This run took 90 seconds.
$ date
--- stdout ---
Thu May 15 10:38:13 UTC 2025
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-NearbyPages.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
32e64b9e308b2a32b9e60e698494e18abf7080a4 refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 4,
"critical": 4,
"total": 8
},
"dependencies": {
"prod": 1,
"dev": 1318,
"optional": 89,
"peer": 84,
"peerOptional": 0,
"total": 1318
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
- Locking doctrine/deprecations (1.1.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.2)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.1.0)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.2.6)
- Locking symfony/deprecation-contracts (v3.5.1)
- Locking symfony/polyfill-ctype (v1.32.0)
- Locking symfony/polyfill-intl-grapheme (v1.32.0)
- Locking symfony/polyfill-intl-normalizer (v1.32.0)
- Locking symfony/polyfill-mbstring (v1.32.0)
- Locking symfony/polyfill-php80 (v1.32.0)
- Locking symfony/service-contracts (v3.5.1)
- Locking symfony/string (v7.2.6)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing symfony/polyfill-php80 (v1.32.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.32.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.32.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.32.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.32.0): Extracting archive
- Installing symfony/string (v7.2.6): Extracting archive
- Installing symfony/deprecation-contracts (v3.5.1): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.5.1): Extracting archive
- Installing symfony/console (v7.2.6): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.1.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.2): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
20/36 [===============>------------] 55%
35/36 [===========================>] 97%
36/36 [============================] 100%
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 4,
"critical": 4,
"total": 8
},
"dependencies": {
"prod": 1,
"dev": 1318,
"optional": 89,
"peer": 84,
"peerOptional": 0,
"total": 1318
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: htmlnano@2.1.1
npm WARN Found: svgo@2.8.0
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/svgo
npm WARN svgo@"^2.4.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN @parcel/optimizer-htmlnano@"2.3.2" from @parcel/config-default@2.3.2
npm WARN node_modules/@parcel/config-default
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional svgo@"^3.0.2" from htmlnano@2.1.1
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/htmlnano
npm WARN htmlnano@"^2.0.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN
npm WARN Conflicting peer dependency: svgo@3.3.2
npm WARN node_modules/svgo
npm WARN peerOptional svgo@"^3.0.2" from htmlnano@2.1.1
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/htmlnano
npm WARN htmlnano@"^2.0.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1318,
"removed": 0,
"changed": 0,
"audited": 1319,
"funding": 203,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 4,
"critical": 4,
"total": 8
},
"dependencies": {
"prod": 1,
"dev": 1318,
"optional": 89,
"peer": 84,
"peerOptional": 0,
"total": 1318
}
}
}
}
--- end ---
{"added": 1318, "removed": 0, "changed": 0, "audited": 1319, "funding": 203, "audit": {"auditReportVersion": 2, "vulnerabilities": {"babel-core": {"name": "babel-core", "severity": "critical", "isDirect": true, "via": ["babel-helpers", "babel-register", "babel-template", "babel-traverse", "json5"], "effects": ["babel-register"], "range": "5.8.20 - 7.0.0-beta.3", "nodes": ["node_modules/babel-core"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-helpers": {"name": "babel-helpers", "severity": "critical", "isDirect": false, "via": ["babel-template"], "effects": [], "range": "*", "nodes": ["node_modules/babel-helpers"], "fixAvailable": true}, "babel-register": {"name": "babel-register", "severity": "high", "isDirect": false, "via": ["babel-core"], "effects": ["babel-core"], "range": "*", "nodes": ["node_modules/babel-register"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-template": {"name": "babel-template", "severity": "critical", "isDirect": false, "via": ["babel-traverse"], "effects": ["babel-helpers"], "range": "*", "nodes": ["node_modules/babel-template"], "fixAvailable": true}, "babel-traverse": {"name": "babel-traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096879, "name": "babel-traverse", "dependency": "babel-traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": ["babel-core", "babel-template"], "range": "*", "nodes": ["node_modules/babel-traverse"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1100562, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["pre-commit"], "range": "<6.0.6", "nodes": ["node_modules/pre-commit/node_modules/cross-spawn"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096543, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": "<1.0.2"}], "effects": ["babel-core"], "range": "<1.0.2", "nodes": ["node_modules/babel-core/node_modules/json5"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "pre-commit": {"name": "pre-commit", "severity": "high", "isDirect": true, "via": ["cross-spawn"], "effects": [], "range": ">=1.1.0", "nodes": ["node_modules/pre-commit"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 4, "critical": 4, "total": 8}, "dependencies": {"prod": 1, "dev": 1318, "optional": 89, "peer": 84, "peerOptional": 0, "total": 1318}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: htmlnano@2.1.1
npm WARN Found: svgo@2.8.0
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/svgo
npm WARN svgo@"^2.4.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN @parcel/optimizer-htmlnano@"2.3.2" from @parcel/config-default@2.3.2
npm WARN node_modules/@parcel/config-default
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional svgo@"^3.0.2" from htmlnano@2.1.1
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/htmlnano
npm WARN htmlnano@"^2.0.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN
npm WARN Conflicting peer dependency: svgo@3.3.2
npm WARN node_modules/svgo
npm WARN peerOptional svgo@"^3.0.2" from htmlnano@2.1.1
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/htmlnano
npm WARN htmlnano@"^2.0.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.9: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated consolidate@0.16.0: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN tarball tarball data for msgpackr@https://registry.npmjs.org/msgpackr/-/msgpackr-1.10.2.tgz (sha512-L60rsPynBvNE+8BWipKKZ9jHcSGbtyJYIwjRq0VrIvQ08cRjntGXJYW/tmciZ2IHWIY8WEW32Qa2xbh5+SKBZA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for ordered-binary@https://registry.npmjs.org/ordered-binary/-/ordered-binary-1.5.1.tgz (sha512-5VyHfHY3cd0iza71JepYG50My+YUbrFtGoUz2ooEydPyPM7Aai/JW098juLr+RG6+rDJuzNNTsEQu2DZa1A41A==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @swc/types@https://registry.npmjs.org/@swc/types/-/types-0.1.7.tgz (sha512-scHWahbHF0eyj3JsxG9CFJgFdFNaVQCNAimBlT6PzS3n/HptxqREjsm4OH6AN3lYcffZYSPxXW8ua2BEHp0lJQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for abortcontroller-polyfill@https://registry.npmjs.org/abortcontroller-polyfill/-/abortcontroller-polyfill-1.7.5.tgz (sha512-JMJ5soJWP18htbbxJjG7bG6yuI6pRhgJ0scHHTfkUjf6wjP912xZWvM+A4sJK3gqd9E8fcPbDnOefbA9Th/FIQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/rust@https://registry.npmjs.org/@parcel/rust/-/rust-2.12.0.tgz (sha512-005cldMdFZFDPOjbDVEXcINQ3wT4vrxvSavRWI3Az0e3E18exO/x/mW9f648KtXugOXMAqCEqhFHcXECL9nmMw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @swc/core-linux-x64-musl@https://registry.npmjs.org/@swc/core-linux-x64-musl/-/core-linux-x64-musl-1.5.24.tgz (sha512-1F8z9NRi52jdZQCGc5sflwYSctL6omxiVmIFVp8TC9nngjQKc00TtX/JC2Eo2HwvgupkFVl5YQJidAck9YtmJw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/profiler@https://registry.npmjs.org/@parcel/profiler/-/profiler-2.12.0.tgz (sha512-q53fvl5LDcFYzMUtSusUBZSjQrKjMlLEBgKeQHFwkimwR1mgoseaDBDuNz0XvmzDzF1UelJ02TUKCGacU8W2qA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @swc/core-linux-x64-gnu@https://registry.npmjs.org/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.5.24.tgz (sha512-Zrdzi7NqzQxm2BvAG5KyOSBEggQ7ayrxh599AqqevJmsUXJ8o2nMiWQOBvgCGp7ye+Biz3pvZn1EnRzAp+TpUg==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/events@https://registry.npmjs.org/@parcel/events/-/events-2.12.0.tgz (sha512-nmAAEIKLjW1kB2cUbCYSmZOGbnGj8wCzhqnK727zCCWaA25ogzAtt657GPOeFyqW77KyosU728Tl63Fc8hphIA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/core@https://registry.npmjs.org/@parcel/core/-/core-2.12.0.tgz (sha512-s+6pwEj+GfKf7vqGUzN9iSEPueUssCCQrCBUlcAfKrJe0a22hTUCjewpB0I7lNrCIULt8dkndD+sMdOrXsRl6Q==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/graph@https://registry.npmjs.org/@parcel/graph/-/graph-3.2.0.tgz (sha512-xlrmCPqy58D4Fg5umV7bpwDx5Vyt7MlnQPxW68vae5+BA4GSWetfZt+Cs5dtotMG2oCHzZxhIPt7YZ7NRyQzLA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @swc/core@https://registry.npmjs.org/@swc/core/-/core-1.5.24.tgz (sha512-Eph9zvO4xvqWZGVzTdtdEJ0Vqf0VIML/o/e4Qd2RLOqtfgnlRi7avmMu5C0oqciJ0tk+hqdUKVUZ4JPoPaiGvQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @lezer/lr@https://registry.npmjs.org/@lezer/lr/-/lr-1.4.1.tgz (sha512-CHsKq8DMKBf9b3yXPDIU4DbH+ZJd/sJdYOW2llbW/HudP5u0VS6Bfq1hLYfgU7uAYGFIyGGQIsSOXGPEErZiJw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @lezer/common@https://registry.npmjs.org/@lezer/common/-/common-1.2.1.tgz (sha512-yemX0ZD2xS/73llMZIK6KplkjIjf2EvAHcinDi/TfJ9hS25G0388+ClHt6/3but0oOxinTcQHJLDXh6w1crzFQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/diagnostic@https://registry.npmjs.org/@parcel/diagnostic/-/diagnostic-2.12.0.tgz (sha512-8f1NOsSFK+F4AwFCKynyIu9Kr/uWHC+SywAv4oS6Bv3Acig0gtwUjugk0C9UaB8ztBZiW5TQZhw+uPZn9T/lJA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for stylehacks@https://registry.npmjs.org/stylehacks/-/stylehacks-7.0.0.tgz (sha512-47Nw4pQ6QJb4CA6dzF2m9810sjQik4dfk4UwAm5wlwhrW3syzZKF8AR4/cfO3Cr6lsFgAoznQq0Wg57qhjTA2A==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-reduce-initial@https://registry.npmjs.org/postcss-reduce-initial/-/postcss-reduce-initial-7.0.0.tgz (sha512-iqGgmBxY9LrblZ0BKLjmrA1mC/cf9A/wYCCqSmD6tMi+xAyVl0+DfixZIHSVDMbCPRPjNmVF0DFGth/IDGelFQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-ordered-values@https://registry.npmjs.org/postcss-ordered-values/-/postcss-ordered-values-7.0.0.tgz (sha512-KROvC63A8UQW1eYDljQe1dtwc1E/M+mMwDT6z7khV/weHYLWTghaLRLunU7x1xw85lWFwVZOAGakxekYvKV+0w==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-svgo@https://registry.npmjs.org/postcss-svgo/-/postcss-svgo-7.0.0.tgz (sha512-Xj5DRdvA97yRy3wjbCH2NKXtDUwEnph6EHr5ZXszsBVKCNrKXYBjzAXqav7/Afz5WwJ/1peZoTguCEJIg7ytmA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-unique-selectors@https://registry.npmjs.org/postcss-unique-selectors/-/postcss-unique-selectors-7.0.0.tgz (sha512-NYFqcft7vVQMZlQPsMdMPy+qU/zDpy95Malpw4GeA9ZZjM6dVXDshXtDmLc0m4WCD6XeZCJqjTfPT1USsdt+rA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-discard-duplicates@https://registry.npmjs.org/postcss-discard-duplicates/-/postcss-discard-duplicates-7.0.0.tgz (sha512-bAnSuBop5LpAIUmmOSsuvtKAAKREB6BBIYStWUTGq8oG5q9fClDMMuY8i4UPI/cEcDx2TN+7PMnXYIId20UVDw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-minify-params@https://registry.npmjs.org/postcss-minify-params/-/postcss-minify-params-7.0.0.tgz (sha512-XOJAuX8Q/9GT1sGxlUvaFEe2H9n50bniLZblXXsAT/BwSfFYvzSZeFG7uupwc0KbKpTnflnQ7aMwGzX6JUWliQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-colormin@https://registry.npmjs.org/postcss-colormin/-/postcss-colormin-7.0.0.tgz (sha512-5CN6fqtsEtEtwf3mFV3B4UaZnlYljPpzmGeDB4yCK067PnAtfLe9uX2aFZaEwxHE7HopG5rUkW8gyHrNAesHEg==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-minify-selectors@https://registry.npmjs.org/postcss-minify-selectors/-/postcss-minify-selectors-7.0.0.tgz (sha512-f00CExZhD6lNw2vTZbcnmfxVgaVKzUw6IRsIFX3JTT8GdsoABc1WnhhGwL1i8YPJ3sSWw39fv7XPtvLb+3Uitw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-discard-comments@https://registry.npmjs.org/postcss-discard-comments/-/postcss-discard-comments-7.0.0.tgz (sha512-xpSdzRqYmy4YIVmjfGyYXKaI1SRnK6CTr+4Zmvyof8ANwvgfZgGdVtmgAvzh59gJm808mJCWQC9tFN0KF5dEXA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-calc@https://registry.npmjs.org/postcss-calc/-/postcss-calc-10.0.0.tgz (sha512-OmjhudoNTP0QleZCwl1i6NeBwN+5MZbY5ersLZz69mjJiDVv/p57RjRuKDkHeDWr4T+S97wQfsqRTNoDHB2e3g==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for cssnano-preset-default@https://registry.npmjs.org/cssnano-preset-default/-/cssnano-preset-default-7.0.1.tgz (sha512-Fumyr+uZMcjYQeuHssAZxn0cKj3cdQc5GcxkBcmEzISGB+UW9CLNlU4tBOJbJGcPukFDlicG32eFbrc8K9V5pw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-merge-longhand@https://registry.npmjs.org/postcss-merge-longhand/-/postcss-merge-longhand-7.0.0.tgz (sha512-0X8I4/9+G03X5/5NnrfopG/YEln2XU8heDh7YqBaiq2SeaKIG3n66ShZPjIolmVuLBQ0BEm3yS8o1mlCLHdW7A==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for lilconfig@https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz (sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for cssnano@https://registry.npmjs.org/cssnano/-/cssnano-7.0.1.tgz (sha512-917Mej/4SdI7b55atsli3sU4MOJ9XDoKgnlCtQtXYj8XUFcM3riTuYHyqBBnnskawW+zWwp0KxJzpEUodlpqUg==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-convert-values@https://registry.npmjs.org/postcss-convert-values/-/postcss-convert-values-7.0.0.tgz (sha512-bMuzDgXBbFbByPgj+/r6va8zNuIDUaIIbvAFgdO1t3zdgJZ77BZvu6dfWyd6gHEJnYzmeVr9ayUsAQL3/qLJ0w==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/workers@https://registry.npmjs.org/@parcel/workers/-/workers-2.12.0.tgz (sha512-zv5We5Jmb+ZWXlU6A+AufyjY4oZckkxsZ8J4dvyWL0W8IQvGO1JB4FGeryyttzQv3RM3OxcN/BpTGPiDG6keBw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/utils@https://registry.npmjs.org/@parcel/utils/-/utils-2.12.0.tgz (sha512-z1JhLuZ8QmDaYoEIuUCVZlhcFrS7LMfHrb2OCRui5SQFntRWBH2fNM6H/fXXUkT9SkxcuFP2DUA6/m4+Gkz72g==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/diagnostic@https://registry.npmjs.org/@parcel/diagnostic/-/diagnostic-2.12.0.tgz (sha512-8f1NOsSFK+F4AwFCKynyIu9Kr/uWHC+SywAv4oS6Bv3Acig0gtwUjugk0C9UaB8ztBZiW5TQZhw+uPZn9T/lJA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/package-manager@https://registry.npmjs.org/@parcel/package-manager/-/package-manager-2.12.0.tgz (sha512-0nvAezcjPx9FT+hIL+LS1jb0aohwLZXct7jAh7i0MLMtehOi0z1Sau+QpgMlA9rfEZZ1LIeFdnZZwqSy7Ccspw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/types@https://registry.npmjs.org/@parcel/types/-/types-2.12.0.tgz (sha512-8zAFiYNCwNTQcglIObyNwKfRYQK5ELlL13GuBOrSMxueUiI5ylgsGbTS1N7J3dAGZixHO8KhHGv5a71FILn9rQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/markdown-ansi@https://registry.npmjs.org/@parcel/markdown-ansi/-/markdown-ansi-2.12.0.tgz (sha512-WZz3rzL8k0H3WR4qTHX6Ic8DlEs17keO9gtD4MNGyMNQbqQEvQ61lWJaIH0nAtgEetu0SOITiVqdZrb8zx/M7w==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/node-resolver-core@https://registry.npmjs.org/@parcel/node-resolver-core/-/node-resolver-core-3.3.0.tgz (sha512-rhPW9DYPEIqQBSlYzz3S0AjXxjN6Ub2yS6tzzsW/4S3Gpsgk/uEq4ZfxPvoPf/6TgZndVxmKwpmxaKtGMmf3cA==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/codeframe@https://registry.npmjs.org/@parcel/codeframe/-/codeframe-2.12.0.tgz (sha512-v2VmneILFiHZJTxPiR7GEF1wey1/IXPdZMcUlNXBiPZyWDfcuNgGGVQkx/xW561rULLIvDPharOMdxz5oHOKQg==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/logger@https://registry.npmjs.org/@parcel/logger/-/logger-2.12.0.tgz (sha512-cJ7Paqa7/9VJ7C+KwgJlwMqTQBOjjn71FbKk0G07hydUEBISU2aDfmc/52o60ErL9l+vXB26zTrIBanbxS8rVg==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/cache@https://registry.npmjs.org/@parcel/cache/-/cache-2.12.0.tgz (sha512-FX5ZpTEkxvq/yvWklRHDESVRz+c7sLTXgFuzz6uEnBcXV38j6dMSikflNpHA6q/L4GKkCqRywm9R6XQwhwIMyw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-normalize-unicode@https://registry.npmjs.org/postcss-normalize-unicode/-/postcss-normalize-unicode-7.0.0.tgz (sha512-OnKV52/VFFDAim4n0pdI+JAhsolLBdnCKxE6VV5lW5Q/JeVGFN8UM8ur6/A3EAMLsT1ZRm3fDHh/rBoBQpqi2w==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/plugin@https://registry.npmjs.org/@parcel/plugin/-/plugin-2.12.0.tgz (sha512-nc/uRA8DiMoe4neBbzV6kDndh/58a4wQuGKw5oEoIwBCHUvE2W8ZFSu7ollSXUGRzfacTt4NdY8TwS73ScWZ+g==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for postcss-merge-rules@https://registry.npmjs.org/postcss-merge-rules/-/postcss-merge-rules-7.0.0.tgz (sha512-Zty3VlOsD6VSjBMu6PiHCVpLegtBT/qtZRVBcSeyEZ6q1iU5qTYT0WtEoLRV+YubZZguS5/ycfP+NRiKfjv6aw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @parcel/fs@https://registry.npmjs.org/@parcel/fs/-/fs-2.12.0.tgz (sha512-NnFkuvou1YBtPOhTdZr44WN7I60cGyly2wpHzqRl62yhObyi1KvW0SjwOMa0QGNcBOIzp4G0CapoZ93hD0RG5Q==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for terser@https://registry.npmjs.org/terser/-/terser-5.31.0.tgz (sha512-Q1JFAoUKE5IMfI4Z/lkE/E6+SwgzO+x4tq4v1AyBLRj8VSYvRO6A/rQrPg1yud4g0En9EKI1TvFRF2tQFcoUkg==) seems to be corrupted. Trying again.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1284 packages, and audited 1285 packages in 25s
193 packages are looking for funding
run `npm fund` for details
# npm audit report
babel-traverse *
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-traverse
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-helpers
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of babel-template
Depends on vulnerable versions of babel-traverse
Depends on vulnerable versions of json5
node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/babel-register
babel-template *
Depends on vulnerable versions of babel-traverse
node_modules/babel-template
babel-helpers *
Depends on vulnerable versions of babel-template
node_modules/babel-helpers
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install pre-commit@1.0.10, which is a breaking change
node_modules/pre-commit/node_modules/cross-spawn
pre-commit >=1.1.0
Depends on vulnerable versions of cross-spawn
node_modules/pre-commit
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5
8 vulnerabilities (4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: htmlnano@2.1.1
npm WARN Found: svgo@2.8.0
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/svgo
npm WARN svgo@"^2.4.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN @parcel/optimizer-htmlnano@"2.3.2" from @parcel/config-default@2.3.2
npm WARN node_modules/@parcel/config-default
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional svgo@"^3.0.2" from htmlnano@2.1.1
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/htmlnano
npm WARN htmlnano@"^2.0.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN
npm WARN Conflicting peer dependency: svgo@3.3.2
npm WARN node_modules/svgo
npm WARN peerOptional svgo@"^3.0.2" from htmlnano@2.1.1
npm WARN node_modules/@parcel/optimizer-htmlnano/node_modules/htmlnano
npm WARN htmlnano@"^2.0.0" from @parcel/optimizer-htmlnano@2.3.2
npm WARN node_modules/@parcel/optimizer-htmlnano
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.9: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated consolidate@0.16.0: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1284 packages, and audited 1285 packages in 25s
193 packages are looking for funding
run `npm fund` for details
8 vulnerabilities (4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/api.test.js
PASS tests/jest/locationProvider.test.js
PASS tests/jest/PageList.test.js
PASS tests/jest/App.test.js
Test Suites: 4 passed, 4 total
Tests: 37 passed, 37 total
Snapshots: 0 total
Time: 5.857 s
Ran all test suites.
--- stdout ---
> test
> npm -s run lint && npm run test:unit
Checked 1 message directory.
> test:unit
> jest
---------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
---------------------|---------|----------|---------|---------|-------------------
All files | 100 | 98.82 | 100 | 100 |
App.vue | 100 | 94.73 | 100 | 100 | 67
PageList.vue | 100 | 100 | 100 | 100 |
api.js | 100 | 100 | 100 | 100 |
locationProvider.js | 100 | 100 | 100 | 100 |
types.js | 0 | 0 | 0 | 0 |
---------------------|---------|----------|---------|---------|-------------------
--- end ---
{}
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpvkca2r96
--- stderr ---
pre-commit:
pre-commit: No changes detected.
pre-commit: Skipping the pre-commit hook.
pre-commit:
--- stdout ---
On branch REL1_43
Your branch is up to date with 'origin/REL1_43'.
nothing to commit, working tree clean
--- end ---