwe": [
              "CWE-74",
              "CWE-144"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<8.4.31"
          }
        ],
        "effects": [
          "@storybook/builder-webpack4",
          "autoprefixer",
          "css-loader",
          "icss-utils",
          "postcss-flexbugs-fixes",
          "postcss-modules-extract-imports",
          "postcss-modules-local-by-default",
          "postcss-modules-scope",
          "postcss-modules-values"
        ],
        "range": "<8.4.31",
        "nodes": [
          "",
          "node_modules/@storybook/builder-webpack4/node_modules/postcss",
          "node_modules/autoprefixer/node_modules/postcss",
          "node_modules/css-loader/node_modules/postcss",
          "node_modules/icss-utils/node_modules/postcss",
          "node_modules/postcss-flexbugs-fixes/node_modules/postcss",
          "node_modules/postcss-modules-extract-imports/node_modules/postcss",
          "node_modules/postcss-modules-local-by-default/node_modules/postcss",
          "node_modules/postcss-modules-scope/node_modules/postcss",
          "node_modules/postcss-modules-values/node_modules/postcss"
        ],
        "fixAvailable": true
      },
      "postcss-flexbugs-fixes": {
        "name": "postcss-flexbugs-fixes",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "<=4.2.1",
        "nodes": [
          "node_modules/postcss-flexbugs-fixes"
        ],
        "fixAvailable": true
      },
      "postcss-modules-extract-imports": {
        "name": "postcss-modules-extract-imports",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "<=2.0.0",
        "nodes": [
          "node_modules/postcss-modules-extract-imports"
        ],
        "fixAvailable": true
      },
      "postcss-modules-local-by-default": {
        "name": "postcss-modules-local-by-default",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "icss-utils",
          "postcss"
        ],
        "effects": [],
        "range": "<=4.0.0-rc.4",
        "nodes": [
          "node_modules/postcss-modules-local-by-default"
        ],
        "fixAvailable": true
      },
      "postcss-modules-scope": {
        "name": "postcss-modules-scope",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "<=2.2.0",
        "nodes": [
          "node_modules/postcss-modules-scope"
        ],
        "fixAvailable": true
      },
      "postcss-modules-values": {
        "name": "postcss-modules-values",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "icss-utils",
          "postcss"
        ],
        "effects": [
          "css-loader"
        ],
        "range": "<=4.0.0-rc.5",
        "nodes": [
          "node_modules/postcss-modules-values"
        ],
        "fixAvailable": true
      },
      "react-dev-utils": {
        "name": "react-dev-utils",
        "severity": "critical",
        "isDirect": false,
        "via": [
          "browserslist",
          "fork-ts-checker-webpack-plugin",
          "immer",
          "loader-utils",
          "recursive-readdir",
          "shell-quote"
        ],
        "effects": [
          "@storybook/builder-webpack4"
        ],
        "range": "0.5.2 - 12.0.0-next.60",
        "nodes": [
          "node_modules/react-dev-utils"
        ],
        "fixAvailable": true
      },
      "readdirp": {
        "name": "readdirp",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "micromatch"
        ],
        "effects": [
          "chokidar"
        ],
        "range": "2.2.0 - 2.2.1",
        "nodes": [
          "node_modules/watchpack-chokidar2/node_modules/readdirp"
        ],
        "fixAvailable": true
      },
      "recursive-readdir": {
        "name": "recursive-readdir",
        "severity": "high",
        "isDirect": false,
        "via": [
          "minimatch"
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "1.2.0 - 2.2.2",
        "nodes": [
          "node_modules/recursive-readdir"
        ],
        "fixAvailable": true
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "jsdom",
          "less",
          "request-promise-core",
          "request-promise-native"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "25.0.1",
          "isSemVerMajor": true
        }
      },
      "request-promise-core": {
        "name": "request-promise-core",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request"
        ],
        "effects": [
          "request-promise-native"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request-promise-core"
        ],
        "fixAvailable": true
      },
      "request-promise-native": {
        "name": "request-promise-native",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request",
          "request-promise-core",
          "tough-cookie"
        ],
        "effects": [],
        "range": ">=1.0.0",
        "nodes": [
          "node_modules/request-promise-native"
        ],
        "fixAvailable": true
      },
      "send": {
        "name": "send",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1099525,
            "name": "send",
            "dependency": "send",
            "title": "send vulnerable to template injection that can lead to XSS",
            "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 5,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
            },
            "range": "<0.19.0"
          }
        ],
        "effects": [
          "express",
          "serve-static"
        ],
        "range": "<0.19.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "serve-static": {
        "name": "serve-static",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1099527,
            "name": "serve-static",
            "dependency": "serve-static",
            "title": "serve-static vulnerable to template injection that can lead to XSS",
            "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 5,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
            },
            "range": "<1.16.0"
          },
          "send"
        ],
        "effects": [],
        "range": "<=1.16.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "shell-quote": {
        "name": "shell-quote",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096375,
            "name": "shell-quote",
            "dependency": "shell-quote",
            "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
            "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
            "severity": "critical",
            "cwe": [
              "CWE-77"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<=1.7.2"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "<=1.7.2",
        "nodes": [
          "node_modules/shell-quote"
        ],
        "fixAvailable": true
      },
      "taffydb": {
        "name": "taffydb",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1089386,
            "name": "taffydb",
            "dependency": "taffydb",
            "title": "TaffyDB can allow access to any data items in the DB",
            "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
            "severity": "high",
            "cwe": [
              "CWE-20",
              "CWE-668"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": "<=2.7.3"
          }
        ],
        "effects": [
          "jsdoc"
        ],
        "range": "*",
        "nodes": [
          "node_modules/taffydb"
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "3.6.11",
          "isSemVerMajor": false
        }
      },
      "tar": {
        "name": "tar",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097493,
            "name": "tar",
            "dependency": "tar",
            "title": "Denial of service while parsing a tar file due to lack of folders count validation",
            "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
            "severity": "moderate",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            },
            "range": "<6.2.1"
          }
        ],
        "effects": [],
        "range": "<6.2.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "terser-webpack-plugin": {
        "name": "terser-webpack-plugin",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "webpack"
        ],
        "effects": [
          "webpack"
        ],
        "range": "<=2.2.1",
        "nodes": [
          ""
        ],
        "fixAvailable": {
          "name": "webpack",
          "version": "5.95.0",
          "isSemVerMajor": true
        }
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097682,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "jsdom",
          "request",
          "request-promise-native"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "25.0.1",
          "isSemVerMajor": true
        }
      },
      "watchpack": {
        "name": "watchpack",
        "severity": "high",
        "isDirect": false,
        "via": [
          "watchpack-chokidar2"
        ],
        "effects": [],
        "range": "1.7.2 - 1.7.5",
        "nodes": [
          "node_modules/watchpack"
        ],
        "fixAvailable": true
      },
      "watchpack-chokidar2": {
        "name": "watchpack-chokidar2",
        "severity": "high",
        "isDirect": false,
        "via": [
          "chokidar"
        ],
        "effects": [
          "watchpack"
        ],
        "range": "*",
        "nodes": [
          "node_modules/watchpack-chokidar2"
        ],
        "fixAvailable": true
      },
      "webpack": {
        "name": "webpack",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "micromatch",
          "terser-webpack-plugin"
        ],
        "effects": [
          "@storybook/core-common",
          "@storybook/core-server",
          "terser-webpack-plugin",
          "webpack-cli"
        ],
        "range": "4.0.0-alpha.0 - 5.0.0-rc.6",
        "nodes": [
          "node_modules/webpack"
        ],
        "fixAvailable": {
          "name": "webpack",
          "version": "5.95.0",
          "isSemVerMajor": true
        }
      },
      "webpack-cli": {
        "name": "webpack-cli",
        "severity": "high",
        "isDirect": true,
        "via": [
          "findup-sync",
          "loader-utils",
          "webpack"
        ],
        "effects": [],
        "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1",
        "nodes": [
          "node_modules/webpack-cli"
        ],
        "fixAvailable": {
          "name": "webpack-cli",
          "version": "3.3.12",
          "isSemVerMajor": false
        }
      },
      "webpack-dev-middleware": {
        "name": "webpack-dev-middleware",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096729,
            "name": "webpack-dev-middleware",
            "dependency": "webpack-dev-middleware",
            "title": "Path traversal in webpack-dev-middleware",
            "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 7.4,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
            },
            "range": "<=5.3.3"
          }
        ],
        "effects": [
          "@storybook/core-server"
        ],
        "range": "<=5.3.3",
        "nodes": [
          "node_modules/webpack-dev-middleware"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.3.5",
          "isSemVerMajor": true
        }
      },
      "ws": {
        "name": "ws",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1098392,
            "name": "ws",
            "dependency": "ws",
            "title": "ws affected by a DoS when handling a request with many HTTP headers",
            "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
            "severity": "high",
            "cwe": [
              "CWE-476"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=8.0.0 <8.17.1"
          },
          {
            "source": 1098394,
            "name": "ws",
            "dependency": "ws",
            "title": "ws affected by a DoS when handling a request with many HTTP headers",
            "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
            "severity": "high",
            "cwe": [
              "CWE-476"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=6.0.0 <6.2.3"
          }
        ],
        "effects": [],
        "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0",
        "nodes": [
          "",
          ""
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 2,
        "moderate": 30,
        "high": 22,
        "critical": 5,
        "total": 59
      },
      "dependencies": {
        "prod": 1,
        "dev": 1983,
        "optional": 34,
        "peer": 15,
        "peerOptional": 0,
        "total": 1983
      }
    }
  }
}

--- end ---
{"added": 1983, "removed": 0, "changed": 0, "audited": 1984, "funding": 208, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/traverse": {"name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": [], "range": "<7.23.2", "nodes": [""], "fixAvailable": true}, "@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "isDirect": false, "via": ["@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "react-dev-utils", "webpack", "webpack-dev-middleware"], "effects": [], "range": "*", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": true}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/core-server"], "effects": ["@storybook/html"], "range": "6.2.0-alpha.0 - 6.3.0-rc.12", "nodes": ["node_modules/@storybook/core"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["@storybook/html"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": ["@storybook/builder-webpack4", "@storybook/core-common", "cpy", "css-loader", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "@storybook/html": {"name": "@storybook/html", "severity": "high", "isDirect": true, "via": ["@storybook/core", "@storybook/core-common"], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/html"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/watchpack-chokidar2/node_modules/anymatch"], "fixAvailable": true}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "body-parser": {"name": "body-parser", "severity": "high", "isDirect": false, "via": [{"source": 1099520, "name": "body-parser", "dependency": "body-parser", "title": "body-parser vulnerable to denial of service when url encoding is enabled", "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7", "severity": "high", "cwe": ["CWE-405"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<1.20.3"}], "effects": ["express"], "range": "<1.20.3", "nodes": [""], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["", "", "node_modules/@storybook/builder-webpack4/node_modules/braces", "node_modules/fast-glob/node_modules/braces", "node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces"], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "browserify-sign": {"name": "browserify-sign", "severity": "high", "isDirect": false, "via": [{"source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": ["CWE-347"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=2.6.0 <=4.2.1"}], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [""], "fixAvailable": true}, "browserslist": {"name": "browserslist", "severity": "moderate", "isDirect": false, "via": [{"source": 1093035, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.16.5"}], "effects": ["react-dev-utils"], "range": "4.0.0 - 4.16.4", "nodes": ["node_modules/react-dev-utils/node_modules/browserslist"], "fixAvailable": true}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["watchpack-chokidar2"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": true}, "cookie": {"name": "cookie", "severity": "low", "isDirect": false, "via": [{"source": 1099846, "name": "cookie", "dependency": "cookie", "title": "cookie accepts cookie name, path, and domain with out of bounds characters", "url": "https://github.com/advisories/GHSA-pxg6-pf52-xh8x", "severity": "low", "cwe": ["CWE-74"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.7.0"}], "effects": ["express"], "range": "<0.7.0", "nodes": [""], "fixAvailable": true}, "cpy": {"name": "cpy", "severity": "moderate", "isDirect": false, "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/css-loader"], "fixAvailable": true}, "elliptic": {"name": "elliptic", "severity": "low", "isDirect": false, "via": [{"source": 1098593, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's EDDSA missing signature length check", "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p", "severity": "low", "cwe": ["CWE-347"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": ">=4.0.0 <=6.5.6"}, {"source": 1098594, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero", "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw", "severity": "low", "cwe": ["CWE-130"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": ">=2.0.0 <=6.5.6"}, {"source": 1098595, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic allows BER-encoded signatures", "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m", "severity": "low", "cwe": ["CWE-347"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "range": ">=5.2.1 <=6.5.6"}], "effects": [], "range": "2.0.0 - 6.5.6", "nodes": [""], "fixAvailable": true}, "express": {"name": "express", "severity": "high", "isDirect": false, "via": [{"source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": ["CWE-601", "CWE-1286"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.19.2"}, {"source": 1099529, "name": "express", "dependency": "express", "title": "express vulnerable to XSS via response.redirect()", "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "range": "<4.20.0"}, "body-parser", "cookie", "path-to-regexp", "send", "serve-static"], "effects": [], "range": "*", "nodes": ["", "node_modules/express"], "fixAvailable": true}, "fast-glob": {"name": "fast-glob", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/fast-glob"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "findup-sync": {"name": "findup-sync", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["webpack-cli"], "range": "0.4.0 - 3.0.0", "nodes": [""], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["react-dev-utils"], "range": "0.4.14 - 4.1.6", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin", "node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": true}, "globby": {"name": "globby", "severity": "moderate", "isDirect": false, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/globby"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "immer": {"name": "immer", "severity": "critical", "isDirect": false, "via": [{"source": 1097196, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx", "severity": "high", "cwe": ["CWE-915", "CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <9.0.6"}, {"source": 1097209, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-33f9-j839-rf8h", "severity": "critical", "cwe": ["CWE-843", "CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=7.0.0 <9.0.6"}], "effects": [], "range": "7.0.0 - 9.0.5", "nodes": ["node_modules/immer"], "fixAvailable": true}, "ip": {"name": "ip", "severity": "high", "isDirect": false, "via": [{"source": 1097720, "name": "ip", "dependency": "ip", "title": "NPM IP package incorrectly identifies some private IP addresses as public", "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22", "severity": "low", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<1.1.9"}, {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}], "effects": [], "range": "*", "nodes": [""], "fixAvailable": true}, "jsdoc": {"name": "jsdoc", "severity": "high", "isDirect": true, "via": ["markdown-it", "marked", "taffydb"], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "jsdom": {"name": "jsdom", "severity": "moderate", "isDirect": true, "via": ["request", "tough-cookie"], "effects": [], "range": "0.1.20 || 0.2.0 - 16.5.3", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "less": {"name": "less", "severity": "moderate", "isDirect": true, "via": ["request"], "effects": [], "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3", "nodes": ["node_modules/less"], "fixAvailable": {"name": "less", "version": "3.13.1", "isSemVerMajor": false}}, "loader-utils": {"name": "loader-utils", "severity": "critical", "isDirect": false, "via": [{"source": 1094088, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<1.4.1"}, {"source": 1094089, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=2.0.0 <2.0.3"}, {"source": 1095054, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.4"}, {"source": 1095055, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}, {"source": 1097142, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.4"}, {"source": 1097143, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}], "effects": ["react-dev-utils", "webpack-cli"], "range": "<=1.4.1 || 2.0.0 - 2.0.3", "nodes": ["node_modules/react-dev-utils/node_modules/loader-utils", "node_modules/webpack-cli/node_modules/loader-utils"], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<12.3.2"}], "effects": ["jsdoc"], "range": "<12.3.2", "nodes": ["node_modules/markdown-it"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "marked": {"name": "marked", "severity": "high", "isDirect": false, "via": [{"source": 1095051, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.0.10"}, {"source": 1095052, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.0.10"}], "effects": ["jsdoc"], "range": "<=4.0.9", "nodes": ["node_modules/marked"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "fast-glob", "findup-sync", "fork-ts-checker-webpack-plugin", "readdirp", "webpack"], "range": "<=4.0.7", "nodes": ["", "", "", "node_modules/@storybook/builder-webpack4/node_modules/micromatch", "node_modules/fast-glob/node_modules/micromatch", "node_modules/react-dev-utils/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch"], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["recursive-readdir"], "range": "<3.0.5", "nodes": ["node_modules/minimatch"], "fixAvailable": true}, "path-to-regexp": {"name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [{"source": 1099561, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=0.2.0 <1.9.0"}, {"source": 1099562, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.1.10"}], "effects": ["express"], "range": "<=0.1.9 || 0.2.0 - 1.8.0", "nodes": ["", "", ""], "fixAvailable": true}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<8.4.31", "nodes": ["", "node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": true}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "react-dev-utils": {"name": "react-dev-utils", "severity": "critical", "isDirect": false, "via": ["browserslist", "fork-ts-checker-webpack-plugin", "immer", "loader-utils", "recursive-readdir", "shell-quote"], "effects": ["@storybook/builder-webpack4"], "range": "0.5.2 - 12.0.0-next.60", "nodes": ["node_modules/react-dev-utils"], "fixAvailable": true}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/watchpack-chokidar2/node_modules/readdirp"], "fixAvailable": true}, "recursive-readdir": {"name": "recursive-readdir", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": ["react-dev-utils"], "range": "1.2.0 - 2.2.2", "nodes": ["node_modules/recursive-readdir"], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["jsdom", "less", "request-promise-core", "request-promise-native"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "request-promise-core": {"name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["request-promise-native"], "range": "*", "nodes": ["node_modules/request-promise-core"], "fixAvailable": true}, "request-promise-native": {"name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": ["request", "request-promise-core", "tough-cookie"], "effects": [], "range": ">=1.0.0", "nodes": ["node_modules/request-promise-native"], "fixAvailable": true}, "send": {"name": "send", "severity": "moderate", "isDirect": false, "via": [{"source": 1099525, "name": "send", "dependency": "send", "title": "send vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "range": "<0.19.0"}], "effects": ["express", "serve-static"], "range": "<0.19.0", "nodes": [""], "fixAvailable": true}, "serve-static": {"name": "serve-static", "severity": "moderate", "isDirect": false, "via": [{"source": 1099527, "name": "serve-static", "dependency": "serve-static", "title": "serve-static vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "range": "<1.16.0"}, "send"], "effects": [], "range": "<=1.16.0", "nodes": [""], "fixAvailable": true}, "shell-quote": {"name": "shell-quote", "severity": "critical", "isDirect": false, "via": [{"source": 1096375, "name": "shell-quote", "dependency": "shell-quote", "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote", "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7", "severity": "critical", "cwe": ["CWE-77"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=1.7.2"}], "effects": ["react-dev-utils"], "range": "<=1.7.2", "nodes": ["node_modules/shell-quote"], "fixAvailable": true}, "taffydb": {"name": "taffydb", "severity": "high", "isDirect": false, "via": [{"source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": ["CWE-20", "CWE-668"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<=2.7.3"}], "effects": ["jsdoc"], "range": "*", "nodes": ["node_modules/taffydb"], "fixAvailable": {"name": "jsdoc", "version": "3.6.11", "isSemVerMajor": false}}, "tar": {"name": "tar", "severity": "moderate", "isDirect": false, "via": [{"source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<6.2.1"}], "effects": [], "range": "<6.2.1", "nodes": [""], "fixAvailable": true}, "terser-webpack-plugin": {"name": "terser-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["webpack"], "range": "<=2.2.1", "nodes": [""], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["jsdom", "request", "request-promise-native"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/watchpack"], "fixAvailable": true}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": true}, "webpack": {"name": "webpack", "severity": "moderate", "isDirect": true, "via": ["micromatch", "terser-webpack-plugin"], "effects": ["@storybook/core-common", "@storybook/core-server", "terser-webpack-plugin", "webpack-cli"], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": ["node_modules/webpack"], "fixAvailable": {"name": "webpack", "version": "5.95.0", "isSemVerMajor": true}}, "webpack-cli": {"name": "webpack-cli", "severity": "high", "isDirect": true, "via": ["findup-sync", "loader-utils", "webpack"], "effects": [], "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1", "nodes": ["node_modules/webpack-cli"], "fixAvailable": {"name": "webpack-cli", "version": "3.3.12", "isSemVerMajor": false}}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}], "effects": ["@storybook/core-server"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": {"name": "@storybook/html", "version": "8.3.5", "isSemVerMajor": true}}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.17.1"}, {"source": 1098394, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.0.0 <6.2.3"}], "effects": [], "range": "6.0.0 - 6.2.2 || 8.0.0 - 8.17.0", "nodes": ["", ""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 2, "moderate": 30, "high": 22, "critical": 5, "total": 59}, "dependencies": {"prod": 1, "dev": 1983, "optional": 34, "peer": 15, "peerOptional": 0, "total": 1983}}}}
{}
Upgrading n:jsdoc from 3.6.7 -> 3.6.11
{}
Upgrading n:less from 3.8.1 -> 3.13.1
{}
Upgrading n:webpack-cli from 3.3.11 -> 3.3.12
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: babel-loader@8.2.3
npm WARN Found: webpack@4.43.0
npm WARN node_modules/webpack
npm WARN   dev webpack@"4.43.0" from the root project
npm WARN   24 more (@storybook/builder-webpack4, babel-loader, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2" from babel-loader@8.2.3
npm WARN node_modules/@storybook/builder-webpack4/node_modules/babel-loader
npm WARN   babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3
npm WARN   node_modules/@storybook/builder-webpack4
npm WARN 
npm WARN Conflicting peer dependency: webpack@5.95.0
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from babel-loader@8.2.3
npm WARN   node_modules/@storybook/builder-webpack4/node_modules/babel-loader
npm WARN     babel-loader@"^8.2.2" from @storybook/builder-webpack4@6.2.3
npm WARN     node_modules/@storybook/builder-webpack4
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: babel-loader@8.2.3
npm WARN Found: webpack@4.43.0
npm WARN node_modules/webpack
npm WARN   dev webpack@"4.43.0" from the root project
npm WARN   24 more (@storybook/builder-webpack4, babel-loader, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2" from babel-loader@8.2.3
npm WARN node_modules/@storybook/core-common/node_modules/babel-loader
npm WARN   babel-loader@"^8.2.2" from @storybook/core-common@6.2.3
npm WARN   node_modules/@storybook/core-common
npm WARN 
npm WARN Conflicting peer dependency: webpack@5.95.0
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from babel-loader@8.2.3
npm WARN   node_modules/@storybook/core-common/node_modules/babel-loader
npm WARN     babel-loader@"^8.2.2" from @storybook/core-common@6.2.3
npm WARN     node_modules/@storybook/core-common
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: babel-loader@8.2.3
npm WARN Found: webpack@4.43.0
npm WARN node_modules/webpack
npm WARN   dev webpack@"4.43.0" from the root project
npm WARN   24 more (@storybook/builder-webpack4, babel-loader, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2" from babel-loader@8.2.3
npm WARN node_modules/@storybook/core-server/node_modules/babel-loader
npm WARN   babel-loader@"^8.2.2" from @storybook/core-server@6.2.3
npm WARN   node_modules/@storybook/core-server
npm WARN 
npm WARN Conflicting peer dependency: webpack@5.95.0
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from babel-loader@8.2.3
npm WARN   node_modules/@storybook/core-server/node_modules/babel-loader
npm WARN     babel-loader@"^8.2.2" from @storybook/core-server@6.2.3
npm WARN     node_modules/@storybook/core-server
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3
npm WARN   node_modules/babel-plugin-polyfill-corejs2
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN   node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3
npm WARN     node_modules/babel-plugin-polyfill-corejs2
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.1.5
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5
npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7
npm WARN   node_modules/babel-plugin-polyfill-corejs3
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5
npm WARN   node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7
npm WARN     node_modules/babel-plugin-polyfill-corejs3
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3
npm WARN   node_modules/babel-plugin-polyfill-regenerator
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN   node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3
npm WARN     node_modules/babel-plugin-polyfill-regenerator
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '14.17.5' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE   required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js-pure@3.19.1: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---

added 1968 packages, and audited 1969 packages in 53s

210 packages are looking for funding
  run `npm fund` for details

# npm audit report

braces  <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install webpack@5.95.0, which is a breaking change
node_modules/@storybook/builder-webpack4/node_modules/braces
node_modules/fast-glob/node_modules/braces
node_modules/findup-sync/node_modules/braces
node_modules/react-dev-utils/node_modules/micromatch/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack/node_modules/braces
  chokidar  1.3.0 - 2.1.8
  Depends on vulnerable versions of anymatch
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of readdirp
  node_modules/watchpack-chokidar2/node_modules/chokidar
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
  micromatch  <=4.0.7
  Depends on vulnerable versions of braces
  node_modules/@storybook/builder-webpack4/node_modules/micromatch
  node_modules/fast-glob/node_modules/micromatch
  node_modules/findup-sync/node_modules/micromatch
  node_modules/react-dev-utils/node_modules/micromatch
  node_modules/watchpack-chokidar2/node_modules/micromatch
  node_modules/webpack/node_modules/micromatch
    anymatch  1.2.0 - 2.0.0
    Depends on vulnerable versions of micromatch
    node_modules/watchpack-chokidar2/node_modules/anymatch
    fast-glob  <=2.2.7
    Depends on vulnerable versions of micromatch
    node_modules/fast-glob
      globby  8.0.0 - 9.2.0
      Depends on vulnerable versions of fast-glob
      node_modules/globby
        cpy  7.0.0 - 8.1.2
        Depends on vulnerable versions of globby
        node_modules/cpy
          @storybook/core-server  <=8.2.0-beta.3
          Depends on vulnerable versions of @storybook/builder-webpack4
          Depends on vulnerable versions of @storybook/core-common
          Depends on vulnerable versions of cpy
          Depends on vulnerable versions of css-loader
          Depends on vulnerable versions of express
          Depends on vulnerable versions of ip
          Depends on vulnerable versions of webpack
          Depends on vulnerable versions of webpack-dev-middleware
          node_modules/@storybook/core-server
            @storybook/core  6.2.0-alpha.0 - 6.3.0-rc.12
            Depends on vulnerable versions of @storybook/core-server
            node_modules/@storybook/core
              @storybook/html  6.2.0-alpha.0 - 6.5.17-alpha.0
              Depends on vulnerable versions of @storybook/core
              Depends on vulnerable versions of @storybook/core-common
              node_modules/@storybook/html
    findup-sync  0.4.0 - 3.0.0
    Depends on vulnerable versions of micromatch
    node_modules/findup-sync
      webpack-cli  <=0.0.8-development || 2.0.11 - 4.0.0-rc.1
      Depends on vulnerable versions of findup-sync
      Depends on vulnerable versions of webpack
      node_modules/webpack-cli
    fork-ts-checker-webpack-plugin  0.4.14 - 4.1.6
    Depends on vulnerable versions of micromatch
    node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin
    node_modules/react-dev-utils/node_modules/fork-ts-checker-webpack-plugin
      react-dev-utils  0.5.2 - 12.0.0-next.60
      Depends on vulnerable versions of browserslist
      Depends on vulnerable versions of fork-ts-checker-webpack-plugin
      Depends on vulnerable versions of immer
      Depends on vulnerable versions of loader-utils
      Depends on vulnerable versions of recursive-readdir
      Depends on vulnerable versions of shell-quote
      node_modules/react-dev-utils
        @storybook/builder-webpack4  *
        Depends on vulnerable versions of @storybook/core-common
        Depends on vulnerable versions of autoprefixer
        Depends on vulnerable versions of css-loader
        Depends on vulnerable versions of fork-ts-checker-webpack-plugin
        Depends on vulnerable versions of postcss
        Depends on vulnerable versions of postcss-flexbugs-fixes
        Depends on vulnerable versions of react-dev-utils
        Depends on vulnerable versions of webpack
        Depends on vulnerable versions of webpack-dev-middleware
        node_modules/@storybook/builder-webpack4
    readdirp  2.2.0 - 2.2.1
    Depends on vulnerable versions of micromatch
    node_modules/watchpack-chokidar2/node_modules/readdirp
    webpack  4.0.0-alpha.0 - 5.0.0-rc.6
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of terser-webpack-plugin
    node_modules/webpack
      @storybook/core-common  <=7.0.0-rc.11
      Depends on vulnerable versions of express
      Depends on vulnerable versions of webpack
      node_modules/@storybook/core-common
      terser-webpack-plugin  <=2.2.1
      Depends on vulnerable versions of webpack
      node_modules/webpack/node_modules/terser-webpack-plugin

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/react-dev-utils/node_modules/browserslist

cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install @storybook/html@8.3.5, which is a breaking change
node_modules/cookie
  express  >=3.0.0-alpha1
  Depends on vulnerable versions of cookie
  node_modules/express

immer  7.0.0 - 9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
fix available via `npm audit fix`
node_modules/immer

ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install @storybook/html@8.3.5, which is a breaking change
node_modules/ip

loader-utils  2.0.0 - 2.0.3
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
fix available via `npm audit fix`
node_modules/react-dev-utils/node_modules/loader-utils


minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
  recursive-readdir  1.2.0 - 2.2.2
  Depends on vulnerable versions of minimatch
  node_modules/recursive-readdir

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/@storybook/builder-webpack4/node_modules/postcss
node_modules/autoprefixer/node_modules/postcss
node_modules/css-loader/node_modules/postcss
node_modules/icss-utils/node_modules/postcss
node_modules/postcss-flexbugs-fixes/node_modules/postcss
node_modules/postcss-modules-extract-imports/node_modules/postcss
node_modules/postcss-modules-local-by-default/node_modules/postcss
node_modules/postcss-modules-scope/node_modules/postcss
node_modules/postcss-modules-values/node_modules/postcss
  autoprefixer  1.0.20131222 - 9.8.8
  Depends on vulnerable versions of postcss
  node_modules/autoprefixer
  css-loader  0.15.0 - 4.3.0
  Depends on vulnerable versions of icss-utils
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of postcss-modules-extract-imports
  Depends on vulnerable versions of postcss-modules-local-by-default
  Depends on vulnerable versions of postcss-modules-scope
  Depends on vulnerable versions of postcss-modules-values
  node_modules/css-loader
  icss-utils  <=4.1.1
  Depends on vulnerable versions of postcss
  node_modules/icss-utils
    postcss-modules-local-by-default  <=4.0.0-rc.4
    Depends on vulnerable versions of icss-utils
    Depends on vulnerable versions of postcss
    node_modules/postcss-modules-local-by-default
    postcss-modules-values  <=4.0.0-rc.5
    Depends on vulnerable versions of icss-utils
    Depends on vulnerable versions of postcss
    node_modules/postcss-modules-values
  postcss-flexbugs-fixes  <=4.2.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-flexbugs-fixes
  postcss-modules-extract-imports  <=2.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-extract-imports
  postcss-modules-scope  <=2.2.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-scope

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install jsdom@25.0.1, which is a breaking change
node_modules/request
  jsdom  0.1.20 || 0.2.0 - 16.5.3
  Depends on vulnerable versions of request
  Depends on vulnerable versions of tough-cookie
  node_modules/jsdom
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    Depends on vulnerable versions of tough-cookie
    node_modules/request-promise-native

shell-quote  <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
node_modules/shell-quote

taffydb  *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
fix available via `npm audit fix --force`
Will install jsdoc@4.0.3, which is a breaking change
node_modules/taffydb
  jsdoc  3.2.0-dev - 3.6.11
  Depends on vulnerable versions of taffydb
  node_modules/jsdoc

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install jsdom@25.0.1, which is a breaking change
node_modules/tough-cookie

webpack-dev-middleware  <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix --force`
Will install @storybook/html@8.3.5, which is a breaking change
node_modules/webpack-dev-middleware

47 vulnerabilities (2 low, 26 moderate, 15 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3
npm WARN   node_modules/babel-plugin-polyfill-corejs2
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN   node_modules/babel-plugin-polyfill-corejs2/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-corejs2@0.2.3
npm WARN     node_modules/babel-plugin-polyfill-corejs2
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.1.5
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5
npm WARN node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7
npm WARN   node_modules/babel-plugin-polyfill-corejs3
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.1.5
npm WARN   node_modules/babel-plugin-polyfill-corejs3/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.1.5" from babel-plugin-polyfill-corejs3@0.1.7
npm WARN     node_modules/babel-plugin-polyfill-corejs3
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/helper-define-polyfill-provider@0.2.4
npm WARN Found: @babel/core@7.2.2
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.2.2" from the root project
npm WARN   85 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider
npm WARN   @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3
npm WARN   node_modules/babel-plugin-polyfill-regenerator
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.25.7
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.4.0-0" from @babel/helper-define-polyfill-provider@0.2.4
npm WARN   node_modules/babel-plugin-polyfill-regenerator/node_modules/@babel/helper-define-polyfill-provider
npm WARN     @babel/helper-define-polyfill-provider@"^0.2.4" from babel-plugin-polyfill-regenerator@0.2.3
npm WARN     node_modules/babel-plugin-polyfill-regenerator
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '14.17.5' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE   required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js-pure@3.19.1: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.19.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---

added 1968 packages, and audited 1969 packages in 1m

210 packages are looking for funding
  run `npm fund` for details

47 vulnerabilities (2 low, 26 moderate, 15 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stdout ---

> test
> npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc

Checked 1 message directory.

/src/repo/src/mobile.editor.overlay/EditorGateway.js
  213:1  warning  This line has a length of 119. Maximum allowed is 100  max-len
  270:1  warning  This line has a length of 102. Maximum allowed is 100  max-len

/src/repo/src/mobile.editor.overlay/EditorOverlayBase.js
  225:1  warning  This line has a length of 101. Maximum allowed is 100  max-len

/src/repo/src/mobile.editor.overlay/SourceEditorOverlay.js
  538:1  warning  This line has a length of 101. Maximum allowed is 100  max-len

/src/repo/src/mobile.startup/Icon.js
  94:0  warning  @property path declaration ("defaults.base") appears before any real property  jsdoc/check-property-names

/src/repo/src/mobile.startup/PageHTMLParser.js
  166:13  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

/src/repo/src/mobile.startup/search/SearchGateway.js
  68:10  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

/src/repo/tests/node-qunit/importable.test.js
  56:4  warning  Found non-literal argument in require  security/detect-non-literal-require

/src/repo/tests/node-qunit/mobile.startup/CtaDrawer.test.js
  100:12  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp
  121:12  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

✖ 10 problems (0 errors, 10 warnings)

TAP version 13
ok 1 MobileFrontend imports > All our code is importable in headless Node.js
ok 2 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent (no section)
ok 3 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent
ok 4 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent, missing section
ok 5 MobileFrontend mobile.editor.overlay/EditorGateway > #getBlockInfo
ok 6 MobileFrontend mobile.editor.overlay/EditorGateway > #save, success
ok 7 MobileFrontend mobile.editor.overlay/EditorGateway > #save, new page
ok 8 MobileFrontend mobile.editor.overlay/EditorGateway > #save, submit CAPTCHA
ok 9 MobileFrontend mobile.editor.overlay/EditorGateway > #save, request failure
ok 10 MobileFrontend mobile.editor.overlay/EditorGateway > #save, API failure
ok 11 MobileFrontend mobile.editor.overlay/EditorGateway > #save, CAPTCHA response with image URL
ok 12 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter warning
ok 13 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter disallow
ok 14 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter other
ok 15 MobileFrontend mobile.editor.overlay/EditorGateway > #save, extension errors
ok 16 MobileFrontend mobile.editor.overlay/EditorGateway > #save, read-only error
ok 17 MobileFrontend mobile.editor.overlay/EditorGateway > #save, unknown errors
ok 18 MobileFrontend mobile.editor.overlay/EditorGateway > #save, without changes
ok 19 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway
ok 20 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check without sectionLine
ok 21 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check with sectionLine
ok 22 MobileFrontend mobile.editor.overlay/EditorGateway > #save, when token has expired
ok 23 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, blocked user
ok 24 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, with given page and section
ok 25 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, without a section
ok 26 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #preview
ok 27 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, as anonymous
ok 28 MobileFrontend mobile.editor.overlay/identifyLeadParagraph > identifyLeadParagraph
ok 29 MobileFrontend editorLoadingOverlay.js > editorLoadingOverlay calls the callbacks
ok 30 MobileFrontend LanguageSearcher.js > renders output
ok 31 MobileFrontend LanguageSearcher.js > saves the language count when link is clicked
ok 32 MobileFrontend LanguageSearcher.js > without variants, input event filters languages
ok 33 MobileFrontend LanguageSearcher.js > with variants, input event filters languages
ok 34 MobileFrontend mobile.languages.structured/util.test.js > #getFrequentlyUsedLanguages
ok 35 MobileFrontend mobile.languages.structured/util.test.js > #saveLanguageUsageCount
ok 36 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages
ok 37 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages device language
ok 38 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages variants
ok 39 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows details bar and image with successful api response
ok 40 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows error message with failed api response
ok 41 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is disabled when overlay has load failure
ok 42 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is enabled when overlay loads successfully
ok 43 MobileFrontend mobile.mediaViewer/ImageGateway > #findSizeBucket
ok 44 MobileFrontend mobile.mediaViewer/ImageGateway > ImageGateway#getThumb (missing page)
ok 45 MobileFrontend WatchList.js > In watched mode
ok 46 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the first page
ok 47 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the second page from last item of first
ok 48 MobileFrontend WatchListGateway.js > loadWatchlist() doesn't throw an error when no pages are returned
ok 49 MobileFrontend WatchListGateway.js > loadWatchlist() marks pages as new if necessary
ok 50 MobileFrontend Browser.js > isIos()
ok 51 MobileFrontend Browser.js > Methods are cached
ok 52 MobileFrontend Browser.js > isWideScreen()
ok 53 MobileFrontend Browser.js > supportsTouchEvents()
ok 54 MobileFrontend Button.js > creates a link if passed href option
ok 55 MobileFrontend Button.js > does not add href attribute when not a link
ok 56 MobileFrontend CtaDrawer.js > redirectParams() > empty props, default URL
ok 57 MobileFrontend CtaDrawer.js > redirectParams() > empty props, nondefault URL
ok 58 MobileFrontend CtaDrawer.js > redirectParams() > nonempty props
ok 59 MobileFrontend CtaDrawer.js > signUpParams() > empty props
ok 60 MobileFrontend CtaDrawer.js > signUpParams() > nonempty props
ok 61 MobileFrontend CtaDrawer.js > HTML > defaults
ok 62 MobileFrontend CtaDrawer.js > HTML > overrides
ok 63 MobileFrontend Drawer.js > visible on show()
ok 64 MobileFrontend Drawer.js > accepts onShow and events
ok 65 MobileFrontend Drawer.js > hidden on hide()
ok 66 MobileFrontend Drawer.js > hidden on mask click
ok 67 MobileFrontend Drawer.js > HTML is valid
ok 68 MobileFrontend Icon.js > getIconClasses generates icon classes using icon
ok 69 MobileFrontend Icon.js > getIconClasses generates icon classes using custom icon prefix
ok 70 MobileFrontend Icon.js > getRotationClasses returns rotation classes
ok 71 MobileFrontend Icon.js > getGlyphClassName uses icon prefix
ok 72 MobileFrontend Icon.js > getGlyphClassName does not use icon prefix if not provided
ok 73 MobileFrontend Icon.js > adds small classes
ok 74 MobileFrontend IconButton.js > creates a link if passed href option
ok 75 MobileFrontend IconButton.js > does not add href attribute when not a link
ok 76 MobileFrontend IconButton.js > adds disabled attribute when a button
ok 77 MobileFrontend IconButton.js > does not add disabled attribute when not a button
ok 78 MobileFrontend IconButton.js > adds additional classes
ok 79 MobileFrontend: Overlay.js > Simple overlay
ok 80 MobileFrontend: Overlay.js > #make
ok 81 MobileFrontend: Overlay.js > HTML overlay
ok 82 MobileFrontend: Overlay.js > headerActions property
ok 83 MobileFrontend: Overlay.js > onBeforeExit
ok 84 MobileFrontend: Overlay.js > Close overlay
ok 85 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay not managed)
ok 86 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay managed)
ok 87 MobileFrontend mobile.startup/OverlayManager > #getSingleton
ok 88 MobileFrontend mobile.startup/OverlayManager > #add
ok 89 MobileFrontend mobile.startup/OverlayManager > #show
ok 90 MobileFrontend mobile.startup/OverlayManager > #add, with current path
ok 91 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (matching)
ok 92 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (not matching)
ok 93 MobileFrontend mobile.startup/OverlayManager > #replaceCurrent
ok 94 MobileFrontend mobile.startup/OverlayManager > route with params
ok 95 MobileFrontend mobile.startup/OverlayManager > hide when route changes
ok 96 MobileFrontend mobile.startup/OverlayManager > go back (change route) if overlay hidden but not by route change
ok 97 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches
ok 98 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches (non-regex)
ok 99 MobileFrontend mobile.startup/OverlayManager > do not go back (change route) if overlay hidden by change in route
ok 100 MobileFrontend mobile.startup/OverlayManager > preventDefault called when you cancel an exit request
ok 101 MobileFrontend mobile.startup/OverlayManager > Browser back can be overidden
ok 102 MobileFrontend mobile.startup/OverlayManager > stacked overlays
ok 103 MobileFrontend mobile.startup/OverlayManager > prevent route change
ok 104 MobileFrontend mobile.startup/OverlayManager > stack increases and decreases at right times
ok 105 MobileFrontend mobile.startup/OverlayManager > replace overlay when route event path is equal to current path
ok 106 MobileFrontend Page.js > #isMainPage
ok 107 MobileFrontend PageHTMLParser.js > #findInSectionLead
ok 108 MobileFrontend PageHTMLParser.js > #getThumbnail
ok 109 MobileFrontend PageHTMLParser.js > #getThumbnails
ok 110 MobileFrontend ScrollEndEventEmitter.js > initializes properly
ok 111 MobileFrontend ScrollEndEventEmitter.js > emits scroll end event
ok 112 MobileFrontend ScrollEndEventEmitter.js > doesn't emit when disabled
ok 113 MobileFrontend Section.js > initialize with options
ok 114 MobileFrontend Section.js > initialize with subsections
ok 115 MobileFrontend Toggler.js > Mobile mode - Toggle section
ok 116 MobileFrontend Toggler.js > Mobile mode - Clicking a hash link to reveal an already open section
ok 117 MobileFrontend Toggler.js > Mobile mode - Reveal element
ok 118 MobileFrontend Toggler.js > Mobile mode - Clicking hash links
ok 119 MobileFrontend Toggler.js > Mobile mode - Tap event toggles section
ok 120 MobileFrontend Toggler.js > Accessibility - Verify ARIA attributes
ok 121 MobileFrontend Toggler.js > Tablet mode - Open by default
ok 122 MobileFrontend Toggler.js > Tablet mode - Open by default 2
ok 123 MobileFrontend Toggler.js > Accessibility - Pressing space/ enter toggles a heading
ok 124 MobileFrontend Toggler.js > Clicking a link within a heading isn't triggering a toggle
ok 125 MobileFrontend Toggler.js > Toggling a section stores its state.
ok 126 MobileFrontend Toggler.js > Expanding already expanded section does not toggle it.
ok 127 MobileFrontend Toggler.js > MobileFrontend toggle.js - Expand stored sections.
ok 128 MobileFrontend Toggler.js > MobileFrontend toggle.js - T320753: Presence of class disables toggling.
ok 129 MobileFrontend mobile.startup/View > View
ok 130 MobileFrontend mobile.startup/View > View, jQuery proxy functions
ok 131 MobileFrontend mobile.startup/View > View#preRender
ok 132 MobileFrontend mobile.startup/View > View#postRender
ok 133 MobileFrontend mobile.startup/View > View#delegateEvents
ok 134 MobileFrontend mobile.startup/View > View#render (with isTemplateMode)
ok 135 MobileFrontend mobile.startup/View > View#render events (with isTemplateMode)
ok 136 MobileFrontend mobile.startup/View > View with className option
ok 137 MobileFrontend mobile.startup/View > View.make()
ok 138 MobileFrontend amcOutreach/AmcEnableForm.js > renders correctly
ok 139 MobileFrontend amcOutreachDrawer.js > returns a drawer
ok 140 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and onBeforeHide callback when dismissed
ok 141 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and toast.showOnPageReload when user enables
ok 142 MobileFrontend cache.js > cache set() and get()
ok 143 MobileFrontend extendSearchParams.js > it throws if the feature is invalid
ok 144 MobileFrontend extendSearchParams.js > it extends the parameters
ok 145 MobileFrontend extendSearchParams.js > it doesn't include Wikibase-specific parameters if the feature is disabled
ok 146 MobileFrontend extendSearchParams.js > it adds the MobileFrontend configuration to given terms types
ok 147 MobileFrontend extendSearchParams.js > it prioritizes MobileFrontend configuration
ok 148 MobileFrontend extendSearchParams.js > it is variadic
ok 149 MobileFrontend icons.js > #cancel()
ok 150 MobileFrontend icons.js > #cancel(variant)
ok 151 MobileFrontend icons.js > #cancel(, props)
ok 152 MobileFrontend icons.js > #spinner(props)
ok 153 MobileFrontend icons.js > #spinner()
ok 154 MobileFrontend getDeviceLanguage > returns language code of device in lowercase
ok 155 MobileFrontend languageOverlay.js > #constructor
ok 156 MobileFrontend lazyImageLoader.js > #queryPlaceholders() empty
ok 157 MobileFrontend lazyImageLoader.js > #queryPlaceholders() nonempty
ok 158 MobileFrontend lazyImageLoader.js > #loadImage() copy attributes
ok 159 MobileFrontend lazyImageLoader.js > #loadImage() loaded
ok 160 MobileFrontend lazyImageLoader.js > #loadImage() load error
ok 161 MobileFrontend lazyImageLoader.js > #loadImages() empty
ok 162 MobileFrontend lazyImageLoader.js > #loadImages() nonempty
ok 163 MobileFrontend lazyImageLoader.js > #loadImages() plural
ok 164 MobileFrontend lazyImageLoader.js > #loadImages() one fails to load, one succeeds
ok 165 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor
ok 166 MobileFrontend mfExtend.test.js > mfExtend() - extending from object
ok 167 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor with overrides
ok 168 MobileFrontend ModuleLoader > #require
ok 169 MobileFrontend ModuleLoader > #define
ok 170 MobileFrontend pageJSONParser > .parse()
ok 171 MobileFrontend promisedView.js > #constructor happyView
ok 172 MobileFrontend promisedView.js > #constructor when promise rejects but not to a sadView
ok 173 MobileFrontend promisedView.js > #constructor when promise rejects to a sadView
ok 174 MobileFrontend promoCampaign.js > #showIfEligible throws when invalid
ok 175 MobileFrontend promoCampaign.js > #showIfEligible when campaign off
ok 176 MobileFrontend promoCampaign.js > #showIfEligible when user ineligible
ok 177 MobileFrontend promoCampaign.js > #showIfEligible when storage is not available
ok 178 MobileFrontend promoCampaign.js > #showIfEligible when storage key is ineligible
ok 179 MobileFrontend promoCampaign.js > #showIfEligible when eligible
ok 180 MobileFrontend promoCampaign.js > #showIfEligible when eligible and passed additional args
ok 181 MobileFrontend promoCampaign.js > #makeActionIneligible when successful
ok 182 MobileFrontend promoCampaign.js > #makeActionIneligible when unsuccessful
ok 183 MobileFrontend promoCampaign.js > #makeActionIneligible when invalid action
ok 184 MobileFrontend promoCampaign.js > #makeAllActionsIneligible
ok 185 MobileFrontend promoCampaign.js > #isCampaignActive when true
ok 186 MobileFrontend promoCampaign.js > #isCampaignActive when false
ok 187 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking good reference
ok 188 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking bad reference
ok 189 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() adds an extra class for external links
ok 190 MobileFrontend: references > Bad reference not shown
ok 191 MobileFrontend: references > Good reference causes render
ok 192 MobileFrontend: references > Reference failure renders error in drawer
ok 193 MobileFrontend: references > makeOnNestedReferenceClickHandler runs when associated with link
ok 194 MobileFrontend: SearchGateway > ._highlightSearchTerm
ok 195 MobileFrontend: SearchGateway > show redirect targets
ok 196 MobileFrontend: SearchGateway > MobileFrontend SearchGateway (Wikidata Descriptions) > Wikidata Description in search results
ok 197 MobileFrontend mobile.startup/SearchOverlay.js > renders correctly
ok 198 MobileFrontend mobile.startup/SearchOverlay.js > resetSearch
ok 199 MobileFrontend mobile.startup/SearchOverlay.js > onClickOverlayContent
ok 200 MobileFrontend mobile.startup/SearchResultsView.js > renders correctly
ok 201 MobileFrontend time.js > timeAgo()
ok 202 MobileFrontend util.js > Promise.all() success
ok 203 MobileFrontend util.js > Promise.all() reject
ok 204 MobileFrontend util.js > escapeSelector()
ok 205 MobileFrontend util.js > docReady()
ok 206 MobileFrontend util.js > Deferred() - resolve
ok 207 MobileFrontend util.js > Deferred() - reject
ok 208 MobileFrontend util.js > getDocument()
ok 209 MobileFrontend util.js > getWindow()
ok 210 MobileFrontend util.js > parseHTML()
ok 211 MobileFrontend util.js > extend()
ok 212 MobileFrontend Watchstar.js > Render a watchstar
ok 213 MobileFrontend: WatchstarGateway.js > getStatuses(nonempty)
ok 214 MobileFrontend: WatchstarGateway.js > getStatuses(empty)
ok 215 MobileFrontend: WatchstarGateway.js > getStatusesByID(nonempty)
ok 216 MobileFrontend: WatchstarGateway.js > getStatusesByID(empty)
ok 217 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(nonempty)
ok 218 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(empty)
ok 219 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(nonempty)
ok 220 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(empty)
ok 221 MobileFrontend mobile.startup/WatchstarPageList > Watchlist status check if no ids
ok 222 MobileFrontend mobile.startup/WatchstarPageList > Checks watchlist status once
1..222
# pass 222
# skip 0
# todo 0
# fail 0
----------------------------------|---------|----------|---------|---------|------------------------
File                              | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s      
----------------------------------|---------|----------|---------|---------|------------------------
All files                         |   65.13 |    52.14 |   59.76 |   65.11 |                        
 mobile.editor.overlay            |   39.94 |    29.34 |   31.65 |   39.85 |                        
  BlockMessageDetails.js          |    9.43 |        0 |       0 |    9.43 | 13-140                 
  EditorGateway.js                |   92.13 |    83.33 |   93.75 |   92.13 | ...116-117,234,296-299 
  EditorOverlayBase.js            |   34.73 |     16.3 |   26.82 |   34.73 | ...437-558,647,697-784 
  SourceEditorOverlay.js          |    41.5 |    29.03 |   29.72 |    41.5 | ...341,390,408,425-608 
  VisualEditorOverlay.js          |    11.3 |        0 |       0 |    11.3 | 26-113,147-331         
  blockMessageDrawer.js           |   21.73 |        0 |      25 |   21.73 | 29-56                  
  identifyLeadParagraph.js        |   94.11 |    83.33 |     100 |   93.75 | 22                     
  parseBlockInfo.js               |   69.56 |     62.5 |      75 |   69.56 | 27,37,46-47,61-65      
  saveFailureMessage.js           |   11.11 |        0 |       0 |   11.11 | 12-28                  
  setPreferredEditor.js           |      20 |        0 |       0 |      20 | 7-12                   
 mobile.init                      |   16.47 |     0.69 |   10.34 |   16.47 |                        
  editor.js                       |    6.73 |        0 |       0 |    6.73 | 31-556,560-567         
  editorLoadingOverlay.js         |   77.77 |       50 |   71.42 |   77.77 | 46-59                  
  fakeToolbar.js                  |     100 |      100 |     100 |     100 |                        
  lazyLoadedImages.js             |    9.52 |        0 |       0 |    9.52 | 11-66,73               
  toggling.js                     |    7.14 |        0 |       0 |    7.14 | 3-45                   
 mobile.languages.structured      |   91.07 |    82.75 |    90.9 |   91.07 |                        
  LanguageSearcher.js             |   93.75 |      100 |   88.88 |   93.75 | 150-152                
  mobile.languages.structured.js  |     100 |      100 |     100 |     100 |                        
  rtlLanguages.js                 |     100 |      100 |     100 |     100 |                        
  util.js                         |   88.33 |       75 |    92.3 |   88.33 | 44,61,131-133,164,174  
 mobile.mediaViewer               |   81.34 |       52 |   81.81 |   81.34 |                        
  ImageCarousel.js                |   78.43 |    41.66 |      80 |   78.43 | ...290,340-341,348,369 
  ImageGateway.js                 |   95.23 |    78.57 |     100 |   95.23 | 57                     
  LoadErrorMessage.js             |   81.81 |      100 |   66.66 |   81.81 | 74-76                  
 mobile.special.watchlist.scripts |   85.48 |    83.33 |   64.28 |   85.48 |                        
  WatchList.js                    |   74.19 |       50 |   44.44 |   74.19 | 34,92-125              
  WatchListGateway.js             |   96.77 |     87.5 |     100 |   96.77 | 49                     
 mobile.startup                   |   84.77 |    75.88 |   79.63 |   84.75 |                        
  Anchor.js                       |     100 |      100 |     100 |     100 |                        
  Browser.js                      |   96.66 |    93.75 |     100 |   96.66 | 69                     
  Button.js                       |      95 |    83.33 |     100 |      95 | 33                     
  CtaDrawer.js                    |     100 |      100 |     100 |     100 |                        
  Drawer.js                       |     100 |      100 |    90.9 |     100 |                        
  Icon.js                         |   94.44 |     87.5 |     100 |   94.44 | 50-52                  
  IconButton.js                   |     100 |     87.5 |     100 |     100 | 56-59                  
  LanguageInfo.js                 |      20 |        0 |       0 |      20 | 11,25-65               
  MessageBox.js                   |     100 |      100 |     100 |     100 |                        
  Overlay.js                      |   89.79 |       70 |   84.61 |   89.79 | 54,110,113,164-165     
  OverlayManager.js               |   99.05 |    94.73 |     100 |   99.05 | 59                     
  Page.js                         |   53.84 |    74.28 |   58.33 |   53.84 | ...128,146-155,174-181 
  PageHTMLParser.js               |   83.58 |    83.72 |   84.61 |   83.33 | 40,222,235-249         
  PageList.js                     |     100 |       50 |     100 |     100 | 60                     
  ScrollEndEventEmitter.js        |   85.71 |    81.81 |    87.5 |   85.71 | 130-133                
  Section.js                      |     100 |      100 |     100 |     100 |                        
  Skin.js                         |   24.32 |        0 |       0 |   24.32 | 23-29,50-119,129-136   
  Thumbnail.js                    |   88.88 |      100 |      75 |   88.88 | 47                     
  Toggler.js                      |   88.61 |    77.33 |      85 |   88.61 | ...316,342-348,366,374 
  View.js                         |   92.42 |    78.57 |   88.23 |   92.42 | 184,198-201,353        
  actionParams.js                 |     100 |       50 |     100 |     100 | 16                     
  cache.js                        |     100 |      100 |      50 |     100 |                        
  currentPage.js                  |    90.9 |       75 |     100 |    90.9 | 26                     
  currentPageHTMLParser.js        |   83.33 |       50 |     100 |   83.33 | 19                     
  eventBusSingleton.js            |     100 |      100 |     100 |     100 |                        
  extendSearchParams.js           |   94.44 |       70 |     100 |   94.44 | 70                     
  headers.js                      |     100 |      100 |     100 |     100 |                        
  icons.js                        |     100 |    81.25 |     100 |     100 | 118,135-136            
  loadingOverlay.js               |      50 |      100 |       0 |      50 | 12-17                  
  mfExtend.js                     |     100 |      100 |     100 |     100 |                        
  mobile.startup.js               |   71.42 |      100 |       0 |   71.42 | 9,52                   
  moduleLoader.js                 |   78.26 |     62.5 |   66.66 |   78.26 | 45,78-100              
  moduleLoaderSingleton.js        |     100 |      100 |     100 |     100 |                        
  promisedView.js                 |     100 |      100 |     100 |     100 |                        
  showOnPageReload.js             |   41.66 |       25 |      50 |   41.66 | 14-16,39-46            
  time.js                         |   24.24 |     9.09 |   16.66 |   24.24 | 35-149                 
  util.js                         |     100 |    83.33 |     100 |     100 | 17                     
 mobile.startup/amcOutreach       |   84.37 |       50 |      75 |   84.37 |                        
  AmcEnableForm.js                |     100 |      100 |     100 |     100 |                        
  amcOutreach.js                  |   61.53 |        0 |       0 |   61.53 | 34-77                  
  amcOutreachDrawer.js            |     100 |      100 |     100 |     100 |                        
 mobile.startup/languageOverlay   |   76.66 |      100 |      50 |   76.66 |                        
  getDeviceLanguage.js            |     100 |      100 |     100 |     100 |                        
  languageInfoOverlay.js          |   54.54 |      100 |       0 |   54.54 | 15-38                  
  languageOverlay.js              |    87.5 |      100 |   71.42 |    87.5 | 30-34                  
 mobile.startup/lazyImages        |    92.3 |    88.88 |     100 |    92.3 |                        
  lazyImageLoader.js              |    92.3 |    88.88 |     100 |    92.3 | 55,62                  
 mobile.startup/mediaViewer       |   63.63 |      100 |       0 |   63.63 |                        
  overlay.js                      |   63.63 |      100 |       0 |   63.63 | 15-32                  
 mobile.startup/page              |   86.66 |       80 |     100 |   86.66 |                        
  pageJSONParser.js               |   86.66 |       80 |     100 |   86.66 | 37-38                  
 mobile.startup/promoCampaign     |     100 |      100 |     100 |     100 |                        
  promoCampaign.js                |     100 |      100 |     100 |     100 |                        
 mobile.startup/references        |   83.01 |    77.27 |   78.57 |   83.01 |                        
  ReferencesGateway.js            |     100 |      100 |     100 |     100 |                        
  ReferencesHtmlScraperGateway.js |   94.73 |     87.5 |     100 |   94.73 | 40                     
  references.js                   |   72.41 |    71.42 |   66.66 |   72.41 | 55,118-131             
 mobile.startup/search            |   61.93 |       32 |   53.33 |   61.93 |                        
  SearchGateway.js                |   91.48 |       50 |   84.61 |   91.48 | 49-50,172,178          
  SearchHeaderView.js             |   57.14 |        0 |   66.66 |   57.14 | 33-38,67-72            
  SearchOverlay.js                |   36.47 |    16.66 |   19.04 |   36.47 | ...201,208-212,226-304 
  SearchResultsView.js            |     100 |      100 |     100 |     100 |                        
  searchHeader.js                 |     100 |      100 |     100 |     100 |                        
 mobile.startup/watchstar         |   89.77 |    69.23 |    91.3 |   89.77 |                        
  WatchstarGateway.js             |      84 |       80 |      90 |      84 | 113-120                
  WatchstarPageList.js            |   95.45 |       75 |     100 |   95.45 | 93,126                 
  watchstar.js                    |   84.21 |       50 |      50 |   84.21 | 28-31                  
----------------------------------|---------|----------|---------|---------|------------------------
Checking the contents of resources/dist

I will now check that you built them using the correct Node.js version v16.19.1.
Note: You are using v18.19.0.
Building assets...
You are not running the required node version

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1864, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1809, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 275, in npm_audit_fix
    self.npm_test()
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 325, in npm_test
    self.check_call(["npm", "test"])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.

composer dependencies

Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.