mediawiki/services/change-propagation (main)

sourcepatches
$ date
--- stdout ---
Fri Apr 12 19:27:47 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-services-change-propagation.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
2f1c1646eff4abb51fc3bba666d449a1ddde1aae refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@babel/traverse": {
      "name": "@babel/traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096886,
          "name": "@babel/traverse",
          "dependency": "@babel/traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [],
      "range": "<7.23.2",
      "nodes": [
        "node_modules/@babel/traverse"
      ],
      "fixAvailable": true
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1094090,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=3.0.0 <3.0.1"
        },
        {
          "source": 1094091,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1094092,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/ansi-regex",
        "node_modules/nyc/node_modules/ansi-regex",
        "node_modules/wide-align/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "busboy": {
      "name": "busboy",
      "severity": "high",
      "isDirect": false,
      "via": [
        "dicer"
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=0.3.1",
      "nodes": [
        "node_modules/busboy"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "coveralls": {
      "name": "coveralls",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/coveralls"
      ],
      "fixAvailable": false
    },
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096792,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.3.1"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "4.0.0 - 4.3.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/debug",
        "node_modules/mocha/node_modules/debug"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "dicer": {
      "name": "dicer",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093150,
          "name": "dicer",
          "dependency": "dicer",
          "title": "Crash in HeaderParser in dicer",
          "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2",
          "severity": "high",
          "cwe": [
            "CWE-248"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=0.3.1"
        }
      ],
      "effects": [
        "busboy"
      ],
      "range": "*",
      "nodes": [
        "node_modules/dicer"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "hyperswitch": {
      "name": "hyperswitch",
      "severity": "high",
      "isDirect": true,
      "via": [
        "busboy",
        "preq",
        "swagger-ui-dist"
      ],
      "effects": [],
      "range": ">=0.1.0",
      "nodes": [
        "node_modules/hyperswitch"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093224,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095057,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "critical",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "json5": {
      "name": "json5",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096544,
          "name": "json5",
          "dependency": "json5",
          "title": "Prototype Pollution in JSON5 via Parse Method",
          "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
          },
          "range": ">=2.0.0 <2.2.2"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 2.2.1",
      "nodes": [
        "node_modules/json5"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "kad": {
      "name": "kad",
      "severity": "high",
      "isDirect": false,
      "via": [
        "merge",
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/kad"
      ],
      "fixAvailable": true
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "kad"
      ],
      "effects": [],
      "range": "<=0.2.2",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "merge": {
      "name": "merge",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096479,
          "name": "merge",
          "dependency": "merge",
          "title": "Prototype Pollution in merge",
          "url": "https://github.com/advisories/GHSA-7wpw-2hjm-89gp",
          "severity": "high",
          "cwe": [
            "CWE-915"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<2.1.1"
        }
      ],
      "effects": [
        "kad"
      ],
      "range": "<2.1.1",
      "nodes": [
        "node_modules/merge"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096465,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1096466,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1096548,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1096549,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist",
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": true,
      "via": [
        "debug",
        "minimatch",
        "nanoid"
      ],
      "effects": [],
      "range": "5.1.0 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "moment": {
      "name": "moment",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095072,
          "name": "moment",
          "dependency": "moment",
          "title": "Moment.js vulnerable to Inefficient Regular Expression Complexity",
          "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.18.0 <2.29.4"
        },
        {
          "source": 1095083,
          "name": "moment",
          "dependency": "moment",
          "title": "Path Traversal: 'dir/../../filename' in moment.locale",
          "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-27"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<2.29.2"
        }
      ],
      "effects": [],
      "range": "<=2.29.3",
      "nodes": [
        "node_modules/moment"
      ],
      "fixAvailable": true
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "kad"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/ms"
      ],
      "fixAvailable": true
    },
    "msgpack5": {
      "name": "msgpack5",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089202,
          "name": "msgpack5",
          "dependency": "msgpack5",
          "title": "Prototype poisoning",
          "url": "https://github.com/advisories/GHSA-gmjw-49p4-pcfm",
          "severity": "moderate",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H"
          },
          "range": "<3.6.1"
        }
      ],
      "effects": [],
      "range": "<3.6.1",
      "nodes": [
        "node_modules/msgpack5"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089011,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "qs": {
      "name": "qs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096470,
          "name": "qs",
          "dependency": "qs",
          "title": "qs vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.5.0 <6.5.3"
        }
      ],
      "effects": [],
      "range": "6.5.0 - 6.5.2",
      "nodes": [
        "node_modules/qs"
      ],
      "fixAvailable": true
    },
    "redis": {
      "name": "redis",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1089196,
          "name": "redis",
          "dependency": "redis",
          "title": "Node-Redis potential exponential regex in monitor mode",
          "url": "https://github.com/advisories/GHSA-35q2-47q7-3pc3",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.6.0 <3.1.1"
        }
      ],
      "effects": [],
      "range": "2.6.0 - 3.1.0",
      "nodes": [
        "node_modules/redis"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "coveralls",
        "preq",
        "requestretry"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096483,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<5.7.2"
        },
        {
          "source": 1096484,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=6.0.0 <6.3.1"
        }
      ],
      "effects": [],
      "range": "<5.7.2 || >=6.0.0 <6.3.1",
      "nodes": [
        "node_modules/@babel/core/node_modules/semver",
        "node_modules/@wikimedia/jsonschema-tools/node_modules/semver",
        "node_modules/eslint-plugin-node/node_modules/semver",
        "node_modules/gc-stats/node_modules/semver",
        "node_modules/istanbul-lib-instrument/node_modules/semver",
        "node_modules/make-dir/node_modules/semver"
      ],
      "fixAvailable": true
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1096309,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1096376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.16"
        },
        {
          "source": 1096411,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.18"
        },
        {
          "source": 1096915,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [],
      "range": "<=6.2.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "underscore": {
      "name": "underscore",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095097,
          "name": "underscore",
          "dependency": "underscore",
          "title": "Arbitrary Code Execution in underscore",
          "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
          "severity": "critical",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.3.2 <1.12.1"
        }
      ],
      "effects": [],
      "range": "1.3.2 - 1.12.0",
      "nodes": [
        "node_modules/underscore"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 10,
      "high": 16,
      "critical": 5,
      "total": 32
    },
    "dependencies": {
      "prod": 157,
      "dev": 404,
      "optional": 78,
      "peer": 0,
      "peerOptional": 0,
      "total": 637
    }
  }
}

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@babel/traverse": {
      "name": "@babel/traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096886,
          "name": "@babel/traverse",
          "dependency": "@babel/traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [],
      "range": "<7.23.2",
      "nodes": [
        "node_modules/@babel/traverse"
      ],
      "fixAvailable": true
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1094090,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=3.0.0 <3.0.1"
        },
        {
          "source": 1094091,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1094092,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/ansi-regex",
        "node_modules/nyc/node_modules/ansi-regex",
        "node_modules/wide-align/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "busboy": {
      "name": "busboy",
      "severity": "high",
      "isDirect": false,
      "via": [
        "dicer"
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=0.3.1",
      "nodes": [
        "node_modules/busboy"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "coveralls": {
      "name": "coveralls",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/coveralls"
      ],
      "fixAvailable": false
    },
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096792,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.3.1"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "4.0.0 - 4.3.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/debug",
        "node_modules/mocha/node_modules/debug"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "dicer": {
      "name": "dicer",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093150,
          "name": "dicer",
          "dependency": "dicer",
          "title": "Crash in HeaderParser in dicer",
          "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2",
          "severity": "high",
          "cwe": [
            "CWE-248"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=0.3.1"
        }
      ],
      "effects": [
        "busboy"
      ],
      "range": "*",
      "nodes": [
        "node_modules/dicer"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "hyperswitch": {
      "name": "hyperswitch",
      "severity": "high",
      "isDirect": true,
      "via": [
        "busboy",
        "preq",
        "swagger-ui-dist"
      ],
      "effects": [],
      "range": ">=0.1.0",
      "nodes": [
        "node_modules/hyperswitch"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093224,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095057,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "critical",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "json5": {
      "name": "json5",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096544,
          "name": "json5",
          "dependency": "json5",
          "title": "Prototype Pollution in JSON5 via Parse Method",
          "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
          },
          "range": ">=2.0.0 <2.2.2"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 2.2.1",
      "nodes": [
        "node_modules/json5"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "kad": {
      "name": "kad",
      "severity": "high",
      "isDirect": false,
      "via": [
        "merge",
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/kad"
      ],
      "fixAvailable": true
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "kad"
      ],
      "effects": [],
      "range": "<=0.2.2",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "merge": {
      "name": "merge",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096479,
          "name": "merge",
          "dependency": "merge",
          "title": "Prototype Pollution in merge",
          "url": "https://github.com/advisories/GHSA-7wpw-2hjm-89gp",
          "severity": "high",
          "cwe": [
            "CWE-915"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<2.1.1"
        }
      ],
      "effects": [
        "kad"
      ],
      "range": "<2.1.1",
      "nodes": [
        "node_modules/merge"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096465,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1096466,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1096548,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1096549,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist",
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": true,
      "via": [
        "debug",
        "minimatch",
        "nanoid"
      ],
      "effects": [],
      "range": "5.1.0 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "moment": {
      "name": "moment",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095072,
          "name": "moment",
          "dependency": "moment",
          "title": "Moment.js vulnerable to Inefficient Regular Expression Complexity",
          "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.18.0 <2.29.4"
        },
        {
          "source": 1095083,
          "name": "moment",
          "dependency": "moment",
          "title": "Path Traversal: 'dir/../../filename' in moment.locale",
          "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-27"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<2.29.2"
        }
      ],
      "effects": [],
      "range": "<=2.29.3",
      "nodes": [
        "node_modules/moment"
      ],
      "fixAvailable": true
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "kad"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/ms"
      ],
      "fixAvailable": true
    },
    "msgpack5": {
      "name": "msgpack5",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089202,
          "name": "msgpack5",
          "dependency": "msgpack5",
          "title": "Prototype poisoning",
          "url": "https://github.com/advisories/GHSA-gmjw-49p4-pcfm",
          "severity": "moderate",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H"
          },
          "range": "<3.6.1"
        }
      ],
      "effects": [],
      "range": "<3.6.1",
      "nodes": [
        "node_modules/msgpack5"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089011,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "qs": {
      "name": "qs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096470,
          "name": "qs",
          "dependency": "qs",
          "title": "qs vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.5.0 <6.5.3"
        }
      ],
      "effects": [],
      "range": "6.5.0 - 6.5.2",
      "nodes": [
        "node_modules/qs"
      ],
      "fixAvailable": true
    },
    "redis": {
      "name": "redis",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1089196,
          "name": "redis",
          "dependency": "redis",
          "title": "Node-Redis potential exponential regex in monitor mode",
          "url": "https://github.com/advisories/GHSA-35q2-47q7-3pc3",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.6.0 <3.1.1"
        }
      ],
      "effects": [],
      "range": "2.6.0 - 3.1.0",
      "nodes": [
        "node_modules/redis"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "coveralls",
        "preq",
        "requestretry"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096483,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<5.7.2"
        },
        {
          "source": 1096484,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=6.0.0 <6.3.1"
        }
      ],
      "effects": [],
      "range": "<5.7.2 || >=6.0.0 <6.3.1",
      "nodes": [
        "node_modules/@babel/core/node_modules/semver",
        "node_modules/@wikimedia/jsonschema-tools/node_modules/semver",
        "node_modules/eslint-plugin-node/node_modules/semver",
        "node_modules/gc-stats/node_modules/semver",
        "node_modules/istanbul-lib-instrument/node_modules/semver",
        "node_modules/make-dir/node_modules/semver"
      ],
      "fixAvailable": true
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1096309,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1096376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.16"
        },
        {
          "source": 1096411,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.18"
        },
        {
          "source": 1096915,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [],
      "range": "<=6.2.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "underscore": {
      "name": "underscore",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095097,
          "name": "underscore",
          "dependency": "underscore",
          "title": "Arbitrary Code Execution in underscore",
          "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
          "severity": "critical",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.3.2 <1.12.1"
        }
      ],
      "effects": [],
      "range": "1.3.2 - 1.12.0",
      "nodes": [
        "node_modules/underscore"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 10,
      "high": 16,
      "critical": 5,
      "total": 32
    },
    "dependencies": {
      "prod": 157,
      "dev": 404,
      "optional": 78,
      "peer": 0,
      "peerOptional": 0,
      "total": 637
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE   required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 586,
  "removed": 0,
  "changed": 0,
  "audited": 653,
  "funding": 59,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@babel/traverse": {
        "name": "@babel/traverse",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096886,
            "name": "@babel/traverse",
            "dependency": "@babel/traverse",
            "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
            "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
            "severity": "critical",
            "cwe": [
              "CWE-184",
              "CWE-697"
            ],
            "cvss": {
              "score": 9.4,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
            },
            "range": "<7.23.2"
          }
        ],
        "effects": [],
        "range": "<7.23.2",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "ansi-regex": {
        "name": "ansi-regex",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1094090,
            "name": "ansi-regex",
            "dependency": "ansi-regex",
            "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
            "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
            "severity": "high",
            "cwe": [
              "CWE-697",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=3.0.0 <3.0.1"
          },
          {
            "source": 1094091,
            "name": "ansi-regex",
            "dependency": "ansi-regex",
            "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
            "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
            "severity": "high",
            "cwe": [
              "CWE-697",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=4.0.0 <4.1.1"
          },
          {
            "source": 1094092,
            "name": "ansi-regex",
            "dependency": "ansi-regex",
            "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
            "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
            "severity": "high",
            "cwe": [
              "CWE-697",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=5.0.0 <5.0.1"
          }
        ],
        "effects": [],
        "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
        "nodes": [
          "",
          "",
          ""
        ],
        "fixAvailable": true
      },
      "busboy": {
        "name": "busboy",
        "severity": "high",
        "isDirect": false,
        "via": [
          "dicer"
        ],
        "effects": [
          "hyperswitch"
        ],
        "range": "<=0.3.1",
        "nodes": [
          "node_modules/busboy"
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "coveralls": {
        "name": "coveralls",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          ""
        ],
        "fixAvailable": false
      },
      "debug": {
        "name": "debug",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1096792,
            "name": "debug",
            "dependency": "debug",
            "title": "Regular Expression Denial of Service in debug",
            "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=4.0.0 <4.3.1"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "4.0.0 - 4.3.0",
        "nodes": [
          "",
          "node_modules/gc-stats/node_modules/debug"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "dicer": {
        "name": "dicer",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1093150,
            "name": "dicer",
            "dependency": "dicer",
            "title": "Crash in HeaderParser in dicer",
            "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2",
            "severity": "high",
            "cwe": [
              "CWE-248"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<=0.3.1"
          }
        ],
        "effects": [
          "busboy"
        ],
        "range": "*",
        "nodes": [
          "node_modules/dicer"
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "hyperswitch": {
        "name": "hyperswitch",
        "severity": "high",
        "isDirect": true,
        "via": [
          "busboy",
          "preq",
          "swagger-ui-dist"
        ],
        "effects": [],
        "range": ">=0.1.0",
        "nodes": [
          "node_modules/hyperswitch"
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "ini": {
        "name": "ini",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1093224,
            "name": "ini",
            "dependency": "ini",
            "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
            "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
            "severity": "high",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": "<1.3.6"
          }
        ],
        "effects": [],
        "range": "<1.3.6",
        "nodes": [
          "node_modules/gc-stats/node_modules/ini"
        ],
        "fixAvailable": true
      },
      "json-schema": {
        "name": "json-schema",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1095057,
            "name": "json-schema",
            "dependency": "json-schema",
            "title": "json-schema is vulnerable to Prototype Pollution",
            "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
            "severity": "critical",
            "cwe": [
              "CWE-915",
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<0.4.0"
          }
        ],
        "effects": [
          "jsprim"
        ],
        "range": "<0.4.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "json5": {
        "name": "json5",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096544,
            "name": "json5",
            "dependency": "json5",
            "title": "Prototype Pollution in JSON5 via Parse Method",
            "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
            "severity": "high",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
            },
            "range": ">=2.0.0 <2.2.2"
          }
        ],
        "effects": [],
        "range": "2.0.0 - 2.2.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "jsprim": {
        "name": "jsprim",
        "severity": "critical",
        "isDirect": false,
        "via": [
          "json-schema"
        ],
        "effects": [],
        "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "kad": {
        "name": "kad",
        "severity": "high",
        "isDirect": false,
        "via": [
          "merge",
          "ms"
        ],
        "effects": [
          "limitation"
        ],
        "range": "*",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "limitation": {
        "name": "limitation",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "kad"
        ],
        "effects": [],
        "range": "<=0.2.2",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "merge": {
        "name": "merge",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096479,
            "name": "merge",
            "dependency": "merge",
            "title": "Prototype Pollution in merge",
            "url": "https://github.com/advisories/GHSA-7wpw-2hjm-89gp",
            "severity": "high",
            "cwe": [
              "CWE-915"
            ],
            "cvss": {
              "score": 7.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": "<2.1.1"
          }
        ],
        "effects": [
          "kad"
        ],
        "range": "<2.1.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096485,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS vulnerability",
            "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.0.5"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<3.0.5",
        "nodes": [
          "node_modules/gc-stats/node_modules/minimatch",
          "node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "minimist": {
        "name": "minimist",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096465,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.6,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": ">=1.0.0 <1.2.3"
          },
          {
            "source": 1096466,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.6,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": "<0.2.1"
          },
          {
            "source": 1096548,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<0.2.4"
          },
          {
            "source": 1096549,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=1.0.0 <1.2.6"
          }
        ],
        "effects": [
          "mkdirp"
        ],
        "range": "<=0.2.3 || 1.0.0 - 1.2.5",
        "nodes": [
          "",
          "node_modules/gc-stats/node_modules/minimist",
          "node_modules/gc-stats/node_modules/rc/node_modules/minimist"
        ],
        "fixAvailable": true
      },
      "mkdirp": {
        "name": "mkdirp",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "minimist"
        ],
        "effects": [],
        "range": "0.4.1 - 0.5.1",
        "nodes": [
          "node_modules/gc-stats/node_modules/mkdirp"
        ],
        "fixAvailable": true
      },
      "mocha": {
        "name": "mocha",
        "severity": "high",
        "isDirect": false,
        "via": [
          "debug",
          "minimatch",
          "nanoid"
        ],
        "effects": [],
        "range": "5.1.0 - 9.2.1",
        "nodes": [
          ""
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "moment": {
        "name": "moment",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1095072,
            "name": "moment",
            "dependency": "moment",
            "title": "Moment.js vulnerable to Inefficient Regular Expression Complexity",
            "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=2.18.0 <2.29.4"
          },
          {
            "source": 1095083,
            "name": "moment",
            "dependency": "moment",
            "title": "Path Traversal: 'dir/../../filename' in moment.locale",
            "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-27"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
            },
            "range": "<2.29.2"
          }
        ],
        "effects": [],
        "range": "<=2.29.3",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "ms": {
        "name": "ms",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1094419,
            "name": "ms",
            "dependency": "ms",
            "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
            "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<2.0.0"
          }
        ],
        "effects": [
          "kad"
        ],
        "range": "<2.0.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "msgpack5": {
        "name": "msgpack5",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1089202,
            "name": "msgpack5",
            "dependency": "msgpack5",
            "title": "Prototype poisoning",
            "url": "https://github.com/advisories/GHSA-gmjw-49p4-pcfm",
            "severity": "moderate",
            "cwe": [
              "CWE-915",
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H"
            },
            "range": "<3.6.1"
          }
        ],
        "effects": [],
        "range": "<3.6.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "nanoid": {
        "name": "nanoid",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1089011,
            "name": "nanoid",
            "dependency": "nanoid",
            "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
            "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
            "severity": "moderate",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 5.5,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": ">=3.0.0 <3.1.31"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "3.0.0 - 3.1.30",
        "nodes": [
          ""
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "preq": {
        "name": "preq",
        "severity": "high",
        "isDirect": true,
        "via": [
          "request",
          "requestretry"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/preq"
        ],
        "fixAvailable": false
      },
      "qs": {
        "name": "qs",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096470,
            "name": "qs",
            "dependency": "qs",
            "title": "qs vulnerable to Prototype Pollution",
            "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
            "severity": "high",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=6.5.0 <6.5.3"
          }
        ],
        "effects": [],
        "range": "6.5.0 - 6.5.2",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "redis": {
        "name": "redis",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1089196,
            "name": "redis",
            "dependency": "redis",
            "title": "Node-Redis potential exponential regex in monitor mode",
            "url": "https://github.com/advisories/GHSA-35q2-47q7-3pc3",
            "severity": "high",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=2.6.0 <3.1.1"
          }
        ],
        "effects": [],
        "range": "2.6.0 - 3.1.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "coveralls",
          "preq",
          "requestretry"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": false
      },
      "requestretry": {
        "name": "requestretry",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1090420,
            "name": "requestretry",
            "dependency": "requestretry",
            "title": "Cookie exposure in requestretry",
            "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
            "severity": "high",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": "<7.0.0"
          },
          "request"
        ],
        "effects": [
          "preq"
        ],
        "range": "*",
        "nodes": [
          "node_modules/requestretry"
        ],
        "fixAvailable": false
      },
      "semver": {
        "name": "semver",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096483,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<5.7.2"
          },
          {
            "source": 1096484,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=6.0.0 <6.3.1"
          }
        ],
        "effects": [],
        "range": "<5.7.2 || >=6.0.0 <6.3.1",
        "nodes": [
          "",
          "",
          "",
          "",
          "",
          "node_modules/gc-stats/node_modules/semver"
        ],
        "fixAvailable": true
      },
      "swagger-ui-dist": {
        "name": "swagger-ui-dist",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1088759,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Spoofing attack in swagger-ui-dist",
            "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
            "severity": "moderate",
            "cwe": [
              "CWE-1021"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          },
          {
            "source": 1092160,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Server side request forgery in SwaggerUI",
            "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "hyperswitch"
        ],
        "range": "<=4.1.2",
        "nodes": [
          ""
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "tar": {
        "name": "tar",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1089684,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
            "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=4.0.0 <4.4.14"
          },
          {
            "source": 1095117,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
            "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": "<4.4.18"
          },
          {
            "source": 1096309,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
            "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-23",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=4.0.0 <4.4.15"
          },
          {
            "source": 1096376,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
            "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=3.0.0 <4.4.16"
          },
          {
            "source": 1096411,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
            "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=3.0.0 <4.4.18"
          },
          {
            "source": 1096915,
            "name": "tar",
            "dependency": "tar",
            "title": "Denial of service while parsing a tar file due to lack of folders count validation",
            "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
            "severity": "moderate",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            },
            "range": "<6.2.1"
          }
        ],
        "effects": [],
        "range": "<=6.2.0",
        "nodes": [
          "node_modules/gc-stats/node_modules/tar"
        ],
        "fixAvailable": true
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096643,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": false
      },
      "underscore": {
        "name": "underscore",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1095097,
            "name": "underscore",
            "dependency": "underscore",
            "title": "Arbitrary Code Execution in underscore",
            "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
            "severity": "critical",
            "cwe": [
              "CWE-94"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=1.3.2 <1.12.1"
          }
        ],
        "effects": [],
        "range": "1.3.2 - 1.12.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 1,
        "moderate": 10,
        "high": 16,
        "critical": 5,
        "total": 32
      },
      "dependencies": {
        "prod": 156,
        "dev": 420,
        "optional": 78,
        "peer": 0,
        "peerOptional": 0,
        "total": 652
      }
    }
  }
}

--- end ---
{"added": 586, "removed": 0, "changed": 0, "audited": 653, "funding": 59, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/traverse": {"name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": [], "range": "<7.23.2", "nodes": [""], "fixAvailable": true}, "ansi-regex": {"name": "ansi-regex", "severity": "high", "isDirect": false, "via": [{"source": 1094090, "name": "ansi-regex", "dependency": "ansi-regex", "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "high", "cwe": ["CWE-697", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=3.0.0 <3.0.1"}, {"source": 1094091, "name": "ansi-regex", "dependency": "ansi-regex", "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "high", "cwe": ["CWE-697", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.1.1"}, {"source": 1094092, "name": "ansi-regex", "dependency": "ansi-regex", "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "high", "cwe": ["CWE-697", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.0.1"}], "effects": [], "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0", "nodes": ["", "", ""], "fixAvailable": true}, "busboy": {"name": "busboy", "severity": "high", "isDirect": false, "via": ["dicer"], "effects": ["hyperswitch"], "range": "<=0.3.1", "nodes": ["node_modules/busboy"], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "coveralls": {"name": "coveralls", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": [], "range": "*", "nodes": [""], "fixAvailable": false}, "debug": {"name": "debug", "severity": "low", "isDirect": false, "via": [{"source": 1096792, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.3.1"}], "effects": ["mocha"], "range": "4.0.0 - 4.3.0", "nodes": ["", "node_modules/gc-stats/node_modules/debug"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "dicer": {"name": "dicer", "severity": "high", "isDirect": false, "via": [{"source": 1093150, "name": "dicer", "dependency": "dicer", "title": "Crash in HeaderParser in dicer", "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=0.3.1"}], "effects": ["busboy"], "range": "*", "nodes": ["node_modules/dicer"], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "hyperswitch": {"name": "hyperswitch", "severity": "high", "isDirect": true, "via": ["busboy", "preq", "swagger-ui-dist"], "effects": [], "range": ">=0.1.0", "nodes": ["node_modules/hyperswitch"], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "ini": {"name": "ini", "severity": "high", "isDirect": false, "via": [{"source": 1093224, "name": "ini", "dependency": "ini", "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<1.3.6"}], "effects": [], "range": "<1.3.6", "nodes": ["node_modules/gc-stats/node_modules/ini"], "fixAvailable": true}, "json-schema": {"name": "json-schema", "severity": "critical", "isDirect": false, "via": [{"source": 1095057, "name": "json-schema", "dependency": "json-schema", "title": "json-schema is vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-896r-f27r-55mw", "severity": "critical", "cwe": ["CWE-915", "CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.4.0"}], "effects": ["jsprim"], "range": "<0.4.0", "nodes": [""], "fixAvailable": true}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096544, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": ">=2.0.0 <2.2.2"}], "effects": [], "range": "2.0.0 - 2.2.1", "nodes": [""], "fixAvailable": true}, "jsprim": {"name": "jsprim", "severity": "critical", "isDirect": false, "via": ["json-schema"], "effects": [], "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1", "nodes": [""], "fixAvailable": true}, "kad": {"name": "kad", "severity": "high", "isDirect": false, "via": ["merge", "ms"], "effects": ["limitation"], "range": "*", "nodes": [""], "fixAvailable": true}, "limitation": {"name": "limitation", "severity": "moderate", "isDirect": false, "via": ["kad"], "effects": [], "range": "<=0.2.2", "nodes": [""], "fixAvailable": true}, "merge": {"name": "merge", "severity": "high", "isDirect": false, "via": [{"source": 1096479, "name": "merge", "dependency": "merge", "title": "Prototype Pollution in merge", "url": "https://github.com/advisories/GHSA-7wpw-2hjm-89gp", "severity": "high", "cwe": ["CWE-915"], "cvss": {"score": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<2.1.1"}], "effects": ["kad"], "range": "<2.1.1", "nodes": [""], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["mocha"], "range": "<3.0.5", "nodes": ["node_modules/gc-stats/node_modules/minimatch", "node_modules/minimatch"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "minimist": {"name": "minimist", "severity": "critical", "isDirect": false, "via": [{"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, {"source": 1096548, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, {"source": 1096549, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}], "effects": ["mkdirp"], "range": "<=0.2.3 || 1.0.0 - 1.2.5", "nodes": ["", "node_modules/gc-stats/node_modules/minimist", "node_modules/gc-stats/node_modules/rc/node_modules/minimist"], "fixAvailable": true}, "mkdirp": {"name": "mkdirp", "severity": "moderate", "isDirect": false, "via": ["minimist"], "effects": [], "range": "0.4.1 - 0.5.1", "nodes": ["node_modules/gc-stats/node_modules/mkdirp"], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "high", "isDirect": false, "via": ["debug", "minimatch", "nanoid"], "effects": [], "range": "5.1.0 - 9.2.1", "nodes": [""], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "moment": {"name": "moment", "severity": "high", "isDirect": false, "via": [{"source": 1095072, "name": "moment", "dependency": "moment", "title": "Moment.js vulnerable to Inefficient Regular Expression Complexity", "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=2.18.0 <2.29.4"}, {"source": 1095083, "name": "moment", "dependency": "moment", "title": "Path Traversal: 'dir/../../filename' in moment.locale", "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4", "severity": "high", "cwe": ["CWE-22", "CWE-27"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<2.29.2"}], "effects": [], "range": "<=2.29.3", "nodes": [""], "fixAvailable": true}, "ms": {"name": "ms", "severity": "moderate", "isDirect": false, "via": [{"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}], "effects": ["kad"], "range": "<2.0.0", "nodes": [""], "fixAvailable": true}, "msgpack5": {"name": "msgpack5", "severity": "moderate", "isDirect": false, "via": [{"source": 1089202, "name": "msgpack5", "dependency": "msgpack5", "title": "Prototype poisoning", "url": "https://github.com/advisories/GHSA-gmjw-49p4-pcfm", "severity": "moderate", "cwe": ["CWE-915", "CWE-1321"], "cvss": {"score": 6.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H"}, "range": "<3.6.1"}], "effects": [], "range": "<3.6.1", "nodes": [""], "fixAvailable": true}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1089011, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=3.0.0 <3.1.31"}], "effects": ["mocha"], "range": "3.0.0 - 3.1.30", "nodes": [""], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "preq": {"name": "preq", "severity": "high", "isDirect": true, "via": ["request", "requestretry"], "effects": [], "range": "*", "nodes": ["node_modules/preq"], "fixAvailable": false}, "qs": {"name": "qs", "severity": "high", "isDirect": false, "via": [{"source": 1096470, "name": "qs", "dependency": "qs", "title": "qs vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.5.0 <6.5.3"}], "effects": [], "range": "6.5.0 - 6.5.2", "nodes": [""], "fixAvailable": true}, "redis": {"name": "redis", "severity": "high", "isDirect": false, "via": [{"source": 1089196, "name": "redis", "dependency": "redis", "title": "Node-Redis potential exponential regex in monitor mode", "url": "https://github.com/advisories/GHSA-35q2-47q7-3pc3", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=2.6.0 <3.1.1"}], "effects": [], "range": "2.6.0 - 3.1.0", "nodes": [""], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["coveralls", "preq", "requestretry"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "requestretry": {"name": "requestretry", "severity": "high", "isDirect": false, "via": [{"source": 1090420, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": ["CWE-200"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<7.0.0"}, "request"], "effects": ["preq"], "range": "*", "nodes": ["node_modules/requestretry"], "fixAvailable": false}, "semver": {"name": "semver", "severity": "moderate", "isDirect": false, "via": [{"source": 1096483, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<5.7.2"}, {"source": 1096484, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=6.0.0 <6.3.1"}], "effects": [], "range": "<5.7.2 || >=6.0.0 <6.3.1", "nodes": ["", "", "", "", "", "node_modules/gc-stats/node_modules/semver"], "fixAvailable": true}, "swagger-ui-dist": {"name": "swagger-ui-dist", "severity": "moderate", "isDirect": false, "via": [{"source": 1088759, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Spoofing attack in swagger-ui-dist", "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "severity": "moderate", "cwe": ["CWE-1021"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.1.3"}, {"source": 1092160, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Server side request forgery in SwaggerUI", "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<4.1.3"}], "effects": ["hyperswitch"], "range": "<=4.1.2", "nodes": [""], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "tar": {"name": "tar", "severity": "high", "isDirect": false, "via": [{"source": 1089684, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.14"}, {"source": 1095117, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": "<4.4.18"}, {"source": 1096309, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "cwe": ["CWE-22", "CWE-23", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.15"}, {"source": 1096376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.16"}, {"source": 1096411, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.18"}, {"source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<6.2.1"}], "effects": [], "range": "<=6.2.0", "nodes": ["node_modules/gc-stats/node_modules/tar"], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}, "underscore": {"name": "underscore", "severity": "critical", "isDirect": false, "via": [{"source": 1095097, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": ["CWE-94"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.3.2 <1.12.1"}], "effects": [], "range": "1.3.2 - 1.12.0", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 10, "high": 16, "critical": 5, "total": 32}, "dependencies": {"prod": 156, "dev": 420, "optional": 78, "peer": 0, "peerOptional": 0, "total": 652}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE   required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@7.1.4: Please switch to @apidevtools/json-schema-ref-parser
--- stdout ---

added 585 packages, and audited 652 packages in 2m

59 packages are looking for funding
  run `npm fund` for details

# npm audit report

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/debug

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
fix available via `npm audit fix --force`
Will install hyperswitch@0.10.5, which is a breaking change
node_modules/dicer
  busboy  <=0.3.1
  Depends on vulnerable versions of dicer
  node_modules/busboy
    hyperswitch  >=0.1.0
    Depends on vulnerable versions of busboy
    Depends on vulnerable versions of preq
    Depends on vulnerable versions of swagger-ui-dist
    node_modules/hyperswitch

ini  <1.3.6
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/ini

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/gc-stats/node_modules/minimatch
node_modules/minimatch
  mocha  5.1.0 - 9.2.1
  Depends on vulnerable versions of minimatch
  Depends on vulnerable versions of nanoid
  node_modules/mocha

minimist  <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/minimist
node_modules/gc-stats/node_modules/rc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/gc-stats/node_modules/mkdirp

ms  <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix`
node_modules/ms
  wikimedia-kad-fork  *
  Depends on vulnerable versions of ms
  node_modules/wikimedia-kad-fork
    limitation  >=0.2.3
    Depends on vulnerable versions of wikimedia-kad-fork
    node_modules/limitation

nanoid  3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/nanoid

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  coveralls  *
  Depends on vulnerable versions of request
  node_modules/coveralls
  preq  *
  Depends on vulnerable versions of request
  Depends on vulnerable versions of requestretry
  node_modules/preq
  requestretry  *
  Depends on vulnerable versions of request
  node_modules/requestretry


semver  <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/semver

swagger-ui-dist  <=4.1.2
Severity: moderate
Spoofing attack in swagger-ui-dist - https://github.com/advisories/GHSA-6c9x-mj3g-h47x
Server side request forgery in SwaggerUI - https://github.com/advisories/GHSA-qrmm-w75w-3wpx
fix available via `npm audit fix --force`
Will install hyperswitch@0.10.5, which is a breaking change
node_modules/swagger-ui-dist

tar  <=6.2.0
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/tar

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

21 vulnerabilities (1 low, 10 moderate, 9 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE   required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@7.1.4: Please switch to @apidevtools/json-schema-ref-parser
--- stdout ---

added 585 packages, and audited 652 packages in 2m

59 packages are looking for funding
  run `npm fund` for details

21 vulnerabilities (1 low, 10 moderate, 9 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stdout ---

> change-propagation@0.12.0 test
> export MOCK_SERVICES=true && npm run lint && mocha --recursive


> change-propagation@0.12.0 lint
> eslint --cache --ext .js .



  JobQueue rules
    ✓ Should propagate updateBetaFeaturesUserCounts job (503ms)
    ✓ Should propagate cdnPurge job (3507ms)
    ✓ Should support partitioned refreshLinks (513ms)
    ✓ Should deduplicate based on ID (2005ms)
    ✓ Should deduplicate based on SHA1 (4008ms)
    ✓ Should deduplicate based on SHA1 and root job combination (4004ms)
    ✓ Should deduplicate base on root job (4004ms)
    ✓ Should support delayed jobs with re-enqueue (13012ms)

  Rule
    ✓ topic required
    ✓ no-op rule
    ✓ simple rule - one request
    ✓ simple rule - multiple requests
    Matching
      ✓ all
      ✓ simple value match
      ✓ simple value mismatch
      ✓ regex match
      ✓ regex match with undefined
      ✓ regex mismatch
      ✓ array match
      ✓ malformed match
      ✓ match_not
      ✓ match_not array
      ✓ matches match and match_not
      ✓ matches match but not match_not
      ✓ matches match_not but not match
      ✓ matches match but is canary event and should_discard_canary_events is true
      ✓ matches match and is canary event and should_discard_canary_events is false
      ✓ expansion
      ✓ expansion with named groups
      ✓ checks for named and unnamed groups mixing

  Sampler
    ✓ Should accept the correct number of values (79ms)

  Basic rule management
    ✓ Should call simple executor (502ms)
    ✓ Should retry simple executor (502ms)
    ✓ Should retry simple executor no more than limit (2002ms)
    1) Should emit valid retry message
    ✓ Should not retry if retry_on not matched (2002ms)
    ✓ Should not follow redirects (2002ms)
    ✓ Should not crash with unparsable JSON (502ms)
    ✓ Should support producing to topics on exec (502ms)
    2) Should emit valid messages to error topic
    ✓ Sampling should only propagate a stable subset (2003ms)
    ✓ Should support array topics (501ms)
    ✓ Should support exclude_topics stanza (2001ms)

  update rules
    ✓ Should update summary endpoint (503ms)
    ✓ Should update summary endpoint, transcludes topic (500ms)
    ✓ Should update summary endpoint on page images change (503ms)
    ✓ Should not update summary for a blacklisted title (2001ms)
    ✓ Should update definition endpoint (502ms)
    ✓ Should not react to revision change event from restbase for definition endpoint (2002ms)
    ✓ Should update mobile apps endpoint (502ms)
    ✓ Should not update definition endpoint for non-main namespace (2001ms)
    ✓ Should update RESTBase on resource_change from MW (502ms)
    ✓ Should update RESTBase on revision create (502ms)
    ✓ Should not update RESTBase on revision create for a blacklisted title (2002ms)
    ✓ Should not update RESTBase on revision create for wikidata (2002ms)
    ✓ Should update RESTBase on page delete (502ms)
    ✓ Should update RESTBase on page undelete (502ms)
    ✓ Should update RESTBase on page move (502ms)
    ✓ Should update RESTBase on revision visibility change (501ms)
    3) Should update ORES on revision-create
    4) Should update ORES on revision-create, error
    ✓ Should update RESTBase summary and mobile-sections on wikidata description change (3003ms)
    ✓ Should update RESTBase summary and mobile-sections on wikidata description revert (3002ms)
    ✓ Should update RESTBase summary and mobile-sections on wikidata undelete (3001ms)
    ✓ Should not ask Wikidata for info for non-main namespace titles (5002ms)
    ✓ Should not crash if wikidata description can not be found (3001ms)
    ✓ Should rerender image usages on file update (506ms)
    ✓ Should rerender transclusions on page update (506ms)
    ✓ Should process backlinks, on create (505ms)
    ✓ Should process backlinks, on delete (506ms)
    ✓ Should process backlinks, on undelete (503ms)
    ✓ Should purge caches on resource_change coming from RESTBase (51ms)
    ✓ Should purge caches on resource_change coming from Tilerator (100ms)


  69 passing (1m)
  4 failing

  1) Basic rule management
       Should emit valid retry message:
     SyntaxError: Unexpected token o in JSON at position 1
      at JSON.parse (<anonymous>)
      at /src/repo/test/utils/common.js:122:33
      at tryCatcher (node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (node_modules/bluebird/js/release/promise.js:547:31)
      at Promise._settlePromise (node_modules/bluebird/js/release/promise.js:604:18)
      at Promise._settlePromise0 (node_modules/bluebird/js/release/promise.js:649:10)
      at Promise._settlePromises (node_modules/bluebird/js/release/promise.js:729:18)
      at _drainQueueStep (node_modules/bluebird/js/release/async.js:93:12)
      at _drainQueue (node_modules/bluebird/js/release/async.js:86:9)
      at Async._drainQueues (node_modules/bluebird/js/release/async.js:102:5)
      at Async.drainQueues [as _onImmediate] (node_modules/bluebird/js/release/async.js:15:14)
      at process.processImmediate (node:internal/timers:476:21)

  2) Basic rule management
       Should emit valid messages to error topic:
     SyntaxError: Unexpected token o in JSON at position 1
      at JSON.parse (<anonymous>)
      at /src/repo/test/utils/common.js:122:33
      at tryCatcher (node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (node_modules/bluebird/js/release/promise.js:547:31)
      at Promise._settlePromise (node_modules/bluebird/js/release/promise.js:604:18)
      at Promise._settlePromise0 (node_modules/bluebird/js/release/promise.js:649:10)
      at Promise._settlePromises (node_modules/bluebird/js/release/promise.js:729:18)
      at _drainQueueStep (node_modules/bluebird/js/release/async.js:93:12)
      at _drainQueue (node_modules/bluebird/js/release/async.js:86:9)
      at Async._drainQueues (node_modules/bluebird/js/release/async.js:102:5)
      at Async.drainQueues [as _onImmediate] (node_modules/bluebird/js/release/async.js:15:14)
      at process.processImmediate (node:internal/timers:476:21)

  3) update rules
       Should update ORES on revision-create:
     SyntaxError: Unexpected token o in JSON at position 1
      at JSON.parse (<anonymous>)
      at /src/repo/test/utils/common.js:122:33
      at tryCatcher (node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (node_modules/bluebird/js/release/promise.js:547:31)
      at Promise._settlePromise (node_modules/bluebird/js/release/promise.js:604:18)
      at Promise._settlePromise0 (node_modules/bluebird/js/release/promise.js:649:10)
      at Promise._settlePromises (node_modules/bluebird/js/release/promise.js:729:18)
      at _drainQueueStep (node_modules/bluebird/js/release/async.js:93:12)
      at _drainQueue (node_modules/bluebird/js/release/async.js:86:9)
      at Async._drainQueues (node_modules/bluebird/js/release/async.js:102:5)
      at Async.drainQueues [as _onImmediate] (node_modules/bluebird/js/release/async.js:15:14)
      at process.processImmediate (node:internal/timers:476:21)

  4) update rules
       Should update ORES on revision-create, error:
     SyntaxError: Unexpected token o in JSON at position 1
      at JSON.parse (<anonymous>)
      at /src/repo/test/utils/common.js:122:33
      at tryCatcher (node_modules/bluebird/js/release/util.js:16:23)
      at Promise._settlePromiseFromHandler (node_modules/bluebird/js/release/promise.js:547:31)
      at Promise._settlePromise (node_modules/bluebird/js/release/promise.js:604:18)
      at Promise._settlePromise0 (node_modules/bluebird/js/release/promise.js:649:10)
      at Promise._settlePromises (node_modules/bluebird/js/release/promise.js:729:18)
      at _drainQueueStep (node_modules/bluebird/js/release/async.js:93:12)
      at _drainQueue (node_modules/bluebird/js/release/async.js:86:9)
      at Async._drainQueues (node_modules/bluebird/js/release/async.js:102:5)
      at Async.drainQueues [as _onImmediate] (node_modules/bluebird/js/release/async.js:15:14)
      at process.processImmediate (node:internal/timers:476:21)




--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1534, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1478, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 249, in npm_audit_fix
    self.check_call(['npm', 'test'])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 54, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 4.

npm dependencies

Dependencies
Development dependencies

Logs

Source code is licensed under the AGPL.