mediawiki/skins/Vector (REL1_40)

sourcepatches
$ date
--- stdout ---
Sun May 19 19:04:35 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-skins-Vector.git repo --depth=1 -b REL1_40
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_40
--- stdout ---
442b31f3a5eca373b0f681e2a03e0f91f4b00327 refs/heads/REL1_40

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@storybook/components": {
      "name": "@storybook/components",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "react-syntax-highlighter"
      ],
      "effects": [
        "@storybook/ui"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/components"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/ui",
        "autoprefixer",
        "css-loader",
        "ejs",
        "postcss-flexbugs-fixes",
        "postcss-loader",
        "react-dev-utils",
        "webpack-dev-middleware"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "3.4.0-alpha.0 - 6.2.0-rc.13",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@storybook/core",
        "html-loader"
      ],
      "effects": [],
      "range": "<=6.0.0-rc.30",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "@storybook/ui": {
      "name": "@storybook/ui",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@storybook/components"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/ui"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
        "node_modules/autoprefixer"
      ],
      "fixAvailable": true
    },
    "babel-core": {
      "name": "babel-core",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "babel-helpers",
        "babel-register",
        "babel-template",
        "babel-traverse",
        "json5"
      ],
      "effects": [
        "babel-register"
      ],
      "range": "5.8.20 - 7.0.0-beta.3",
      "nodes": [
        "node_modules/babel-core"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "babel-helpers": {
      "name": "babel-helpers",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "babel-template"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/babel-helpers"
      ],
      "fixAvailable": true
    },
    "babel-register": {
      "name": "babel-register",
      "severity": "high",
      "isDirect": false,
      "via": [
        "babel-core"
      ],
      "effects": [
        "babel-core"
      ],
      "range": "*",
      "nodes": [
        "node_modules/babel-register"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "babel-template": {
      "name": "babel-template",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "babel-traverse"
      ],
      "effects": [
        "babel-helpers"
      ],
      "range": "*",
      "nodes": [
        "node_modules/babel-template"
      ],
      "fixAvailable": true
    },
    "babel-traverse": {
      "name": "babel-traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096879,
          "name": "babel-traverse",
          "dependency": "babel-traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [
        "babel-core",
        "babel-template"
      ],
      "range": "*",
      "nodes": [
        "node_modules/babel-traverse"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1093035,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "fork-ts-checker-webpack-plugin",
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/chokidar"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "css-loader": {
      "name": "css-loader",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "effects": [],
      "range": "0.15.0 - 4.3.0",
      "nodes": [
        "node_modules/css-loader"
      ],
      "fixAvailable": true
    },
    "ejs": {
      "name": "ejs",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1089270,
          "name": "ejs",
          "dependency": "ejs",
          "title": "ejs template injection vulnerability",
          "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
          "severity": "critical",
          "cwe": [
            "CWE-74"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<3.1.7"
        },
        {
          "source": 1097210,
          "name": "ejs",
          "dependency": "ejs",
          "title": "ejs lacks certain pollution protection",
          "url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.10"
        }
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=3.1.9",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "fork-ts-checker-webpack-plugin": {
      "name": "fork-ts-checker-webpack-plugin",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/fork-ts-checker-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095007,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/chokidar/node_modules/glob-parent",
        "node_modules/fast-glob/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "isDirect": false,
      "via": [
        "fast-glob"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "highlight.js": {
      "name": "highlight.js",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1086450,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "ReDOS vulnerabities: multiple grammars",
          "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq",
          "severity": "moderate",
          "cwe": [
            "CWE-20",
            "CWE-400"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=9.0.0 <10.4.1"
        },
        {
          "source": 1090060,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "Prototype Pollution in highlight.js",
          "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx",
          "severity": "moderate",
          "cwe": [
            "CWE-471"
          ],
          "cvss": {
            "score": 5.8,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"
          },
          "range": "<9.18.2"
        }
      ],
      "effects": [
        "lowlight",
        "react-syntax-highlighter"
      ],
      "range": "<=10.4.0",
      "nodes": [
        "node_modules/highlight.js"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "html-loader": {
      "name": "html-loader",
      "severity": "high",
      "isDirect": false,
      "via": [
        "html-minifier"
      ],
      "effects": [],
      "range": "<=0.5.5",
      "nodes": [
        "node_modules/html-loader"
      ],
      "fixAvailable": true
    },
    "html-minifier": {
      "name": "html-minifier",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097148,
          "name": "html-minifier",
          "dependency": "html-minifier",
          "title": "kangax html-minifier REDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=4.0.0"
        }
      ],
      "effects": [
        "html-loader"
      ],
      "range": "*",
      "nodes": [
        "node_modules/html-minifier"
      ],
      "fixAvailable": true
    },
    "icss-utils": {
      "name": "icss-utils",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "css-loader",
        "postcss-modules-local-by-default",
        "postcss-modules-values"
      ],
      "range": "<=4.1.1",
      "nodes": [
        "node_modules/icss-utils"
      ],
      "fixAvailable": true
    },
    "jsdoc": {
      "name": "jsdoc",
      "severity": "high",
      "isDirect": true,
      "via": [
        "taffydb"
      ],
      "effects": [],
      "range": "3.2.0-dev - 3.6.11",
      "nodes": [
        "node_modules/jsdoc"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.3",
        "isSemVerMajor": true
      }
    },
    "jsdoc-wmf-theme": {
      "name": "jsdoc-wmf-theme",
      "severity": "high",
      "isDirect": true,
      "via": [
        "taffydb"
      ],
      "effects": [],
      "range": "<=0.0.12",
      "nodes": [
        "node_modules/jsdoc-wmf-theme"
      ],
      "fixAvailable": {
        "name": "jsdoc-wmf-theme",
        "version": "1.0.1",
        "isSemVerMajor": true
      }
    },
    "json5": {
      "name": "json5",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096543,
          "name": "json5",
          "dependency": "json5",
          "title": "Prototype Pollution in JSON5 via Parse Method",
          "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
          },
          "range": "<1.0.2"
        }
      ],
      "effects": [
        "babel-core"
      ],
      "range": "<1.0.2",
      "nodes": [
        "node_modules/babel-core/node_modules/json5"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "loader-utils": {
      "name": "loader-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1094088,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<1.4.1"
        },
        {
          "source": 1095055,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        },
        {
          "source": 1097143,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=1.4.1",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/loader-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "lowlight": {
      "name": "lowlight",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "highlight.js"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "1.2.0 - 1.13.1",
      "nodes": [
        "node_modules/lowlight"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "recursive-readdir"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/recursive-readdir/node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "pa11y": {
      "name": "pa11y",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "wmf-a11y"
      ],
      "range": "6.0.0-alpha - 6.2.3",
      "nodes": [
        "node_modules/pa11y"
      ],
      "fixAvailable": false
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "autoprefixer",
        "css-loader",
        "icss-utils",
        "postcss-flexbugs-fixes",
        "postcss-loader",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/autoprefixer/node_modules/postcss",
        "node_modules/css-loader/node_modules/postcss",
        "node_modules/icss-utils/node_modules/postcss",
        "node_modules/postcss-flexbugs-fixes/node_modules/postcss",
        "node_modules/postcss-loader/node_modules/postcss",
        "node_modules/postcss-modules-extract-imports/node_modules/postcss",
        "node_modules/postcss-modules-local-by-default/node_modules/postcss",
        "node_modules/postcss-modules-scope/node_modules/postcss",
        "node_modules/postcss-modules-values/node_modules/postcss"
      ],
      "fixAvailable": true
    },
    "postcss-flexbugs-fixes": {
      "name": "postcss-flexbugs-fixes",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.2.1",
      "nodes": [
        "node_modules/postcss-flexbugs-fixes"
      ],
      "fixAvailable": true
    },
    "postcss-loader": {
      "name": "postcss-loader",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/postcss-loader"
      ],
      "fixAvailable": true
    },
    "postcss-modules-extract-imports": {
      "name": "postcss-modules-extract-imports",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-modules-extract-imports"
      ],
      "fixAvailable": true
    },
    "postcss-modules-local-by-default": {
      "name": "postcss-modules-local-by-default",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.0-rc.4",
      "nodes": [
        "node_modules/postcss-modules-local-by-default"
      ],
      "fixAvailable": true
    },
    "postcss-modules-scope": {
      "name": "postcss-modules-scope",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.2.0",
      "nodes": [
        "node_modules/postcss-modules-scope"
      ],
      "fixAvailable": true
    },
    "postcss-modules-values": {
      "name": "postcss-modules-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [
        "css-loader"
      ],
      "range": "<=4.0.0-rc.5",
      "nodes": [
        "node_modules/postcss-modules-values"
      ],
      "fixAvailable": true
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1087445,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-Site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9",
          "severity": "high",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 7.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"
          },
          "range": ">=1.1.0 <1.21.0"
        },
        {
          "source": 1089189,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "prismjs Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<1.25.0"
        },
        {
          "source": 1089716,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service (ReDoS) in Prism",
          "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"
          },
          "range": "<1.24.0"
        },
        {
          "source": 1090424,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"
          },
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1093292,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Denial of service in prismjs",
          "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<1.23.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/refractor/node_modules/prismjs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1089062,
          "name": "react-dev-utils",
          "dependency": "react-dev-utils",
          "title": "react-dev-utils OS Command Injection in function `getProcessForPort`",
          "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x",
          "severity": "moderate",
          "cwe": [
            "CWE-78"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=0.4.0 <11.0.4"
        },
        "browserslist",
        "fork-ts-checker-webpack-plugin",
        "globby",
        "loader-utils",
        "recursive-readdir",
        "shell-quote"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "0.4.0 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "react-syntax-highlighter": {
      "name": "react-syntax-highlighter",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "highlight.js",
        "lowlight",
        "refractor"
      ],
      "effects": [
        "@storybook/components"
      ],
      "range": "2.0.4 - 12.2.1",
      "nodes": [
        "node_modules/react-syntax-highlighter"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "recursive-readdir": {
      "name": "recursive-readdir",
      "severity": "high",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "1.2.0 - 2.2.2",
      "nodes": [
        "node_modules/recursive-readdir"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "prismjs"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096482,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=7.0.0 <7.5.2"
        }
      ],
      "effects": [
        "pa11y"
      ],
      "range": "7.0.0 - 7.5.1",
      "nodes": [
        "node_modules/pa11y/node_modules/semver"
      ],
      "fixAvailable": false
    },
    "shell-quote": {
      "name": "shell-quote",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096375,
          "name": "shell-quote",
          "dependency": "shell-quote",
          "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
          "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
          "severity": "critical",
          "cwe": [
            "CWE-77"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=1.7.2"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=1.7.2",
      "nodes": [
        "node_modules/shell-quote"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "taffydb": {
      "name": "taffydb",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089386,
          "name": "taffydb",
          "dependency": "taffydb",
          "title": "TaffyDB can allow access to any data items in the DB",
          "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
          "severity": "high",
          "cwe": [
            "CWE-20",
            "CWE-668"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<=2.7.3"
        }
      ],
      "effects": [
        "jsdoc",
        "jsdoc-wmf-theme"
      ],
      "range": "*",
      "nodes": [
        "node_modules/taffydb"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.3",
        "isSemVerMajor": true
      }
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [
        "webpack"
      ],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack": {
      "name": "webpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack"
      ],
      "effects": [],
      "range": "4.44.0 - 4.47.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": true
    },
    "webpack-dev-middleware": {
      "name": "webpack-dev-middleware",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096729,
          "name": "webpack-dev-middleware",
          "dependency": "webpack-dev-middleware",
          "title": "Path traversal in webpack-dev-middleware",
          "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
          },
          "range": "<=5.3.3"
        }
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=5.3.3",
      "nodes": [
        "node_modules/webpack-dev-middleware"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "wmf-a11y": {
      "name": "wmf-a11y",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "pa11y"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/wmf-a11y"
      ],
      "fixAvailable": false
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 20,
      "high": 21,
      "critical": 8,
      "total": 49
    },
    "dependencies": {
      "prod": 32,
      "dev": 2195,
      "optional": 23,
      "peer": 25,
      "peerOptional": 0,
      "total": 2251
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 37 installs, 0 updates, 0 removals
  - Locking composer/installers (v2.2.0)
  - Locking composer/pcre (1.0.1)
  - Locking composer/semver (3.3.2)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (2.0.5)
  - Locking doctrine/deprecations (1.1.3)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v39.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.11.1)
  - Locking mediawiki/minus-x (1.1.1)
  - Locking mediawiki/phan-taint-check-plugin (3.3.2)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking netresearch/jsonmapper (v4.4.1)
  - Locking phan/phan (5.2.0)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.3.2)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.4.0)
  - Locking phpdocumentor/type-resolver (1.8.2)
  - Locking phpstan/phpdoc-parser (1.29.0)
  - Locking psr/container (2.0.2)
  - Locking psr/log (2.0.0)
  - Locking sabre/event (5.1.4)
  - Locking squizlabs/php_codesniffer (3.6.2)
  - Locking symfony/console (v5.4.39)
  - Locking symfony/deprecation-contracts (v3.5.0)
  - Locking symfony/polyfill-ctype (v1.29.0)
  - Locking symfony/polyfill-intl-grapheme (v1.29.0)
  - Locking symfony/polyfill-intl-normalizer (v1.29.0)
  - Locking symfony/polyfill-mbstring (v1.29.0)
  - Locking symfony/polyfill-php73 (v1.29.0)
  - Locking symfony/polyfill-php80 (v1.29.0)
  - Locking symfony/service-contracts (v3.5.0)
  - Locking symfony/string (v6.4.7)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 37 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing composer/installers (v2.2.0): Extracting archive
  - Installing composer/pcre (1.0.1): Extracting archive
  - Installing squizlabs/php_codesniffer (3.6.2): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.29.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing composer/semver (3.3.2): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v39.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-php80 (v1.29.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.29.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.29.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.29.0): Extracting archive
  - Installing symfony/string (v6.4.7): Extracting archive
  - Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.5.0): Extracting archive
  - Installing symfony/polyfill-php73 (v1.29.0): Extracting archive
  - Installing symfony/console (v5.4.39): Extracting archive
  - Installing sabre/event (5.1.4): Extracting archive
  - Installing netresearch/jsonmapper (v4.4.1): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (1.29.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.3): Extracting archive
  - Installing phpdocumentor/type-resolver (1.8.2): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.4.0): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (2.0.0): Extracting archive
  - Installing composer/xdebug-handler (2.0.5): Extracting archive
  - Installing phan/phan (5.2.0): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (3.3.2): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.11.1): Extracting archive
  - Installing mediawiki/minus-x (1.1.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive
  0/36 [>---------------------------]   0%
 20/36 [===============>------------]  55%
 35/36 [===========================>]  97%
 36/36 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@storybook/components": {
      "name": "@storybook/components",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "react-syntax-highlighter"
      ],
      "effects": [
        "@storybook/ui"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/components"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/ui",
        "autoprefixer",
        "css-loader",
        "ejs",
        "postcss-flexbugs-fixes",
        "postcss-loader",
        "react-dev-utils",
        "webpack-dev-middleware"
      ],
      "effects": [
        "@storybook/html"
      ],
      "range": "3.4.0-alpha.0 - 6.2.0-rc.13",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "@storybook/html": {
      "name": "@storybook/html",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@storybook/core",
        "html-loader"
      ],
      "effects": [],
      "range": "<=6.0.0-rc.30",
      "nodes": [
        "node_modules/@storybook/html"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "@storybook/ui": {
      "name": "@storybook/ui",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@storybook/components"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
      "nodes": [
        "node_modules/@storybook/ui"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
        "node_modules/autoprefixer"
      ],
      "fixAvailable": true
    },
    "babel-core": {
      "name": "babel-core",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "babel-helpers",
        "babel-register",
        "babel-template",
        "babel-traverse",
        "json5"
      ],
      "effects": [
        "babel-register"
      ],
      "range": "5.8.20 - 7.0.0-beta.3",
      "nodes": [
        "node_modules/babel-core"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "babel-helpers": {
      "name": "babel-helpers",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "babel-template"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/babel-helpers"
      ],
      "fixAvailable": true
    },
    "babel-register": {
      "name": "babel-register",
      "severity": "high",
      "isDirect": false,
      "via": [
        "babel-core"
      ],
      "effects": [
        "babel-core"
      ],
      "range": "*",
      "nodes": [
        "node_modules/babel-register"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "babel-template": {
      "name": "babel-template",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "babel-traverse"
      ],
      "effects": [
        "babel-helpers"
      ],
      "range": "*",
      "nodes": [
        "node_modules/babel-template"
      ],
      "fixAvailable": true
    },
    "babel-traverse": {
      "name": "babel-traverse",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096879,
          "name": "babel-traverse",
          "dependency": "babel-traverse",
          "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
          "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
          "severity": "critical",
          "cwe": [
            "CWE-184",
            "CWE-697"
          ],
          "cvss": {
            "score": 9.4,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          "range": "<7.23.2"
        }
      ],
      "effects": [
        "babel-core",
        "babel-template"
      ],
      "range": "*",
      "nodes": [
        "node_modules/babel-traverse"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "browserslist": {
      "name": "browserslist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1093035,
          "name": "browserslist",
          "dependency": "browserslist",
          "title": "Regular Expression Denial of Service in browserslist",
          "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.16.5"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "4.0.0 - 4.16.4",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/browserslist"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "fork-ts-checker-webpack-plugin",
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/chokidar"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "css-loader": {
      "name": "css-loader",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "effects": [],
      "range": "0.15.0 - 4.3.0",
      "nodes": [
        "node_modules/css-loader"
      ],
      "fixAvailable": true
    },
    "ejs": {
      "name": "ejs",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1089270,
          "name": "ejs",
          "dependency": "ejs",
          "title": "ejs template injection vulnerability",
          "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
          "severity": "critical",
          "cwe": [
            "CWE-74"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<3.1.7"
        },
        {
          "source": 1097210,
          "name": "ejs",
          "dependency": "ejs",
          "title": "ejs lacks certain pollution protection",
          "url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.10"
        }
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=3.1.9",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "fork-ts-checker-webpack-plugin": {
      "name": "fork-ts-checker-webpack-plugin",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/fork-ts-checker-webpack-plugin"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095007,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/chokidar/node_modules/glob-parent",
        "node_modules/fast-glob/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "isDirect": false,
      "via": [
        "fast-glob"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "highlight.js": {
      "name": "highlight.js",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1086450,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "ReDOS vulnerabities: multiple grammars",
          "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq",
          "severity": "moderate",
          "cwe": [
            "CWE-20",
            "CWE-400"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=9.0.0 <10.4.1"
        },
        {
          "source": 1090060,
          "name": "highlight.js",
          "dependency": "highlight.js",
          "title": "Prototype Pollution in highlight.js",
          "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx",
          "severity": "moderate",
          "cwe": [
            "CWE-471"
          ],
          "cvss": {
            "score": 5.8,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"
          },
          "range": "<9.18.2"
        }
      ],
      "effects": [
        "lowlight",
        "react-syntax-highlighter"
      ],
      "range": "<=10.4.0",
      "nodes": [
        "node_modules/highlight.js"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "html-loader": {
      "name": "html-loader",
      "severity": "high",
      "isDirect": false,
      "via": [
        "html-minifier"
      ],
      "effects": [],
      "range": "<=0.5.5",
      "nodes": [
        "node_modules/html-loader"
      ],
      "fixAvailable": true
    },
    "html-minifier": {
      "name": "html-minifier",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097148,
          "name": "html-minifier",
          "dependency": "html-minifier",
          "title": "kangax html-minifier REDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=4.0.0"
        }
      ],
      "effects": [
        "html-loader"
      ],
      "range": "*",
      "nodes": [
        "node_modules/html-minifier"
      ],
      "fixAvailable": true
    },
    "icss-utils": {
      "name": "icss-utils",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "css-loader",
        "postcss-modules-local-by-default",
        "postcss-modules-values"
      ],
      "range": "<=4.1.1",
      "nodes": [
        "node_modules/icss-utils"
      ],
      "fixAvailable": true
    },
    "jsdoc": {
      "name": "jsdoc",
      "severity": "high",
      "isDirect": true,
      "via": [
        "taffydb"
      ],
      "effects": [],
      "range": "3.2.0-dev - 3.6.11",
      "nodes": [
        "node_modules/jsdoc"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.3",
        "isSemVerMajor": true
      }
    },
    "jsdoc-wmf-theme": {
      "name": "jsdoc-wmf-theme",
      "severity": "high",
      "isDirect": true,
      "via": [
        "taffydb"
      ],
      "effects": [],
      "range": "<=0.0.12",
      "nodes": [
        "node_modules/jsdoc-wmf-theme"
      ],
      "fixAvailable": {
        "name": "jsdoc-wmf-theme",
        "version": "1.0.1",
        "isSemVerMajor": true
      }
    },
    "json5": {
      "name": "json5",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096543,
          "name": "json5",
          "dependency": "json5",
          "title": "Prototype Pollution in JSON5 via Parse Method",
          "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
          },
          "range": "<1.0.2"
        }
      ],
      "effects": [
        "babel-core"
      ],
      "range": "<1.0.2",
      "nodes": [
        "node_modules/babel-core/node_modules/json5"
      ],
      "fixAvailable": {
        "name": "babel-core",
        "version": "4.7.16",
        "isSemVerMajor": true
      }
    },
    "loader-utils": {
      "name": "loader-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1094088,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "Prototype pollution in webpack loader-utils",
          "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<1.4.1"
        },
        {
          "source": 1095055,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
          "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        },
        {
          "source": 1097143,
          "name": "loader-utils",
          "dependency": "loader-utils",
          "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
          "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=1.0.0 <1.4.2"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=1.4.1",
      "nodes": [
        "node_modules/react-dev-utils/node_modules/loader-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "lowlight": {
      "name": "lowlight",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "highlight.js"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "1.2.0 - 1.13.1",
      "nodes": [
        "node_modules/lowlight"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "recursive-readdir"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/recursive-readdir/node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "pa11y": {
      "name": "pa11y",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "semver"
      ],
      "effects": [
        "wmf-a11y"
      ],
      "range": "6.0.0-alpha - 6.2.3",
      "nodes": [
        "node_modules/pa11y"
      ],
      "fixAvailable": false
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "autoprefixer",
        "css-loader",
        "icss-utils",
        "postcss-flexbugs-fixes",
        "postcss-loader",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/autoprefixer/node_modules/postcss",
        "node_modules/css-loader/node_modules/postcss",
        "node_modules/icss-utils/node_modules/postcss",
        "node_modules/postcss-flexbugs-fixes/node_modules/postcss",
        "node_modules/postcss-loader/node_modules/postcss",
        "node_modules/postcss-modules-extract-imports/node_modules/postcss",
        "node_modules/postcss-modules-local-by-default/node_modules/postcss",
        "node_modules/postcss-modules-scope/node_modules/postcss",
        "node_modules/postcss-modules-values/node_modules/postcss"
      ],
      "fixAvailable": true
    },
    "postcss-flexbugs-fixes": {
      "name": "postcss-flexbugs-fixes",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.2.1",
      "nodes": [
        "node_modules/postcss-flexbugs-fixes"
      ],
      "fixAvailable": true
    },
    "postcss-loader": {
      "name": "postcss-loader",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/postcss-loader"
      ],
      "fixAvailable": true
    },
    "postcss-modules-extract-imports": {
      "name": "postcss-modules-extract-imports",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-modules-extract-imports"
      ],
      "fixAvailable": true
    },
    "postcss-modules-local-by-default": {
      "name": "postcss-modules-local-by-default",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.0-rc.4",
      "nodes": [
        "node_modules/postcss-modules-local-by-default"
      ],
      "fixAvailable": true
    },
    "postcss-modules-scope": {
      "name": "postcss-modules-scope",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.2.0",
      "nodes": [
        "node_modules/postcss-modules-scope"
      ],
      "fixAvailable": true
    },
    "postcss-modules-values": {
      "name": "postcss-modules-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [
        "css-loader"
      ],
      "range": "<=4.0.0-rc.5",
      "nodes": [
        "node_modules/postcss-modules-values"
      ],
      "fixAvailable": true
    },
    "prismjs": {
      "name": "prismjs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1087445,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-Site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9",
          "severity": "high",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 7.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"
          },
          "range": ">=1.1.0 <1.21.0"
        },
        {
          "source": 1089189,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "prismjs Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<1.25.0"
        },
        {
          "source": 1089716,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Regular Expression Denial of Service (ReDoS) in Prism",
          "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"
          },
          "range": "<1.24.0"
        },
        {
          "source": 1090424,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Cross-site Scripting in Prism",
          "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
          "severity": "high",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"
          },
          "range": ">=1.14.0 <1.27.0"
        },
        {
          "source": 1093292,
          "name": "prismjs",
          "dependency": "prismjs",
          "title": "Denial of service in prismjs",
          "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<1.23.0"
        }
      ],
      "effects": [
        "refractor"
      ],
      "range": "<=1.26.0",
      "nodes": [
        "node_modules/refractor/node_modules/prismjs"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "react-dev-utils": {
      "name": "react-dev-utils",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1089062,
          "name": "react-dev-utils",
          "dependency": "react-dev-utils",
          "title": "react-dev-utils OS Command Injection in function `getProcessForPort`",
          "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x",
          "severity": "moderate",
          "cwe": [
            "CWE-78"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=0.4.0 <11.0.4"
        },
        "browserslist",
        "fork-ts-checker-webpack-plugin",
        "globby",
        "loader-utils",
        "recursive-readdir",
        "shell-quote"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "0.4.0 - 12.0.0-next.60",
      "nodes": [
        "node_modules/react-dev-utils"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "react-syntax-highlighter": {
      "name": "react-syntax-highlighter",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "highlight.js",
        "lowlight",
        "refractor"
      ],
      "effects": [
        "@storybook/components"
      ],
      "range": "2.0.4 - 12.2.1",
      "nodes": [
        "node_modules/react-syntax-highlighter"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "recursive-readdir": {
      "name": "recursive-readdir",
      "severity": "high",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "1.2.0 - 2.2.2",
      "nodes": [
        "node_modules/recursive-readdir"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "refractor": {
      "name": "refractor",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "prismjs"
      ],
      "effects": [
        "react-syntax-highlighter"
      ],
      "range": "<=3.4.0 || 4.0.0 - 4.1.1",
      "nodes": [
        "node_modules/refractor"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "semver": {
      "name": "semver",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096482,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=7.0.0 <7.5.2"
        }
      ],
      "effects": [
        "pa11y"
      ],
      "range": "7.0.0 - 7.5.1",
      "nodes": [
        "node_modules/pa11y/node_modules/semver"
      ],
      "fixAvailable": false
    },
    "shell-quote": {
      "name": "shell-quote",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096375,
          "name": "shell-quote",
          "dependency": "shell-quote",
          "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
          "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
          "severity": "critical",
          "cwe": [
            "CWE-77"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=1.7.2"
        }
      ],
      "effects": [
        "react-dev-utils"
      ],
      "range": "<=1.7.2",
      "nodes": [
        "node_modules/shell-quote"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "taffydb": {
      "name": "taffydb",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089386,
          "name": "taffydb",
          "dependency": "taffydb",
          "title": "TaffyDB can allow access to any data items in the DB",
          "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
          "severity": "high",
          "cwe": [
            "CWE-20",
            "CWE-668"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<=2.7.3"
        }
      ],
      "effects": [
        "jsdoc",
        "jsdoc-wmf-theme"
      ],
      "range": "*",
      "nodes": [
        "node_modules/taffydb"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.3",
        "isSemVerMajor": true
      }
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [
        "webpack"
      ],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "webpack": {
      "name": "webpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack"
      ],
      "effects": [],
      "range": "4.44.0 - 4.47.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": true
    },
    "webpack-dev-middleware": {
      "name": "webpack-dev-middleware",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096729,
          "name": "webpack-dev-middleware",
          "dependency": "webpack-dev-middleware",
          "title": "Path traversal in webpack-dev-middleware",
          "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
          },
          "range": "<=5.3.3"
        }
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=5.3.3",
      "nodes": [
        "node_modules/webpack-dev-middleware"
      ],
      "fixAvailable": {
        "name": "@storybook/html",
        "version": "8.1.1",
        "isSemVerMajor": true
      }
    },
    "wmf-a11y": {
      "name": "wmf-a11y",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "pa11y"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/wmf-a11y"
      ],
      "fixAvailable": false
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 20,
      "high": 21,
      "critical": 8,
      "total": 49
    },
    "dependencies": {
      "prod": 32,
      "dev": 2195,
      "optional": 23,
      "peer": 25,
      "peerOptional": 0,
      "total": 2251
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN Found: @babel/core@7.8.0
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.8.0" from the root project
npm WARN   83 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN   @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.16.7" from @babel/preset-env@7.17.10
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.24.5
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN   node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN     @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.16.7" from @babel/preset-env@7.17.10
npm WARN     node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-proposal-class-static-block@7.17.6
npm WARN Found: @babel/core@7.8.0
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.8.0" from the root project
npm WARN   83 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.17.6
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-proposal-class-static-block
npm WARN   @babel/plugin-proposal-class-static-block@"^7.17.6" from @babel/preset-env@7.17.10
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.24.5
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.17.6
npm WARN   node_modules/@babel/preset-env/node_modules/@babel/plugin-proposal-class-static-block
npm WARN     @babel/plugin-proposal-class-static-block@"^7.17.6" from @babel/preset-env@7.17.10
npm WARN     node_modules/@babel/preset-env
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.20.1',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@37.9.7',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 2251,
  "removed": 0,
  "changed": 0,
  "audited": 2252,
  "funding": 169,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@storybook/components": {
        "name": "@storybook/components",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "react-syntax-highlighter"
        ],
        "effects": [
          "@storybook/ui"
        ],
        "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
        "nodes": [
          "node_modules/@storybook/components"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "@storybook/core": {
        "name": "@storybook/core",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@storybook/ui",
          "autoprefixer",
          "css-loader",
          "ejs",
          "postcss-flexbugs-fixes",
          "postcss-loader",
          "react-dev-utils",
          "webpack-dev-middleware"
        ],
        "effects": [
          "@storybook/html"
        ],
        "range": "3.4.0-alpha.0 - 6.2.0-rc.13",
        "nodes": [
          "node_modules/@storybook/core"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "@storybook/html": {
        "name": "@storybook/html",
        "severity": "high",
        "isDirect": true,
        "via": [
          "@storybook/core",
          "html-loader"
        ],
        "effects": [],
        "range": "<=6.0.0-rc.30",
        "nodes": [
          "node_modules/@storybook/html"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "@storybook/ui": {
        "name": "@storybook/ui",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@storybook/components"
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28",
        "nodes": [
          "node_modules/@storybook/ui"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "autoprefixer": {
        "name": "autoprefixer",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "1.0.20131222 - 9.8.8",
        "nodes": [
          "node_modules/autoprefixer"
        ],
        "fixAvailable": true
      },
      "babel-core": {
        "name": "babel-core",
        "severity": "critical",
        "isDirect": true,
        "via": [
          "babel-helpers",
          "babel-register",
          "babel-template",
          "babel-traverse",
          "json5"
        ],
        "effects": [
          "babel-register"
        ],
        "range": "5.8.20 - 7.0.0-beta.3",
        "nodes": [
          "node_modules/babel-core"
        ],
        "fixAvailable": {
          "name": "babel-core",
          "version": "4.7.16",
          "isSemVerMajor": true
        }
      },
      "babel-helpers": {
        "name": "babel-helpers",
        "severity": "critical",
        "isDirect": false,
        "via": [
          "babel-template"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/babel-helpers"
        ],
        "fixAvailable": true
      },
      "babel-register": {
        "name": "babel-register",
        "severity": "high",
        "isDirect": false,
        "via": [
          "babel-core"
        ],
        "effects": [
          "babel-core"
        ],
        "range": "*",
        "nodes": [
          "node_modules/babel-register"
        ],
        "fixAvailable": {
          "name": "babel-core",
          "version": "4.7.16",
          "isSemVerMajor": true
        }
      },
      "babel-template": {
        "name": "babel-template",
        "severity": "critical",
        "isDirect": false,
        "via": [
          "babel-traverse"
        ],
        "effects": [
          "babel-helpers"
        ],
        "range": "*",
        "nodes": [
          "node_modules/babel-template"
        ],
        "fixAvailable": true
      },
      "babel-traverse": {
        "name": "babel-traverse",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096879,
            "name": "babel-traverse",
            "dependency": "babel-traverse",
            "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
            "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
            "severity": "critical",
            "cwe": [
              "CWE-184",
              "CWE-697"
            ],
            "cvss": {
              "score": 9.4,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
            },
            "range": "<7.23.2"
          }
        ],
        "effects": [
          "babel-core",
          "babel-template"
        ],
        "range": "*",
        "nodes": [
          "node_modules/babel-traverse"
        ],
        "fixAvailable": {
          "name": "babel-core",
          "version": "4.7.16",
          "isSemVerMajor": true
        }
      },
      "browserslist": {
        "name": "browserslist",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1093035,
            "name": "browserslist",
            "dependency": "browserslist",
            "title": "Regular Expression Denial of Service in browserslist",
            "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
            "severity": "moderate",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=4.0.0 <4.16.5"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "4.0.0 - 4.16.4",
        "nodes": [
          "node_modules/react-dev-utils/node_modules/browserslist"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "chokidar": {
        "name": "chokidar",
        "severity": "high",
        "isDirect": false,
        "via": [
          "glob-parent"
        ],
        "effects": [
          "fork-ts-checker-webpack-plugin",
          "watchpack-chokidar2"
        ],
        "range": "1.0.0-rc1 - 2.1.8",
        "nodes": [
          "node_modules/chokidar"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "css-loader": {
        "name": "css-loader",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "icss-utils",
          "postcss",
          "postcss-modules-extract-imports",
          "postcss-modules-local-by-default",
          "postcss-modules-scope",
          "postcss-modules-values"
        ],
        "effects": [],
        "range": "0.15.0 - 4.3.0",
        "nodes": [
          "node_modules/css-loader"
        ],
        "fixAvailable": true
      },
      "ejs": {
        "name": "ejs",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1089270,
            "name": "ejs",
            "dependency": "ejs",
            "title": "ejs template injection vulnerability",
            "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
            "severity": "critical",
            "cwe": [
              "CWE-74"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<3.1.7"
          },
          {
            "source": 1097210,
            "name": "ejs",
            "dependency": "ejs",
            "title": "ejs lacks certain pollution protection",
            "url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<3.1.10"
          }
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "<=3.1.9",
        "nodes": [
          "node_modules/ejs"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "fast-glob": {
        "name": "fast-glob",
        "severity": "high",
        "isDirect": false,
        "via": [
          "glob-parent"
        ],
        "effects": [
          "globby"
        ],
        "range": "<=2.2.7",
        "nodes": [
          "node_modules/fast-glob"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "fork-ts-checker-webpack-plugin": {
        "name": "fork-ts-checker-webpack-plugin",
        "severity": "high",
        "isDirect": false,
        "via": [
          "chokidar"
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "<=3.1.0",
        "nodes": [
          "node_modules/fork-ts-checker-webpack-plugin"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "glob-parent": {
        "name": "glob-parent",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1095007,
            "name": "glob-parent",
            "dependency": "glob-parent",
            "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
            "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
            "severity": "high",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<5.1.2"
          }
        ],
        "effects": [
          "chokidar",
          "fast-glob"
        ],
        "range": "<5.1.2",
        "nodes": [
          "node_modules/chokidar/node_modules/glob-parent",
          "node_modules/fast-glob/node_modules/glob-parent"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "globby": {
        "name": "globby",
        "severity": "high",
        "isDirect": false,
        "via": [
          "fast-glob"
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "8.0.0 - 9.2.0",
        "nodes": [
          "node_modules/globby"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "highlight.js": {
        "name": "highlight.js",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1086450,
            "name": "highlight.js",
            "dependency": "highlight.js",
            "title": "ReDOS vulnerabities: multiple grammars",
            "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq",
            "severity": "moderate",
            "cwe": [
              "CWE-20",
              "CWE-400"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": ">=9.0.0 <10.4.1"
          },
          {
            "source": 1090060,
            "name": "highlight.js",
            "dependency": "highlight.js",
            "title": "Prototype Pollution in highlight.js",
            "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx",
            "severity": "moderate",
            "cwe": [
              "CWE-471"
            ],
            "cvss": {
              "score": 5.8,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"
            },
            "range": "<9.18.2"
          }
        ],
        "effects": [
          "lowlight",
          "react-syntax-highlighter"
        ],
        "range": "<=10.4.0",
        "nodes": [
          "node_modules/highlight.js"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "html-loader": {
        "name": "html-loader",
        "severity": "high",
        "isDirect": false,
        "via": [
          "html-minifier"
        ],
        "effects": [],
        "range": "<=0.5.5",
        "nodes": [
          "node_modules/html-loader"
        ],
        "fixAvailable": true
      },
      "html-minifier": {
        "name": "html-minifier",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1097148,
            "name": "html-minifier",
            "dependency": "html-minifier",
            "title": "kangax html-minifier REDoS vulnerability",
            "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<=4.0.0"
          }
        ],
        "effects": [
          "html-loader"
        ],
        "range": "*",
        "nodes": [
          "node_modules/html-minifier"
        ],
        "fixAvailable": true
      },
      "icss-utils": {
        "name": "icss-utils",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [
          "css-loader",
          "postcss-modules-local-by-default",
          "postcss-modules-values"
        ],
        "range": "<=4.1.1",
        "nodes": [
          "node_modules/icss-utils"
        ],
        "fixAvailable": true
      },
      "jsdoc": {
        "name": "jsdoc",
        "severity": "high",
        "isDirect": true,
        "via": [
          "taffydb"
        ],
        "effects": [],
        "range": "3.2.0-dev - 3.6.11",
        "nodes": [
          "node_modules/jsdoc"
        ],
        "fixAvailable": {
          "name": "jsdoc",
          "version": "4.0.3",
          "isSemVerMajor": true
        }
      },
      "jsdoc-wmf-theme": {
        "name": "jsdoc-wmf-theme",
        "severity": "high",
        "isDirect": true,
        "via": [
          "taffydb"
        ],
        "effects": [],
        "range": "<=0.0.12",
        "nodes": [
          "node_modules/jsdoc-wmf-theme"
        ],
        "fixAvailable": {
          "name": "jsdoc-wmf-theme",
          "version": "1.0.1",
          "isSemVerMajor": true
        }
      },
      "json5": {
        "name": "json5",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096543,
            "name": "json5",
            "dependency": "json5",
            "title": "Prototype Pollution in JSON5 via Parse Method",
            "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
            "severity": "high",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
            },
            "range": "<1.0.2"
          }
        ],
        "effects": [
          "babel-core"
        ],
        "range": "<1.0.2",
        "nodes": [
          "node_modules/babel-core/node_modules/json5"
        ],
        "fixAvailable": {
          "name": "babel-core",
          "version": "4.7.16",
          "isSemVerMajor": true
        }
      },
      "loader-utils": {
        "name": "loader-utils",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1094088,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "Prototype pollution in webpack loader-utils",
            "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<1.4.1"
          },
          {
            "source": 1095055,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
            "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=1.0.0 <1.4.2"
          },
          {
            "source": 1097143,
            "name": "loader-utils",
            "dependency": "loader-utils",
            "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
            "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=1.0.0 <1.4.2"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "<=1.4.1",
        "nodes": [
          "node_modules/react-dev-utils/node_modules/loader-utils"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "lowlight": {
        "name": "lowlight",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "highlight.js"
        ],
        "effects": [
          "react-syntax-highlighter"
        ],
        "range": "1.2.0 - 1.13.1",
        "nodes": [
          "node_modules/lowlight"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096485,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS vulnerability",
            "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.0.5"
          }
        ],
        "effects": [
          "recursive-readdir"
        ],
        "range": "<3.0.5",
        "nodes": [
          "node_modules/recursive-readdir/node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "pa11y": {
        "name": "pa11y",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "semver"
        ],
        "effects": [
          "wmf-a11y"
        ],
        "range": "6.0.0-alpha - 6.2.3",
        "nodes": [
          "node_modules/pa11y"
        ],
        "fixAvailable": false
      },
      "postcss": {
        "name": "postcss",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1094544,
            "name": "postcss",
            "dependency": "postcss",
            "title": "PostCSS line return parsing error",
            "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
            "severity": "moderate",
            "cwe": [
              "CWE-74",
              "CWE-144"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<8.4.31"
          }
        ],
        "effects": [
          "autoprefixer",
          "css-loader",
          "icss-utils",
          "postcss-flexbugs-fixes",
          "postcss-loader",
          "postcss-modules-extract-imports",
          "postcss-modules-local-by-default",
          "postcss-modules-scope",
          "postcss-modules-values"
        ],
        "range": "<8.4.31",
        "nodes": [
          "node_modules/autoprefixer/node_modules/postcss",
          "node_modules/css-loader/node_modules/postcss",
          "node_modules/icss-utils/node_modules/postcss",
          "node_modules/postcss-flexbugs-fixes/node_modules/postcss",
          "node_modules/postcss-loader/node_modules/postcss",
          "node_modules/postcss-modules-extract-imports/node_modules/postcss",
          "node_modules/postcss-modules-local-by-default/node_modules/postcss",
          "node_modules/postcss-modules-scope/node_modules/postcss",
          "node_modules/postcss-modules-values/node_modules/postcss"
        ],
        "fixAvailable": true
      },
      "postcss-flexbugs-fixes": {
        "name": "postcss-flexbugs-fixes",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "<=4.2.1",
        "nodes": [
          "node_modules/postcss-flexbugs-fixes"
        ],
        "fixAvailable": true
      },
      "postcss-loader": {
        "name": "postcss-loader",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "<=4.0.1",
        "nodes": [
          "node_modules/postcss-loader"
        ],
        "fixAvailable": true
      },
      "postcss-modules-extract-imports": {
        "name": "postcss-modules-extract-imports",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "<=2.0.0",
        "nodes": [
          "node_modules/postcss-modules-extract-imports"
        ],
        "fixAvailable": true
      },
      "postcss-modules-local-by-default": {
        "name": "postcss-modules-local-by-default",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "icss-utils",
          "postcss"
        ],
        "effects": [],
        "range": "<=4.0.0-rc.4",
        "nodes": [
          "node_modules/postcss-modules-local-by-default"
        ],
        "fixAvailable": true
      },
      "postcss-modules-scope": {
        "name": "postcss-modules-scope",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "postcss"
        ],
        "effects": [],
        "range": "<=2.2.0",
        "nodes": [
          "node_modules/postcss-modules-scope"
        ],
        "fixAvailable": true
      },
      "postcss-modules-values": {
        "name": "postcss-modules-values",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "icss-utils",
          "postcss"
        ],
        "effects": [
          "css-loader"
        ],
        "range": "<=4.0.0-rc.5",
        "nodes": [
          "node_modules/postcss-modules-values"
        ],
        "fixAvailable": true
      },
      "prismjs": {
        "name": "prismjs",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1087445,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Cross-Site Scripting in Prism",
            "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9",
            "severity": "high",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 7.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"
            },
            "range": ">=1.1.0 <1.21.0"
          },
          {
            "source": 1089189,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "prismjs Regular Expression Denial of Service vulnerability",
            "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96",
            "severity": "moderate",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            },
            "range": "<1.25.0"
          },
          {
            "source": 1089716,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Regular Expression Denial of Service (ReDoS) in Prism",
            "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg",
            "severity": "high",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 7.4,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"
            },
            "range": "<1.24.0"
          },
          {
            "source": 1090424,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Cross-site Scripting in Prism",
            "url": "https://github.com/advisories/GHSA-3949-f494-cm99",
            "severity": "high",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"
            },
            "range": ">=1.14.0 <1.27.0"
          },
          {
            "source": 1093292,
            "name": "prismjs",
            "dependency": "prismjs",
            "title": "Denial of service in prismjs",
            "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w",
            "severity": "high",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<1.23.0"
          }
        ],
        "effects": [
          "refractor"
        ],
        "range": "<=1.26.0",
        "nodes": [
          "node_modules/refractor/node_modules/prismjs"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "react-dev-utils": {
        "name": "react-dev-utils",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1089062,
            "name": "react-dev-utils",
            "dependency": "react-dev-utils",
            "title": "react-dev-utils OS Command Injection in function `getProcessForPort`",
            "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x",
            "severity": "moderate",
            "cwe": [
              "CWE-78"
            ],
            "cvss": {
              "score": 5.6,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": ">=0.4.0 <11.0.4"
          },
          "browserslist",
          "fork-ts-checker-webpack-plugin",
          "globby",
          "loader-utils",
          "recursive-readdir",
          "shell-quote"
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "0.4.0 - 12.0.0-next.60",
        "nodes": [
          "node_modules/react-dev-utils"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "react-syntax-highlighter": {
        "name": "react-syntax-highlighter",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "highlight.js",
          "lowlight",
          "refractor"
        ],
        "effects": [
          "@storybook/components"
        ],
        "range": "2.0.4 - 12.2.1",
        "nodes": [
          "node_modules/react-syntax-highlighter"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "recursive-readdir": {
        "name": "recursive-readdir",
        "severity": "high",
        "isDirect": false,
        "via": [
          "minimatch"
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "1.2.0 - 2.2.2",
        "nodes": [
          "node_modules/recursive-readdir"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "refractor": {
        "name": "refractor",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "prismjs"
        ],
        "effects": [
          "react-syntax-highlighter"
        ],
        "range": "<=3.4.0 || 4.0.0 - 4.1.1",
        "nodes": [
          "node_modules/refractor"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "semver": {
        "name": "semver",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096482,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=7.0.0 <7.5.2"
          }
        ],
        "effects": [
          "pa11y"
        ],
        "range": "7.0.0 - 7.5.1",
        "nodes": [
          "node_modules/pa11y/node_modules/semver"
        ],
        "fixAvailable": false
      },
      "shell-quote": {
        "name": "shell-quote",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096375,
            "name": "shell-quote",
            "dependency": "shell-quote",
            "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
            "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
            "severity": "critical",
            "cwe": [
              "CWE-77"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<=1.7.2"
          }
        ],
        "effects": [
          "react-dev-utils"
        ],
        "range": "<=1.7.2",
        "nodes": [
          "node_modules/shell-quote"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "taffydb": {
        "name": "taffydb",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1089386,
            "name": "taffydb",
            "dependency": "taffydb",
            "title": "TaffyDB can allow access to any data items in the DB",
            "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
            "severity": "high",
            "cwe": [
              "CWE-20",
              "CWE-668"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": "<=2.7.3"
          }
        ],
        "effects": [
          "jsdoc",
          "jsdoc-wmf-theme"
        ],
        "range": "*",
        "nodes": [
          "node_modules/taffydb"
        ],
        "fixAvailable": {
          "name": "jsdoc-wmf-theme",
          "version": "1.0.1",
          "isSemVerMajor": true
        }
      },
      "watchpack": {
        "name": "watchpack",
        "severity": "high",
        "isDirect": false,
        "via": [
          "watchpack-chokidar2"
        ],
        "effects": [
          "webpack"
        ],
        "range": "1.7.2 - 1.7.5",
        "nodes": [
          "node_modules/watchpack"
        ],
        "fixAvailable": true
      },
      "watchpack-chokidar2": {
        "name": "watchpack-chokidar2",
        "severity": "high",
        "isDirect": false,
        "via": [
          "chokidar"
        ],
        "effects": [
          "watchpack"
        ],
        "range": "*",
        "nodes": [
          "node_modules/watchpack-chokidar2"
        ],
        "fixAvailable": true
      },
      "webpack": {
        "name": "webpack",
        "severity": "high",
        "isDirect": false,
        "via": [
          "watchpack"
        ],
        "effects": [],
        "range": "4.44.0 - 4.47.0",
        "nodes": [
          "node_modules/webpack"
        ],
        "fixAvailable": true
      },
      "webpack-dev-middleware": {
        "name": "webpack-dev-middleware",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096729,
            "name": "webpack-dev-middleware",
            "dependency": "webpack-dev-middleware",
            "title": "Path traversal in webpack-dev-middleware",
            "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 7.4,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
            },
            "range": "<=5.3.3"
          }
        ],
        "effects": [
          "@storybook/core"
        ],
        "range": "<=5.3.3",
        "nodes": [
          "node_modules/webpack-dev-middleware"
        ],
        "fixAvailable": {
          "name": "@storybook/html",
          "version": "8.1.1",
          "isSemVerMajor": true
        }
      },
      "wmf-a11y": {
        "name": "wmf-a11y",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "pa11y"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/wmf-a11y"
        ],
        "fixAvailable": false
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 20,
        "high": 21,
        "critical": 8,
        "total": 49
      },
      "dependencies": {
        "prod": 32,
        "dev": 2195,
        "optional": 23,
        "peer": 25,
        "peerOptional": 0,
        "total": 2251
      }
    }
  }
}

--- end ---
{"added": 2251, "removed": 0, "changed": 0, "audited": 2252, "funding": 169, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@storybook/components": {"name": "@storybook/components", "severity": "moderate", "isDirect": false, "via": ["react-syntax-highlighter"], "effects": ["@storybook/ui"], "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28", "nodes": ["node_modules/@storybook/components"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/ui", "autoprefixer", "css-loader", "ejs", "postcss-flexbugs-fixes", "postcss-loader", "react-dev-utils", "webpack-dev-middleware"], "effects": ["@storybook/html"], "range": "3.4.0-alpha.0 - 6.2.0-rc.13", "nodes": ["node_modules/@storybook/core"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "@storybook/html": {"name": "@storybook/html", "severity": "high", "isDirect": true, "via": ["@storybook/core", "html-loader"], "effects": [], "range": "<=6.0.0-rc.30", "nodes": ["node_modules/@storybook/html"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "@storybook/ui": {"name": "@storybook/ui", "severity": "moderate", "isDirect": false, "via": ["@storybook/components"], "effects": ["@storybook/core"], "range": "4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28", "nodes": ["node_modules/@storybook/ui"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "babel-core": {"name": "babel-core", "severity": "critical", "isDirect": true, "via": ["babel-helpers", "babel-register", "babel-template", "babel-traverse", "json5"], "effects": ["babel-register"], "range": "5.8.20 - 7.0.0-beta.3", "nodes": ["node_modules/babel-core"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-helpers": {"name": "babel-helpers", "severity": "critical", "isDirect": false, "via": ["babel-template"], "effects": [], "range": "*", "nodes": ["node_modules/babel-helpers"], "fixAvailable": true}, "babel-register": {"name": "babel-register", "severity": "high", "isDirect": false, "via": ["babel-core"], "effects": ["babel-core"], "range": "*", "nodes": ["node_modules/babel-register"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-template": {"name": "babel-template", "severity": "critical", "isDirect": false, "via": ["babel-traverse"], "effects": ["babel-helpers"], "range": "*", "nodes": ["node_modules/babel-template"], "fixAvailable": true}, "babel-traverse": {"name": "babel-traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096879, "name": "babel-traverse", "dependency": "babel-traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": ["babel-core", "babel-template"], "range": "*", "nodes": ["node_modules/babel-traverse"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "browserslist": {"name": "browserslist", "severity": "moderate", "isDirect": false, "via": [{"source": 1093035, "name": "browserslist", "dependency": "browserslist", "title": "Regular Expression Denial of Service in browserslist", "url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.16.5"}], "effects": ["react-dev-utils"], "range": "4.0.0 - 4.16.4", "nodes": ["node_modules/react-dev-utils/node_modules/browserslist"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["glob-parent"], "effects": ["fork-ts-checker-webpack-plugin", "watchpack-chokidar2"], "range": "1.0.0-rc1 - 2.1.8", "nodes": ["node_modules/chokidar"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/css-loader"], "fixAvailable": true}, "ejs": {"name": "ejs", "severity": "critical", "isDirect": false, "via": [{"source": 1089270, "name": "ejs", "dependency": "ejs", "title": "ejs template injection vulnerability", "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q", "severity": "critical", "cwe": ["CWE-74"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<3.1.7"}, {"source": 1097210, "name": "ejs", "dependency": "ejs", "title": "ejs lacks certain pollution protection", "url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.10"}], "effects": ["@storybook/core"], "range": "<=3.1.9", "nodes": ["node_modules/ejs"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "fast-glob": {"name": "fast-glob", "severity": "high", "isDirect": false, "via": ["glob-parent"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/fast-glob"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["react-dev-utils"], "range": "<=3.1.0", "nodes": ["node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "glob-parent": {"name": "glob-parent", "severity": "high", "isDirect": false, "via": [{"source": 1095007, "name": "glob-parent", "dependency": "glob-parent", "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex", "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<5.1.2"}], "effects": ["chokidar", "fast-glob"], "range": "<5.1.2", "nodes": ["node_modules/chokidar/node_modules/glob-parent", "node_modules/fast-glob/node_modules/glob-parent"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "globby": {"name": "globby", "severity": "high", "isDirect": false, "via": ["fast-glob"], "effects": ["react-dev-utils"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/globby"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "highlight.js": {"name": "highlight.js", "severity": "moderate", "isDirect": false, "via": [{"source": 1086450, "name": "highlight.js", "dependency": "highlight.js", "title": "ReDOS vulnerabities: multiple grammars", "url": "https://github.com/advisories/GHSA-7wwv-vh3v-89cq", "severity": "moderate", "cwe": ["CWE-20", "CWE-400"], "cvss": {"score": 0, "vectorString": null}, "range": ">=9.0.0 <10.4.1"}, {"source": 1090060, "name": "highlight.js", "dependency": "highlight.js", "title": "Prototype Pollution in highlight.js", "url": "https://github.com/advisories/GHSA-vfrc-7r7c-w9mx", "severity": "moderate", "cwe": ["CWE-471"], "cvss": {"score": 5.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"}, "range": "<9.18.2"}], "effects": ["lowlight", "react-syntax-highlighter"], "range": "<=10.4.0", "nodes": ["node_modules/highlight.js"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "html-loader": {"name": "html-loader", "severity": "high", "isDirect": false, "via": ["html-minifier"], "effects": [], "range": "<=0.5.5", "nodes": ["node_modules/html-loader"], "fixAvailable": true}, "html-minifier": {"name": "html-minifier", "severity": "high", "isDirect": false, "via": [{"source": 1097148, "name": "html-minifier", "dependency": "html-minifier", "title": "kangax html-minifier REDoS vulnerability", "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=4.0.0"}], "effects": ["html-loader"], "range": "*", "nodes": ["node_modules/html-minifier"], "fixAvailable": true}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "jsdoc": {"name": "jsdoc", "severity": "high", "isDirect": true, "via": ["taffydb"], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "4.0.3", "isSemVerMajor": true}}, "jsdoc-wmf-theme": {"name": "jsdoc-wmf-theme", "severity": "high", "isDirect": true, "via": ["taffydb"], "effects": [], "range": "<=0.0.12", "nodes": ["node_modules/jsdoc-wmf-theme"], "fixAvailable": {"name": "jsdoc-wmf-theme", "version": "1.0.1", "isSemVerMajor": true}}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096543, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": "<1.0.2"}], "effects": ["babel-core"], "range": "<1.0.2", "nodes": ["node_modules/babel-core/node_modules/json5"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "loader-utils": {"name": "loader-utils", "severity": "critical", "isDirect": false, "via": [{"source": 1094088, "name": "loader-utils", "dependency": "loader-utils", "title": "Prototype pollution in webpack loader-utils", "url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<1.4.1"}, {"source": 1095055, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable", "url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}, {"source": 1097143, "name": "loader-utils", "dependency": "loader-utils", "title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=1.0.0 <1.4.2"}], "effects": ["react-dev-utils"], "range": "<=1.4.1", "nodes": ["node_modules/react-dev-utils/node_modules/loader-utils"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "lowlight": {"name": "lowlight", "severity": "moderate", "isDirect": false, "via": ["highlight.js"], "effects": ["react-syntax-highlighter"], "range": "1.2.0 - 1.13.1", "nodes": ["node_modules/lowlight"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": ["recursive-readdir"], "range": "<3.0.5", "nodes": ["node_modules/recursive-readdir/node_modules/minimatch"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "pa11y": {"name": "pa11y", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["wmf-a11y"], "range": "6.0.0-alpha - 6.2.3", "nodes": ["node_modules/pa11y"], "fixAvailable": false}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-loader", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<8.4.31", "nodes": ["node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-loader/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": true}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-loader": {"name": "postcss-loader", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-loader"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "prismjs": {"name": "prismjs", "severity": "high", "isDirect": false, "via": [{"source": 1087445, "name": "prismjs", "dependency": "prismjs", "title": "Cross-Site Scripting in Prism", "url": "https://github.com/advisories/GHSA-wvhm-4hhf-97x9", "severity": "high", "cwe": ["CWE-79"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}, "range": ">=1.1.0 <1.21.0"}, {"source": 1089189, "name": "prismjs", "dependency": "prismjs", "title": "prismjs Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-hqhp-5p83-hx96", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<1.25.0"}, {"source": 1089716, "name": "prismjs", "dependency": "prismjs", "title": "Regular Expression Denial of Service (ReDoS) in Prism", "url": "https://github.com/advisories/GHSA-gj77-59wh-66hg", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}, "range": "<1.24.0"}, {"source": 1090424, "name": "prismjs", "dependency": "prismjs", "title": "Cross-site Scripting in Prism", "url": "https://github.com/advisories/GHSA-3949-f494-cm99", "severity": "high", "cwe": ["CWE-79"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"}, "range": ">=1.14.0 <1.27.0"}, {"source": 1093292, "name": "prismjs", "dependency": "prismjs", "title": "Denial of service in prismjs", "url": "https://github.com/advisories/GHSA-h4hr-7fg3-h35w", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 0, "vectorString": null}, "range": "<1.23.0"}], "effects": ["refractor"], "range": "<=1.26.0", "nodes": ["node_modules/refractor/node_modules/prismjs"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "react-dev-utils": {"name": "react-dev-utils", "severity": "critical", "isDirect": false, "via": [{"source": 1089062, "name": "react-dev-utils", "dependency": "react-dev-utils", "title": "react-dev-utils OS Command Injection in function `getProcessForPort`", "url": "https://github.com/advisories/GHSA-5q6m-3h65-w53x", "severity": "moderate", "cwe": ["CWE-78"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=0.4.0 <11.0.4"}, "browserslist", "fork-ts-checker-webpack-plugin", "globby", "loader-utils", "recursive-readdir", "shell-quote"], "effects": ["@storybook/core"], "range": "0.4.0 - 12.0.0-next.60", "nodes": ["node_modules/react-dev-utils"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "react-syntax-highlighter": {"name": "react-syntax-highlighter", "severity": "moderate", "isDirect": false, "via": ["highlight.js", "lowlight", "refractor"], "effects": ["@storybook/components"], "range": "2.0.4 - 12.2.1", "nodes": ["node_modules/react-syntax-highlighter"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "recursive-readdir": {"name": "recursive-readdir", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": ["react-dev-utils"], "range": "1.2.0 - 2.2.2", "nodes": ["node_modules/recursive-readdir"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "refractor": {"name": "refractor", "severity": "moderate", "isDirect": false, "via": ["prismjs"], "effects": ["react-syntax-highlighter"], "range": "<=3.4.0 || 4.0.0 - 4.1.1", "nodes": ["node_modules/refractor"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "semver": {"name": "semver", "severity": "moderate", "isDirect": false, "via": [{"source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=7.0.0 <7.5.2"}], "effects": ["pa11y"], "range": "7.0.0 - 7.5.1", "nodes": ["node_modules/pa11y/node_modules/semver"], "fixAvailable": false}, "shell-quote": {"name": "shell-quote", "severity": "critical", "isDirect": false, "via": [{"source": 1096375, "name": "shell-quote", "dependency": "shell-quote", "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote", "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7", "severity": "critical", "cwe": ["CWE-77"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=1.7.2"}], "effects": ["react-dev-utils"], "range": "<=1.7.2", "nodes": ["node_modules/shell-quote"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "taffydb": {"name": "taffydb", "severity": "high", "isDirect": false, "via": [{"source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": ["CWE-20", "CWE-668"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<=2.7.3"}], "effects": ["jsdoc", "jsdoc-wmf-theme"], "range": "*", "nodes": ["node_modules/taffydb"], "fixAvailable": {"name": "jsdoc-wmf-theme", "version": "1.0.1", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": ["webpack"], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/watchpack"], "fixAvailable": true}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": true}, "webpack": {"name": "webpack", "severity": "high", "isDirect": false, "via": ["watchpack"], "effects": [], "range": "4.44.0 - 4.47.0", "nodes": ["node_modules/webpack"], "fixAvailable": true}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}], "effects": ["@storybook/core"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": {"name": "@storybook/html", "version": "8.1.1", "isSemVerMajor": true}}, "wmf-a11y": {"name": "wmf-a11y", "severity": "moderate", "isDirect": true, "via": ["pa11y"], "effects": [], "range": "*", "nodes": ["node_modules/wmf-a11y"], "fixAvailable": false}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 20, "high": 21, "critical": 8, "total": 49}, "dependencies": {"prod": 32, "dev": 2195, "optional": 23, "peer": 25, "peerOptional": 0, "total": 2251}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN Found: @babel/core@7.8.0
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.8.0" from the root project
npm WARN   83 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN   @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.16.7" from @babel/preset-env@7.17.10
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.24.5
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN   node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN     @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.16.7" from @babel/preset-env@7.17.10
npm WARN     node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-proposal-class-static-block@7.17.6
npm WARN Found: @babel/core@7.8.0
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.8.0" from the root project
npm WARN   83 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.17.6
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-proposal-class-static-block
npm WARN   @babel/plugin-proposal-class-static-block@"^7.17.6" from @babel/preset-env@7.17.10
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.24.5
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.17.6
npm WARN   node_modules/@babel/preset-env/node_modules/@babel/plugin-proposal-class-static-block
npm WARN     @babel/plugin-proposal-class-static-block@"^7.17.6" from @babel/preset-env@7.17.10
npm WARN     node_modules/@babel/preset-env
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.20.1',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@37.9.7',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---

added 2246 packages, and audited 2247 packages in 1m

169 packages are looking for funding
  run `npm fund` for details

# npm audit report

babel-traverse  *
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-traverse
  babel-core  5.8.20 - 7.0.0-beta.3
  Depends on vulnerable versions of babel-helpers
  Depends on vulnerable versions of babel-register
  Depends on vulnerable versions of babel-template
  Depends on vulnerable versions of babel-traverse
  Depends on vulnerable versions of json5
  node_modules/babel-core
    babel-register  *
    Depends on vulnerable versions of babel-core
    node_modules/babel-register
  babel-template  *
  Depends on vulnerable versions of babel-traverse
  node_modules/babel-template
    babel-helpers  *
    Depends on vulnerable versions of babel-template
    node_modules/babel-helpers

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
  react-dev-utils  0.4.0 - 12.0.0-next.60
  Depends on vulnerable versions of browserslist
  Depends on vulnerable versions of fork-ts-checker-webpack-plugin
  Depends on vulnerable versions of globby
  Depends on vulnerable versions of loader-utils
  Depends on vulnerable versions of recursive-readdir
  Depends on vulnerable versions of shell-quote
  node_modules/react-dev-utils
    @storybook/core  3.4.0-alpha.0 - 6.2.0-rc.13
    Depends on vulnerable versions of @storybook/ui
    Depends on vulnerable versions of autoprefixer
    Depends on vulnerable versions of css-loader
    Depends on vulnerable versions of ejs
    Depends on vulnerable versions of postcss-flexbugs-fixes
    Depends on vulnerable versions of postcss-loader
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of webpack-dev-middleware
    node_modules/@storybook/core
      @storybook/html  <=6.0.0-rc.30
      Depends on vulnerable versions of @storybook/core
      Depends on vulnerable versions of html-loader
      node_modules/@storybook/html

ejs  <=3.1.9
Severity: critical
ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q
ejs lacks certain pollution protection - https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/ejs

glob-parent  <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/fast-glob/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    fork-ts-checker-webpack-plugin  <=3.1.0
    Depends on vulnerable versions of chokidar
    node_modules/fork-ts-checker-webpack-plugin
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
        webpack  4.44.0 - 4.47.0
        Depends on vulnerable versions of watchpack
        node_modules/webpack
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/globby

highlight.js  <=10.4.0
Severity: moderate
ReDOS vulnerabities: multiple grammars - https://github.com/advisories/GHSA-7wwv-vh3v-89cq
Prototype Pollution in highlight.js - https://github.com/advisories/GHSA-vfrc-7r7c-w9mx
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/highlight.js
  lowlight  1.2.0 - 1.13.1
  Depends on vulnerable versions of highlight.js
  node_modules/lowlight
    react-syntax-highlighter  2.0.4 - 12.2.1
    Depends on vulnerable versions of highlight.js
    Depends on vulnerable versions of lowlight
    Depends on vulnerable versions of refractor
    node_modules/react-syntax-highlighter
      @storybook/components  4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28
      Depends on vulnerable versions of react-syntax-highlighter
      node_modules/@storybook/components
        @storybook/ui  4.2.0-alpha.1 - 5.3.0-rc.14 || 6.0.0-alpha.0 - 6.0.28
        Depends on vulnerable versions of @storybook/components
        node_modules/@storybook/ui

html-minifier  *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
fix available via `npm audit fix`
node_modules/html-minifier
  html-loader  <=0.5.5
  Depends on vulnerable versions of html-minifier
  node_modules/html-loader

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5

loader-utils  <=1.4.1
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/react-dev-utils/node_modules/loader-utils

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/recursive-readdir/node_modules/minimatch
  recursive-readdir  1.2.0 - 2.2.2
  Depends on vulnerable versions of minimatch
  node_modules/recursive-readdir

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/autoprefixer/node_modules/postcss
node_modules/css-loader/node_modules/postcss
node_modules/icss-utils/node_modules/postcss
node_modules/postcss-flexbugs-fixes/node_modules/postcss
node_modules/postcss-loader/node_modules/postcss
node_modules/postcss-modules-extract-imports/node_modules/postcss
node_modules/postcss-modules-local-by-default/node_modules/postcss
node_modules/postcss-modules-scope/node_modules/postcss
node_modules/postcss-modules-values/node_modules/postcss
  autoprefixer  1.0.20131222 - 9.8.8
  Depends on vulnerable versions of postcss
  node_modules/autoprefixer
  css-loader  0.15.0 - 4.3.0
  Depends on vulnerable versions of icss-utils
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of postcss-modules-extract-imports
  Depends on vulnerable versions of postcss-modules-local-by-default
  Depends on vulnerable versions of postcss-modules-scope
  Depends on vulnerable versions of postcss-modules-values
  node_modules/css-loader
  icss-utils  <=4.1.1
  Depends on vulnerable versions of postcss
  node_modules/icss-utils
    postcss-modules-local-by-default  <=4.0.0-rc.4
    Depends on vulnerable versions of icss-utils
    Depends on vulnerable versions of postcss
    node_modules/postcss-modules-local-by-default
    postcss-modules-values  <=4.0.0-rc.5
    Depends on vulnerable versions of icss-utils
    Depends on vulnerable versions of postcss
    node_modules/postcss-modules-values
  postcss-flexbugs-fixes  <=4.2.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-flexbugs-fixes
  postcss-loader  <=4.0.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-loader
  postcss-modules-extract-imports  <=2.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-extract-imports
  postcss-modules-scope  <=2.2.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-scope

prismjs  <=1.26.0
Severity: high
Cross-Site Scripting in Prism - https://github.com/advisories/GHSA-wvhm-4hhf-97x9
prismjs Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-hqhp-5p83-hx96
Regular Expression Denial of Service (ReDoS) in Prism - https://github.com/advisories/GHSA-gj77-59wh-66hg
Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99
Denial of service in prismjs - https://github.com/advisories/GHSA-h4hr-7fg3-h35w
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/refractor/node_modules/prismjs
  refractor  <=3.4.0 || 4.0.0 - 4.1.1
  Depends on vulnerable versions of prismjs
  node_modules/refractor


semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/pa11y/node_modules/semver
  pa11y  6.0.0-alpha - 6.2.3
  Depends on vulnerable versions of semver
  node_modules/pa11y
    wmf-a11y  *
    Depends on vulnerable versions of pa11y
    node_modules/wmf-a11y

shell-quote  <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/shell-quote

taffydb  *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
fix available via `npm audit fix --force`
Will install jsdoc@4.0.3, which is a breaking change
node_modules/taffydb
  jsdoc  3.2.0-dev - 3.6.11
  Depends on vulnerable versions of taffydb
  node_modules/jsdoc
  jsdoc-wmf-theme  <=0.0.12
  Depends on vulnerable versions of taffydb
  node_modules/jsdoc-wmf-theme

webpack-dev-middleware  <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix --force`
Will install @storybook/html@8.1.1, which is a breaking change
node_modules/webpack-dev-middleware

49 vulnerabilities (20 moderate, 21 high, 8 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN Found: @babel/core@7.8.0
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.8.0" from the root project
npm WARN   83 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN   @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.16.7" from @babel/preset-env@7.17.10
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.24.5
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.16.7
npm WARN   node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN     @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.16.7" from @babel/preset-env@7.17.10
npm WARN     node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-proposal-class-static-block@7.17.6
npm WARN Found: @babel/core@7.8.0
npm WARN node_modules/@babel/core
npm WARN   dev @babel/core@"7.8.0" from the root project
npm WARN   83 more (@babel/helper-compilation-targets, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.17.6
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-proposal-class-static-block
npm WARN   @babel/plugin-proposal-class-static-block@"^7.17.6" from @babel/preset-env@7.17.10
npm WARN   node_modules/@babel/preset-env
npm WARN 
npm WARN Conflicting peer dependency: @babel/core@7.24.5
npm WARN node_modules/@babel/core
npm WARN   peer @babel/core@"^7.12.0" from @babel/plugin-proposal-class-static-block@7.17.6
npm WARN   node_modules/@babel/preset-env/node_modules/@babel/plugin-proposal-class-static-block
npm WARN     @babel/plugin-proposal-class-static-block@"^7.17.6" from @babel/preset-env@7.17.10
npm WARN     node_modules/@babel/preset-env
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@es-joy/jsdoccomment@0.20.1',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'eslint-plugin-jsdoc@37.9.7',
npm WARN EBADENGINE   required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---

added 2246 packages, and audited 2247 packages in 1m

169 packages are looking for funding
  run `npm fund` for details

49 vulnerabilities (20 moderate, 21 high, 8 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/AB.test.js
PASS tests/jest/pinnableElement.test.js
PASS tests/jest/tableOfContents.test.js
PASS tests/jest/skins.vector.js/dropdownMenus.test.js
PASS tests/jest/stickyHeader.test.js
PASS tests/jest/restSearchClient.test.js
PASS tests/jest/skins.vector.es6/main.test.js
PASS tests/jest/fetch.test.js
PASS tests/jest/instrumentation.test.js
PASS tests/jest/skins.vector.js/menuTabs.test.js
PASS tests/jest/urlGenerator.test.js
PASS tests/jest/skins.vector.es6/features.test.js
PASS tests/jest/deferUntilFrame.test.js
PASS tests/jest/userLinks.test.js
PASS tests/jest/App.test.js

Test Suites: 15 passed, 15 total
Tests:       79 passed, 79 total
Snapshots:   12 passed, 12 total
Time:        6.516 s
--- stdout ---

> test
> npm -s run lint && tsc && npm run test:unit && npm -s run doc


/src/repo/resources/skins.vector.es6/main.js
  161:0  warning  The type 'tableOfContents' is undefined  jsdoc/no-undefined-types

/src/repo/resources/skins.vector.es6/pinnableElement.js
  193:0  warning  The type 'NodeListOf' is undefined  jsdoc/no-undefined-types

/src/repo/resources/skins.vector.es6/scrollObserver.js
  33:2  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')

/src/repo/resources/skins.vector.es6/stickyHeader.js
   85:2  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')
  104:2  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')
  449:1  warning  This line has a length of 107. Maximum allowed is 100                             max-len

/src/repo/resources/skins.vector.search/App.vue
   72:3  warning  Prop 'autocapitalizeValue' requires default value to be set  vue/require-default-prop
  230:1  warning  This line has a length of 114. Maximum allowed is 100        max-len

/src/repo/resources/skins.vector.search/fetch.js
  28:2  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')

/src/repo/resources/skins.vector.search/instrumentation.js
  15:3  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')
  43:2  warning  Unused eslint-disable directive (no problems were reported from 'compat/compat')

/src/repo/tests/jest/AB.test.js
  19:57  warning  Object.assign() is not supported in IE 11  compat/compat

/src/repo/tests/jest/App.test.js
  15:10  warning  Object.assign() is not supported in IE 11  compat/compat

/src/repo/tests/jest/restSearchClient.test.js
  83:4  warning  Object.assign() is not supported in IE 11  compat/compat

/src/repo/tests/jest/skins.vector.es6/main.test.js
  213:84  warning  Promise.resolve() is not supported in IE 11  compat/compat

/src/repo/tests/jest/stickyHeader.test.js
  94:38  warning  Object.assign() is not supported in IE 11  compat/compat

/src/repo/tests/jest/tableOfContents.test.js
  72:23  warning  Object.assign() is not supported in IE 11  compat/compat

✖ 17 problems (0 errors, 17 warnings)
  0 errors and 6 warnings potentially fixable with the `--fix` option.


resources/skins.vector.styles/components/Dropdown.less
 39:4  ⚠  Unexpected browser feature "intrinsic-width" is not supported by IE 11  plugin/no-unsupported-browser-features

resources/skins.vector.styles/components/TableOfContents.less
 17:4  ⚠  Unexpected browser feature "css-initial-value" is not supported by IE 11                       plugin/no-unsupported-browser-features
 23:3  ⚠  Unexpected browser feature "css-unset-value" is not supported by IE 11, Safari on iOS 9.0-9.2  plugin/no-unsupported-browser-features

resources/skins.vector.styles/layouts/gradeC.less
 13:1  ⚠  Unexpected browser feature "css-featurequeries" is not supported by IE 11  plugin/no-unsupported-browser-features

resources/skins.vector.styles/layouts/toc/unpinned.less
 48:3  ⚠  Unexpected browser feature "intrinsic-width" is not supported by IE 11  plugin/no-unsupported-browser-features

Checked 1 message directory.

> test:unit
> jest --silent

-------------------------|---------|----------|---------|---------|-----------------------------------------------------------------
File                     | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s                                               
-------------------------|---------|----------|---------|---------|-----------------------------------------------------------------
All files                |   39.08 |    31.71 |   38.95 |   38.89 |                                                                 
 skins.vector.es6        |   51.34 |    40.28 |   53.33 |   51.08 |                                                                 
  AB.js                  |     100 |      100 |     100 |     100 |                                                                 
  deferUntilFrame.js     |     100 |      100 |     100 |     100 |                                                                 
  features.js            |   66.66 |       65 |   66.66 |   66.66 | 14-26,78-92                                                     
  limitedWidthToggle.js  |   15.78 |        0 |       0 |   15.78 | 10-36                                                           
  main.js                |    50.7 |    34.56 |   52.38 |   50.35 | 115-139,168,173-197,206-207,225,248-269,282-381                 
  pinnableElement.js     |    87.3 |    79.62 |     100 |    87.3 | 25,32-33,37-38,110,160,183                                      
  scrollObserver.js      |   41.66 |        0 |       0 |   41.66 | 13-40                                                           
  searchToggle.js        |   13.79 |        0 |       0 |   13.79 | 18-94,110-123                                                   
  sectionObserver.js     |    2.77 |        0 |       0 |    2.77 | 47-188                                                          
  stickyHeader.js        |   18.27 |     3.63 |      20 |   18.27 | 28-58,87-109,127-128,158-379,416-419,444-586                    
  stickyHeaderAB.js      |       0 |        0 |       0 |       0 |                                                                 
  tableOfContents.js     |   83.42 |    69.79 |   89.74 |   83.14 | 131,154,190,203,209-233,251,282,358,393,406,427,480-487,511,514 
 skins.vector.js         |   19.01 |    19.39 |    10.9 |   19.01 |                                                                 
  checkbox.js            |       0 |        0 |       0 |       0 | 13-122                                                          
  dropdownMenus.js       |   76.92 |     72.5 |   42.85 |   76.92 | 15-27,87,97,160,169                                             
  echo.js                |       0 |        0 |       0 |       0 | 6-26                                                            
  languageButton.js      |       0 |        0 |       0 |       0 | 9-26                                                            
  menuTabs.js            |    90.9 |       75 |     100 |    90.9 | 19                                                              
  searchLoader.js        |       0 |        0 |       0 |       0 | 12-195                                                          
  sidebarPersistence.js  |       0 |        0 |       0 |       0 | 9-141                                                           
  skin.js                |       0 |        0 |       0 |       0 | 1-146                                                           
  watchstar.js           |       0 |        0 |       0 |       0 | 1-24                                                            
 skins.vector.legacy.js  |       0 |        0 |       0 |       0 |                                                                 
  collapsibleTabs.js     |       0 |        0 |       0 |       0 | 9-243                                                           
  skin-legacy.js         |       0 |      100 |       0 |       0 | 3-14                                                            
  vector.js              |       0 |        0 |       0 |       0 | 5-116                                                           
 skins.vector.search     |   49.56 |    39.28 |   51.42 |   49.56 |                                                                 
  App.vue                |    28.2 |    14.28 |   30.76 |    28.2 | 173-260,265-267                                                 
  fetch.js               |     100 |       75 |      75 |     100 | 29                                                              
  instrumentation.js     |   45.45 |       25 |    37.5 |   45.45 | 31-95                                                           
  restSearchClient.js    |     100 |       75 |     100 |     100 | 26-48                                                           
  skins.vector.search.js |       0 |        0 |       0 |       0 | 4-50                                                            
  types.js               |       0 |        0 |       0 |       0 |                                                                 
  urlGenerator.js        |     100 |      100 |     100 |     100 |                                                                 
-------------------------|---------|----------|---------|---------|-----------------------------------------------------------------

--- end ---
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{}
{}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1097148": {"source": 1097148, "name": "html-minifier", "dependency": "html-minifier", "title": "kangax html-minifier REDoS vulnerability", "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=4.0.0"}}
{"1097148": {"source": 1097148, "name": "html-minifier", "dependency": "html-minifier", "title": "kangax html-minifier REDoS vulnerability", "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=4.0.0"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{"1094544": {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}}
{}
{}
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpoxvrq17a
--- stderr ---
pre-commit: 
pre-commit: No changes detected.
pre-commit: Skipping the pre-commit hook.
pre-commit:
--- stdout ---
On branch REL1_40
Your branch is up to date with 'origin/REL1_40'.

nothing to commit, working tree clean

--- end ---

composer dependencies

Dependencies
Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.