$ date
--- stdout ---
Sun Nov 17 16:41:21 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Wikistories.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
3696f3defa83b7f3ac1608b925cdad2a0a9def96 refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/core-common"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/telemetry",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf"
],
"effects": [],
"range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"css-loader",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue-docgen-loader"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"webdriverio"
],
"effects": [],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.2.15",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.2.15",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099357,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "11.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 29,
"high": 29,
"critical": 0,
"total": 58
},
"dependencies": {
"prod": 1,
"dev": 2539,
"optional": 59,
"peer": 0,
"peerOptional": 0,
"total": 2539
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
- Locking doctrine/deprecations (1.1.3)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.0)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.0.0)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.1.8)
- Locking symfony/deprecation-contracts (v3.5.0)
- Locking symfony/polyfill-ctype (v1.31.0)
- Locking symfony/polyfill-intl-grapheme (v1.31.0)
- Locking symfony/polyfill-intl-normalizer (v1.31.0)
- Locking symfony/polyfill-mbstring (v1.31.0)
- Locking symfony/polyfill-php80 (v1.31.0)
- Locking symfony/service-contracts (v3.5.0)
- Locking symfony/string (v7.1.8)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing symfony/polyfill-php80 (v1.31.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive
- Installing composer/spdx-licenses (1.5.8): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.31.0): Extracting archive
- Installing symfony/string (v7.1.8): Extracting archive
- Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.5.0): Extracting archive
- Installing symfony/console (v7.1.8): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.3): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
20/36 [===============>------------] 55%
34/36 [==========================>-] 94%
36/36 [============================] 100%
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/core-common"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/telemetry",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf"
],
"effects": [],
"range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"css-loader",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue-docgen-loader"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"webdriverio"
],
"effects": [],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.2.15",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.2.15",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099357,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "11.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 29,
"high": 29,
"critical": 0,
"total": 58
},
"dependencies": {
"prod": 1,
"dev": 2539,
"optional": 59,
"peer": 0,
"peerOptional": 0,
"total": 2539
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0',
npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 2539,
"removed": 0,
"changed": 0,
"audited": 2540,
"funding": 337,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/core-common"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/telemetry",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf"
],
"effects": [],
"range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"css-loader",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue-docgen-loader"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"webdriverio"
],
"effects": [],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.2.15",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.2.15",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099357,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "11.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.40.6",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.4.4",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.2.14",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 29,
"high": 29,
"critical": 0,
"total": 58
},
"dependencies": {
"prod": 1,
"dev": 2539,
"optional": 59,
"peer": 0,
"peerOptional": 0,
"total": 2539
}
}
}
}
--- end ---
{"added": 2539, "removed": 0, "changed": 0, "audited": 2540, "funding": 337, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["jest-haste-map"], "effects": ["@storybook/addon-docs"], "range": "<=26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/@jest/transform"], "fixAvailable": true}, "@mdx-js/mdx": {"name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": ["remark-mdx", "remark-parse"], "effects": ["@storybook/mdx1-csf"], "range": "<=1.6.22", "nodes": ["node_modules/@mdx-js/mdx"], "fixAvailable": true}, "@storybook/addon-controls": {"name": "@storybook/addon-controls", "severity": "moderate", "isDirect": false, "via": ["@storybook/core-common"], "effects": ["@storybook/addon-essentials"], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-controls"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/addon-docs": {"name": "@storybook/addon-docs", "severity": "high", "isDirect": false, "via": ["@jest/transform", "@storybook/core-common", "@storybook/mdx1-csf"], "effects": [], "range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": ["node_modules/@storybook/addon-docs"], "fixAvailable": true}, "@storybook/addon-essentials": {"name": "@storybook/addon-essentials", "severity": "moderate", "isDirect": true, "via": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/core-common"], "effects": [], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-essentials"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/addon-interactions": {"name": "@storybook/addon-interactions", "severity": "moderate", "isDirect": true, "via": ["@storybook/core-common"], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-interactions"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": false}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/core-server"], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core"], "fixAvailable": true}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-essentials", "@storybook/addon-interactions", "@storybook/telemetry"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": ["@storybook/builder-webpack4", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "@storybook/telemetry", "cpy", "ip", "webpack"], "effects": ["@storybook/core"], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": true}, "@storybook/csf-tools": {"name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": ["@storybook/mdx1-csf"], "effects": [], "range": "6.5.0-alpha.1 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/csf-tools"], "fixAvailable": true}, "@storybook/manager-webpack4": {"name": "@storybook/manager-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/core-common", "css-loader", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/manager-webpack4"], "fixAvailable": false}, "@storybook/mdx1-csf": {"name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": ["@mdx-js/mdx"], "effects": ["@storybook/addon-docs", "@storybook/csf-tools"], "range": "*", "nodes": ["node_modules/@storybook/mdx1-csf"], "fixAvailable": true}, "@storybook/telemetry": {"name": "@storybook/telemetry", "severity": "moderate", "isDirect": false, "via": ["@storybook/core-common"], "effects": ["@storybook/core-server"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/telemetry"], "fixAvailable": true}, "@storybook/vue3": {"name": "@storybook/vue3", "severity": "high", "isDirect": true, "via": ["@storybook/core", "@storybook/core-common", "vue-docgen-loader"], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/vue3"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "@wdio/cli": {"name": "@wdio/cli", "severity": "high", "isDirect": true, "via": ["webdriverio"], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.14", "isSemVerMajor": true}}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": ["@wdio/runner"], "effects": [], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.2.15", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "high", "isDirect": false, "via": ["webdriverio"], "effects": ["@wdio/local-runner"], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.2.15", "isSemVerMajor": true}}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar", "sane"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["node_modules/cpy/node_modules/braces", "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["watchpack-chokidar2"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "cpy": {"name": "cpy", "severity": "moderate", "isDirect": false, "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": true}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/css-loader"], "fixAvailable": true}, "devtools": {"name": "devtools", "severity": "high", "isDirect": false, "via": ["puppeteer-core"], "effects": [], "range": ">=7.16.5", "nodes": ["node_modules/devtools"], "fixAvailable": true}, "fast-glob": {"name": "fast-glob", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/cpy/node_modules/fast-glob"], "fixAvailable": true}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": ["node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": true}, "globby": {"name": "globby", "severity": "moderate", "isDirect": false, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/cpy/node_modules/globby"], "fixAvailable": true}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "ip": {"name": "ip", "severity": "high", "isDirect": false, "via": [{"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/ip"], "fixAvailable": true}, "jest-haste-map": {"name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": ["sane"], "effects": ["@jest/transform"], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/jest-haste-map"], "fixAvailable": true}, "jscodeshift": {"name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["vue-docgen-loader"], "range": "0.3.20 - 0.13.1", "nodes": ["node_modules/jscodeshift"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "meow": {"name": "meow", "severity": "high", "isDirect": false, "via": ["trim-newlines"], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": ["node_modules/default-browser-id/node_modules/meow"], "fixAvailable": true}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack"], "range": "<=4.0.7", "nodes": ["node_modules/cpy/node_modules/micromatch", "node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "mwbot": {"name": "mwbot", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["wdio-mediawiki"], "range": ">=0.1.6", "nodes": ["node_modules/mwbot"], "fixAvailable": false}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<8.4.31", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": false}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "puppeteer-core": {"name": "puppeteer-core", "severity": "high", "isDirect": false, "via": ["ws"], "effects": ["devtools", "webdriverio"], "range": "11.0.0 - 22.11.1", "nodes": ["node_modules/puppeteer-core"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.14", "isSemVerMajor": true}}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/watchpack-chokidar2/node_modules/readdirp"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "remark-mdx": {"name": "remark-mdx", "severity": "high", "isDirect": false, "via": ["remark-parse"], "effects": ["@mdx-js/mdx"], "range": "<=1.6.22", "nodes": ["node_modules/remark-mdx"], "fixAvailable": true}, "remark-parse": {"name": "remark-parse", "severity": "high", "isDirect": false, "via": ["trim"], "effects": ["@mdx-js/mdx", "remark-mdx"], "range": "<=8.0.3", "nodes": ["node_modules/remark-parse"], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["mwbot"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "sane": {"name": "sane", "severity": "moderate", "isDirect": false, "via": ["anymatch", "micromatch"], "effects": ["jest-haste-map"], "range": "1.5.0 - 4.1.0", "nodes": ["node_modules/sane"], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/request/node_modules/tough-cookie"], "fixAvailable": false}, "trim": {"name": "trim", "severity": "high", "isDirect": false, "via": [{"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}], "effects": ["remark-parse"], "range": "<0.0.3", "nodes": ["node_modules/trim"], "fixAvailable": true}, "trim-newlines": {"name": "trim-newlines", "severity": "high", "isDirect": false, "via": [{"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}], "effects": ["meow"], "range": "<3.0.1", "nodes": ["node_modules/trim-newlines"], "fixAvailable": true}, "vue-docgen-loader": {"name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": ["jscodeshift"], "effects": ["@storybook/vue3"], "range": "1.3.0-beta.0 - 2.0.0", "nodes": ["node_modules/vue-docgen-loader"], "fixAvailable": {"name": "@storybook/vue3", "version": "8.4.4", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": ["webpack"], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/webpack/node_modules/watchpack"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "wdio-mediawiki": {"name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": ["mwbot"], "effects": [], "range": "*", "nodes": ["node_modules/wdio-mediawiki"], "fixAvailable": false}, "webdriverio": {"name": "webdriverio", "severity": "high", "isDirect": false, "via": ["devtools", "puppeteer-core"], "effects": ["@wdio/cli", "@wdio/runner"], "range": "7.16.5 - 8.40.6", "nodes": ["node_modules/webdriverio"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.14", "isSemVerMajor": true}}, "webpack": {"name": "webpack", "severity": "high", "isDirect": false, "via": ["micromatch", "watchpack"], "effects": ["@storybook/core-common"], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": ["node_modules/webpack"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.4.4", "isSemVerMajor": true}}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}], "effects": ["@storybook/manager-webpack4"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": false}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.17.1"}], "effects": ["puppeteer-core"], "range": "8.0.0 - 8.17.0", "nodes": ["node_modules/puppeteer-core/node_modules/ws"], "fixAvailable": {"name": "@wdio/cli", "version": "9.2.14", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 29, "high": 29, "critical": 0, "total": 58}, "dependencies": {"prod": 1, "dev": 2539, "optional": 59, "peer": 0, "peerOptional": 0, "total": 2539}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0',
npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---
added 2534 packages, and audited 2535 packages in 41s
337 packages are looking for funding
run `npm fund` for details
# npm audit report
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install @storybook/vue3@8.4.4, which is a breaking change
node_modules/cpy/node_modules/braces
node_modules/fork-ts-checker-webpack-plugin/node_modules/braces
node_modules/jscodeshift/node_modules/braces
node_modules/sane/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
@storybook/core-common <=6.5.17-alpha.0
Depends on vulnerable versions of webpack
node_modules/@storybook/core-common
@storybook/addon-controls 6.4.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-controls
@storybook/addon-essentials 6.4.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/addon-controls
Depends on vulnerable versions of @storybook/addon-docs
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-essentials
@storybook/addon-docs 5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/mdx1-csf
node_modules/@storybook/addon-docs
@storybook/addon-interactions <=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-interactions
@storybook/telemetry <=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/telemetry
@storybook/core-server <=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3
Depends on vulnerable versions of @storybook/builder-webpack4
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of @storybook/manager-webpack4
Depends on vulnerable versions of @storybook/telemetry
Depends on vulnerable versions of cpy
Depends on vulnerable versions of ip
Depends on vulnerable versions of webpack
node_modules/@storybook/core-server
@storybook/core 6.2.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/cpy/node_modules/micromatch
node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch
node_modules/jscodeshift/node_modules/micromatch
node_modules/sane/node_modules/micromatch
node_modules/watchpack-chokidar2/node_modules/micromatch
node_modules/webpack/node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/sane/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
sane 1.5.0 - 4.1.0
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of micromatch
node_modules/sane
jest-haste-map 24.0.0-alpha.0 - 26.6.2
Depends on vulnerable versions of sane
node_modules/@storybook/addon-docs/node_modules/jest-haste-map
@jest/transform <=26.6.2
Depends on vulnerable versions of jest-haste-map
node_modules/@storybook/addon-docs/node_modules/@jest/transform
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/cpy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/cpy/node_modules/globby
cpy 7.0.0 - 8.1.2
Depends on vulnerable versions of globby
node_modules/cpy
fork-ts-checker-webpack-plugin 0.4.14 - 4.1.6
Depends on vulnerable versions of micromatch
node_modules/fork-ts-checker-webpack-plugin
jscodeshift 0.3.20 - 0.13.1
Depends on vulnerable versions of micromatch
node_modules/jscodeshift
vue-docgen-loader 1.3.0-beta.0 - 2.0.0
Depends on vulnerable versions of jscodeshift
node_modules/vue-docgen-loader
@storybook/vue3 <=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of vue-docgen-loader
node_modules/@storybook/vue3
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/watchpack-chokidar2/node_modules/readdirp
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
No fix available
node_modules/@storybook/builder-webpack4/node_modules/postcss
node_modules/autoprefixer/node_modules/postcss
node_modules/css-loader/node_modules/postcss
node_modules/icss-utils/node_modules/postcss
node_modules/postcss-flexbugs-fixes/node_modules/postcss
node_modules/postcss-modules-extract-imports/node_modules/postcss
node_modules/postcss-modules-local-by-default/node_modules/postcss
node_modules/postcss-modules-scope/node_modules/postcss
node_modules/postcss-modules-values/node_modules/postcss
@storybook/builder-webpack4 *
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-flexbugs-fixes
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/builder-webpack4
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/css-loader
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-values
postcss-flexbugs-fixes <=4.2.1
Depends on vulnerable versions of postcss
node_modules/postcss-flexbugs-fixes
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
mwbot >=0.1.6
Depends on vulnerable versions of request
node_modules/mwbot
wdio-mediawiki *
Depends on vulnerable versions of mwbot
node_modules/wdio-mediawiki
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/request/node_modules/tough-cookie
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix`
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
@storybook/mdx1-csf *
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/mdx1-csf
@storybook/csf-tools 6.5.0-alpha.1 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/mdx1-csf
node_modules/@storybook/csf-tools
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
trim-newlines <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix`
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/default-browser-id/node_modules/meow
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
No fix available
node_modules/webpack-dev-middleware
@storybook/manager-webpack4 *
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/manager-webpack4
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install @wdio/cli@9.2.14, which is a breaking change
node_modules/puppeteer-core/node_modules/ws
puppeteer-core 11.0.0 - 22.11.1
Depends on vulnerable versions of ws
node_modules/puppeteer-core
devtools >=7.16.5
Depends on vulnerable versions of puppeteer-core
node_modules/devtools
webdriverio 7.16.5 - 8.40.6
Depends on vulnerable versions of devtools
Depends on vulnerable versions of puppeteer-core
node_modules/webdriverio
@wdio/cli 7.16.5 - 8.40.6
Depends on vulnerable versions of webdriverio
node_modules/@wdio/cli
@wdio/runner 7.16.5 - 8.40.6
Depends on vulnerable versions of webdriverio
node_modules/@wdio/runner
@wdio/local-runner 7.16.5 - 8.40.6
Depends on vulnerable versions of @wdio/runner
node_modules/@wdio/local-runner
58 vulnerabilities (29 moderate, 29 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0',
npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---
added 2534 packages, and audited 2535 packages in 54s
337 packages are looking for funding
run `npm fund` for details
58 vulnerabilities (29 moderate, 29 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/discover/util/convertUrlToThumbnail.test.js
PASS tests/jest/builder/util/safeAssignString.test.js
PASS tests/jest/builder/util/splitSentences.test.js
PASS tests/jest/builder/util/convertUrlToMobile.test.js
PASS tests/jest/builder/store/story.test.js
Test Suites: 5 passed, 5 total
Tests: 19 passed, 19 total
Snapshots: 0 total
Time: 6.877 s
Ran all test suites.
--- stdout ---
> test
> npm run lint:js && npm run lint:css && jest
> lint:js
> eslint .
> lint:css
> stylelint **/*.{vue,less}
------------------------------------|---------|----------|---------|---------|------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|------------------------------------------
All files | 7.79 | 6.73 | 1.96 | 7.8 |
components | 0 | 0 | 0 | 0 |
ConfirmDialog.vue | 0 | 0 | 0 | 0 | 33-44
DotsMenu.vue | 0 | 100 | 0 | 0 | 17-29
DotsMenuItem.vue | 0 | 100 | 0 | 0 | 16-32
StoryImage.vue | 0 | 0 | 0 | 0 | 25-260
ext.wikistories.builder | 0 | 0 | 0 | 0 |
App.vue | 0 | 0 | 0 | 0 | 8-42
index.js | 0 | 0 | 100 | 0 | 1-19
ext.wikistories.builder/api | 12.5 | 0 | 0 | 12.74 |
getPageInfo.js | 0 | 0 | 0 | 0 | 6-19
saveStory.js | 0 | 0 | 0 | 0 | 10-38
searchImages.js | 14.94 | 0 | 0 | 15.29 | 17-18,28-54,63-74,78-113,125-176,187-206
ext.wikistories.builder/components | 0 | 0 | 0 | 0 |
Alert.vue | 0 | 100 | 100 | 0 | 24
CurrentFrame.vue | 0 | 0 | 0 | 0 | 21-57
Frames.vue | 0 | 0 | 0 | 0 | 32-80
ImageAttribution.vue | 0 | 0 | 0 | 0 | 27-41
ImageListView.vue | 0 | 0 | 0 | 0 | 27-72
ListImage.vue | 0 | 0 | 0 | 0 | 12-61
Navigator.vue | 0 | 0 | 0 | 0 | 27-38
Notice.vue | 0 | 100 | 100 | 0 | 15
Popup.vue | 0 | 100 | 100 | 0 | 12
PrimaryButton.vue | 0 | 100 | 100 | 0 | 9
RouterView.vue | 0 | 100 | 100 | 0 | 6-9
StoryTextbox.vue | 0 | 0 | 0 | 0 | 37-93
Toast.vue | 0 | 100 | 0 | 0 | 8-33
ext.wikistories.builder/mixins | 0 | 0 | 0 | 0 |
observer.js | 0 | 0 | 0 | 0 | 10-115
ext.wikistories.builder/plugins | 0 | 100 | 0 | 0 |
config.js | 0 | 100 | 0 | 0 | 5-20
ext.wikistories.builder/store | 6.27 | 0 | 0 | 6.34 |
article.js | 0 | 0 | 0 | 0 | 1-106
index.js | 0 | 100 | 100 | 0 | 1-7
router.js | 0 | 0 | 0 | 0 | 1-62
search.js | 0 | 0 | 0 | 0 | 1-72
story.js | 11.11 | 0 | 0 | 11.34 | 40-325
ext.wikistories.builder/util | 33 | 21.48 | 24.13 | 32.68 |
beforeUnloadListener.js | 0 | 100 | 0 | 0 | 4-9
calculateUnmodifiedContent.js | 16.66 | 0 | 0 | 16.66 | 2-12,26-53
convertUrlToMobile.js | 100 | 100 | 100 | 100 |
safeAssignString.js | 93.33 | 87.5 | 100 | 93.33 | 26
sortableFrames.js | 0 | 0 | 0 | 0 | 5-221
splitSentences.js | 91.48 | 80 | 100 | 91.3 | 40,94,101-102
strip.js | 22.22 | 0 | 0 | 22.22 | 6-16
validateTitle.js | 0 | 0 | 0 | 0 | 1-43
ext.wikistories.builder/views | 0 | 0 | 0 | 0 |
Article.vue | 0 | 0 | 0 | 0 | 46-123
PublishForm.vue | 0 | 0 | 0 | 0 | 114-288
Search.vue | 0 | 0 | 0 | 0 | 44-136
Story.vue | 0 | 0 | 0 | 0 | 69-248
ext.wikistories.discover | 0 | 0 | 0 | 0 |
Discover.js | 0 | 0 | 0 | 0 | 1-103
index.js | 0 | 0 | 0 | 0 | 1-49
ext.wikistories.discover/api | 0 | 100 | 0 | 0 |
getStories.js | 0 | 100 | 0 | 0 | 5-13
ext.wikistories.discover/util | 100 | 100 | 100 | 100 |
convertUrlToThumbnail.js | 100 | 100 | 100 | 100 |
ext.wikistories.viewaction | 0 | 100 | 100 | 0 |
index.js | 0 | 100 | 100 | 0 | 1-3
ext.wikistories.viewer | 0 | 0 | 0 | 0 |
StoryViewer.vue | 0 | 0 | 0 | 0 | 187-397
index.js | 0 | 0 | 0 | 0 | 1-38
ext.wikistories.viewer/components | 0 | 0 | 0 | 0 |
ImageAttribution.vue | 0 | 100 | 100 | 0 | 31
Textbox.vue | 0 | 0 | 0 | 0 | 18-100
ext.wikistories.viewer/store | 0 | 0 | 0 | 0 |
index.js | 0 | 100 | 100 | 0 | 1-4
story.js | 0 | 0 | 0 | 0 | 1-207
ext.wikistories.viewer/util | 0 | 0 | 0 | 0 |
isTouchDevice.js | 0 | 0 | 100 | 0 | 1-7
timer.js | 0 | 0 | 0 | 0 | 4-38
instrumentation | 0 | 0 | 0 | 0 |
consumptionEvents.js | 0 | 0 | 0 | 0 | 1-52
contributionEvents.js | 0 | 0 | 0 | 0 | 1-64
------------------------------------|---------|----------|---------|---------|------------------------------------------
--- end ---
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1099357": {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1099357": {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{"1099357": {"source": 1099357, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{}
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
{}
{}
{}
{}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp4n9q3afl
--- stdout ---
On branch REL1_43
Your branch is up to date with 'origin/REL1_43'.
nothing to commit, working tree clean
--- end ---