mediawiki/skins/Vector (REL1_35)

sourcepatches
$ date
--- stdout ---
Tue May 24 03:26:21 UTC 2022

--- end ---
$ git clone file:///srv/git/mediawiki-skins-Vector.git repo --depth=1 -b REL1_35
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_35
--- stdout ---
d46fb1a51958734e1fba20e835d553418355e225 refs/heads/REL1_35

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@storybook/components": {
      "name": "@storybook/components",
      "severity": "low",
      "via": [
        "react-syntax-highlighter"
      ],
      "effects": [
        "@storybook/ui"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/components"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "high",
      "via": [
        "@storybook/ui",
        "ejs",
        "react-dev-utils"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "via": [
        "@storybook/core"
      ],
      "effects": [],
      "range": "<=6.0.0-rc.30",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "@storybook/ui": {
      "name": "@storybook/ui",
      "severity": "low",
      "via": [
        "@storybook/components"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/ui"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "via": [
        {
          "source": 1067902,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "fork-ts-checker-webpack-plugin",
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/chokidar"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "moderate",
      "via": [
        "nth-check"
      ],
      "effects": [
        "svgo"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": true
      }
    },
    "ejs": {
      "name": "ejs",
      "severity": "high",
      "via": [
        {
          "source": 1070256,
          "name": "ejs",
          "dependency": "ejs",
          "title": "Template injection in ejs",
          "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
          "severity": "high",
          "range": "<3.1.7"
        }
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<3.1.7",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "fork-ts-checker-webpack-plugin": {
      "name": "fork-ts-checker-webpack-plugin",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/fork-ts-checker-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "via": [
        {
          "source": 1067329,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service in glob-parent",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "via": [
        "fast-glob"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "highlight.js": {
      "name": "highlight.js",
      "severity": "moderate",
      "via": [
        {
          "source": 1070149,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "Prototype Pollution in highlight.js",
          "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx",
          "severity": "low",
          "range": "<9.18.2"
        },
        {
          "source": 1070286,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "ReDOS vulnerabities: multiple grammars",
          "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq",
          "severity": "moderate",
          "range": ">=9.0.0 <10.4.1"
        }
      ],
      "effects": [
        "lowlight",
        "react-syntax-highlighter"
      ],
      "range": "<=10.4.0",
      "nodes": [
        "node_modules/highlight.js"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "immer": {
      "name": "immer",
      "severity": "high",
      "via": [
        {
          "source": 1067715,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
          "severity": "high",
          "range": "<9.0.6"
        },
        {
          "source": 1068264,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-9qmh-276g-x5pj",
          "severity": "high",
          "range": "<8.0.1"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=9.0.5",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "via": [
        {
          "source": 1068298,
          "name": "ini",
          "dependency": "ini",
          "title": "Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/fsevents/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "lowlight": {
      "name": "lowlight",
      "severity": "low",
      "via": [
        "highlight.js"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "1.2.0 - 1.13.1",
      "nodes": [
        "node_modules/lowlight"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        },
        {
          "source": 1070254,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1070255,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "range": "<0.2.1"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=1.2.5",
      "nodes": [
        "node_modules/fsevents/node_modules/minimist",
        "node_modules/fsevents/node_modules/rc/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/fsevents/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "moderate",
      "via": [
        {
          "source": 1067654,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "moderate",
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": true
      }
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "via": [
        {
          "source": 1067401,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1067816,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service (ReDoS) in Prism",
          "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg",
          "severity": "high",
          "range": "<1.24.0"
        },
        {
          "source": 1068235,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Denial of service in prismjs",
          "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w",
          "severity": "high",
          "range": "<1.23.0"
        },
        {
          "source": 1070166,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-Site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9",
          "severity": "high",
          "range": ">=1.1.0 <1.21.0"
        },
        {
          "source": 1070329,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service in prismjs",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "range": "<1.25.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/refractor/node_modules/prismjs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "high",
      "via": [
        {
          "source": 1068216,
          "name": "react-dev-utils",
          "dependency": "react-dev-utils",
          "title": "Improper Neutralization of Special Elements used in an OS Command.",
          "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x",
          "severity": "moderate",
          "range": ">=0.4.0 <11.0.4"
        },
        "browserslist",
        "fork-ts-checker-webpack-plugin",
        "globby",
        "immer"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "0.4.0 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "react-syntax-highlighter": {
      "name": "react-syntax-highlighter",
      "severity": "moderate",
      "via": [
        "highlight.js",
        "lowlight",
        "refractor"
      ],
      "effects": [
        "@storybook/components"
      ],
      "range": "2.0.4 - 12.2.1",
      "nodes": [
        "node_modules/react-syntax-highlighter"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "via": [
        "prismjs"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "svgo": {
      "name": "svgo",
      "severity": "moderate",
      "via": [
        "css-select"
      ],
      "effects": [],
      "range": "1.0.0 - 1.3.2",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "via": [
        {
          "source": 1070363,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "range": "<4.4.18"
        },
        {
          "source": 1070369,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "range": "<4.4.16"
        },
        {
          "source": 1070372,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1070376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "range": ">=4.0.0 <4.4.15"
        }
      ],
      "effects": [],
      "range": "<=4.4.17",
      "nodes": [
        "node_modules/fsevents/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [
        "webpack"
      ],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack": {
      "name": "webpack",
      "severity": "high",
      "via": [
        "watchpack"
      ],
      "effects": [],
      "range": "4.44.0 - 4.46.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 3,
      "moderate": 8,
      "high": 16,
      "critical": 1,
      "total": 28
    },
    "dependencies": {
      "prod": 1,
      "dev": 1649,
      "optional": 121,
      "peer": 0,
      "peerOptional": 0,
      "total": 1649
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 33 installs, 0 updates, 0 removals
  - Locking composer/installers (v2.1.1)
  - Locking composer/semver (1.7.2)
  - Locking composer/spdx-licenses (1.5.7)
  - Locking composer/xdebug-handler (1.4.6)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v38.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.10.2)
  - Locking mediawiki/minus-x (1.1.0)
  - Locking mediawiki/phan-taint-check-plugin (3.0.2)
  - Locking microsoft/tolerant-php-parser (v0.0.20)
  - Locking netresearch/jsonmapper (v2.1.0)
  - Locking phan/phan (2.6.1)
  - Locking php-parallel-lint/php-console-color (v0.3)
  - Locking php-parallel-lint/php-console-highlighter (v0.5)
  - Locking php-parallel-lint/php-parallel-lint (v1.2.0)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.3.0)
  - Locking phpdocumentor/type-resolver (1.6.1)
  - Locking psr/container (1.1.2)
  - Locking psr/log (1.1.4)
  - Locking sabre/event (5.1.4)
  - Locking squizlabs/php_codesniffer (3.6.1)
  - Locking symfony/console (v5.4.8)
  - Locking symfony/deprecation-contracts (v2.5.1)
  - Locking symfony/polyfill-ctype (v1.25.0)
  - Locking symfony/polyfill-intl-grapheme (v1.25.0)
  - Locking symfony/polyfill-intl-normalizer (v1.25.0)
  - Locking symfony/polyfill-mbstring (v1.25.0)
  - Locking symfony/polyfill-php73 (v1.25.0)
  - Locking symfony/polyfill-php80 (v1.25.0)
  - Locking symfony/service-contracts (v2.5.1)
  - Locking symfony/string (v5.4.8)
  - Locking webmozart/assert (1.10.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 33 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]    0 [--->------------------------]  - Installing composer/installers (v2.1.1): Extracting archive
  - Installing squizlabs/php_codesniffer (3.6.1): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.25.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.7): Extracting archive
  - Installing composer/semver (1.7.2): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v38.0.0): Extracting archive
  - Installing symfony/polyfill-php80 (v1.25.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.25.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.25.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.25.0): Extracting archive
  - Installing symfony/string (v5.4.8): Extracting archive
  - Installing symfony/deprecation-contracts (v2.5.1): Extracting archive
  - Installing psr/container (1.1.2): Extracting archive
  - Installing symfony/service-contracts (v2.5.1): Extracting archive
  - Installing symfony/polyfill-php73 (v1.25.0): Extracting archive
  - Installing symfony/console (v5.4.8): Extracting archive
  - Installing sabre/event (5.1.4): Extracting archive
  - Installing netresearch/jsonmapper (v2.1.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.0.20): Extracting archive
  - Installing webmozart/assert (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.6.1): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing composer/xdebug-handler (1.4.6): Extracting archive
  - Installing phan/phan (2.6.1): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (3.0.2): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.10.2): Extracting archive
  - Installing mediawiki/minus-x (1.1.0): Extracting archive
  - Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.2.0): Extracting archive
  0/23 [>---------------------------]   0%
 10/23 [============>---------------]  43%
 19/23 [=======================>----]  82%
 23/23 [============================] 100%5 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
14 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@storybook/components": {
      "name": "@storybook/components",
      "severity": "low",
      "via": [
        "react-syntax-highlighter"
      ],
      "effects": [
        "@storybook/ui"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/components"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "high",
      "via": [
        "@storybook/ui",
        "ejs",
        "react-dev-utils"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "via": [
        "@storybook/core"
      ],
      "effects": [],
      "range": "<=6.0.0-rc.30",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "@storybook/ui": {
      "name": "@storybook/ui",
      "severity": "low",
      "via": [
        "@storybook/components"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/ui"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "via": [
        {
          "source": 1067902,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "fork-ts-checker-webpack-plugin",
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/chokidar"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "css-select": {
      "name": "css-select",
      "severity": "moderate",
      "via": [
        "nth-check"
      ],
      "effects": [
        "svgo"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": true
      }
    },
    "ejs": {
      "name": "ejs",
      "severity": "high",
      "via": [
        {
          "source": 1070256,
          "name": "ejs",
          "dependency": "ejs",
          "title": "Template injection in ejs",
          "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
          "severity": "high",
          "range": "<3.1.7"
        }
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<3.1.7",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "fork-ts-checker-webpack-plugin": {
      "name": "fork-ts-checker-webpack-plugin",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/fork-ts-checker-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "via": [
        {
          "source": 1067329,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service in glob-parent",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "via": [
        "fast-glob"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "highlight.js": {
      "name": "highlight.js",
      "severity": "moderate",
      "via": [
        {
          "source": 1070149,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "Prototype Pollution in highlight.js",
          "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx",
          "severity": "low",
          "range": "<9.18.2"
        },
        {
          "source": 1070286,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "ReDOS vulnerabities: multiple grammars",
          "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq",
          "severity": "moderate",
          "range": ">=9.0.0 <10.4.1"
        }
      ],
      "effects": [
        "lowlight",
        "react-syntax-highlighter"
      ],
      "range": "<=10.4.0",
      "nodes": [
        "node_modules/highlight.js"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "immer": {
      "name": "immer",
      "severity": "high",
      "via": [
        {
          "source": 1067715,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
          "severity": "high",
          "range": "<9.0.6"
        },
        {
          "source": 1068264,
          "name": "immer",
          "dependency": "immer",
          "title": "Prototype Pollution in immer",
          "url": "https://github.com/advisories/GHSA-9qmh-276g-x5pj",
          "severity": "high",
          "range": "<8.0.1"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=9.0.5",
      "nodes": [
        "node_modules/immer"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "via": [
        {
          "source": 1068298,
          "name": "ini",
          "dependency": "ini",
          "title": "Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/fsevents/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "lowlight": {
      "name": "lowlight",
      "severity": "low",
      "via": [
        "highlight.js"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "1.2.0 - 1.13.1",
      "nodes": [
        "node_modules/lowlight"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        },
        {
          "source": 1070254,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1070255,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "range": "<0.2.1"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=1.2.5",
      "nodes": [
        "node_modules/fsevents/node_modules/minimist",
        "node_modules/fsevents/node_modules/rc/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/fsevents/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "moderate",
      "via": [
        {
          "source": 1067654,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "moderate",
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": true
      }
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "via": [
        {
          "source": 1067401,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1067816,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service (ReDoS) in Prism",
          "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg",
          "severity": "high",
          "range": "<1.24.0"
        },
        {
          "source": 1068235,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Denial of service in prismjs",
          "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w",
          "severity": "high",
          "range": "<1.23.0"
        },
        {
          "source": 1070166,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-Site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9",
          "severity": "high",
          "range": ">=1.1.0 <1.21.0"
        },
        {
          "source": 1070329,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service in prismjs",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "range": "<1.25.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/refractor/node_modules/prismjs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "high",
      "via": [
        {
          "source": 1068216,
          "name": "react-dev-utils",
          "dependency": "react-dev-utils",
          "title": "Improper Neutralization of Special Elements used in an OS Command.",
          "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x",
          "severity": "moderate",
          "range": ">=0.4.0 <11.0.4"
        },
        "browserslist",
        "fork-ts-checker-webpack-plugin",
        "globby",
        "immer"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "0.4.0 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "react-syntax-highlighter": {
      "name": "react-syntax-highlighter",
      "severity": "moderate",
      "via": [
        "highlight.js",
        "lowlight",
        "refractor"
      ],
      "effects": [
        "@storybook/components"
      ],
      "range": "2.0.4 - 12.2.1",
      "nodes": [
        "node_modules/react-syntax-highlighter"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "via": [
        "prismjs"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "6.5.4",
        "isSemVerMajor": true
      }
    },
    "svgo": {
      "name": "svgo",
      "severity": "moderate",
      "via": [
        "css-select"
      ],
      "effects": [],
      "range": "1.0.0 - 1.3.2",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "svgo",
        "version": "2.8.0",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "via": [
        {
          "source": 1070363,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "range": "<4.4.18"
        },
        {
          "source": 1070369,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "range": "<4.4.16"
        },
        {
          "source": 1070372,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1070376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "range": ">=4.0.0 <4.4.15"
        }
      ],
      "effects": [],
      "range": "<=4.4.17",
      "nodes": [
        "node_modules/fsevents/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [
        "webpack"
      ],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack": {
      "name": "webpack",
      "severity": "high",
      "via": [
        "watchpack"
      ],
      "effects": [],
      "range": "4.44.0 - 4.46.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 3,
      "moderate": 8,
      "high": 16,
      "critical": 1,
      "total": 28
    },
    "dependencies": {
      "prod": 1,
      "dev": 1649,
      "optional": 121,
      "peer": 0,
      "peerOptional": 0,
      "total": 1649
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps
--- stderr ---
npm WARN audit fix tar@4.4.13 node_modules/fsevents/node_modules/tar
npm WARN audit fix tar@4.4.13 is a bundled dependency of
npm WARN audit fix tar@4.4.13 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix tar@4.4.13 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.13 Check for updates to the fsevents package.
npm WARN audit fix minimist@1.2.0 node_modules/fsevents/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the fsevents package.
npm WARN audit fix minimist@0.0.8 node_modules/fsevents/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the fsevents package.
npm WARN audit fix ini@1.3.5 node_modules/fsevents/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the fsevents package.
npm WARN audit fix mkdirp@0.5.1 node_modules/fsevents/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the fsevents package.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'klaw@4.0.1',
npm WARN EBADENGINE   required: { node: '>=14.14.0' },
npm WARN EBADENGINE   current: { node: 'v12.22.5', npm: '7.5.2' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 1582,
  "removed": 0,
  "changed": 0,
  "audited": 1650,
  "funding": 14,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@storybook/components": {
        "name": "@storybook/components",
        "severity": "low",
        "via": [
          "react-syntax-highlighter"
        ],
        "effects": [
          "@storybook/ui"
        ],
        "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
        "nodes": [
          "node_modules/@storybook/components"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "@storybook/core": {
        "name": "@storybook/core",
        "severity": "high",
        "via": [
          "@storybook/ui",
          "ejs",
          "react-dev-utils"
        ],
        "effects": [
          "@storybook/html"
        ],
        "range": "4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13",
        "nodes": [
          "node_modules/@storybook/core"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "@storybook/html": {
        "name": "@storybook/html",
        "severity": "high",
        "via": [
          "@storybook/core"
        ],
        "effects": [],
        "range": "<=6.0.0-rc.30",
        "nodes": [
          "node_modules/@storybook/html"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "@storybook/ui": {
        "name": "@storybook/ui",
        "severity": "low",
        "via": [
          "@storybook/components"
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
        "nodes": [
          "node_modules/@storybook/ui"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "browserslist": {
        "name": "browserslist",
        "severity": "moderate",
        "via": [
          {
            "source": 1067902,
            "name": "browserslist",
            "dependency": "browserslist",
            "title": "Regular Expression Denial of Service in browserslist",
            "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
            "severity": "moderate",
            "range": ">=4.0.0 <4.16.5"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "4.0.0 - 4.16.4",
        "nodes": [
          "node_modules/react-dev-utils/node_modules/browserslist"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "chokidar": {
        "name": "chokidar",
        "severity": "high",
        "via": [
          "glob-parent"
        ],
        "effects": [
          "fork-ts-checker-webpack-plugin",
          "watchpack-chokidar2"
        ],
        "range": "1.0.0-rc1 - 2.1.8",
        "nodes": [
          "node_modules/chokidar"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "css-select": {
        "name": "css-select",
        "severity": "moderate",
        "via": [
          "nth-check"
        ],
        "effects": [
          "svgo"
        ],
        "range": "<=3.1.0",
        "nodes": [
          "node_modules/svgo/node_modules/css-select"
        ],
        "fixAvailable": {
          "name": "svgo",
          "version": "2.8.0",
          "isSemVerMajor": true
        }
      },
      "ejs": {
        "name": "ejs",
        "severity": "high",
        "via": [
          {
            "source": 1070256,
            "name": "ejs",
            "dependency": "ejs",
            "title": "Template injection in ejs",
            "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
            "severity": "high",
            "range": "<3.1.7"
          }
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "<3.1.7",
        "nodes": [
          "node_modules/ejs"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "fast-glob": {
        "name": "fast-glob",
        "severity": "high",
        "via": [
          "glob-parent"
        ],
        "effects": [
          "globby"
        ],
        "range": "<=2.2.7",
        "nodes": [
          "node_modules/fast-glob"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "fork-ts-checker-webpack-plugin": {
        "name": "fork-ts-checker-webpack-plugin",
        "severity": "high",
        "via": [
          "chokidar"
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "<=3.1.0",
        "nodes": [
          "node_modules/fork-ts-checker-webpack-plugin"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "glob-parent": {
        "name": "glob-parent",
        "severity": "high",
        "via": [
          {
            "source": 1067329,
            "name": "glob-parent",
            "dependency": "glob-parent",
            "title": "Regular expression denial of service in glob-parent",
            "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
            "severity": "high",
            "range": "<5.1.2"
          }
        ],
        "effects": [
          "chokidar",
          "fast-glob"
        ],
        "range": "<5.1.2",
        "nodes": [
          "node_modules/glob-parent"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "globby": {
        "name": "globby",
        "severity": "high",
        "via": [
          "fast-glob"
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "8.0.0 - 9.2.0",
        "nodes": [
          "node_modules/globby"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "highlight.js": {
        "name": "highlight.js",
        "severity": "moderate",
        "via": [
          {
            "source": 1070149,
            "name": "highlight.js",
            "dependency": "highlight.js",
            "title": "Prototype Pollution in highlight.js",
            "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx",
            "severity": "low",
            "range": "<9.18.2"
          },
          {
            "source": 1070286,
            "name": "highlight.js",
            "dependency": "highlight.js",
            "title": "ReDOS vulnerabities: multiple grammars",
            "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq",
            "severity": "moderate",
            "range": ">=9.0.0 <10.4.1"
          }
        ],
        "effects": [
          "lowlight",
          "react-syntax-highlighter"
        ],
        "range": "<=10.4.0",
        "nodes": [
          "node_modules/highlight.js"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "immer": {
        "name": "immer",
        "severity": "high",
        "via": [
          {
            "source": 1067715,
            "name": "immer",
            "dependency": "immer",
            "title": "Prototype Pollution in immer",
            "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx",
            "severity": "high",
            "range": "<9.0.6"
          },
          {
            "source": 1068264,
            "name": "immer",
            "dependency": "immer",
            "title": "Prototype Pollution in immer",
            "url": "https://github.com/advisories/GHSA-9qmh-276g-x5pj",
            "severity": "high",
            "range": "<8.0.1"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "<=9.0.5",
        "nodes": [
          "node_modules/immer"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "ini": {
        "name": "ini",
        "severity": "high",
        "via": [
          {
            "source": 1068298,
            "name": "ini",
            "dependency": "ini",
            "title": "Prototype Pollution",
            "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
            "severity": "high",
            "range": "<1.3.6"
          }
        ],
        "effects": [],
        "range": "<1.3.6",
        "nodes": [
          "node_modules/fsevents/node_modules/ini"
        ],
        "fixAvailable": true
      },
      "lowlight": {
        "name": "lowlight",
        "severity": "low",
        "via": [
          "highlight.js"
        ],
        "effects": [
          "react-syntax-highlighter"
        ],
        "range": "1.2.0 - 1.13.1",
        "nodes": [
          "node_modules/lowlight"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "minimist": {
        "name": "minimist",
        "severity": "critical",
        "via": [
          {
            "source": 1067342,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "range": "<1.2.6"
          },
          {
            "source": 1070254,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "range": ">=1.0.0 <1.2.3"
          },
          {
            "source": 1070255,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "range": "<0.2.1"
          }
        ],
        "effects": [
          "mkdirp"
        ],
        "range": "<=1.2.5",
        "nodes": [
          "node_modules/fsevents/node_modules/minimist",
          "node_modules/fsevents/node_modules/rc/node_modules/minimist"
        ],
        "fixAvailable": true
      },
      "mkdirp": {
        "name": "mkdirp",
        "severity": "moderate",
        "via": [
          "minimist"
        ],
        "effects": [],
        "range": "0.4.1 - 0.5.1",
        "nodes": [
          "node_modules/fsevents/node_modules/mkdirp"
        ],
        "fixAvailable": true
      },
      "nth-check": {
        "name": "nth-check",
        "severity": "moderate",
        "via": [
          {
            "source": 1067654,
            "name": "nth-check",
            "dependency": "nth-check",
            "title": "Inefficient Regular Expression Complexity in nth-check",
            "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
            "severity": "moderate",
            "range": "<2.0.1"
          }
        ],
        "effects": [
          "css-select"
        ],
        "range": "<2.0.1",
        "nodes": [
          "node_modules/nth-check"
        ],
        "fixAvailable": {
          "name": "svgo",
          "version": "2.8.0",
          "isSemVerMajor": true
        }
      },
      "prismjs": {
        "name": "prismjs",
        "severity": "high",
        "via": [
          {
            "source": 1067401,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Cross-site Scripting in Prism",
            "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
            "severity": "high",
            "range": ">=1.14.0 <1.27.0"
          },
          {
            "source": 1067816,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Regular Expression Denial of Service (ReDoS) in Prism",
            "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg",
            "severity": "high",
            "range": "<1.24.0"
          },
          {
            "source": 1068235,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Denial of service in prismjs",
            "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w",
            "severity": "high",
            "range": "<1.23.0"
          },
          {
            "source": 1070166,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Cross-Site Scripting in Prism",
            "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9",
            "severity": "high",
            "range": ">=1.1.0 <1.21.0"
          },
          {
            "source": 1070329,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Regular Expression Denial of Service in prismjs",
            "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
            "severity": "moderate",
            "range": "<1.25.0"
          }
        ],
        "effects": [
          "refractor"
        ],
        "range": "<=1.26.0",
        "nodes": [
          "node_modules/refractor/node_modules/prismjs"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "react-dev-utils": {
        "name": "react-dev-utils",
        "severity": "high",
        "via": [
          {
            "source": 1068216,
            "name": "react-dev-utils",
            "dependency": "react-dev-utils",
            "title": "Improper Neutralization of Special Elements used in an OS Command.",
            "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x",
            "severity": "moderate",
            "range": ">=0.4.0 <11.0.4"
          },
          "browserslist",
          "fork-ts-checker-webpack-plugin",
          "globby",
          "immer"
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "0.4.0 - 12.0.0-next.60",
        "nodes": [
          "node_modules/react-dev-utils"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "react-syntax-highlighter": {
        "name": "react-syntax-highlighter",
        "severity": "moderate",
        "via": [
          "highlight.js",
          "lowlight",
          "refractor"
        ],
        "effects": [
          "@storybook/components"
        ],
        "range": "2.0.4 - 12.2.1",
        "nodes": [
          "node_modules/react-syntax-highlighter"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "refractor": {
        "name": "refractor",
        "severity": "moderate",
        "via": [
          "prismjs"
        ],
        "effects": [
          "react-syntax-highlighter"
        ],
        "range": "<=3.4.0 || 4.0.0 - 4.1.1",
        "nodes": [
          "node_modules/refractor"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "6.5.4",
          "isSemVerMajor": true
        }
      },
      "svgo": {
        "name": "svgo",
        "severity": "moderate",
        "via": [
          "css-select"
        ],
        "effects": [],
        "range": "1.0.0 - 1.3.2",
        "nodes": [
          "node_modules/svgo"
        ],
        "fixAvailable": {
          "name": "svgo",
          "version": "2.8.0",
          "isSemVerMajor": true
        }
      },
      "tar": {
        "name": "tar",
        "severity": "high",
        "via": [
          {
            "source": 1070363,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
            "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
            "severity": "high",
            "range": "<4.4.18"
          },
          {
            "source": 1070369,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
            "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
            "severity": "high",
            "range": "<4.4.16"
          },
          {
            "source": 1070372,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
            "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
            "severity": "high",
            "range": ">=4.0.0 <4.4.14"
          },
          {
            "source": 1070376,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
            "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
            "severity": "high",
            "range": ">=4.0.0 <4.4.15"
          }
        ],
        "effects": [],
        "range": "<=4.4.17",
        "nodes": [
          "node_modules/fsevents/node_modules/tar"
        ],
        "fixAvailable": true
      },
      "watchpack": {
        "name": "watchpack",
        "severity": "high",
        "via": [
          "watchpack-chokidar2"
        ],
        "effects": [
          "webpack"
        ],
        "range": "1.7.2 - 1.7.5",
        "nodes": [
          "node_modules/watchpack"
        ],
        "fixAvailable": true
      },
      "watchpack-chokidar2": {
        "name": "watchpack-chokidar2",
        "severity": "high",
        "via": [
          "chokidar"
        ],
        "effects": [
          "watchpack"
        ],
        "range": "*",
        "nodes": [
          "node_modules/watchpack-chokidar2"
        ],
        "fixAvailable": true
      },
      "webpack": {
        "name": "webpack",
        "severity": "high",
        "via": [
          "watchpack"
        ],
        "effects": [],
        "range": "4.44.0 - 4.46.0",
        "nodes": [
          "node_modules/webpack"
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 3,
        "moderate": 8,
        "high": 16,
        "critical": 1,
        "total": 28
      },
      "dependencies": {
        "prod": 1,
        "dev": 1649,
        "optional": 121,
        "peer": 0,
        "peerOptional": 0,
        "total": 1649
      }
    }
  }
}

--- end ---
{"added": 1582, "removed": 0, "changed": 0, "audited": 1650, "funding": 14, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@storybook/components": {"name": "@storybook/components", "severity": "low", "via": ["react-syntax-highlighter"], "effects": ["@storybook/ui"], "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28", "nodes": ["node_modules/@storybook/components"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "via": ["@storybook/ui", "ejs", "react-dev-utils"], "effects": ["@storybook/html"], "range": "4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13", "nodes": ["node_modules/@storybook/core"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "@storybook/html": {"name": "@storybook/html", "severity": "high", "via": ["@storybook/core"], "effects": [], "range": "<=6.0.0-rc.30", "nodes": ["node_modules/@storybook/html"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "@storybook/ui": {"name": "@storybook/ui", "severity": "low", "via": ["@storybook/components"], "effects": ["@storybook/core"], "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28", "nodes": ["node_modules/@storybook/ui"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "browserslist": {"name": "browserslist", "severity": "moderate", "via": [{"source": 1067902, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "range": ">=4.0.0 <4.16.5"}], "effects": ["react-dev-utils"], "range": "4.0.0 - 4.16.4", "nodes": ["node_modules/react-dev-utils/node_modules/browserslist"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "via": ["glob-parent"], "effects": ["fork-ts-checker-webpack-plugin", "watchpack-chokidar2"], "range": "1.0.0-rc1 - 2.1.8", "nodes": ["node_modules/chokidar"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "css-select": {"name": "css-select", "severity": "moderate", "via": ["nth-check"], "effects": ["svgo"], "range": "<=3.1.0", "nodes": ["node_modules/svgo/node_modules/css-select"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": true}}, "ejs": {"name": "ejs", "severity": "high", "via": [{"source": 1070256, "name": "ejs", "dependency": "ejs", "title": "Template injection in ejs", "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q", "severity": "high", "range": "<3.1.7"}], "effects": ["@storybook/core"], "range": "<3.1.7", "nodes": ["node_modules/ejs"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "fast-glob": {"name": "fast-glob", "severity": "high", "via": ["glob-parent"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/fast-glob"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "high", "via": ["chokidar"], "effects": ["react-dev-utils"], "range": "<=3.1.0", "nodes": ["node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "glob-parent": {"name": "glob-parent", "severity": "high", "via": [{"source": 1067329, "name": "glob-parent", "dependency": "glob-parent", "title": "Regular expression denial of service in glob-parent", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "range": "<5.1.2"}], "effects": ["chokidar", "fast-glob"], "range": "<5.1.2", "nodes": ["node_modules/glob-parent"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "globby": {"name": "globby", "severity": "high", "via": ["fast-glob"], "effects": ["react-dev-utils"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/globby"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "highlight.js": {"name": "highlight.js", "severity": "moderate", "via": [{"source": 1070149, "name": "highlight.js", "dependency": "highlight.js", "title": "Prototype Pollution in highlight.js", "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx", "severity": "low", "range": "<9.18.2"}, {"source": 1070286, "name": "highlight.js", "dependency": "highlight.js", "title": "ReDOS vulnerabities: multiple grammars", "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq", "severity": "moderate", "range": ">=9.0.0 <10.4.1"}], "effects": ["lowlight", "react-syntax-highlighter"], "range": "<=10.4.0", "nodes": ["node_modules/highlight.js"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "immer": {"name": "immer", "severity": "high", "via": [{"source": 1067715, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-c36v-fmgq-m8hx", "severity": "high", "range": "<9.0.6"}, {"source": 1068264, "name": "immer", "dependency": "immer", "title": "Prototype Pollution in immer", "url": "https://github.com/advisories/GHSA-9qmh-276g-x5pj", "severity": "high", "range": "<8.0.1"}], "effects": ["react-dev-utils"], "range": "<=9.0.5", "nodes": ["node_modules/immer"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "ini": {"name": "ini", "severity": "high", "via": [{"source": 1068298, "name": "ini", "dependency": "ini", "title": "Prototype Pollution", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "range": "<1.3.6"}], "effects": [], "range": "<1.3.6", "nodes": ["node_modules/fsevents/node_modules/ini"], "fixAvailable": true}, "lowlight": {"name": "lowlight", "severity": "low", "via": ["highlight.js"], "effects": ["react-syntax-highlighter"], "range": "1.2.0 - 1.13.1", "nodes": ["node_modules/lowlight"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "minimist": {"name": "minimist", "severity": "critical", "via": [{"source": 1067342, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "range": "<1.2.6"}, {"source": 1070254, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "range": ">=1.0.0 <1.2.3"}, {"source": 1070255, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "range": "<0.2.1"}], "effects": ["mkdirp"], "range": "<=1.2.5", "nodes": ["node_modules/fsevents/node_modules/minimist", "node_modules/fsevents/node_modules/rc/node_modules/minimist"], "fixAvailable": true}, "mkdirp": {"name": "mkdirp", "severity": "moderate", "via": ["minimist"], "effects": [], "range": "0.4.1 - 0.5.1", "nodes": ["node_modules/fsevents/node_modules/mkdirp"], "fixAvailable": true}, "nth-check": {"name": "nth-check", "severity": "moderate", "via": [{"source": 1067654, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "moderate", "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["node_modules/nth-check"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": true}}, "prismjs": {"name": "prismjs", "severity": "high", "via": [{"source": 1067401, "name": "prismjs", "dependency": "prismjs", "title": "Cross-site Scripting in Prism", "url": "https://github.com/advisories/GHSA-3949-f494-cm99", "severity": "high", "range": ">=1.14.0 <1.27.0"}, {"source": 1067816, "name": "prismjs", "dependency": "prismjs", "title": "Regular Expression Denial of Service (ReDoS) in Prism", "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg", "severity": "high", "range": "<1.24.0"}, {"source": 1068235, "name": "prismjs", "dependency": "prismjs", "title": "Denial of service in prismjs", "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w", "severity": "high", "range": "<1.23.0"}, {"source": 1070166, "name": "prismjs", "dependency": "prismjs", "title": "Cross-Site Scripting in Prism", "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9", "severity": "high", "range": ">=1.1.0 <1.21.0"}, {"source": 1070329, "name": "prismjs", "dependency": "prismjs", "title": "Regular Expression Denial of Service in prismjs", "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96", "severity": "moderate", "range": "<1.25.0"}], "effects": ["refractor"], "range": "<=1.26.0", "nodes": ["node_modules/refractor/node_modules/prismjs"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "react-dev-utils": {"name": "react-dev-utils", "severity": "high", "via": [{"source": 1068216, "name": "react-dev-utils", "dependency": "react-dev-utils", "title": "Improper Neutralization of Special Elements used in an OS Command.", "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x", "severity": "moderate", "range": ">=0.4.0 <11.0.4"}, "browserslist", "fork-ts-checker-webpack-plugin", "globby", "immer"], "effects": ["@storybook/core"], "range": "0.4.0 - 12.0.0-next.60", "nodes": ["node_modules/react-dev-utils"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "react-syntax-highlighter": {"name": "react-syntax-highlighter", "severity": "moderate", "via": ["highlight.js", "lowlight", "refractor"], "effects": ["@storybook/components"], "range": "2.0.4 - 12.2.1", "nodes": ["node_modules/react-syntax-highlighter"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "refractor": {"name": "refractor", "severity": "moderate", "via": ["prismjs"], "effects": ["react-syntax-highlighter"], "range": "<=3.4.0 || 4.0.0 - 4.1.1", "nodes": ["node_modules/refractor"], "fixAvailable": {"name": "@storybook/html", "version": "6.5.4", "isSemVerMajor": true}}, "svgo": {"name": "svgo", "severity": "moderate", "via": ["css-select"], "effects": [], "range": "1.0.0 - 1.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "svgo", "version": "2.8.0", "isSemVerMajor": true}}, "tar": {"name": "tar", "severity": "high", "via": [{"source": 1070363, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "range": "<4.4.18"}, {"source": 1070369, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "range": "<4.4.16"}, {"source": 1070372, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "range": ">=4.0.0 <4.4.14"}, {"source": 1070376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "range": ">=4.0.0 <4.4.15"}], "effects": [], "range": "<=4.4.17", "nodes": ["node_modules/fsevents/node_modules/tar"], "fixAvailable": true}, "watchpack": {"name": "watchpack", "severity": "high", "via": ["watchpack-chokidar2"], "effects": ["webpack"], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/watchpack"], "fixAvailable": true}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": true}, "webpack": {"name": "webpack", "severity": "high", "via": ["watchpack"], "effects": [], "range": "4.44.0 - 4.46.0", "nodes": ["node_modules/webpack"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 3, "moderate": 8, "high": 16, "critical": 1, "total": 28}, "dependencies": {"prod": 1, "dev": 1649, "optional": 121, "peer": 0, "peerOptional": 0, "total": 1649}}}}
$ /usr/bin/npm audit fix --only=dev --legacy-peer-deps
--- stderr ---
npm WARN audit fix tar@4.4.13 node_modules/fsevents/node_modules/tar
npm WARN audit fix tar@4.4.13 is a bundled dependency of
npm WARN audit fix tar@4.4.13 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix tar@4.4.13 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.13 Check for updates to the fsevents package.
npm WARN audit fix minimist@1.2.0 node_modules/fsevents/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the fsevents package.
npm WARN audit fix minimist@0.0.8 node_modules/fsevents/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the fsevents package.
npm WARN audit fix ini@1.3.5 node_modules/fsevents/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the fsevents package.
npm WARN audit fix mkdirp@0.5.1 node_modules/fsevents/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 fsevents@1.2.11 at node_modules/fsevents
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the fsevents package.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'klaw@4.0.1',
npm WARN EBADENGINE   required: { node: '>=14.14.0' },
npm WARN EBADENGINE   current: { node: 'v12.22.5', npm: '7.5.2' }
npm WARN EBADENGINE }
--- stdout ---

added 1582 packages, and audited 1650 packages in 42s

14 packages are looking for funding
  run `npm fund` for details

# npm audit report

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix --force`
Will install @storybook/html@6.5.4, which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
  react-dev-utils  0.4.0 - 12.0.0-next.60
  Depends on vulnerable versions of browserslist
  Depends on vulnerable versions of fork-ts-checker-webpack-plugin
  Depends on vulnerable versions of globby
  Depends on vulnerable versions of immer
  node_modules/react-dev-utils
    @storybook/core  4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13
    Depends on vulnerable versions of @storybook/ui
    Depends on vulnerable versions of ejs
    Depends on vulnerable versions of react-dev-utils
    node_modules/@storybook/core
      @storybook/html  <=6.0.0-rc.30
      Depends on vulnerable versions of @storybook/core
      node_modules/@storybook/html

ejs  <3.1.7
Severity: high
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix --force`
Will install @storybook/html@6.5.4, which is a breaking change
node_modules/ejs
  @storybook/core  4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13
  Depends on vulnerable versions of @storybook/ui
  Depends on vulnerable versions of ejs
  Depends on vulnerable versions of react-dev-utils
  node_modules/@storybook/core
    @storybook/html  <=6.0.0-rc.30
    Depends on vulnerable versions of @storybook/core
    node_modules/@storybook/html

glob-parent  <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @storybook/html@6.5.4, which is a breaking change
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    fork-ts-checker-webpack-plugin  <=3.1.0
    Depends on vulnerable versions of chokidar
    node_modules/fork-ts-checker-webpack-plugin
      react-dev-utils  0.4.0 - 12.0.0-next.60
      Depends on vulnerable versions of browserslist
      Depends on vulnerable versions of fork-ts-checker-webpack-plugin
      Depends on vulnerable versions of globby
      Depends on vulnerable versions of immer
      node_modules/react-dev-utils
        @storybook/core  4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13
        Depends on vulnerable versions of @storybook/ui
        Depends on vulnerable versions of ejs
        Depends on vulnerable versions of react-dev-utils
        node_modules/@storybook/core
          @storybook/html  <=6.0.0-rc.30
          Depends on vulnerable versions of @storybook/core
          node_modules/@storybook/html
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
        webpack  4.44.0 - 4.46.0
        Depends on vulnerable versions of watchpack
        node_modules/webpack
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/globby

highlight.js  <=10.4.0
Severity: moderate
Prototype Pollution in highlight.js - https://github.com/advisories/GHSA-vfrc-7r7c-w9mx
ReDOS vulnerabities: multiple grammars - https://github.com/advisories/GHSA-7wwv-vh3v-89cq
fix available via `npm audit fix --force`
Will install @storybook/html@6.5.4, which is a breaking change
node_modules/highlight.js
  lowlight  1.2.0 - 1.13.1
  Depends on vulnerable versions of highlight.js
  node_modules/lowlight
    react-syntax-highlighter  2.0.4 - 12.2.1
    Depends on vulnerable versions of highlight.js
    Depends on vulnerable versions of lowlight
    Depends on vulnerable versions of refractor
    node_modules/react-syntax-highlighter
      @storybook/components  4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28
      Depends on vulnerable versions of react-syntax-highlighter
      node_modules/@storybook/components
        @storybook/ui  4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28
        Depends on vulnerable versions of @storybook/components
        node_modules/@storybook/ui
          @storybook/core  4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13
          Depends on vulnerable versions of @storybook/ui
          Depends on vulnerable versions of ejs
          Depends on vulnerable versions of react-dev-utils
          node_modules/@storybook/core
            @storybook/html  <=6.0.0-rc.30
            Depends on vulnerable versions of @storybook/core
            node_modules/@storybook/html

immer  <=9.0.5
Severity: high
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-9qmh-276g-x5pj
fix available via `npm audit fix --force`
Will install @storybook/html@6.5.4, which is a breaking change
node_modules/immer
  react-dev-utils  0.4.0 - 12.0.0-next.60
  Depends on vulnerable versions of browserslist
  Depends on vulnerable versions of fork-ts-checker-webpack-plugin
  Depends on vulnerable versions of globby
  Depends on vulnerable versions of immer
  node_modules/react-dev-utils
    @storybook/core  4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13
    Depends on vulnerable versions of @storybook/ui
    Depends on vulnerable versions of ejs
    Depends on vulnerable versions of react-dev-utils
    node_modules/@storybook/core
      @storybook/html  <=6.0.0-rc.30
      Depends on vulnerable versions of @storybook/core
      node_modules/@storybook/html

ini  <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/fsevents/node_modules/ini

minimist  <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/fsevents/node_modules/minimist
node_modules/fsevents/node_modules/rc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/fsevents/node_modules/mkdirp

nth-check  <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install svgo@2.8.0, which is a breaking change
node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo

prismjs  <=1.26.0
Severity: high
Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99
Regular Expression Denial of Service (ReDoS) in Prism - https://github.com/advisories/GHSA-gj77-59wh-66hg
Denial of service in prismjs - https://github.com/advisories/GHSA-h4hr-7fg3-h35w
Cross-Site Scripting in Prism - https://github.com/advisories/GHSA-wvhm-4hhf-97x9
Regular Expression Denial of Service in prismjs - https://github.com/advisories/GHSA-hqhp-5p83-hx96
fix available via `npm audit fix --force`
Will install @storybook/html@6.5.4, which is a breaking change
node_modules/refractor/node_modules/prismjs
  refractor  <=3.4.0 || 4.0.0 - 4.1.1
  Depends on vulnerable versions of prismjs
  node_modules/refractor
    react-syntax-highlighter  2.0.4 - 12.2.1
    Depends on vulnerable versions of highlight.js
    Depends on vulnerable versions of lowlight
    Depends on vulnerable versions of refractor
    node_modules/react-syntax-highlighter
      @storybook/components  4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28
      Depends on vulnerable versions of react-syntax-highlighter
      node_modules/@storybook/components
        @storybook/ui  4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28
        Depends on vulnerable versions of @storybook/components
        node_modules/@storybook/ui
          @storybook/core  4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13
          Depends on vulnerable versions of @storybook/ui
          Depends on vulnerable versions of ejs
          Depends on vulnerable versions of react-dev-utils
          node_modules/@storybook/core
            @storybook/html  <=6.0.0-rc.30
            Depends on vulnerable versions of @storybook/core
            node_modules/@storybook/html

react-dev-utils  0.4.0 - 12.0.0-next.60
Severity: high
Improper Neutralization of Special Elements used in an OS Command. - https://github.com/advisories/GHSA-5q6m-3h65-w53x
Depends on vulnerable versions of browserslist
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of immer
fix available via `npm audit fix --force`
Will install @storybook/html@6.5.4, which is a breaking change
node_modules/react-dev-utils
  @storybook/core  4.0.0-alpha.0 - 6.1.19 || 6.2.0-alpha.0 - 6.2.0-rc.13
  Depends on vulnerable versions of @storybook/ui
  Depends on vulnerable versions of ejs
  Depends on vulnerable versions of react-dev-utils
  node_modules/@storybook/core
    @storybook/html  <=6.0.0-rc.30
    Depends on vulnerable versions of @storybook/core
    node_modules/@storybook/html

tar  <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/fsevents/node_modules/tar

28 vulnerabilities (3 low, 8 moderate, 16 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'klaw@4.0.1',
npm WARN EBADENGINE   required: { node: '>=14.14.0' },
npm WARN EBADENGINE   current: { node: 'v12.22.5', npm: '7.5.2' }
npm WARN EBADENGINE }
--- stdout ---

added 1582 packages, and audited 1650 packages in 40s

14 packages are looking for funding
  run `npm fund` for details

28 vulnerabilities (3 low, 8 moderate, 16 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stdout ---

> test
> npm -s run lint && tsc

Checked 1 message directory.

--- end ---
{"1068298": {"source": 1068298, "name": "ini", "dependency": "ini", "title": "Prototype Pollution", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "range": "<1.3.6"}}
Upgrading n:ini from 1.3.8 -> 1.3.8
{"1067342": {"source": 1067342, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "range": "<1.2.6"}, "1070254": {"source": 1070254, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "range": ">=1.0.0 <1.2.3"}, "1070255": {"source": 1070255, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "range": "<0.2.1"}}
Upgrading n:minimist from 1.2.6 -> 1.2.6
{"1067342": {"source": 1067342, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "range": "<1.2.6"}, "1070254": {"source": 1070254, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "range": ">=1.0.0 <1.2.3"}, "1070255": {"source": 1070255, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "range": "<0.2.1"}}
Upgrading n:mkdirp from 0.5.5 -> 0.5.5
{"1070363": {"source": 1070363, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "range": "<4.4.18"}, "1070369": {"source": 1070369, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "range": "<4.4.16"}, "1070372": {"source": 1070372, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "range": ">=4.0.0 <4.4.14"}, "1070376": {"source": 1070376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "range": ">=4.0.0 <4.4.15"}}
Upgrading n:tar from None -> None
{}
{}
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
build: Updating npm dependencies

* ini: 1.3.8 → 1.3.8
  * https://github.com/advisories/GHSA-qqgx-2p2h-9c37
* minimist: 1.2.6 → 1.2.6
  * https://github.com/advisories/GHSA-xvch-5gv4-984h
  * https://github.com/advisories/GHSA-vh95-rmgr-6w4m
  * https://github.com/advisories/GHSA-vh95-rmgr-6w4m
* mkdirp: 0.5.5 → 0.5.5
  * https://github.com/advisories/GHSA-xvch-5gv4-984h
  * https://github.com/advisories/GHSA-vh95-rmgr-6w4m
  * https://github.com/advisories/GHSA-vh95-rmgr-6w4m
* tar: None → None
  * https://github.com/advisories/GHSA-5955-9wpr-37jh
  * https://github.com/advisories/GHSA-9r2w-394v-53qc
  * https://github.com/advisories/GHSA-3jfq-g458-7qm9
  * https://github.com/advisories/GHSA-r628-mhmh-qjhw

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmp6r49alem
--- stderr ---
pre-commit: 
pre-commit: No changes detected.
pre-commit: Skipping the pre-commit hook.
pre-commit:
--- stdout ---
On branch REL1_35
Your branch is up to date with 'origin/REL1_35'.

nothing to commit, working tree clean

--- end ---

composer dependencies

Dependencies
Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.