mediawiki/services/geoshapes (main)

sourcepatches
$ date
--- stdout ---
Thu Apr 11 20:11:26 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-services-geoshapes.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
5e1e0ecd72c7e1fb2c3ae8bb730bf7ee00e8100a refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@babel/core": {
      "name": "@babel/core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [],
      "range": "7.13.0 - 7.13.1",
      "nodes": [
        "node_modules/@babel/core"
      ],
      "fixAvailable": true
    },
    "@babel/helper-compilation-targets": {
      "name": "@babel/helper-compilation-targets",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [],
      "range": "7.13.0",
      "nodes": [
        "node_modules/@babel/helper-compilation-targets"
      ],
      "fixAvailable": true
    },
    "@babel/traverse": {
      "name": "@babel/traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096886,
          "name": "@babel/traverse",
          "dependency": "@babel/traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [],
      "range": "<7.23.2",
      "nodes": [
        "node_modules/@babel/traverse"
      ],
      "fixAvailable": true
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1094090,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=3.0.0 <3.0.1"
        },
        {
          "source": 1094091,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1094092,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/ansi-regex",
        "node_modules/boxen/node_modules/ansi-regex",
        "node_modules/eslint/node_modules/ansi-regex",
        "node_modules/inquirer/node_modules/ansi-regex",
        "node_modules/mocha/node_modules/ansi-regex",
        "node_modules/nyc/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/wide-align/node_modules/ansi-regex",
        "node_modules/widest-line/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "body-parser": {
      "name": "body-parser",
      "severity": "high",
      "isDirect": true,
      "via": [
        "qs"
      ],
      "effects": [],
      "range": "1.19.0",
      "nodes": [
        "node_modules/body-parser"
      ],
      "fixAvailable": true
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1093035,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/browserslist"
      ],
      "fixAvailable": true
    },
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096792,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.3.1"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.3.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/debug"
      ],
      "fixAvailable": true
    },
    "express": {
      "name": "express",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1096820,
          "name": "express",
          "dependency": "express",
          "title": "Express.js Open Redirect in malformed URLs",
          "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc",
          "severity": "moderate",
          "cwe": [
            "CWE-601",
            "CWE-1286"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.19.2"
        },
        "body-parser",
        "qs"
      ],
      "effects": [],
      "range": "<=4.19.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8",
      "nodes": [
        "node_modules/express"
      ],
      "fixAvailable": true
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095007,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.1.2"
        }
      ],
      "effects": [],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/glob-parent"
      ],
      "fixAvailable": true
    },
    "got": {
      "name": "got",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088948,
          "name": "got",
          "dependency": "got",
          "title": "Got allows a redirect to a UNIX socket",
          "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
          "severity": "moderate",
          "cwe": [],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<11.8.5"
        }
      ],
      "effects": [
        "package-json"
      ],
      "range": "<11.8.5",
      "nodes": [
        "node_modules/got"
      ],
      "fixAvailable": true
    },
    "hosted-git-info": {
      "name": "hosted-git-info",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089809,
          "name": "hosted-git-info",
          "dependency": "hosted-git-info",
          "title": "Regular Expression Denial of Service in hosted-git-info",
          "url": "https://github.com/advisories/GHSA-43f8-2h32-f4cj",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.8.9"
        }
      ],
      "effects": [],
      "range": "<2.8.9",
      "nodes": [
        "node_modules/hosted-git-info"
      ],
      "fixAvailable": true
    },
    "http-cache-semantics": {
      "name": "http-cache-semantics",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1092316,
          "name": "http-cache-semantics",
          "dependency": "http-cache-semantics",
          "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.1.1"
        }
      ],
      "effects": [],
      "range": "<4.1.1",
      "nodes": [
        "node_modules/http-cache-semantics"
      ],
      "fixAvailable": true
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093224,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095057,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "critical",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "json5": {
      "name": "json5",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096544,
          "name": "json5",
          "dependency": "json5",
          "title": "Prototype Pollution in JSON5 via Parse Method",
          "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
          },
          "range": ">=2.0.0 <2.2.2"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 2.2.1",
      "nodes": [
        "node_modules/json5"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "latest-version": {
      "name": "latest-version",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "package-json"
      ],
      "effects": [
        "update-notifier"
      ],
      "range": "0.2.0 - 5.1.0",
      "nodes": [
        "node_modules/latest-version"
      ],
      "fixAvailable": true
    },
    "lodash.set": {
      "name": "lodash.set",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096302,
          "name": "lodash.set",
          "dependency": "lodash.set",
          "title": "Prototype Pollution in lodash",
          "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
          "severity": "high",
          "cwe": [
            "CWE-770",
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
          },
          "range": ">=3.7.0 <=4.3.2"
        }
      ],
      "effects": [
        "nock"
      ],
      "range": "*",
      "nodes": [
        "node_modules/lodash.set"
      ],
      "fixAvailable": true
    },
    "merge": {
      "name": "merge",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096479,
          "name": "merge",
          "dependency": "merge",
          "title": "Prototype Pollution in merge",
          "url": "https://github.com/advisories/GHSA-7wpw-2hjm-89gp",
          "severity": "high",
          "cwe": [
            "CWE-915"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<2.1.1"
        }
      ],
      "effects": [],
      "range": "<2.1.1",
      "nodes": [
        "node_modules/merge"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096465,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1096466,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1096548,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1096549,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist",
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch",
        "nanoid"
      ],
      "effects": [],
      "range": "5.1.0 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "moment": {
      "name": "moment",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095072,
          "name": "moment",
          "dependency": "moment",
          "title": "Moment.js vulnerable to Inefficient Regular Expression Complexity",
          "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.18.0 <2.29.4"
        },
        {
          "source": 1095083,
          "name": "moment",
          "dependency": "moment",
          "title": "Path Traversal: 'dir/../../filename' in moment.locale",
          "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-27"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<2.29.2"
        }
      ],
      "effects": [],
      "range": "<=2.29.3",
      "nodes": [
        "node_modules/moment"
      ],
      "fixAvailable": true
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/kad/node_modules/ms"
      ],
      "fixAvailable": true
    },
    "msgpack5": {
      "name": "msgpack5",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089202,
          "name": "msgpack5",
          "dependency": "msgpack5",
          "title": "Prototype poisoning",
          "url": "https://github.com/advisories/GHSA-gmjw-49p4-pcfm",
          "severity": "moderate",
          "cwe": [
            "CWE-915",
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H"
          },
          "range": "<3.6.1"
        }
      ],
      "effects": [],
      "range": "<3.6.1",
      "nodes": [
        "node_modules/msgpack5"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089011,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "nock": {
      "name": "nock",
      "severity": "high",
      "isDirect": true,
      "via": [
        "lodash.set"
      ],
      "effects": [],
      "range": "13.0.0-beta.1 - 13.2.4",
      "nodes": [
        "node_modules/nock"
      ],
      "fixAvailable": true
    },
    "nodemon": {
      "name": "nodemon",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "update-notifier"
      ],
      "effects": [],
      "range": "1.3.5 - 2.0.16 || 2.0.18",
      "nodes": [
        "node_modules/nodemon"
      ],
      "fixAvailable": true
    },
    "normalize-url": {
      "name": "normalize-url",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095142,
          "name": "normalize-url",
          "dependency": "normalize-url",
          "title": "ReDoS in normalize-url",
          "url": "https://github.com/advisories/GHSA-px4h-xg32-q955",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.3.0 <4.5.1"
        }
      ],
      "effects": [],
      "range": "4.3.0 - 4.5.0",
      "nodes": [
        "node_modules/normalize-url"
      ],
      "fixAvailable": true
    },
    "package-json": {
      "name": "package-json",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "got"
      ],
      "effects": [
        "latest-version"
      ],
      "range": "<=6.5.0",
      "nodes": [
        "node_modules/package-json"
      ],
      "fixAvailable": true
    },
    "path-parse": {
      "name": "path-parse",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089681,
          "name": "path-parse",
          "dependency": "path-parse",
          "title": "Regular Expression Denial of Service in path-parse",
          "url": "https://github.com/advisories/GHSA-hj48-42vr-x3v9",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<1.0.7"
        }
      ],
      "effects": [],
      "range": "<1.0.7",
      "nodes": [
        "node_modules/path-parse"
      ],
      "fixAvailable": true
    },
    "pg": {
      "name": "pg",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "pg-promise"
      ],
      "range": "4.0.0-beta2 - 8.3.3",
      "nodes": [
        "node_modules/pg"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "pg-promise": {
      "name": "pg-promise",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "pg"
      ],
      "effects": [],
      "range": "0.6.4 - 2.9.5 || 3.0.3 - 10.6.2",
      "nodes": [
        "node_modules/pg-promise"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "qs": {
      "name": "qs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096470,
          "name": "qs",
          "dependency": "qs",
          "title": "qs vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.5.0 <6.5.3"
        },
        {
          "source": 1096472,
          "name": "qs",
          "dependency": "qs",
          "title": "qs vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.7.0 <6.7.3"
        }
      ],
      "effects": [
        "body-parser",
        "express"
      ],
      "range": "6.5.0 - 6.5.2 || 6.7.0 - 6.7.2",
      "nodes": [
        "node_modules/qs",
        "node_modules/request/node_modules/qs"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        }
      ],
      "effects": [
        "preq"
      ],
      "range": "<7.0.0",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096482,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=7.0.0 <7.5.2"
        },
        {
          "source": 1096483,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<5.7.2"
        },
        {
          "source": 1096484,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=6.0.0 <6.3.1"
        }
      ],
      "effects": [
        "@babel/core",
        "@babel/helper-compilation-targets",
        "pg"
      ],
      "range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1",
      "nodes": [
        "node_modules/@babel/core/node_modules/semver",
        "node_modules/@babel/helper-compilation-targets/node_modules/semver",
        "node_modules/eslint-plugin-node/node_modules/semver",
        "node_modules/eslint-plugin-vue/node_modules/semver",
        "node_modules/gc-stats/node_modules/semver",
        "node_modules/istanbul-lib-instrument/node_modules/semver",
        "node_modules/make-dir/node_modules/semver",
        "node_modules/nodemon/node_modules/semver",
        "node_modules/normalize-package-data/node_modules/semver",
        "node_modules/package-json/node_modules/semver",
        "node_modules/pg/node_modules/semver",
        "node_modules/rewire/node_modules/cross-spawn/node_modules/semver",
        "node_modules/rewire/node_modules/semver",
        "node_modules/semver",
        "node_modules/semver-diff/node_modules/semver"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "swagger-ui-dist",
        "version": "5.15.1",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1096309,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1096376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.16"
        },
        {
          "source": 1096411,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.18"
        },
        {
          "source": 1096915,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [],
      "range": "<=6.2.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "update-notifier": {
      "name": "update-notifier",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "latest-version"
      ],
      "effects": [
        "nodemon"
      ],
      "range": "0.2.0 - 5.1.0",
      "nodes": [
        "node_modules/update-notifier"
      ],
      "fixAvailable": true
    },
    "word-wrap": {
      "name": "word-wrap",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1095091,
          "name": "word-wrap",
          "dependency": "word-wrap",
          "title": "word-wrap vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<1.2.4"
        }
      ],
      "effects": [],
      "range": "<1.2.4",
      "nodes": [
        "node_modules/word-wrap"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 21,
      "high": 18,
      "critical": 4,
      "total": 44
    },
    "dependencies": {
      "prod": 222,
      "dev": 576,
      "optional": 80,
      "peer": 0,
      "peerOptional": 0,
      "total": 876
    }
  }
}

--- end ---
$ /usr/bin/npm install
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'geoshapes@0.0.1',
npm WARN EBADENGINE   required: { node: '^10' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated gc-stats@1.4.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm WARN deprecated topojson@2.2.0: Use topojson-client, topojson-server or topojson-simplify directly.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated pg-promise@5.9.7: This version of pg-promise is obsolete. You should update to a newer version.
npm WARN deprecated sinon@9.2.4: 16.1.1
--- stdout ---

added 778 packages, and audited 779 packages in 34s

78 packages are looking for funding
  run `npm fund` for details

16 vulnerabilities (12 moderate, 4 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "wikimedia-kad-fork"
      ],
      "effects": [],
      "range": ">=0.2.3",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/mocha/node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch",
        "nanoid"
      ],
      "effects": [],
      "range": "5.1.0 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "wikimedia-kad-fork"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/wikimedia-kad-fork/node_modules/ms"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089011,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.4.0",
        "isSemVerMajor": true
      }
    },
    "nodemon": {
      "name": "nodemon",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "simple-update-notifier"
      ],
      "effects": [],
      "range": "2.0.19 - 2.0.22",
      "nodes": [
        "node_modules/nodemon"
      ],
      "fixAvailable": true
    },
    "pg": {
      "name": "pg",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "pg-promise"
      ],
      "range": "4.0.0-beta2 - 8.3.3",
      "nodes": [
        "node_modules/pg"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "pg-promise": {
      "name": "pg-promise",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "pg"
      ],
      "effects": [],
      "range": "0.6.4 - 2.9.5 || 3.0.3 - 10.6.2",
      "nodes": [
        "node_modules/pg-promise"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "preq",
        "requestretry"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096482,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=7.0.0 <7.5.2"
        },
        {
          "source": 1096483,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<5.7.2"
        }
      ],
      "effects": [
        "pg",
        "simple-update-notifier"
      ],
      "range": ">=7.0.0 <7.5.2 || <5.7.2",
      "nodes": [
        "node_modules/pg/node_modules/semver",
        "node_modules/simple-update-notifier/node_modules/semver"
      ],
      "fixAvailable": {
        "name": "pg-promise",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "simple-update-notifier": {
      "name": "simple-update-notifier",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "nodemon"
      ],
      "range": "1.0.7 - 1.1.0",
      "nodes": [
        "node_modules/simple-update-notifier"
      ],
      "fixAvailable": true
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "swagger-ui-dist",
        "version": "5.15.1",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "wikimedia-kad-fork": {
      "name": "wikimedia-kad-fork",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/wikimedia-kad-fork"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 12,
      "high": 4,
      "critical": 0,
      "total": 16
    },
    "dependencies": {
      "prod": 252,
      "dev": 514,
      "optional": 15,
      "peer": 0,
      "peerOptional": 0,
      "total": 779
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'geoshapes@0.0.1',
npm WARN EBADENGINE   required: { node: '^10' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 1,
  "removed": 0,
  "changed": 4,
  "audited": 780,
  "funding": 78,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "limitation": {
        "name": "limitation",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "wikimedia-kad-fork"
        ],
        "effects": [],
        "range": ">=0.2.3",
        "nodes": [
          "node_modules/limitation"
        ],
        "fixAvailable": true
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096485,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS vulnerability",
            "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.0.5"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<3.0.5",
        "nodes": [
          "node_modules/mocha/node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "mocha": {
        "name": "mocha",
        "severity": "high",
        "isDirect": true,
        "via": [
          "minimatch",
          "nanoid"
        ],
        "effects": [],
        "range": "5.1.0 - 9.2.1",
        "nodes": [
          "node_modules/mocha"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "ms": {
        "name": "ms",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1094419,
            "name": "ms",
            "dependency": "ms",
            "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
            "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<2.0.0"
          }
        ],
        "effects": [
          "wikimedia-kad-fork"
        ],
        "range": "<2.0.0",
        "nodes": [
          "node_modules/wikimedia-kad-fork/node_modules/ms"
        ],
        "fixAvailable": true
      },
      "nanoid": {
        "name": "nanoid",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1089011,
            "name": "nanoid",
            "dependency": "nanoid",
            "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
            "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
            "severity": "moderate",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 5.5,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": ">=3.0.0 <3.1.31"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "3.0.0 - 3.1.30",
        "nodes": [
          "node_modules/nanoid"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "10.4.0",
          "isSemVerMajor": true
        }
      },
      "nodemon": {
        "name": "nodemon",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "simple-update-notifier"
        ],
        "effects": [],
        "range": "2.0.19 - 2.0.22",
        "nodes": [
          "node_modules/nodemon"
        ],
        "fixAvailable": true
      },
      "pg": {
        "name": "pg",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "semver"
        ],
        "effects": [
          "pg-promise"
        ],
        "range": "4.0.0-beta2 - 8.3.3",
        "nodes": [
          "node_modules/pg"
        ],
        "fixAvailable": {
          "name": "pg-promise",
          "version": "11.6.0",
          "isSemVerMajor": true
        }
      },
      "pg-promise": {
        "name": "pg-promise",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "pg"
        ],
        "effects": [],
        "range": "0.6.4 - 2.9.5 || 3.0.3 - 10.6.2",
        "nodes": [
          "node_modules/pg-promise"
        ],
        "fixAvailable": {
          "name": "pg-promise",
          "version": "11.6.0",
          "isSemVerMajor": true
        }
      },
      "preq": {
        "name": "preq",
        "severity": "high",
        "isDirect": true,
        "via": [
          "request",
          "requestretry"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/preq"
        ],
        "fixAvailable": false
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "preq",
          "requestretry"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": false
      },
      "requestretry": {
        "name": "requestretry",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1090420,
            "name": "requestretry",
            "dependency": "requestretry",
            "title": "Cookie exposure in requestretry",
            "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
            "severity": "high",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": "<7.0.0"
          },
          "request"
        ],
        "effects": [
          "preq"
        ],
        "range": "*",
        "nodes": [
          "node_modules/requestretry"
        ],
        "fixAvailable": false
      },
      "semver": {
        "name": "semver",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096482,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=7.0.0 <7.5.2"
          },
          {
            "source": 1096483,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<5.7.2"
          }
        ],
        "effects": [
          "pg",
          "simple-update-notifier"
        ],
        "range": ">=7.0.0 <7.5.2 || <5.7.2",
        "nodes": [
          "node_modules/pg/node_modules/semver",
          "node_modules/simple-update-notifier/node_modules/semver"
        ],
        "fixAvailable": {
          "name": "pg-promise",
          "version": "11.6.0",
          "isSemVerMajor": true
        }
      },
      "simple-update-notifier": {
        "name": "simple-update-notifier",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "semver"
        ],
        "effects": [
          "nodemon"
        ],
        "range": "1.0.7 - 1.1.0",
        "nodes": [
          "node_modules/simple-update-notifier"
        ],
        "fixAvailable": true
      },
      "swagger-ui-dist": {
        "name": "swagger-ui-dist",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          {
            "source": 1088759,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Spoofing attack in swagger-ui-dist",
            "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
            "severity": "moderate",
            "cwe": [
              "CWE-1021"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          },
          {
            "source": 1092160,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Server side request forgery in SwaggerUI",
            "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [],
        "range": "<=4.1.2",
        "nodes": [
          "node_modules/swagger-ui-dist"
        ],
        "fixAvailable": {
          "name": "swagger-ui-dist",
          "version": "5.15.1",
          "isSemVerMajor": true
        }
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096643,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": false
      },
      "wikimedia-kad-fork": {
        "name": "wikimedia-kad-fork",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "ms"
        ],
        "effects": [
          "limitation"
        ],
        "range": "*",
        "nodes": [
          "node_modules/wikimedia-kad-fork"
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 12,
        "high": 4,
        "critical": 0,
        "total": 16
      },
      "dependencies": {
        "prod": 252,
        "dev": 514,
        "optional": 15,
        "peer": 0,
        "peerOptional": 0,
        "total": 779
      }
    }
  }
}

--- end ---
{"added": 1, "removed": 0, "changed": 4, "audited": 780, "funding": 78, "audit": {"auditReportVersion": 2, "vulnerabilities": {"limitation": {"name": "limitation", "severity": "moderate", "isDirect": false, "via": ["wikimedia-kad-fork"], "effects": [], "range": ">=0.2.3", "nodes": ["node_modules/limitation"], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["mocha"], "range": "<3.0.5", "nodes": ["node_modules/mocha/node_modules/minimatch"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": true, "via": ["minimatch", "nanoid"], "effects": [], "range": "5.1.0 - 9.2.1", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "ms": {"name": "ms", "severity": "moderate", "isDirect": false, "via": [{"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}], "effects": ["wikimedia-kad-fork"], "range": "<2.0.0", "nodes": ["node_modules/wikimedia-kad-fork/node_modules/ms"], "fixAvailable": true}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1089011, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=3.0.0 <3.1.31"}], "effects": ["mocha"], "range": "3.0.0 - 3.1.30", "nodes": ["node_modules/nanoid"], "fixAvailable": {"name": "mocha", "version": "10.4.0", "isSemVerMajor": true}}, "nodemon": {"name": "nodemon", "severity": "moderate", "isDirect": true, "via": ["simple-update-notifier"], "effects": [], "range": "2.0.19 - 2.0.22", "nodes": ["node_modules/nodemon"], "fixAvailable": true}, "pg": {"name": "pg", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["pg-promise"], "range": "4.0.0-beta2 - 8.3.3", "nodes": ["node_modules/pg"], "fixAvailable": {"name": "pg-promise", "version": "11.6.0", "isSemVerMajor": true}}, "pg-promise": {"name": "pg-promise", "severity": "moderate", "isDirect": true, "via": ["pg"], "effects": [], "range": "0.6.4 - 2.9.5 || 3.0.3 - 10.6.2", "nodes": ["node_modules/pg-promise"], "fixAvailable": {"name": "pg-promise", "version": "11.6.0", "isSemVerMajor": true}}, "preq": {"name": "preq", "severity": "high", "isDirect": true, "via": ["request", "requestretry"], "effects": [], "range": "*", "nodes": ["node_modules/preq"], "fixAvailable": false}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["preq", "requestretry"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "requestretry": {"name": "requestretry", "severity": "high", "isDirect": false, "via": [{"source": 1090420, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": ["CWE-200"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<7.0.0"}, "request"], "effects": ["preq"], "range": "*", "nodes": ["node_modules/requestretry"], "fixAvailable": false}, "semver": {"name": "semver", "severity": "moderate", "isDirect": false, "via": [{"source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=7.0.0 <7.5.2"}, {"source": 1096483, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<5.7.2"}], "effects": ["pg", "simple-update-notifier"], "range": ">=7.0.0 <7.5.2 || <5.7.2", "nodes": ["node_modules/pg/node_modules/semver", "node_modules/simple-update-notifier/node_modules/semver"], "fixAvailable": {"name": "pg-promise", "version": "11.6.0", "isSemVerMajor": true}}, "simple-update-notifier": {"name": "simple-update-notifier", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["nodemon"], "range": "1.0.7 - 1.1.0", "nodes": ["node_modules/simple-update-notifier"], "fixAvailable": true}, "swagger-ui-dist": {"name": "swagger-ui-dist", "severity": "moderate", "isDirect": true, "via": [{"source": 1088759, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Spoofing attack in swagger-ui-dist", "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "severity": "moderate", "cwe": ["CWE-1021"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.1.3"}, {"source": 1092160, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Server side request forgery in SwaggerUI", "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<4.1.3"}], "effects": [], "range": "<=4.1.2", "nodes": ["node_modules/swagger-ui-dist"], "fixAvailable": {"name": "swagger-ui-dist", "version": "5.15.1", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}, "wikimedia-kad-fork": {"name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": ["ms"], "effects": ["limitation"], "range": "*", "nodes": ["node_modules/wikimedia-kad-fork"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 12, "high": 4, "critical": 0, "total": 16}, "dependencies": {"prod": 252, "dev": 514, "optional": 15, "peer": 0, "peerOptional": 0, "total": 779}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'geoshapes@0.0.1',
npm WARN EBADENGINE   required: { node: '^10' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated topojson@2.2.0: Use topojson-client, topojson-server or topojson-simplify directly.
--- stdout ---

changed 4 packages, and audited 779 packages in 2s

78 packages are looking for funding
  run `npm fund` for details

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/mocha/node_modules/minimatch
  mocha  5.1.0 - 9.2.1
  Depends on vulnerable versions of minimatch
  Depends on vulnerable versions of nanoid
  node_modules/mocha

ms  <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix`
node_modules/wikimedia-kad-fork/node_modules/ms
  wikimedia-kad-fork  *
  Depends on vulnerable versions of ms
  node_modules/wikimedia-kad-fork
    limitation  >=0.2.3
    Depends on vulnerable versions of wikimedia-kad-fork
    node_modules/limitation

nanoid  3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix --force`
Will install mocha@10.4.0, which is a breaking change
node_modules/nanoid

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  preq  *
  Depends on vulnerable versions of request
  Depends on vulnerable versions of requestretry
  node_modules/preq
  requestretry  *
  Depends on vulnerable versions of request
  node_modules/requestretry


semver  >=7.0.0 <7.5.2 || <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install pg-promise@11.6.0, which is a breaking change
node_modules/pg/node_modules/semver
node_modules/simple-update-notifier/node_modules/semver
  pg  4.0.0-beta2 - 8.3.3
  Depends on vulnerable versions of semver
  node_modules/pg
    pg-promise  0.6.4 - 2.9.5 || 3.0.3 - 10.6.2
    Depends on vulnerable versions of pg
    node_modules/pg-promise
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/nodemon

swagger-ui-dist  <=4.1.2
Severity: moderate
Spoofing attack in swagger-ui-dist - https://github.com/advisories/GHSA-6c9x-mj3g-h47x
Server side request forgery in SwaggerUI - https://github.com/advisories/GHSA-qrmm-w75w-3wpx
fix available via `npm audit fix --force`
Will install swagger-ui-dist@5.15.1, which is a breaking change
node_modules/swagger-ui-dist

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

16 vulnerabilities (12 moderate, 4 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'geoshapes@0.0.1',
npm WARN EBADENGINE   required: { node: '^10' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated gc-stats@1.4.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm WARN deprecated topojson@2.2.0: Use topojson-client, topojson-server or topojson-simplify directly.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated pg-promise@5.9.7: This version of pg-promise is obsolete. You should update to a newer version.
npm WARN deprecated sinon@9.2.4: 16.1.1
--- stdout ---

added 778 packages, and audited 779 packages in 24s

78 packages are looking for funding
  run `npm fund` for details

16 vulnerabilities (12 moderate, 4 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
Error: Debug Failure. False expression: Non-string value passed to `ts.resolveTypeReferenceDirective`, likely by a wrapping package working with an outdated `resolveTypeReferenceDirectives` signature. This is probably not a problem in TS itself.
    at Object.resolveTypeReferenceDirective (/src/repo/node_modules/typescript/lib/typescript.js:43500:18)
    at /src/repo/node_modules/ts-node/src/index.ts:623:55
    at Array.map (<anonymous>)
    at Object.resolveTypeReferenceDirectives (/src/repo/node_modules/ts-node/src/index.ts:622:33)
    at actualResolveTypeReferenceDirectiveNamesWorker (/src/repo/node_modules/typescript/lib/typescript.js:119382:163)
    at resolveTypeReferenceDirectiveNamesWorker (/src/repo/node_modules/typescript/lib/typescript.js:119682:26)
    at processTypeReferenceDirectives (/src/repo/node_modules/typescript/lib/typescript.js:121185:31)
    at findSourceFileWorker (/src/repo/node_modules/typescript/lib/typescript.js:121070:21)
    at findSourceFile (/src/repo/node_modules/typescript/lib/typescript.js:120922:26)
    at processImportedModules (/src/repo/node_modules/typescript/lib/typescript.js:121331:25)
    at findSourceFileWorker (/src/repo/node_modules/typescript/lib/typescript.js:121076:17)
    at findSourceFile (/src/repo/node_modules/typescript/lib/typescript.js:120922:26)
    at /src/repo/node_modules/typescript/lib/typescript.js:120871:85
    at getSourceFileFromReferenceWorker (/src/repo/node_modules/typescript/lib/typescript.js:120837:34)
    at processSourceFile (/src/repo/node_modules/typescript/lib/typescript.js:120871:13)
    at processRootFile (/src/repo/node_modules/typescript/lib/typescript.js:120672:13)
    at /src/repo/node_modules/typescript/lib/typescript.js:119473:67
    at Object.forEach (/src/repo/node_modules/typescript/lib/typescript.js:181:30)
    at Object.createProgram (/src/repo/node_modules/typescript/lib/typescript.js:119473:16)
    at synchronizeHostData (/src/repo/node_modules/typescript/lib/typescript.js:169335:26)
    at Object.getProgram (/src/repo/node_modules/typescript/lib/typescript.js:169449:13)
    at getOutput (/src/repo/node_modules/ts-node/src/index.ts:731:39)
    at Object.compile (/src/repo/node_modules/ts-node/src/index.ts:968:32)
    at Module.m._compile (/src/repo/node_modules/ts-node/src/index.ts:1056:42)
    at Module._extensions..js (node:internal/modules/cjs/loader:1414:10)
    at Object.require.extensions.<computed> [as .ts] (/src/repo/node_modules/ts-node/src/index.ts:1059:12)
    at Module.load (node:internal/modules/cjs/loader:1197:32)
    at Function.Module._load (node:internal/modules/cjs/loader:1013:12)
    at Module.require (node:internal/modules/cjs/loader:1225:19)
    at require (node:internal/modules/helpers:177:18)
    at Object.exports.requireOrImport (/src/repo/node_modules/mocha/lib/esm-utils.js:42:12)
    at Object.exports.loadFilesAsync (/src/repo/node_modules/mocha/lib/esm-utils.js:55:34)
    at Mocha.loadFilesAsync (/src/repo/node_modules/mocha/lib/mocha.js:473:19)
    at singleRun (/src/repo/node_modules/mocha/lib/cli/run-helpers.js:125:15)
    at exports.runMocha (/src/repo/node_modules/mocha/lib/cli/run-helpers.js:190:10)
    at Object.exports.handler (/src/repo/node_modules/mocha/lib/cli/run.js:362:11)
    at /src/repo/node_modules/mocha/node_modules/yargs/build/index.cjs:443:71
--- stdout ---

> geoshapes@0.0.1 test
> TESTING=true TS_NODE_FILES=true mocha -r ts-node/register 'test/**/*.ts'


--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1534, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1478, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 249, in npm_audit_fix
    self.check_call(['npm', 'test'])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 54, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.

npm dependencies

Dependencies
Development dependencies

Logs

Source code is licensed under the AGPL.