This run took 15 seconds.
$ date
--- stdout ---
Wed May 7 02:32:35 UTC 2025
--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' (https://gerrit.wikimedia.org/r/wikimedia/portals/deploy) registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
cae3c3bdde6c3e2a99061a76b34705a24ce8cf0a refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@koa/cors": {
"name": "@koa/cors",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095223,
"name": "@koa/cors",
"dependency": "@koa/cors",
"title": "Overly permissive origin policy",
"url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82",
"severity": "high",
"cwe": [
"CWE-346"
],
"cvss": {
"score": 8.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"
},
"range": "<5.0.0"
}
],
"effects": [
"es-dev-server"
],
"range": "<5.0.0",
"nodes": [
"node_modules/@koa/cors"
],
"fixAvailable": true
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"glob-watcher"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/glob-watcher/node_modules/anymatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/findup-sync/node_modules/braces",
"node_modules/glob-watcher/node_modules/braces",
"node_modules/matchdep/node_modules/braces"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"browserslist-useragent": {
"name": "browserslist-useragent",
"severity": "moderate",
"isDirect": false,
"via": [
"useragent"
],
"effects": [],
"range": "<=3.1.4",
"nodes": [
"node_modules/browserslist-useragent"
],
"fixAvailable": true
},
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.3",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"glob-watcher"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/glob-watcher/node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"isDirect": false,
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089718,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/color/node_modules/color-string"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-declaration-sorter": {
"name": "css-declaration-sorter",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.1.2",
"nodes": [
"node_modules/css-declaration-sorter"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "moderate",
"isDirect": true,
"via": [
"cssnano-preset-default",
"postcss"
],
"effects": [],
"range": "<=4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.7",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "moderate",
"isDirect": false,
"via": [
"css-declaration-sorter",
"cssnano-util-raw-cache",
"postcss",
"postcss-calc",
"postcss-colormin",
"postcss-convert-values",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-svgo",
"postcss-unique-selectors"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.7",
"isSemVerMajor": true
}
},
"cssnano-util-raw-cache": {
"name": "cssnano-util-raw-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/cssnano-util-raw-cache"
],
"fixAvailable": true
},
"es-dev-server": {
"name": "es-dev-server",
"severity": "high",
"isDirect": true,
"via": [
"@koa/cors",
"browserslist-useragent",
"useragent"
],
"effects": [],
"range": ">=1.24.1",
"nodes": [
"node_modules/es-dev-server"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"liftoff",
"matchdep"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/findup-sync",
"node_modules/matchdep/node_modules/findup-sync"
],
"fixAvailable": true
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"chokidar"
],
"effects": [
"gulp"
],
"range": "5.0.0 - 5.0.5",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"isDirect": true,
"via": [
"glob-watcher",
"gulp-cli"
],
"effects": [],
"range": "4.0.0 - 4.0.2",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"gulp-cli": {
"name": "gulp-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"liftoff",
"matchdep"
],
"effects": [],
"range": "1.3.0 - 2.3.0",
"nodes": [
"node_modules/gulp-cli"
],
"fixAvailable": true
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "high",
"isDirect": true,
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-htmlmin": {
"name": "gulp-htmlmin",
"severity": "high",
"isDirect": true,
"via": [
"html-minifier"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-htmlmin"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "high",
"isDirect": true,
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"gulp-postcss": {
"name": "gulp-postcss",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=8.0.0",
"nodes": [
"node_modules/gulp-postcss"
],
"fixAvailable": {
"name": "gulp-postcss",
"version": "10.0.0",
"isSemVerMajor": true
}
},
"gulp-svg-sprite": {
"name": "gulp-svg-sprite",
"severity": "moderate",
"isDirect": true,
"via": [
"svg-sprite"
],
"effects": [],
"range": "1.3.0 - 1.5.0",
"nodes": [
"node_modules/gulp-svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"html-minifier": {
"name": "html-minifier",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100303,
"name": "html-minifier",
"dependency": "html-minifier",
"title": "kangax html-minifier REDoS vulnerability",
"url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=4.0.0"
}
],
"effects": [
"gulp-htmlmin"
],
"range": "*",
"nodes": [
"node_modules/html-minifier"
],
"fixAvailable": false
},
"liftoff": {
"name": "liftoff",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync"
],
"effects": [
"gulp-cli"
],
"range": "2.2.3 - 3.1.0",
"nodes": [
"node_modules/liftoff"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096303,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096993,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util",
"postcss-initial"
],
"range": "*",
"nodes": [
"node_modules/lodash.template",
"node_modules/postcss-initial/node_modules/lodash.template"
],
"fixAvailable": false
},
"matchdep": {
"name": "matchdep",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync",
"micromatch"
],
"effects": [
"gulp-cli"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/matchdep"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"matchdep",
"readdirp"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/findup-sync/node_modules/micromatch",
"node_modules/glob-watcher/node_modules/micromatch",
"node_modules/matchdep/node_modules/micromatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"phantomjs-prebuilt": {
"name": "phantomjs-prebuilt",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"svg-sprite"
],
"range": "*",
"nodes": [
"node_modules/phantomjs-prebuilt"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1093539,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<7.0.36"
},
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"css-declaration-sorter",
"cssnano",
"cssnano-preset-default",
"cssnano-util-raw-cache",
"gulp-postcss",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-colormin",
"postcss-convert-values",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-import",
"postcss-initial",
"postcss-media-minmax",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-nesting",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-replace-overflow-wrap",
"postcss-reporter",
"postcss-selector-matches",
"postcss-selector-not",
"postcss-svgo",
"postcss-unique-selectors",
"stylehacks"
],
"range": "<=8.4.30",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-declaration-sorter/node_modules/postcss",
"node_modules/cssnano-preset-default/node_modules/postcss",
"node_modules/cssnano-util-raw-cache/node_modules/postcss",
"node_modules/cssnano/node_modules/postcss",
"node_modules/gulp-postcss/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-colormin/node_modules/postcss",
"node_modules/postcss-convert-values/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-discard-comments/node_modules/postcss",
"node_modules/postcss-discard-duplicates/node_modules/postcss",
"node_modules/postcss-discard-empty/node_modules/postcss",
"node_modules/postcss-discard-overridden/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-import/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-merge-longhand/node_modules/postcss",
"node_modules/postcss-merge-rules/node_modules/postcss",
"node_modules/postcss-minify-font-values/node_modules/postcss",
"node_modules/postcss-minify-gradients/node_modules/postcss",
"node_modules/postcss-minify-params/node_modules/postcss",
"node_modules/postcss-minify-selectors/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-normalize-charset/node_modules/postcss",
"node_modules/postcss-normalize-display-values/node_modules/postcss",
"node_modules/postcss-normalize-positions/node_modules/postcss",
"node_modules/postcss-normalize-repeat-style/node_modules/postcss",
"node_modules/postcss-normalize-string/node_modules/postcss",
"node_modules/postcss-normalize-timing-functions/node_modules/postcss",
"node_modules/postcss-normalize-unicode/node_modules/postcss",
"node_modules/postcss-normalize-url/node_modules/postcss",
"node_modules/postcss-normalize-whitespace/node_modules/postcss",
"node_modules/postcss-ordered-values/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-reduce-initial/node_modules/postcss",
"node_modules/postcss-reduce-transforms/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-reporter/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss",
"node_modules/postcss-svgo/node_modules/postcss",
"node_modules/postcss-unique-selectors/node_modules/postcss",
"node_modules/stylehacks/node_modules/postcss"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.0.7",
"isSemVerMajor": true
}
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-calc": {
"name": "postcss-calc",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.1.0 - 7.0.5",
"nodes": [
"node_modules/postcss-calc",
"node_modules/postcss-cssnext/node_modules/postcss-calc"
],
"fixAvailable": true
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": false
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": true
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-colormin": {
"name": "postcss-colormin",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-colormin"
],
"fixAvailable": true
},
"postcss-convert-values": {
"name": "postcss-convert-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-convert-values"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"postcss-selector-matches"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-discard-comments": {
"name": "postcss-discard-comments",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-discard-comments"
],
"fixAvailable": true
},
"postcss-discard-duplicates": {
"name": "postcss-discard-duplicates",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.2",
"nodes": [
"node_modules/postcss-discard-duplicates"
],
"fixAvailable": true
},
"postcss-discard-empty": {
"name": "postcss-discard-empty",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-discard-empty"
],
"fixAvailable": true
},
"postcss-discard-overridden": {
"name": "postcss-discard-overridden",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-discard-overridden"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-import": {
"name": "postcss-import",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=12.0.1",
"nodes": [
"node_modules/postcss-import"
],
"fixAvailable": {
"name": "postcss-import",
"version": "16.1.0",
"isSemVerMajor": true
}
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template",
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.2 || 4.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-merge-longhand": {
"name": "postcss-merge-longhand",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"stylehacks"
],
"effects": [],
"range": "<=4.0.11",
"nodes": [
"node_modules/postcss-merge-longhand"
],
"fixAvailable": true
},
"postcss-merge-rules": {
"name": "postcss-merge-rules",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-merge-rules"
],
"fixAvailable": true
},
"postcss-minify-font-values": {
"name": "postcss-minify-font-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-font-values"
],
"fixAvailable": true
},
"postcss-minify-gradients": {
"name": "postcss-minify-gradients",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-gradients"
],
"fixAvailable": true
},
"postcss-minify-params": {
"name": "postcss-minify-params",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-params"
],
"fixAvailable": true
},
"postcss-minify-selectors": {
"name": "postcss-minify-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-selectors"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-normalize-charset": {
"name": "postcss-normalize-charset",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-charset"
],
"fixAvailable": true
},
"postcss-normalize-display-values": {
"name": "postcss-normalize-display-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-display-values"
],
"fixAvailable": true
},
"postcss-normalize-positions": {
"name": "postcss-normalize-positions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-positions"
],
"fixAvailable": true
},
"postcss-normalize-repeat-style": {
"name": "postcss-normalize-repeat-style",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-repeat-style"
],
"fixAvailable": true
},
"postcss-normalize-string": {
"name": "postcss-normalize-string",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-string"
],
"fixAvailable": true
},
"postcss-normalize-timing-functions": {
"name": "postcss-normalize-timing-functions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-timing-functions"
],
"fixAvailable": true
},
"postcss-normalize-unicode": {
"name": "postcss-normalize-unicode",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-unicode"
],
"fixAvailable": true
},
"postcss-normalize-url": {
"name": "postcss-normalize-url",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-normalize-url"
],
"fixAvailable": true
},
"postcss-normalize-whitespace": {
"name": "postcss-normalize-whitespace",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-whitespace"
],
"fixAvailable": true
},
"postcss-ordered-values": {
"name": "postcss-ordered-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/postcss-ordered-values"
],
"fixAvailable": true
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-reduce-initial": {
"name": "postcss-reduce-initial",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-reduce-initial"
],
"fixAvailable": true
},
"postcss-reduce-transforms": {
"name": "postcss-reduce-transforms",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-reduce-transforms"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-reporter": {
"name": "postcss-reporter",
"severity": "moderate",
"isDirect": true,
"via": [
"postcss"
],
"effects": [],
"range": "<=6.0.1",
"nodes": [
"node_modules/postcss-reporter"
],
"fixAvailable": {
"name": "postcss-reporter",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"postcss",
"svgo"
],
"effects": [],
"range": "<=5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"postcss-unique-selectors": {
"name": "postcss-unique-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-unique-selectors"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/glob-watcher/node_modules/readdirp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"phantomjs-prebuilt"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"stylehacks": {
"name": "stylehacks",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-merge-longhand"
],
"range": "<=4.0.3",
"nodes": [
"node_modules/stylehacks"
],
"fixAvailable": true
},
"svg-sprite": {
"name": "svg-sprite",
"severity": "high",
"isDirect": false,
"via": [
"phantomjs-prebuilt",
"svgo"
],
"effects": [
"gulp-svg-sprite"
],
"range": "1.3.0 - 1.5.4",
"nodes": [
"node_modules/svg-sprite"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo",
"svg-sprite"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "gulp-svg-sprite",
"version": "2.0.3",
"isSemVerMajor": true
}
},
"useragent": {
"name": "useragent",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1100298,
"name": "useragent",
"dependency": "useragent",
"title": "useragent Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-mgfv-m47x-4wqp",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=2.3.0"
}
],
"effects": [
"browserslist-useragent",
"es-dev-server"
],
"range": "*",
"nodes": [
"node_modules/useragent"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 77,
"high": 23,
"critical": 0,
"total": 100
},
"dependencies": {
"prod": 1,
"dev": 1665,
"optional": 5,
"peer": 1,
"peerOptional": 0,
"total": 1665
}
}
}
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 2026, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1961, in run
plan = planner.check(repo)
^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/httpplan.py", line 38, in check
resp.raise_for_status()
File "/venv/lib/python3.11/site-packages/requests/models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 502 Server Error: Bad Gateway for url: https://libup.wmcloud.org/plan.json?repository=wikimedia%2Fportals&branch=master