wikimedia/portals (main)

sourcepatches
$ date
--- stdout ---
Thu Apr 11 21:41:47 UTC 2024

--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' (https://gerrit.wikimedia.org/r/wikimedia/portals/deploy) registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
400df6fbf93496485d081357f26db0dbaa7daebb refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@koa/cors": {
      "name": "@koa/cors",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095223,
          "name": "@koa/cors",
          "dependency": "@koa/cors",
          "title": "Overly permissive origin policy",
          "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82",
          "severity": "high",
          "cwe": [
            "CWE-346"
          ],
          "cvss": {
            "score": 8.6,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"
          },
          "range": "<5.0.0"
        }
      ],
      "effects": [
        "es-dev-server"
      ],
      "range": "<5.0.0",
      "nodes": [
        "node_modules/@koa/cors"
      ],
      "fixAvailable": true
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss",
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
        "node_modules/autoprefixer",
        "node_modules/stylelint/node_modules/autoprefixer"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "axios": {
      "name": "axios",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096525,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-352"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=0.8.1 <0.28.0"
        }
      ],
      "effects": [
        "bundlesize"
      ],
      "range": "0.8.1 - 0.27.2",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": true
    },
    "bundlesize": {
      "name": "bundlesize",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "axios"
      ],
      "effects": [],
      "range": "0.3.0 - 0.18.1 || >=1.0.0-beta.1",
      "nodes": [
        "node_modules/bundlesize"
      ],
      "fixAvailable": true
    },
    "cheerio": {
      "name": "cheerio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "css-select",
        "lodash.pick"
      ],
      "effects": [
        "gulp-inline"
      ],
      "range": "0.19.0 - 1.0.0-rc.3",
      "nodes": [
        "node_modules/cheerio"
      ],
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
      }
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "glob-watcher"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/glob-watcher/node_modules/chokidar"
      ],
      "fixAvailable": true
    },
    "color": {
      "name": "color",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "color-string"
      ],
      "effects": [
        "css-color-function"
      ],
      "range": "<=0.11.4",
      "nodes": [
        "node_modules/color"
      ],
      "fixAvailable": true
    },
    "color-string": {
      "name": "color-string",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089718,
          "name": "color-string",
          "dependency": "color-string",
          "title": "Regular Expression Denial of Service (ReDOS)",
          "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
          "severity": "moderate",
          "cwe": [
            "CWE-770"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<1.5.5"
        }
      ],
      "effects": [
        "color"
      ],
      "range": "<1.5.5",
      "nodes": [
        "node_modules/color/node_modules/color-string"
      ],
      "fixAvailable": true
    },
    "css-color-function": {
      "name": "css-color-function",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "color"
      ],
      "effects": [
        "postcss-color-function"
      ],
      "range": "*",
      "nodes": [
        "node_modules/css-color-function"
      ],
      "fixAvailable": true
    },
    "css-declaration-sorter": {
      "name": "css-declaration-sorter",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=5.1.2",
      "nodes": [
        "node_modules/css-declaration-sorter"
      ],
      "fixAvailable": true
    },
    "css-select": {
      "name": "css-select",
      "severity": "high",
      "isDirect": false,
      "via": [
        "nth-check"
      ],
      "effects": [
        "cheerio",
        "svgo"
      ],
      "range": "<=3.1.0",
      "nodes": [
        "node_modules/css-select",
        "node_modules/svgo/node_modules/css-select"
      ],
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
      }
    },
    "cssnano": {
      "name": "cssnano",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "cssnano-preset-default",
        "postcss"
      ],
      "effects": [],
      "range": "<=4.1.11",
      "nodes": [
        "node_modules/cssnano"
      ],
      "fixAvailable": {
        "name": "cssnano",
        "version": "6.1.2",
        "isSemVerMajor": true
      }
    },
    "cssnano-preset-default": {
      "name": "cssnano-preset-default",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "css-declaration-sorter",
        "cssnano-util-raw-cache",
        "postcss",
        "postcss-calc",
        "postcss-colormin",
        "postcss-convert-values",
        "postcss-discard-comments",
        "postcss-discard-duplicates",
        "postcss-discard-empty",
        "postcss-discard-overridden",
        "postcss-merge-longhand",
        "postcss-merge-rules",
        "postcss-minify-font-values",
        "postcss-minify-gradients",
        "postcss-minify-params",
        "postcss-minify-selectors",
        "postcss-normalize-charset",
        "postcss-normalize-display-values",
        "postcss-normalize-positions",
        "postcss-normalize-repeat-style",
        "postcss-normalize-string",
        "postcss-normalize-timing-functions",
        "postcss-normalize-unicode",
        "postcss-normalize-url",
        "postcss-normalize-whitespace",
        "postcss-ordered-values",
        "postcss-reduce-initial",
        "postcss-reduce-transforms",
        "postcss-svgo",
        "postcss-unique-selectors"
      ],
      "effects": [
        "cssnano"
      ],
      "range": "<=4.0.8",
      "nodes": [
        "node_modules/cssnano-preset-default"
      ],
      "fixAvailable": {
        "name": "cssnano",
        "version": "6.1.2",
        "isSemVerMajor": true
      }
    },
    "cssnano-util-raw-cache": {
      "name": "cssnano-util-raw-cache",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/cssnano-util-raw-cache"
      ],
      "fixAvailable": true
    },
    "es-dev-server": {
      "name": "es-dev-server",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@koa/cors"
      ],
      "effects": [],
      "range": ">=1.56.0",
      "nodes": [
        "node_modules/es-dev-server"
      ],
      "fixAvailable": true
    },
    "es5-ext": {
      "name": "es5-ext",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096592,
          "name": "es5-ext",
          "dependency": "es5-ext",
          "title": "es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`",
          "url": "https://github.com/advisories/GHSA-4gmj-3p3h-gm8h",
          "severity": "low",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=0.10.0 <0.10.63"
        }
      ],
      "effects": [],
      "range": "0.10.1 - 0.10.62",
      "nodes": [
        "node_modules/es5-ext"
      ],
      "fixAvailable": true
    },
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096856,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "follow-redirects' Proxy-Authorization header kept across hosts",
          "url": "https://github.com/advisories/GHSA-cxjh-pqwp-8mfp",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<=1.15.5"
        }
      ],
      "effects": [],
      "range": "<=1.15.5",
      "nodes": [
        "node_modules/follow-redirects"
      ],
      "fixAvailable": true
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095007,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "glob-stream"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/glob-stream/node_modules/glob-parent",
        "node_modules/glob-watcher/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "glob-stream": {
      "name": "glob-stream",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "vinyl-fs"
      ],
      "range": "5.3.0 - 6.1.0",
      "nodes": [
        "node_modules/glob-stream"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "glob-watcher": {
      "name": "glob-watcher",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [],
      "range": "3.0.0 - 5.0.5",
      "nodes": [
        "node_modules/glob-watcher"
      ],
      "fixAvailable": true
    },
    "gulp": {
      "name": "gulp",
      "severity": "high",
      "isDirect": true,
      "via": [
        "glob-watcher",
        "vinyl-fs"
      ],
      "effects": [],
      "range": "4.0.0 - 4.0.2",
      "nodes": [
        "node_modules/gulp"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "gulp-inline": {
      "name": "gulp-inline",
      "severity": "high",
      "isDirect": true,
      "via": [
        "cheerio"
      ],
      "effects": [],
      "range": ">=0.1.3",
      "nodes": [
        "node_modules/gulp-inline"
      ],
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
      }
    },
    "gulp-postcss": {
      "name": "gulp-postcss",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=8.0.0",
      "nodes": [
        "node_modules/gulp-postcss"
      ],
      "fixAvailable": {
        "name": "gulp-postcss",
        "version": "10.0.0",
        "isSemVerMajor": true
      }
    },
    "gulp-svg-sprite": {
      "name": "gulp-svg-sprite",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "svg-sprite"
      ],
      "effects": [],
      "range": "1.3.0 - 1.5.0",
      "nodes": [
        "node_modules/gulp-svg-sprite"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
      }
    },
    "gulp-useref": {
      "name": "gulp-useref",
      "severity": "high",
      "isDirect": true,
      "via": [
        "vinyl-fs"
      ],
      "effects": [],
      "range": ">=3.1.4",
      "nodes": [
        "node_modules/gulp-useref"
      ],
      "fixAvailable": {
        "name": "gulp-useref",
        "version": "3.1.3",
        "isSemVerMajor": true
      }
    },
    "lodash.pick": {
      "name": "lodash.pick",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096303,
          "name": "lodash.pick",
          "dependency": "lodash.pick",
          "title": "Prototype Pollution in lodash",
          "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
          "severity": "high",
          "cwe": [
            "CWE-770",
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
          },
          "range": ">=4.0.0 <=4.4.0"
        }
      ],
      "effects": [
        "cheerio"
      ],
      "range": ">=4.0.0",
      "nodes": [
        "node_modules/lodash.pick"
      ],
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
      }
    },
    "nth-check": {
      "name": "nth-check",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095141,
          "name": "nth-check",
          "dependency": "nth-check",
          "title": "Inefficient Regular Expression Complexity in nth-check",
          "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "css-select"
      ],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/nth-check"
      ],
      "fixAvailable": {
        "name": "gulp-inline",
        "version": "0.1.2",
        "isSemVerMajor": true
      }
    },
    "phantomjs-prebuilt": {
      "name": "phantomjs-prebuilt",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "svg-sprite"
      ],
      "range": "*",
      "nodes": [
        "node_modules/phantomjs-prebuilt"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
      }
    },
    "pixrem": {
      "name": "pixrem",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/pixrem"
      ],
      "fixAvailable": true
    },
    "pleeease-filters": {
      "name": "pleeease-filters",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/pleeease-filters"
      ],
      "fixAvailable": true
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1093539,
          "name": "postcss",
          "dependency": "postcss",
          "title": "Regular Expression Denial of Service in postcss",
          "url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<7.0.36"
        },
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "autoprefixer",
        "css-declaration-sorter",
        "cssnano",
        "cssnano-preset-default",
        "cssnano-util-raw-cache",
        "gulp-postcss",
        "pixrem",
        "pleeease-filters",
        "postcss-apply",
        "postcss-attribute-case-insensitive",
        "postcss-calc",
        "postcss-color-function",
        "postcss-color-gray",
        "postcss-color-hex-alpha",
        "postcss-color-hsl",
        "postcss-color-hwb",
        "postcss-color-rebeccapurple",
        "postcss-color-rgb",
        "postcss-color-rgba-fallback",
        "postcss-colormin",
        "postcss-convert-values",
        "postcss-cssnext",
        "postcss-custom-media",
        "postcss-custom-properties",
        "postcss-custom-selectors",
        "postcss-discard-comments",
        "postcss-discard-duplicates",
        "postcss-discard-empty",
        "postcss-discard-overridden",
        "postcss-font-family-system-ui",
        "postcss-font-variant",
        "postcss-image-set-polyfill",
        "postcss-import",
        "postcss-initial",
        "postcss-less",
        "postcss-media-minmax",
        "postcss-merge-longhand",
        "postcss-merge-rules",
        "postcss-minify-font-values",
        "postcss-minify-gradients",
        "postcss-minify-params",
        "postcss-minify-selectors",
        "postcss-nesting",
        "postcss-normalize-charset",
        "postcss-normalize-display-values",
        "postcss-normalize-positions",
        "postcss-normalize-repeat-style",
        "postcss-normalize-string",
        "postcss-normalize-timing-functions",
        "postcss-normalize-unicode",
        "postcss-normalize-url",
        "postcss-normalize-whitespace",
        "postcss-ordered-values",
        "postcss-pseudo-class-any-link",
        "postcss-pseudoelements",
        "postcss-reduce-initial",
        "postcss-reduce-transforms",
        "postcss-replace-overflow-wrap",
        "postcss-reporter",
        "postcss-safe-parser",
        "postcss-sass",
        "postcss-scss",
        "postcss-selector-matches",
        "postcss-selector-not",
        "postcss-svgo",
        "postcss-unique-selectors",
        "stylehacks",
        "stylelint",
        "sugarss"
      ],
      "range": "<=8.4.30",
      "nodes": [
        "node_modules/autoprefixer/node_modules/postcss",
        "node_modules/css-declaration-sorter/node_modules/postcss",
        "node_modules/cssnano-preset-default/node_modules/postcss",
        "node_modules/cssnano-util-raw-cache/node_modules/postcss",
        "node_modules/cssnano/node_modules/postcss",
        "node_modules/gulp-postcss/node_modules/postcss",
        "node_modules/pixrem/node_modules/postcss",
        "node_modules/pleeease-filters/node_modules/postcss",
        "node_modules/postcss-apply/node_modules/postcss",
        "node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
        "node_modules/postcss-calc/node_modules/postcss",
        "node_modules/postcss-color-function/node_modules/postcss",
        "node_modules/postcss-color-gray/node_modules/postcss",
        "node_modules/postcss-color-hex-alpha/node_modules/postcss",
        "node_modules/postcss-color-hsl/node_modules/postcss",
        "node_modules/postcss-color-hwb/node_modules/postcss",
        "node_modules/postcss-color-rebeccapurple/node_modules/postcss",
        "node_modules/postcss-color-rgb/node_modules/postcss",
        "node_modules/postcss-color-rgba-fallback/node_modules/postcss",
        "node_modules/postcss-colormin/node_modules/postcss",
        "node_modules/postcss-convert-values/node_modules/postcss",
        "node_modules/postcss-cssnext/node_modules/postcss",
        "node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
        "node_modules/postcss-custom-media/node_modules/postcss",
        "node_modules/postcss-custom-properties/node_modules/postcss",
        "node_modules/postcss-custom-selectors/node_modules/postcss",
        "node_modules/postcss-discard-comments/node_modules/postcss",
        "node_modules/postcss-discard-duplicates/node_modules/postcss",
        "node_modules/postcss-discard-empty/node_modules/postcss",
        "node_modules/postcss-discard-overridden/node_modules/postcss",
        "node_modules/postcss-font-family-system-ui/node_modules/postcss",
        "node_modules/postcss-font-variant/node_modules/postcss",
        "node_modules/postcss-image-set-polyfill/node_modules/postcss",
        "node_modules/postcss-import/node_modules/postcss",
        "node_modules/postcss-initial/node_modules/postcss",
        "node_modules/postcss-less/node_modules/postcss",
        "node_modules/postcss-media-minmax/node_modules/postcss",
        "node_modules/postcss-merge-longhand/node_modules/postcss",
        "node_modules/postcss-merge-rules/node_modules/postcss",
        "node_modules/postcss-minify-font-values/node_modules/postcss",
        "node_modules/postcss-minify-gradients/node_modules/postcss",
        "node_modules/postcss-minify-params/node_modules/postcss",
        "node_modules/postcss-minify-selectors/node_modules/postcss",
        "node_modules/postcss-nesting/node_modules/postcss",
        "node_modules/postcss-normalize-charset/node_modules/postcss",
        "node_modules/postcss-normalize-display-values/node_modules/postcss",
        "node_modules/postcss-normalize-positions/node_modules/postcss",
        "node_modules/postcss-normalize-repeat-style/node_modules/postcss",
        "node_modules/postcss-normalize-string/node_modules/postcss",
        "node_modules/postcss-normalize-timing-functions/node_modules/postcss",
        "node_modules/postcss-normalize-unicode/node_modules/postcss",
        "node_modules/postcss-normalize-url/node_modules/postcss",
        "node_modules/postcss-normalize-whitespace/node_modules/postcss",
        "node_modules/postcss-ordered-values/node_modules/postcss",
        "node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
        "node_modules/postcss-pseudoelements/node_modules/postcss",
        "node_modules/postcss-reduce-initial/node_modules/postcss",
        "node_modules/postcss-reduce-transforms/node_modules/postcss",
        "node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
        "node_modules/postcss-reporter/node_modules/postcss",
        "node_modules/postcss-safe-parser/node_modules/postcss",
        "node_modules/postcss-sass/node_modules/postcss",
        "node_modules/postcss-scss/node_modules/postcss",
        "node_modules/postcss-selector-matches/node_modules/postcss",
        "node_modules/postcss-selector-not/node_modules/postcss",
        "node_modules/postcss-svgo/node_modules/postcss",
        "node_modules/postcss-unique-selectors/node_modules/postcss",
        "node_modules/stylehacks/node_modules/postcss",
        "node_modules/stylelint/node_modules/postcss",
        "node_modules/sugarss/node_modules/postcss"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "postcss-apply": {
      "name": "postcss-apply",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=0.10.0",
      "nodes": [
        "node_modules/postcss-apply"
      ],
      "fixAvailable": false
    },
    "postcss-attribute-case-insensitive": {
      "name": "postcss-attribute-case-insensitive",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-attribute-case-insensitive"
      ],
      "fixAvailable": false
    },
    "postcss-calc": {
      "name": "postcss-calc",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "4.1.0 - 7.0.5",
      "nodes": [
        "node_modules/postcss-calc",
        "node_modules/postcss-cssnext/node_modules/postcss-calc"
      ],
      "fixAvailable": true
    },
    "postcss-color-function": {
      "name": "postcss-color-function",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "css-color-function",
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-function"
      ],
      "fixAvailable": true
    },
    "postcss-color-gray": {
      "name": "postcss-color-gray",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "3.0.0 - 4.1.0",
      "nodes": [
        "node_modules/postcss-color-gray"
      ],
      "fixAvailable": true
    },
    "postcss-color-hex-alpha": {
      "name": "postcss-color-hex-alpha",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.3.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-color-hex-alpha"
      ],
      "fixAvailable": true
    },
    "postcss-color-hsl": {
      "name": "postcss-color-hsl",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-hsl"
      ],
      "fixAvailable": true
    },
    "postcss-color-hwb": {
      "name": "postcss-color-hwb",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": ">=1.2.0",
      "nodes": [
        "node_modules/postcss-color-hwb"
      ],
      "fixAvailable": true
    },
    "postcss-color-rebeccapurple": {
      "name": "postcss-color-rebeccapurple",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.1.0",
      "nodes": [
        "node_modules/postcss-color-rebeccapurple"
      ],
      "fixAvailable": true
    },
    "postcss-color-rgb": {
      "name": "postcss-color-rgb",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "*",
      "nodes": [
        "node_modules/postcss-color-rgb"
      ],
      "fixAvailable": false
    },
    "postcss-color-rgba-fallback": {
      "name": "postcss-color-rgba-fallback",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.0",
      "nodes": [
        "node_modules/postcss-color-rgba-fallback"
      ],
      "fixAvailable": true
    },
    "postcss-colormin": {
      "name": "postcss-colormin",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.3",
      "nodes": [
        "node_modules/postcss-colormin"
      ],
      "fixAvailable": true
    },
    "postcss-convert-values": {
      "name": "postcss-convert-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/postcss-convert-values"
      ],
      "fixAvailable": true
    },
    "postcss-cssnext": {
      "name": "postcss-cssnext",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "autoprefixer",
        "pixrem",
        "pleeease-filters",
        "postcss",
        "postcss-apply",
        "postcss-attribute-case-insensitive",
        "postcss-calc",
        "postcss-color-function",
        "postcss-color-gray",
        "postcss-color-hex-alpha",
        "postcss-color-hsl",
        "postcss-color-hwb",
        "postcss-color-rebeccapurple",
        "postcss-color-rgb",
        "postcss-color-rgba-fallback",
        "postcss-custom-media",
        "postcss-custom-properties",
        "postcss-custom-selectors",
        "postcss-font-family-system-ui",
        "postcss-font-variant",
        "postcss-image-set-polyfill",
        "postcss-initial",
        "postcss-media-minmax",
        "postcss-nesting",
        "postcss-pseudo-class-any-link",
        "postcss-pseudoelements",
        "postcss-replace-overflow-wrap",
        "postcss-selector-matches",
        "postcss-selector-not"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/postcss-cssnext"
      ],
      "fixAvailable": false
    },
    "postcss-custom-media": {
      "name": "postcss-custom-media",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "4.0.0 - 6.0.0",
      "nodes": [
        "node_modules/postcss-custom-media"
      ],
      "fixAvailable": true
    },
    "postcss-custom-properties": {
      "name": "postcss-custom-properties",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "3.3.0 - 7.0.0",
      "nodes": [
        "node_modules/postcss-custom-properties"
      ],
      "fixAvailable": true
    },
    "postcss-custom-selectors": {
      "name": "postcss-custom-selectors",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss",
        "postcss-selector-matches"
      ],
      "effects": [],
      "range": "2.3.0 - 4.0.1",
      "nodes": [
        "node_modules/postcss-custom-selectors"
      ],
      "fixAvailable": true
    },
    "postcss-discard-comments": {
      "name": "postcss-discard-comments",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-discard-comments"
      ],
      "fixAvailable": true
    },
    "postcss-discard-duplicates": {
      "name": "postcss-discard-duplicates",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.1.0 - 4.0.2",
      "nodes": [
        "node_modules/postcss-discard-duplicates"
      ],
      "fixAvailable": true
    },
    "postcss-discard-empty": {
      "name": "postcss-discard-empty",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.1.0 - 4.0.1",
      "nodes": [
        "node_modules/postcss-discard-empty"
      ],
      "fixAvailable": true
    },
    "postcss-discard-overridden": {
      "name": "postcss-discard-overridden",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/postcss-discard-overridden"
      ],
      "fixAvailable": true
    },
    "postcss-font-family-system-ui": {
      "name": "postcss-font-family-system-ui",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=3.0.0",
      "nodes": [
        "node_modules/postcss-font-family-system-ui"
      ],
      "fixAvailable": false
    },
    "postcss-font-variant": {
      "name": "postcss-font-variant",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-font-variant"
      ],
      "fixAvailable": true
    },
    "postcss-image-set-polyfill": {
      "name": "postcss-image-set-polyfill",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=0.4.4",
      "nodes": [
        "node_modules/postcss-image-set-polyfill"
      ],
      "fixAvailable": false
    },
    "postcss-import": {
      "name": "postcss-import",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=12.0.1",
      "nodes": [
        "node_modules/postcss-import"
      ],
      "fixAvailable": {
        "name": "postcss-import",
        "version": "16.1.0",
        "isSemVerMajor": true
      }
    },
    "postcss-initial": {
      "name": "postcss-initial",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-initial"
      ],
      "fixAvailable": false
    },
    "postcss-less": {
      "name": "postcss-less",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=3.1.4",
      "nodes": [
        "node_modules/postcss-less"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "postcss-media-minmax": {
      "name": "postcss-media-minmax",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.2.0 - 3.0.0",
      "nodes": [
        "node_modules/postcss-media-minmax"
      ],
      "fixAvailable": true
    },
    "postcss-merge-longhand": {
      "name": "postcss-merge-longhand",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss",
        "stylehacks"
      ],
      "effects": [],
      "range": "<=4.0.11",
      "nodes": [
        "node_modules/postcss-merge-longhand"
      ],
      "fixAvailable": true
    },
    "postcss-merge-rules": {
      "name": "postcss-merge-rules",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.3",
      "nodes": [
        "node_modules/postcss-merge-rules"
      ],
      "fixAvailable": true
    },
    "postcss-minify-font-values": {
      "name": "postcss-minify-font-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-minify-font-values"
      ],
      "fixAvailable": true
    },
    "postcss-minify-gradients": {
      "name": "postcss-minify-gradients",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-minify-gradients"
      ],
      "fixAvailable": true
    },
    "postcss-minify-params": {
      "name": "postcss-minify-params",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-minify-params"
      ],
      "fixAvailable": true
    },
    "postcss-minify-selectors": {
      "name": "postcss-minify-selectors",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-minify-selectors"
      ],
      "fixAvailable": true
    },
    "postcss-nesting": {
      "name": "postcss-nesting",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=6.0.0",
      "nodes": [
        "node_modules/postcss-nesting"
      ],
      "fixAvailable": false
    },
    "postcss-normalize-charset": {
      "name": "postcss-normalize-charset",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/postcss-normalize-charset"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-display-values": {
      "name": "postcss-normalize-display-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-normalize-display-values"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-positions": {
      "name": "postcss-normalize-positions",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-normalize-positions"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-repeat-style": {
      "name": "postcss-normalize-repeat-style",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-normalize-repeat-style"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-string": {
      "name": "postcss-normalize-string",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-normalize-string"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-timing-functions": {
      "name": "postcss-normalize-timing-functions",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-normalize-timing-functions"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-unicode": {
      "name": "postcss-normalize-unicode",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/postcss-normalize-unicode"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-url": {
      "name": "postcss-normalize-url",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.1.0 - 4.0.1",
      "nodes": [
        "node_modules/postcss-normalize-url"
      ],
      "fixAvailable": true
    },
    "postcss-normalize-whitespace": {
      "name": "postcss-normalize-whitespace",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-normalize-whitespace"
      ],
      "fixAvailable": true
    },
    "postcss-ordered-values": {
      "name": "postcss-ordered-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/postcss-ordered-values"
      ],
      "fixAvailable": true
    },
    "postcss-pseudo-class-any-link": {
      "name": "postcss-pseudo-class-any-link",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=5.0.0",
      "nodes": [
        "node_modules/postcss-pseudo-class-any-link"
      ],
      "fixAvailable": true
    },
    "postcss-pseudoelements": {
      "name": "postcss-pseudoelements",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": ">=2.2.0",
      "nodes": [
        "node_modules/postcss-pseudoelements"
      ],
      "fixAvailable": true
    },
    "postcss-reduce-initial": {
      "name": "postcss-reduce-initial",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.3",
      "nodes": [
        "node_modules/postcss-reduce-initial"
      ],
      "fixAvailable": true
    },
    "postcss-reduce-transforms": {
      "name": "postcss-reduce-transforms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-reduce-transforms"
      ],
      "fixAvailable": true
    },
    "postcss-replace-overflow-wrap": {
      "name": "postcss-replace-overflow-wrap",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-cssnext"
      ],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-replace-overflow-wrap"
      ],
      "fixAvailable": false
    },
    "postcss-reporter": {
      "name": "postcss-reporter",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=6.0.1",
      "nodes": [
        "node_modules/postcss-reporter"
      ],
      "fixAvailable": {
        "name": "postcss-reporter",
        "version": "7.1.0",
        "isSemVerMajor": true
      }
    },
    "postcss-safe-parser": {
      "name": "postcss-safe-parser",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=4.0.2",
      "nodes": [
        "node_modules/postcss-safe-parser"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "postcss-sass": {
      "name": "postcss-sass",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=0.4.4",
      "nodes": [
        "node_modules/postcss-sass"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "postcss-scss": {
      "name": "postcss-scss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "stylelint"
      ],
      "range": "<=2.1.1",
      "nodes": [
        "node_modules/postcss-scss"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "postcss-selector-matches": {
      "name": "postcss-selector-matches",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-selector-matches"
      ],
      "fixAvailable": true
    },
    "postcss-selector-not": {
      "name": "postcss-selector-not",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=3.0.1",
      "nodes": [
        "node_modules/postcss-selector-not"
      ],
      "fixAvailable": true
    },
    "postcss-svgo": {
      "name": "postcss-svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
        "postcss",
        "svgo"
      ],
      "effects": [],
      "range": "<=5.0.0-rc.2",
      "nodes": [
        "node_modules/postcss-svgo"
      ],
      "fixAvailable": true
    },
    "postcss-unique-selectors": {
      "name": "postcss-unique-selectors",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.1",
      "nodes": [
        "node_modules/postcss-unique-selectors"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "phantomjs-prebuilt"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
      }
    },
    "stylehacks": {
      "name": "stylehacks",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "postcss-merge-longhand"
      ],
      "range": "<=4.0.3",
      "nodes": [
        "node_modules/stylehacks"
      ],
      "fixAvailable": true
    },
    "stylelint": {
      "name": "stylelint",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "autoprefixer",
        "postcss",
        "postcss-less",
        "postcss-safe-parser",
        "postcss-sass",
        "postcss-scss",
        "sugarss"
      ],
      "effects": [
        "stylelint-config-wikimedia"
      ],
      "range": "0.1.0 - 13.13.1",
      "nodes": [
        "node_modules/stylelint"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "stylelint-config-wikimedia": {
      "name": "stylelint-config-wikimedia",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "stylelint"
      ],
      "effects": [],
      "range": "<=0.11.1",
      "nodes": [
        "node_modules/stylelint-config-wikimedia"
      ],
      "fixAvailable": {
        "name": "stylelint-config-wikimedia",
        "version": "0.16.1",
        "isSemVerMajor": true
      }
    },
    "sugarss": {
      "name": "sugarss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/sugarss"
      ],
      "fixAvailable": true
    },
    "svg-sprite": {
      "name": "svg-sprite",
      "severity": "high",
      "isDirect": false,
      "via": [
        "phantomjs-prebuilt",
        "svgo"
      ],
      "effects": [
        "gulp-svg-sprite"
      ],
      "range": "1.3.0 - 1.5.4",
      "nodes": [
        "node_modules/svg-sprite"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
      }
    },
    "svgo": {
      "name": "svgo",
      "severity": "high",
      "isDirect": false,
      "via": [
        "css-select"
      ],
      "effects": [
        "postcss-svgo",
        "svg-sprite"
      ],
      "range": "1.0.0 - 1.3.2",
      "nodes": [
        "node_modules/svgo"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "gulp-svg-sprite",
        "version": "2.0.3",
        "isSemVerMajor": true
      }
    },
    "vinyl-fs": {
      "name": "vinyl-fs",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-stream"
      ],
      "effects": [
        "gulp",
        "gulp-useref"
      ],
      "range": "2.4.2 - 3.0.3",
      "nodes": [
        "node_modules/vinyl-fs"
      ],
      "fixAvailable": {
        "name": "gulp",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 80,
      "high": 17,
      "critical": 0,
      "total": 98
    },
    "dependencies": {
      "prod": 1,
      "dev": 1820,
      "optional": 4,
      "peer": 1,
      "peerOptional": 0,
      "total": 1820
    }
  }
}

--- end ---
Upgrading n:stylelint-config-wikimedia from 0.10.3 -> 0.16.1
$ /usr/bin/npm install
--- stderr ---
npm WARN deprecated @types/browserslist@4.15.0: This is a stub types definition. browserslist provides its own type definitions, so you do not need this installed.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at https://moox.io/blog/deprecating-cssnext/
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated iltorb@2.4.5: The zlib module provides APIs for brotli compression/decompression starting with Node.js v10.16.0, please use it over iltorb
npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---

added 1790 packages, and audited 1791 packages in 44s

149 packages are looking for funding
  run `npm fund` for details

91 vulnerabilities (1 low, 73 moderate, 17 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.