$ date
--- stdout ---
Tue May 24 04:17:51 UTC 2022
--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' (https://gerrit.wikimedia.org/r/wikimedia/portals/deploy) registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
1f59a06bb43efd337beb359fcce534996e7ce68a refs/heads/master
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"via": [
{
"source": 1070273,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"range": ">=3.0.0 <3.0.1"
},
{
"source": 1070274,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1070275,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"node_modules/doiuse/node_modules/ansi-regex",
"node_modules/es-dev-server/node_modules/ansi-regex",
"node_modules/eslint/node_modules/ansi-regex",
"node_modules/gulp-stylelint/node_modules/ansi-regex",
"node_modules/stylelint/node_modules/ansi-regex",
"node_modules/svg-sprite/node_modules/ansi-regex",
"node_modules/table/node_modules/ansi-regex",
"node_modules/yargs/node_modules/ansi-regex"
],
"fixAvailable": true
},
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1070206,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
},
{
"source": 1070207,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": ">=3.0.0 <3.2.2"
}
],
"effects": [],
"range": "<2.6.4 || >=3.0.0 <3.2.2",
"nodes": [
"node_modules/async",
"node_modules/winston/node_modules/async"
],
"fixAvailable": true
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/postcss-cssnext/node_modules/autoprefixer"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"via": [
{
"source": 1070315,
"name": "axios",
"dependency": "axios",
"title": "Incorrect Comparison in axios",
"url": "https://github.com/advisories/GHSA-cph5-m8f7-6c5x",
"severity": "high",
"range": "<0.21.2"
}
],
"effects": [
"github-build"
],
"range": "<0.21.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": true
},
"browserslist": {
"name": "browserslist",
"severity": "moderate",
"via": [
{
"source": 1067902,
"name": "browserslist",
"dependency": "browserslist",
"title": "Regular Expression Denial of Service in browserslist",
"url": "https://github.com/advisories/GHSA-w8qv-6jwh-64r5",
"severity": "moderate",
"range": ">=4.0.0 <4.16.5"
}
],
"effects": [],
"range": "4.0.0 - 4.16.4",
"nodes": [
"node_modules/browserslist"
],
"fixAvailable": true
},
"cheerio": {
"name": "cheerio",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": false
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"glob-watcher"
],
"range": "1.0.0-rc1 - 2.1.8",
"nodes": [
"node_modules/glob-watcher/node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "3.9.1",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"via": [
{
"source": 1067818,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/color-string",
"node_modules/colorspace/node_modules/color-string",
"node_modules/postcss-color-gray/node_modules/color-string",
"node_modules/postcss-color-hex-alpha/node_modules/color-string",
"node_modules/postcss-color-hwb/node_modules/color-string"
],
"fixAvailable": true
},
"copy-props": {
"name": "copy-props",
"severity": "high",
"via": [
{
"source": 1068168,
"name": "copy-props",
"dependency": "copy-props",
"title": "Prototype Pollution in copy-props",
"url": "https://github.com/advisories/GHSA-897m-rjf5-jp39",
"severity": "high",
"range": "<2.0.5"
}
],
"effects": [],
"range": "<2.0.5",
"nodes": [
"node_modules/copy-props"
],
"fixAvailable": true
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "moderate",
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svg-sprite/node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": false
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "high",
"via": [
{
"source": 1067407,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
"url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
"severity": "moderate",
"range": "<1.14.8"
},
{
"source": 1067459,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of sensitive information in follow-redirects",
"url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
"severity": "high",
"range": "<1.14.7"
}
],
"effects": [],
"range": "<=1.14.7",
"nodes": [
"node_modules/follow-redirects"
],
"fixAvailable": true
},
"github-build": {
"name": "github-build",
"severity": "high",
"via": [
"axios"
],
"effects": [],
"range": "<=1.2.2",
"nodes": [
"node_modules/github-build"
],
"fixAvailable": true
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"via": [
{
"source": 1067329,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "Regular expression denial of service in glob-parent",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"range": "<5.1.2"
}
],
"effects": [
"chokidar",
"glob-stream"
],
"range": "<5.1.2",
"nodes": [
"node_modules/glob-parent",
"node_modules/glob-stream/node_modules/glob-parent",
"node_modules/glob-watcher/node_modules/glob-parent"
],
"fixAvailable": {
"name": "gulp",
"version": "3.9.1",
"isSemVerMajor": true
}
},
"glob-stream": {
"name": "glob-stream",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"vinyl-fs"
],
"range": "5.3.0 - 6.1.0",
"nodes": [
"node_modules/glob-stream"
],
"fixAvailable": {
"name": "gulp-useref",
"version": "3.1.3",
"isSemVerMajor": true
}
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"via": [
"chokidar"
],
"effects": [
"gulp"
],
"range": ">=3.0.0",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "3.9.1",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"via": [
"glob-watcher"
],
"effects": [],
"range": ">=4.0.0",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "3.9.1",
"isSemVerMajor": true
}
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "critical",
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "critical",
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": false
},
"gulp-useref": {
"name": "gulp-useref",
"severity": "high",
"via": [
"vinyl-fs"
],
"effects": [],
"range": ">=3.1.4",
"nodes": [
"node_modules/gulp-useref"
],
"fixAvailable": {
"name": "gulp-useref",
"version": "3.1.3",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "critical",
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"handlebars": {
"name": "handlebars",
"severity": "critical",
"via": [
{
"source": 1067912,
"name": "handlebars",
"dependency": "handlebars",
"title": "Prototype Pollution in handlebars",
"url": "https://github.com/advisories/GHSA-765h-qjxv-5f44",
"severity": "critical",
"range": "<4.7.7"
}
],
"effects": [],
"range": "<4.7.7",
"nodes": [
"node_modules/handlebars"
],
"fixAvailable": true
},
"hosted-git-info": {
"name": "hosted-git-info",
"severity": "moderate",
"via": [
{
"source": 1067956,
"name": "hosted-git-info",
"dependency": "hosted-git-info",
"title": "Regular Expression Denial of Service in hosted-git-info",
"url": "https://github.com/advisories/GHSA-43f8-2h32-f4cj",
"severity": "moderate",
"range": "<2.8.9"
}
],
"effects": [],
"range": "<2.8.9",
"nodes": [
"node_modules/hosted-git-info"
],
"fixAvailable": true
},
"is-svg": {
"name": "is-svg",
"severity": "high",
"via": [
{
"source": 1067493,
"name": "is-svg",
"dependency": "is-svg",
"title": "ReDOS in IS-SVG",
"url": "https://github.com/advisories/GHSA-r8j5-h5cx-65gg",
"severity": "high",
"range": ">=2.1.0 <4.3.0"
},
{
"source": 1068202,
"name": "is-svg",
"dependency": "is-svg",
"title": "Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-7r28-3m3f-r2pr",
"severity": "high",
"range": ">=2.1.0 <4.2.2"
}
],
"effects": [
"postcss-svgo"
],
"range": "2.1.0 - 4.2.2",
"nodes": [
"node_modules/is-svg"
],
"fixAvailable": true
},
"json-schema": {
"name": "json-schema",
"severity": "moderate",
"via": [
{
"source": 1067524,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "moderate",
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "moderate",
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"lodash": {
"name": "lodash",
"severity": "high",
"via": [
{
"source": 1070117,
"name": "lodash",
"dependency": "lodash",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"range": "<4.17.21"
}
],
"effects": [],
"range": "<4.17.21",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"lodash.template": {
"name": "lodash.template",
"severity": "critical",
"via": [
{
"source": 1069553,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-jf85-cpcp-j695",
"severity": "critical",
"range": "<4.5.0"
}
],
"effects": [
"gulp-util"
],
"range": "<4.5.0",
"nodes": [
"node_modules/lodash.template"
],
"fixAvailable": false
},
"minimist": {
"name": "minimist",
"severity": "critical",
"via": [
{
"source": 1067342,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"range": "<1.2.6"
},
{
"source": 1070255,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
"severity": "moderate",
"range": "<0.2.1"
}
],
"effects": [
"mkdirp"
],
"range": "<=1.2.5",
"nodes": [
"node_modules/minimist",
"node_modules/mocha/node_modules/minimist"
],
"fixAvailable": true
},
"mkdirp": {
"name": "mkdirp",
"severity": "moderate",
"via": [
"minimist"
],
"effects": [
"mocha"
],
"range": "0.4.1 - 0.5.1",
"nodes": [
"node_modules/mocha/node_modules/mkdirp"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"via": [
"mkdirp"
],
"effects": [
"svg-sprite"
],
"range": "1.21.5 - 6.2.2 || 7.0.0-esm1 - 7.1.0",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": true
},
"moment": {
"name": "moment",
"severity": "high",
"via": [
{
"source": 1070245,
"name": "moment",
"dependency": "moment",
"title": "Path Traversal: 'dir/../../filename' in moment.locale",
"url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
"severity": "high",
"range": "<2.29.2"
}
],
"effects": [],
"range": "<2.29.2",
"nodes": [
"node_modules/moment"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": true
},
"nth-check": {
"name": "nth-check",
"severity": "moderate",
"via": [
{
"source": 1067654,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "moderate",
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": false
},
"path-parse": {
"name": "path-parse",
"severity": "moderate",
"via": [
{
"source": 1067761,
"name": "path-parse",
"dependency": "path-parse",
"title": "Regular Expression Denial of Service in path-parse",
"url": "https://github.com/advisories/GHSA-hj48-42vr-x3v9",
"severity": "moderate",
"range": "<1.0.7"
}
],
"effects": [],
"range": "<1.0.7",
"nodes": [
"node_modules/path-parse"
],
"fixAvailable": true
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"via": [
{
"source": 1067832,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-hwj9-h5mp-3pm3",
"severity": "moderate",
"range": ">=7.0.0 <7.0.36"
},
{
"source": 1070012,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"range": "<7.0.36"
}
],
"effects": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"range": "<=7.0.35",
"nodes": [
"node_modules/gulp-postcss/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-import/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-reporter/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": false
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": true
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"via": [
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-color-hsl",
"postcss-font-family-system-ui",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-nesting",
"postcss-replace-overflow-wrap"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"via": [
"is-svg",
"svgo"
],
"effects": [],
"range": "4.0.0-nightly.2020.1.9 - 5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"preq": {
"name": "preq",
"severity": "high",
"via": [
"requestretry"
],
"effects": [],
"range": ">=0.5.7",
"nodes": [
"node_modules/preq"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"requestretry": {
"name": "requestretry",
"severity": "high",
"via": [
{
"source": 1067395,
"name": "requestretry",
"dependency": "requestretry",
"title": "Cookie exposure in requestretry",
"url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
"severity": "high",
"range": "<7.0.0"
}
],
"effects": [
"preq"
],
"range": "<7.0.0",
"nodes": [
"node_modules/requestretry"
],
"fixAvailable": {
"name": "preq",
"version": "0.5.6",
"isSemVerMajor": true
}
},
"simple-get": {
"name": "simple-get",
"severity": "high",
"via": [
{
"source": 1067428,
"name": "simple-get",
"dependency": "simple-get",
"title": "Exposure of Sensitive Information in simple-get",
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"severity": "high",
"range": ">=3.0.0 <3.1.1"
}
],
"effects": [],
"range": "3.0.0 - 3.1.0",
"nodes": [
"node_modules/simple-get"
],
"fixAvailable": true
},
"svg-sprite": {
"name": "svg-sprite",
"severity": "moderate",
"via": [
"mocha",
"svgo",
"xmldom",
"yargs"
],
"effects": [],
"range": "1.0.0 - 1.5.4",
"nodes": [
"node_modules/svg-sprite"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [
"postcss-svgo",
"svg-sprite"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svg-sprite/node_modules/svgo",
"node_modules/svgo"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"via": [
{
"source": 1070391,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"range": "<3.0.1"
}
],
"effects": [],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"underscore": {
"name": "underscore",
"severity": "high",
"via": [
{
"source": 1068134,
"name": "underscore",
"dependency": "underscore",
"title": "Arbitrary Code Execution in underscore",
"url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
"severity": "high",
"range": ">=1.3.2 <1.12.1"
}
],
"effects": [],
"range": "1.3.2 - 1.12.0",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
},
"vinyl-fs": {
"name": "vinyl-fs",
"severity": "high",
"via": [
"glob-stream"
],
"effects": [
"gulp-useref"
],
"range": ">=2.4.2",
"nodes": [
"node_modules/vinyl-fs"
],
"fixAvailable": {
"name": "gulp-useref",
"version": "3.1.3",
"isSemVerMajor": true
}
},
"xmldom": {
"name": "xmldom",
"severity": "moderate",
"via": [
{
"source": 1067480,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-5fg8-2547-mr8q",
"severity": "moderate",
"range": "<0.7.0"
},
{
"source": 1070127,
"name": "xmldom",
"dependency": "xmldom",
"title": "Misinterpretation of malicious XML input",
"url": "https://github.com/advisories/GHSA-h6q6-9hqw-rwfv",
"severity": "low",
"range": "<0.5.0"
}
],
"effects": [
"svg-sprite"
],
"range": "*",
"nodes": [
"node_modules/xmldom"
],
"fixAvailable": true
},
"yargs": {
"name": "yargs",
"severity": "moderate",
"via": [
"yargs-parser"
],
"effects": [
"svg-sprite"
],
"range": "8.0.0-candidate.0 - 12.0.5",
"nodes": [
"node_modules/svg-sprite/node_modules/yargs"
],
"fixAvailable": true
},
"yargs-parser": {
"name": "yargs-parser",
"severity": "moderate",
"via": [
{
"source": 1068310,
"name": "yargs-parser",
"dependency": "yargs-parser",
"title": "Prototype Pollution in yargs-parser",
"url": "https://github.com/advisories/GHSA-p9pc-299p-vxgp",
"severity": "moderate",
"range": ">=6.0.0 <13.1.2"
}
],
"effects": [
"yargs"
],
"range": "6.0.0 - 13.1.1",
"nodes": [
"node_modules/svg-sprite/node_modules/yargs-parser"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 48,
"high": 22,
"critical": 6,
"total": 76
},
"dependencies": {
"prod": 1,
"dev": 1785,
"optional": 2,
"peer": 0,
"peerOptional": 0,
"total": 1785
}
}
}
--- end ---
Upgrading n:eslint-config-wikimedia from 0.17.0 -> 0.22.1
Upgrading n:stylelint-config-wikimedia from 0.10.3 -> 0.13.0
$ /usr/bin/npm install
--- stdout ---
added 1844 packages, and audited 1845 packages in 52s
43 packages are looking for funding
run `npm fund` for details
72 vulnerabilities (46 moderate, 20 high, 6 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(
ESLint: 7.9.0
ESLint couldn't find the plugin "eslint-plugin-unicorn".
(The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".)
It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:
npm install eslint-plugin-unicorn@latest --save-dev
The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.json » eslint-config-wikimedia".
If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---
--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(
ESLint: 7.9.0
ESLint couldn't find the plugin "eslint-plugin-unicorn".
(The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".)
It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:
npm install eslint-plugin-unicorn@latest --save-dev
The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.json » eslint-config-wikimedia".
If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1395, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1333, in run
self.npm_upgrade(plan)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1041, in npm_upgrade
hook(update)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1121, in _handle_eslint
errors = json.loads(self.check_call([
File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)