This run took 348 seconds.
From d613fd75619ada5403e5010ffd15e97943b06316 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 15 Jun 2025 07:46:06 +0000
Subject: [PATCH] build: Updating brace-expansion to 1.1.12, 2.0.2
* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
Change-Id: I60296a8d7c8a71bdda546d24705e1dac0e6a86f2
---
package-lock.json | 56 +++++++++++++++++++++++------------------------
1 file changed, 27 insertions(+), 29 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index fd8affd..f2ecbf2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15574,9 +15574,9 @@
}
},
"node_modules/@wdio/config/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -19422,9 +19422,9 @@
}
},
"node_modules/brace-expansion": {
- "version": "1.1.11",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
- "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+ "version": "1.1.12",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+ "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -23656,11 +23656,10 @@
}
},
"node_modules/eslint-config-wikimedia/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0"
}
@@ -23983,11 +23982,10 @@
}
},
"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0"
}
@@ -25304,9 +25302,9 @@
}
},
"node_modules/filelist/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -32721,9 +32719,9 @@
"dev": true
},
"node_modules/mocha/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -35528,9 +35526,9 @@
}
},
"node_modules/readdir-glob/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -41130,9 +41128,9 @@
}
},
"node_modules/webdriverio/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -41501,9 +41499,9 @@
"dev": true
},
"node_modules/webpack": {
- "version": "5.99.8",
- "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.99.8.tgz",
- "integrity": "sha512-lQ3CPiSTpfOnrEGeXDwoq5hIGzSjmwD72GdfVzF7CQAI7t47rJG9eDWvcEkEn3CUQymAElVvDg3YNTlCYj+qUQ==",
+ "version": "5.99.9",
+ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.99.9.tgz",
+ "integrity": "sha512-brOPwM3JnmOa+7kd3NsmOUOwbDAj8FT9xDsG3IW0MgbN9yZV7Oi/s/+MNQ/EcSMqw7qfoRyXPoeEWT8zLVdVGg==",
"dev": true,
"peer": true,
"dependencies": {
--
2.39.5
$ date
--- stdout ---
Sun Jun 15 07:40:47 UTC 2025
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-GlobalWatchlist.git repo --depth=1 -b REL1_39
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_39
--- stdout ---
cf1d15acf1d6cd06e63100c6a70d64d993f0e819 refs/heads/REL1_39
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/codemod",
"@storybook/csf-tools",
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-controls",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": true,
"via": [
"@jest/transform",
"@storybook/components",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/addon-storysource": {
"name": "@storybook/addon-storysource",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/components",
"react-syntax-highlighter"
],
"effects": [],
"range": "<=7.6.0-beta.2",
"nodes": [
"node_modules/@storybook/addon-storysource"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/components",
"@storybook/core-common",
"@storybook/ui",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": true
},
"@storybook/cli": {
"name": "@storybook/cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/codemod",
"jscodeshift",
"update-notifier"
],
"effects": [
"storybook"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/cli"
],
"fixAvailable": {
"name": "storybook",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/codemod": {
"name": "@storybook/codemod",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx",
"@storybook/csf-tools",
"jscodeshift"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/codemod"
],
"fixAvailable": true
},
"@storybook/components": {
"name": "@storybook/components",
"severity": "moderate",
"isDirect": false,
"via": [
"react-syntax-highlighter"
],
"effects": [
"@storybook/addon-docs",
"@storybook/addon-storysource",
"@storybook/builder-webpack4",
"@storybook/ui"
],
"range": "4.2.0-alpha.1 - 6.5.9",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@storybook/components",
"node_modules/@storybook/builder-webpack4/node_modules/@storybook/components",
"node_modules/@storybook/components",
"node_modules/@storybook/ui/node_modules/@storybook/components"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-client": {
"name": "@storybook/core-client",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/ui"
],
"effects": [
"@storybook/core",
"@storybook/core-server"
],
"range": "<=6.5.9",
"nodes": [
"node_modules/@storybook/core-client"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/vue"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/@storybook/core-common",
"node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common",
"node_modules/@storybook/core-common",
"node_modules/@storybook/core-server/node_modules/@storybook/core-common",
"node_modules/@storybook/manager-webpack4/node_modules/@storybook/core-common",
"node_modules/@storybook/vue/node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/codemod",
"@storybook/core-server"
],
"range": "<=6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/codemod/node_modules/@storybook/csf-tools",
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-common",
"@storybook/ui",
"css-loader",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": true
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/ui": {
"name": "@storybook/ui",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/components"
],
"effects": [
"@storybook/core-client",
"@storybook/manager-webpack4"
],
"range": "4.2.0-alpha.1 - 6.5.9",
"nodes": [
"node_modules/@storybook/ui"
],
"fixAvailable": true
},
"@storybook/vue": {
"name": "@storybook/vue",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue",
"vue-docgen-loader",
"vue-loader",
"vue-template-compiler",
"webpack"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@storybook/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"@vue/component-compiler-utils": {
"name": "@vue/component-compiler-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"vue-loader"
],
"range": "*",
"nodes": [
"node_modules/@vue/component-compiler-utils"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"webdriverio",
"yarn-install"
],
"effects": [
"@wdio/junit-reporter",
"@wdio/local-runner",
"@wdio/spec-reporter"
],
"range": "5.4.10 - 8.45.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "<=8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli",
"@wdio/runner"
],
"effects": [],
"range": "<=8.45.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "6.0.4 - 8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wikimedia/wvui": {
"name": "@wikimedia/wvui",
"severity": "low",
"isDirect": true,
"via": [
"vue"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wikimedia/wvui"
],
"fixAvailable": false
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1105443,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=1.0.0 <=1.1.11"
},
{
"source": 1105444,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <=2.0.1"
}
],
"effects": [],
"range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/@wdio/config/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/eslint-config-wikimedia/node_modules/brace-expansion",
"node_modules/eslint-plugin-n/node_modules/brace-expansion",
"node_modules/filelist/node_modules/brace-expansion",
"node_modules/mocha/node_modules/brace-expansion",
"node_modules/readdir-glob/node_modules/brace-expansion",
"node_modules/webdriverio/node_modules/brace-expansion"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/braces",
"node_modules/@storybook/builder-webpack4/node_modules/braces",
"node_modules/@storybook/codemod/node_modules/braces",
"node_modules/@storybook/core-common/node_modules/braces",
"node_modules/@storybook/core-server/node_modules/braces",
"node_modules/@storybook/manager-webpack4/node_modules/braces",
"node_modules/@storybook/vue/node_modules/braces",
"node_modules/cpy/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/vue-docgen-loader/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6",
"nodes": [
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/css-loader",
"node_modules/@storybook/manager-webpack4/node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"got": {
"name": "got",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088948,
"name": "got",
"dependency": "got",
"title": "Got allows a redirect to a UNIX socket",
"url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
"severity": "moderate",
"cwe": [],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<11.8.5"
}
],
"effects": [
"package-json"
],
"range": "<11.8.5",
"nodes": [
"node_modules/got"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/jest-haste-map"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"@storybook/cli",
"@storybook/codemod",
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/@storybook/codemod/node_modules/jscodeshift",
"node_modules/jscodeshift",
"node_modules/vue-docgen-loader/node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.4",
"isSemVerMajor": true
}
},
"jsdoc-wmf-theme": {
"name": "jsdoc-wmf-theme",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "<=0.0.12",
"nodes": [
"node_modules/jsdoc-wmf-theme"
],
"fixAvailable": {
"name": "jsdoc-wmf-theme",
"version": "1.1.0",
"isSemVerMajor": true
}
},
"latest-version": {
"name": "latest-version",
"severity": "moderate",
"isDirect": false,
"via": [
"package-json"
],
"effects": [
"update-notifier"
],
"range": "0.2.0 - 5.1.0",
"nodes": [
"node_modules/latest-version"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/micromatch",
"node_modules/@storybook/builder-webpack4/node_modules/micromatch",
"node_modules/@storybook/codemod/node_modules/micromatch",
"node_modules/@storybook/core-common/node_modules/micromatch",
"node_modules/@storybook/core-server/node_modules/micromatch",
"node_modules/@storybook/manager-webpack4/node_modules/micromatch",
"node_modules/@storybook/vue/node_modules/micromatch",
"node_modules/cpy/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/vue-docgen-loader/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"package-json": {
"name": "package-json",
"severity": "moderate",
"isDirect": false,
"via": [
"got"
],
"effects": [
"latest-version"
],
"range": "<=6.5.0",
"nodes": [
"node_modules/package-json"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"@vue/component-compiler-utils",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/@storybook/manager-webpack4/node_modules/postcss",
"node_modules/@vue/component-compiler-utils/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"prismjs": {
"name": "prismjs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1102459,
"name": "prismjs",
"dependency": "prismjs",
"title": "PrismJS DOM Clobbering vulnerability",
"url": "https://github.com/advisories/GHSA-x7hr-w5r2-h6wg",
"severity": "moderate",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 4.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"
},
"range": "<1.30.0"
}
],
"effects": [
"refractor"
],
"range": "<1.30.0",
"nodes": [
"node_modules/refractor/node_modules/prismjs"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/devtools/node_modules/puppeteer-core",
"node_modules/webdriverio/node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"react-syntax-highlighter": {
"name": "react-syntax-highlighter",
"severity": "moderate",
"isDirect": false,
"via": [
"refractor"
],
"effects": [
"@storybook/addon-storysource",
"@storybook/components"
],
"range": ">=6.0.0",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/react-syntax-highlighter",
"node_modules/react-syntax-highlighter"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"refractor": {
"name": "refractor",
"severity": "moderate",
"isDirect": false,
"via": [
"prismjs"
],
"effects": [
"react-syntax-highlighter"
],
"range": "<=4.6.0",
"nodes": [
"node_modules/refractor"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"storybook": {
"name": "storybook",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/cli"
],
"effects": [],
"range": "5.3.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/storybook"
],
"fixAvailable": {
"name": "storybook",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc",
"jsdoc-wmf-theme"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.4",
"isSemVerMajor": true
}
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104677,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
},
{
"source": 1105197,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.2",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"terser-webpack-plugin": {
"name": "terser-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"webpack"
],
"range": "<=2.2.1",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/terser-webpack-plugin",
"node_modules/@storybook/builder-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin",
"node_modules/@storybook/core-common/node_modules/terser-webpack-plugin",
"node_modules/@storybook/core-server/node_modules/terser-webpack-plugin",
"node_modules/@storybook/manager-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin",
"node_modules/@storybook/vue/node_modules/terser-webpack-plugin"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"update-notifier": {
"name": "update-notifier",
"severity": "moderate",
"isDirect": false,
"via": [
"latest-version"
],
"effects": [],
"range": "0.2.0 - 5.1.0",
"nodes": [
"node_modules/update-notifier"
],
"fixAvailable": true
},
"vue": {
"name": "vue",
"severity": "low",
"isDirect": true,
"via": [
{
"source": 1100238,
"name": "vue",
"dependency": "vue",
"title": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function",
"url": "https://github.com/advisories/GHSA-5j4c-8p2g-v4jx",
"severity": "low",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0-alpha.1 <3.0.0-alpha.0"
}
],
"effects": [
"@storybook/vue",
"@wikimedia/wvui"
],
"range": "2.0.0-alpha.1 - 2.7.16",
"nodes": [
"node_modules/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"vue-loader": {
"name": "vue-loader",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/component-compiler-utils"
],
"effects": [
"@storybook/vue"
],
"range": "15.0.0-beta.1 - 15.11.1",
"nodes": [
"node_modules/vue-loader"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"vue-template-compiler": {
"name": "vue-template-compiler",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1098721,
"name": "vue-template-compiler",
"dependency": "vue-template-compiler",
"title": "vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)",
"url": "https://github.com/advisories/GHSA-g3ch-rx76-35fx",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 4.2,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
"range": ">=2.0.0 <3.0.0"
}
],
"effects": [
"@storybook/vue"
],
"range": ">=2.0.0",
"nodes": [
"node_modules/vue-template-compiler"
],
"fixAvailable": {
"name": "vue-template-compiler",
"version": "0.1.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/watchpack",
"node_modules/@storybook/builder-webpack4/node_modules/watchpack",
"node_modules/@storybook/core-common/node_modules/watchpack",
"node_modules/@storybook/core-server/node_modules/webpack/node_modules/watchpack",
"node_modules/@storybook/manager-webpack4/node_modules/watchpack",
"node_modules/@storybook/vue/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"terser-webpack-plugin",
"watchpack"
],
"effects": [
"@storybook/core-common",
"@storybook/core-server",
"@storybook/vue",
"terser-webpack-plugin"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/webpack",
"node_modules/@storybook/builder-webpack4/node_modules/webpack",
"node_modules/@storybook/core-common/node_modules/webpack",
"node_modules/@storybook/core-server/node_modules/webpack",
"node_modules/@storybook/manager-webpack4/node_modules/webpack",
"node_modules/@storybook/vue/node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/devtools/node_modules/ws",
"node_modules/webdriverio/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 3,
"moderate": 43,
"high": 36,
"critical": 0,
"total": 82
},
"dependencies": {
"prod": 1,
"dev": 3215,
"optional": 41,
"peer": 386,
"peerOptional": 0,
"total": 3215
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 36 installs, 0 updates, 0 removals
- Locking composer/pcre (1.0.1)
- Locking composer/semver (3.3.2)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (2.0.5)
- Locking doctrine/deprecations (1.1.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v39.0.0)
- Locking mediawiki/mediawiki-phan-config (0.11.1)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (3.3.2)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.2.0)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.3.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.2)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.1.0)
- Locking psr/container (2.0.2)
- Locking psr/log (2.0.0)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.6.2)
- Locking symfony/console (v5.4.47)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.32.0)
- Locking symfony/polyfill-intl-grapheme (v1.32.0)
- Locking symfony/polyfill-intl-normalizer (v1.32.0)
- Locking symfony/polyfill-mbstring (v1.32.0)
- Locking symfony/polyfill-php73 (v1.32.0)
- Locking symfony/polyfill-php80 (v1.32.0)
- Locking symfony/service-contracts (v3.6.0)
- Locking symfony/string (v6.4.21)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 36 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing composer/pcre (1.0.1): Extracting archive
- Installing squizlabs/php_codesniffer (3.6.2): Extracting archive
- Installing symfony/polyfill-mbstring (v1.32.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.3.2): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v39.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.32.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.32.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.32.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.32.0): Extracting archive
- Installing symfony/string (v6.4.21): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.0): Extracting archive
- Installing symfony/polyfill-php73 (v1.32.0): Extracting archive
- Installing symfony/console (v5.4.47): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.1.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.2): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (2.0.0): Extracting archive
- Installing composer/xdebug-handler (2.0.5): Extracting archive
- Installing phan/phan (5.2.0): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (3.3.2): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.11.1): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive
0/36 [>---------------------------] 0%
19/36 [==============>-------------] 52%
34/36 [==========================>-] 94%
36/36 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
15 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/codemod",
"@storybook/csf-tools",
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-controls",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": true,
"via": [
"@jest/transform",
"@storybook/components",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/addon-storysource": {
"name": "@storybook/addon-storysource",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/components",
"react-syntax-highlighter"
],
"effects": [],
"range": "<=7.6.0-beta.2",
"nodes": [
"node_modules/@storybook/addon-storysource"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/components",
"@storybook/core-common",
"@storybook/ui",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": true
},
"@storybook/cli": {
"name": "@storybook/cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/codemod",
"jscodeshift",
"update-notifier"
],
"effects": [
"storybook"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/cli"
],
"fixAvailable": {
"name": "storybook",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/codemod": {
"name": "@storybook/codemod",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx",
"@storybook/csf-tools",
"jscodeshift"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/codemod"
],
"fixAvailable": true
},
"@storybook/components": {
"name": "@storybook/components",
"severity": "moderate",
"isDirect": false,
"via": [
"react-syntax-highlighter"
],
"effects": [
"@storybook/addon-docs",
"@storybook/addon-storysource",
"@storybook/builder-webpack4",
"@storybook/ui"
],
"range": "4.2.0-alpha.1 - 6.5.9",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@storybook/components",
"node_modules/@storybook/builder-webpack4/node_modules/@storybook/components",
"node_modules/@storybook/components",
"node_modules/@storybook/ui/node_modules/@storybook/components"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-client": {
"name": "@storybook/core-client",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/ui"
],
"effects": [
"@storybook/core",
"@storybook/core-server"
],
"range": "<=6.5.9",
"nodes": [
"node_modules/@storybook/core-client"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/vue"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/@storybook/core-common",
"node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common",
"node_modules/@storybook/core-common",
"node_modules/@storybook/core-server/node_modules/@storybook/core-common",
"node_modules/@storybook/manager-webpack4/node_modules/@storybook/core-common",
"node_modules/@storybook/vue/node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/codemod",
"@storybook/core-server"
],
"range": "<=6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/codemod/node_modules/@storybook/csf-tools",
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-common",
"@storybook/ui",
"css-loader",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": true
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/ui": {
"name": "@storybook/ui",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/components"
],
"effects": [
"@storybook/core-client",
"@storybook/manager-webpack4"
],
"range": "4.2.0-alpha.1 - 6.5.9",
"nodes": [
"node_modules/@storybook/ui"
],
"fixAvailable": true
},
"@storybook/vue": {
"name": "@storybook/vue",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue",
"vue-docgen-loader",
"vue-loader",
"vue-template-compiler",
"webpack"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@storybook/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"@vue/component-compiler-utils": {
"name": "@vue/component-compiler-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"vue-loader"
],
"range": "*",
"nodes": [
"node_modules/@vue/component-compiler-utils"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"webdriverio",
"yarn-install"
],
"effects": [
"@wdio/junit-reporter",
"@wdio/local-runner",
"@wdio/spec-reporter"
],
"range": "5.4.10 - 8.45.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "<=8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli",
"@wdio/runner"
],
"effects": [],
"range": "<=8.45.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "6.0.4 - 8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wikimedia/wvui": {
"name": "@wikimedia/wvui",
"severity": "low",
"isDirect": true,
"via": [
"vue"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wikimedia/wvui"
],
"fixAvailable": false
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1105443,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=1.0.0 <=1.1.11"
},
{
"source": 1105444,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <=2.0.1"
}
],
"effects": [],
"range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/@wdio/config/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/eslint-config-wikimedia/node_modules/brace-expansion",
"node_modules/eslint-plugin-n/node_modules/brace-expansion",
"node_modules/filelist/node_modules/brace-expansion",
"node_modules/mocha/node_modules/brace-expansion",
"node_modules/readdir-glob/node_modules/brace-expansion",
"node_modules/webdriverio/node_modules/brace-expansion"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/braces",
"node_modules/@storybook/builder-webpack4/node_modules/braces",
"node_modules/@storybook/codemod/node_modules/braces",
"node_modules/@storybook/core-common/node_modules/braces",
"node_modules/@storybook/core-server/node_modules/braces",
"node_modules/@storybook/manager-webpack4/node_modules/braces",
"node_modules/@storybook/vue/node_modules/braces",
"node_modules/cpy/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/vue-docgen-loader/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6",
"nodes": [
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/css-loader",
"node_modules/@storybook/manager-webpack4/node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"got": {
"name": "got",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088948,
"name": "got",
"dependency": "got",
"title": "Got allows a redirect to a UNIX socket",
"url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
"severity": "moderate",
"cwe": [],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<11.8.5"
}
],
"effects": [
"package-json"
],
"range": "<11.8.5",
"nodes": [
"node_modules/got"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/jest-haste-map"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"@storybook/cli",
"@storybook/codemod",
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/@storybook/codemod/node_modules/jscodeshift",
"node_modules/jscodeshift",
"node_modules/vue-docgen-loader/node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.4",
"isSemVerMajor": true
}
},
"jsdoc-wmf-theme": {
"name": "jsdoc-wmf-theme",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "<=0.0.12",
"nodes": [
"node_modules/jsdoc-wmf-theme"
],
"fixAvailable": {
"name": "jsdoc-wmf-theme",
"version": "1.1.0",
"isSemVerMajor": true
}
},
"latest-version": {
"name": "latest-version",
"severity": "moderate",
"isDirect": false,
"via": [
"package-json"
],
"effects": [
"update-notifier"
],
"range": "0.2.0 - 5.1.0",
"nodes": [
"node_modules/latest-version"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/micromatch",
"node_modules/@storybook/builder-webpack4/node_modules/micromatch",
"node_modules/@storybook/codemod/node_modules/micromatch",
"node_modules/@storybook/core-common/node_modules/micromatch",
"node_modules/@storybook/core-server/node_modules/micromatch",
"node_modules/@storybook/manager-webpack4/node_modules/micromatch",
"node_modules/@storybook/vue/node_modules/micromatch",
"node_modules/cpy/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/vue-docgen-loader/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"package-json": {
"name": "package-json",
"severity": "moderate",
"isDirect": false,
"via": [
"got"
],
"effects": [
"latest-version"
],
"range": "<=6.5.0",
"nodes": [
"node_modules/package-json"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"@vue/component-compiler-utils",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/@storybook/manager-webpack4/node_modules/postcss",
"node_modules/@vue/component-compiler-utils/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"prismjs": {
"name": "prismjs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1102459,
"name": "prismjs",
"dependency": "prismjs",
"title": "PrismJS DOM Clobbering vulnerability",
"url": "https://github.com/advisories/GHSA-x7hr-w5r2-h6wg",
"severity": "moderate",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 4.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"
},
"range": "<1.30.0"
}
],
"effects": [
"refractor"
],
"range": "<1.30.0",
"nodes": [
"node_modules/refractor/node_modules/prismjs"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/devtools/node_modules/puppeteer-core",
"node_modules/webdriverio/node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"react-syntax-highlighter": {
"name": "react-syntax-highlighter",
"severity": "moderate",
"isDirect": false,
"via": [
"refractor"
],
"effects": [
"@storybook/addon-storysource",
"@storybook/components"
],
"range": ">=6.0.0",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/react-syntax-highlighter",
"node_modules/react-syntax-highlighter"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"refractor": {
"name": "refractor",
"severity": "moderate",
"isDirect": false,
"via": [
"prismjs"
],
"effects": [
"react-syntax-highlighter"
],
"range": "<=4.6.0",
"nodes": [
"node_modules/refractor"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"storybook": {
"name": "storybook",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/cli"
],
"effects": [],
"range": "5.3.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/storybook"
],
"fixAvailable": {
"name": "storybook",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc",
"jsdoc-wmf-theme"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.4",
"isSemVerMajor": true
}
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104677,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
},
{
"source": 1105197,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.2",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"terser-webpack-plugin": {
"name": "terser-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"webpack"
],
"range": "<=2.2.1",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/terser-webpack-plugin",
"node_modules/@storybook/builder-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin",
"node_modules/@storybook/core-common/node_modules/terser-webpack-plugin",
"node_modules/@storybook/core-server/node_modules/terser-webpack-plugin",
"node_modules/@storybook/manager-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin",
"node_modules/@storybook/vue/node_modules/terser-webpack-plugin"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"update-notifier": {
"name": "update-notifier",
"severity": "moderate",
"isDirect": false,
"via": [
"latest-version"
],
"effects": [],
"range": "0.2.0 - 5.1.0",
"nodes": [
"node_modules/update-notifier"
],
"fixAvailable": true
},
"vue": {
"name": "vue",
"severity": "low",
"isDirect": true,
"via": [
{
"source": 1100238,
"name": "vue",
"dependency": "vue",
"title": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function",
"url": "https://github.com/advisories/GHSA-5j4c-8p2g-v4jx",
"severity": "low",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0-alpha.1 <3.0.0-alpha.0"
}
],
"effects": [
"@storybook/vue",
"@wikimedia/wvui"
],
"range": "2.0.0-alpha.1 - 2.7.16",
"nodes": [
"node_modules/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"vue-loader": {
"name": "vue-loader",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/component-compiler-utils"
],
"effects": [
"@storybook/vue"
],
"range": "15.0.0-beta.1 - 15.11.1",
"nodes": [
"node_modules/vue-loader"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"vue-template-compiler": {
"name": "vue-template-compiler",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1098721,
"name": "vue-template-compiler",
"dependency": "vue-template-compiler",
"title": "vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)",
"url": "https://github.com/advisories/GHSA-g3ch-rx76-35fx",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 4.2,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
"range": ">=2.0.0 <3.0.0"
}
],
"effects": [
"@storybook/vue"
],
"range": ">=2.0.0",
"nodes": [
"node_modules/vue-template-compiler"
],
"fixAvailable": {
"name": "vue-template-compiler",
"version": "0.1.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/watchpack",
"node_modules/@storybook/builder-webpack4/node_modules/watchpack",
"node_modules/@storybook/core-common/node_modules/watchpack",
"node_modules/@storybook/core-server/node_modules/webpack/node_modules/watchpack",
"node_modules/@storybook/manager-webpack4/node_modules/watchpack",
"node_modules/@storybook/vue/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"terser-webpack-plugin",
"watchpack"
],
"effects": [
"@storybook/core-common",
"@storybook/core-server",
"@storybook/vue",
"terser-webpack-plugin"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/webpack",
"node_modules/@storybook/builder-webpack4/node_modules/webpack",
"node_modules/@storybook/core-common/node_modules/webpack",
"node_modules/@storybook/core-server/node_modules/webpack",
"node_modules/@storybook/manager-webpack4/node_modules/webpack",
"node_modules/@storybook/vue/node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/devtools/node_modules/ws",
"node_modules/webdriverio/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 3,
"moderate": 43,
"high": 36,
"critical": 0,
"total": 82
},
"dependencies": {
"prod": 1,
"dev": 3215,
"optional": 41,
"peer": 386,
"peerOptional": 0,
"total": 3215
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 123 more (@babel/helper-create-class-features-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.27.4
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-transform-class-static-block@7.27.1
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 123 more (@babel/helper-create-class-features-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-transform-class-static-block@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-transform-class-static-block
npm WARN @babel/plugin-transform-class-static-block@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.27.4
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-transform-class-static-block@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-transform-class-static-block
npm WARN @babel/plugin-transform-class-static-block@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: fork-ts-checker-webpack-plugin@6.5.3
npm WARN Found: webpack@4.47.0
npm WARN node_modules/@storybook/builder-webpack4/node_modules/webpack
npm WARN webpack@"4" from @storybook/builder-webpack4@6.4.18
npm WARN node_modules/@storybook/builder-webpack4
npm WARN @storybook/builder-webpack4@"6.4.18" from @storybook/core-server@6.4.18
npm WARN node_modules/@storybook/core-server
npm WARN 5 more (@storybook/core-common, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer webpack@">= 4" from fork-ts-checker-webpack-plugin@6.5.3
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common/node_modules/fork-ts-checker-webpack-plugin
npm WARN fork-ts-checker-webpack-plugin@"^6.0.4" from @storybook/core-common@6.4.18
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common
npm WARN
npm WARN Conflicting peer dependency: webpack@5.99.9
npm WARN node_modules/webpack
npm WARN peer webpack@">= 4" from fork-ts-checker-webpack-plugin@6.5.3
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common/node_modules/fork-ts-checker-webpack-plugin
npm WARN fork-ts-checker-webpack-plugin@"^6.0.4" from @storybook/core-common@6.4.18
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common
--- stdout ---
{
"added": 3215,
"removed": 0,
"changed": 0,
"audited": 3216,
"funding": 394,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/codemod",
"@storybook/csf-tools",
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-controls",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": true,
"via": [
"@jest/transform",
"@storybook/components",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/addon-storysource": {
"name": "@storybook/addon-storysource",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/components",
"react-syntax-highlighter"
],
"effects": [],
"range": "<=7.6.0-beta.2",
"nodes": [
"node_modules/@storybook/addon-storysource"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/components",
"@storybook/core-common",
"@storybook/ui",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": true
},
"@storybook/cli": {
"name": "@storybook/cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/codemod",
"jscodeshift",
"update-notifier"
],
"effects": [
"storybook"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/cli"
],
"fixAvailable": {
"name": "storybook",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/codemod": {
"name": "@storybook/codemod",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx",
"@storybook/csf-tools",
"jscodeshift"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/codemod"
],
"fixAvailable": true
},
"@storybook/components": {
"name": "@storybook/components",
"severity": "moderate",
"isDirect": false,
"via": [
"react-syntax-highlighter"
],
"effects": [
"@storybook/addon-docs",
"@storybook/addon-storysource",
"@storybook/builder-webpack4",
"@storybook/ui"
],
"range": "4.2.0-alpha.1 - 6.5.9",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@storybook/components",
"node_modules/@storybook/builder-webpack4/node_modules/@storybook/components",
"node_modules/@storybook/components",
"node_modules/@storybook/ui/node_modules/@storybook/components"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-client": {
"name": "@storybook/core-client",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/ui"
],
"effects": [
"@storybook/core",
"@storybook/core-server"
],
"range": "<=6.5.9",
"nodes": [
"node_modules/@storybook/core-client"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/vue"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/@storybook/core-common",
"node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common",
"node_modules/@storybook/core-common",
"node_modules/@storybook/core-server/node_modules/@storybook/core-common",
"node_modules/@storybook/manager-webpack4/node_modules/@storybook/core-common",
"node_modules/@storybook/vue/node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/codemod",
"@storybook/core-server"
],
"range": "<=6.5.0-rc.1",
"nodes": [
"node_modules/@storybook/codemod/node_modules/@storybook/csf-tools",
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-common",
"@storybook/ui",
"css-loader",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": true
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"@storybook/ui": {
"name": "@storybook/ui",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/components"
],
"effects": [
"@storybook/core-client",
"@storybook/manager-webpack4"
],
"range": "4.2.0-alpha.1 - 6.5.9",
"nodes": [
"node_modules/@storybook/ui"
],
"fixAvailable": true
},
"@storybook/vue": {
"name": "@storybook/vue",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue",
"vue-docgen-loader",
"vue-loader",
"vue-template-compiler",
"webpack"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@storybook/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"@vue/component-compiler-utils": {
"name": "@vue/component-compiler-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"vue-loader"
],
"range": "*",
"nodes": [
"node_modules/@vue/component-compiler-utils"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"webdriverio",
"yarn-install"
],
"effects": [
"@wdio/junit-reporter",
"@wdio/local-runner",
"@wdio/spec-reporter"
],
"range": "5.4.10 - 8.45.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "<=8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli",
"@wdio/runner"
],
"effects": [],
"range": "<=8.45.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "6.0.4 - 8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"@wikimedia/wvui": {
"name": "@wikimedia/wvui",
"severity": "low",
"isDirect": true,
"via": [
"vue"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wikimedia/wvui"
],
"fixAvailable": false
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1105443,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=1.0.0 <=1.1.11"
},
{
"source": 1105444,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <=2.0.1"
}
],
"effects": [],
"range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
""
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/braces",
"node_modules/@storybook/builder-webpack4/node_modules/braces",
"node_modules/@storybook/codemod/node_modules/braces",
"node_modules/@storybook/core-common/node_modules/braces",
"node_modules/@storybook/core-server/node_modules/braces",
"node_modules/@storybook/manager-webpack4/node_modules/braces",
"node_modules/@storybook/vue/node_modules/braces",
"node_modules/cpy/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/vue-docgen-loader/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6",
"nodes": [
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/css-loader",
"node_modules/@storybook/manager-webpack4/node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"got": {
"name": "got",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088948,
"name": "got",
"dependency": "got",
"title": "Got allows a redirect to a UNIX socket",
"url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
"severity": "moderate",
"cwe": [],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<11.8.5"
}
],
"effects": [
"package-json"
],
"range": "<11.8.5",
"nodes": [
"node_modules/got"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/jest-haste-map"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"@storybook/cli",
"@storybook/codemod",
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/@storybook/codemod/node_modules/jscodeshift",
"node_modules/jscodeshift",
"node_modules/vue-docgen-loader/node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.4",
"isSemVerMajor": true
}
},
"jsdoc-wmf-theme": {
"name": "jsdoc-wmf-theme",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "<=0.0.12",
"nodes": [
"node_modules/jsdoc-wmf-theme"
],
"fixAvailable": {
"name": "jsdoc-wmf-theme",
"version": "1.1.0",
"isSemVerMajor": true
}
},
"latest-version": {
"name": "latest-version",
"severity": "moderate",
"isDirect": false,
"via": [
"package-json"
],
"effects": [
"update-notifier"
],
"range": "0.2.0 - 5.1.0",
"nodes": [
"node_modules/latest-version"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/micromatch",
"node_modules/@storybook/builder-webpack4/node_modules/micromatch",
"node_modules/@storybook/codemod/node_modules/micromatch",
"node_modules/@storybook/core-common/node_modules/micromatch",
"node_modules/@storybook/core-server/node_modules/micromatch",
"node_modules/@storybook/manager-webpack4/node_modules/micromatch",
"node_modules/@storybook/vue/node_modules/micromatch",
"node_modules/cpy/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/vue-docgen-loader/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"package-json": {
"name": "package-json",
"severity": "moderate",
"isDirect": false,
"via": [
"got"
],
"effects": [
"latest-version"
],
"range": "<=6.5.0",
"nodes": [
"node_modules/package-json"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"@vue/component-compiler-utils",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/@storybook/manager-webpack4/node_modules/postcss",
"node_modules/@vue/component-compiler-utils/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"prismjs": {
"name": "prismjs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1102459,
"name": "prismjs",
"dependency": "prismjs",
"title": "PrismJS DOM Clobbering vulnerability",
"url": "https://github.com/advisories/GHSA-x7hr-w5r2-h6wg",
"severity": "moderate",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 4.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"
},
"range": "<1.30.0"
}
],
"effects": [
"refractor"
],
"range": "<1.30.0",
"nodes": [
"node_modules/refractor/node_modules/prismjs"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/devtools/node_modules/puppeteer-core",
"node_modules/webdriverio/node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"react-syntax-highlighter": {
"name": "react-syntax-highlighter",
"severity": "moderate",
"isDirect": false,
"via": [
"refractor"
],
"effects": [
"@storybook/addon-storysource",
"@storybook/components"
],
"range": ">=6.0.0",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/react-syntax-highlighter",
"node_modules/react-syntax-highlighter"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"refractor": {
"name": "refractor",
"severity": "moderate",
"isDirect": false,
"via": [
"prismjs"
],
"effects": [
"react-syntax-highlighter"
],
"range": "<=4.6.0",
"nodes": [
"node_modules/refractor"
],
"fixAvailable": {
"name": "@storybook/addon-storysource",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"storybook": {
"name": "storybook",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/cli"
],
"effects": [],
"range": "5.3.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/storybook"
],
"fixAvailable": {
"name": "storybook",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc",
"jsdoc-wmf-theme"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc-wmf-theme",
"version": "1.1.0",
"isSemVerMajor": true
}
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104677,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
},
{
"source": 1105197,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.2",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"terser-webpack-plugin": {
"name": "terser-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"webpack"
],
"range": "<=2.2.1",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/terser-webpack-plugin",
"node_modules/@storybook/builder-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin",
"node_modules/@storybook/core-common/node_modules/terser-webpack-plugin",
"node_modules/@storybook/core-server/node_modules/terser-webpack-plugin",
"node_modules/@storybook/manager-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin",
"node_modules/@storybook/vue/node_modules/terser-webpack-plugin"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": {
"name": "@storybook/addon-docs",
"version": "9.0.9",
"isSemVerMajor": true
}
},
"update-notifier": {
"name": "update-notifier",
"severity": "moderate",
"isDirect": false,
"via": [
"latest-version"
],
"effects": [],
"range": "0.2.0 - 5.1.0",
"nodes": [
"node_modules/update-notifier"
],
"fixAvailable": true
},
"vue": {
"name": "vue",
"severity": "low",
"isDirect": true,
"via": [
{
"source": 1100238,
"name": "vue",
"dependency": "vue",
"title": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function",
"url": "https://github.com/advisories/GHSA-5j4c-8p2g-v4jx",
"severity": "low",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0-alpha.1 <3.0.0-alpha.0"
}
],
"effects": [
"@storybook/vue",
"@wikimedia/wvui"
],
"range": "2.0.0-alpha.1 - 2.7.16",
"nodes": [
"node_modules/vue"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"vue-loader": {
"name": "vue-loader",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/component-compiler-utils"
],
"effects": [
"@storybook/vue"
],
"range": "15.0.0-beta.1 - 15.11.1",
"nodes": [
"node_modules/vue-loader"
],
"fixAvailable": {
"name": "vue-loader",
"version": "17.4.2",
"isSemVerMajor": true
}
},
"vue-template-compiler": {
"name": "vue-template-compiler",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1098721,
"name": "vue-template-compiler",
"dependency": "vue-template-compiler",
"title": "vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)",
"url": "https://github.com/advisories/GHSA-g3ch-rx76-35fx",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 4.2,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
"range": ">=2.0.0 <3.0.0"
}
],
"effects": [
"@storybook/vue"
],
"range": ">=2.0.0",
"nodes": [
"node_modules/vue-template-compiler"
],
"fixAvailable": {
"name": "vue-template-compiler",
"version": "0.1.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/watchpack",
"node_modules/@storybook/builder-webpack4/node_modules/watchpack",
"node_modules/@storybook/core-common/node_modules/watchpack",
"node_modules/@storybook/core-server/node_modules/webpack/node_modules/watchpack",
"node_modules/@storybook/manager-webpack4/node_modules/watchpack",
"node_modules/@storybook/vue/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"terser-webpack-plugin",
"watchpack"
],
"effects": [
"@storybook/core-common",
"@storybook/core-server",
"@storybook/vue",
"terser-webpack-plugin"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/@storybook/addon-controls/node_modules/webpack",
"node_modules/@storybook/builder-webpack4/node_modules/webpack",
"node_modules/@storybook/core-common/node_modules/webpack",
"node_modules/@storybook/core-server/node_modules/webpack",
"node_modules/@storybook/manager-webpack4/node_modules/webpack",
"node_modules/@storybook/vue/node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/vue",
"version": "5.0.11",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/devtools/node_modules/ws",
"node_modules/webdriverio/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.15.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 3,
"moderate": 43,
"high": 36,
"critical": 0,
"total": 82
},
"dependencies": {
"prod": 1,
"dev": 3215,
"optional": 41,
"peer": 386,
"peerOptional": 0,
"total": 3215
}
}
}
}
--- end ---
{"added": 3215, "removed": 0, "changed": 0, "audited": 3216, "funding": 394, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["jest-haste-map"], "effects": ["@storybook/addon-docs"], "range": "<=26.6.2", "nodes": ["node_modules/@jest/transform"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "@mdx-js/mdx": {"name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": ["remark-mdx", "remark-parse"], "effects": ["@storybook/codemod", "@storybook/csf-tools", "@storybook/mdx1-csf"], "range": "<=1.6.22", "nodes": ["node_modules/@mdx-js/mdx"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "@storybook/addon-controls": {"name": "@storybook/addon-controls", "severity": "moderate", "isDirect": true, "via": ["@storybook/core-common"], "effects": [], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-controls"], "fixAvailable": {"name": "@storybook/addon-controls", "version": "9.0.8", "isSemVerMajor": true}}, "@storybook/addon-docs": {"name": "@storybook/addon-docs", "severity": "high", "isDirect": true, "via": ["@jest/transform", "@storybook/components", "@storybook/core-common", "@storybook/mdx1-csf"], "effects": [], "range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": ["node_modules/@storybook/addon-docs"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "@storybook/addon-storysource": {"name": "@storybook/addon-storysource", "severity": "moderate", "isDirect": true, "via": ["@storybook/components", "react-syntax-highlighter"], "effects": [], "range": "<=7.6.0-beta.2", "nodes": ["node_modules/@storybook/addon-storysource"], "fixAvailable": {"name": "@storybook/addon-storysource", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "isDirect": false, "via": ["@storybook/components", "@storybook/core-common", "@storybook/ui", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "webpack", "webpack-dev-middleware"], "effects": [], "range": "*", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": true}, "@storybook/cli": {"name": "@storybook/cli", "severity": "moderate", "isDirect": false, "via": ["@storybook/codemod", "jscodeshift", "update-notifier"], "effects": ["storybook"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/cli"], "fixAvailable": {"name": "storybook", "version": "9.0.9", "isSemVerMajor": true}}, "@storybook/codemod": {"name": "@storybook/codemod", "severity": "high", "isDirect": false, "via": ["@mdx-js/mdx", "@storybook/csf-tools", "jscodeshift"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/codemod"], "fixAvailable": true}, "@storybook/components": {"name": "@storybook/components", "severity": "moderate", "isDirect": false, "via": ["react-syntax-highlighter"], "effects": ["@storybook/addon-docs", "@storybook/addon-storysource", "@storybook/builder-webpack4", "@storybook/ui"], "range": "4.2.0-alpha.1 - 6.5.9", "nodes": ["node_modules/@storybook/addon-docs/node_modules/@storybook/components", "node_modules/@storybook/builder-webpack4/node_modules/@storybook/components", "node_modules/@storybook/components", "node_modules/@storybook/ui/node_modules/@storybook/components"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/core-client", "@storybook/core-server"], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core"], "fixAvailable": true}, "@storybook/core-client": {"name": "@storybook/core-client", "severity": "moderate", "isDirect": false, "via": ["@storybook/ui"], "effects": ["@storybook/core", "@storybook/core-server"], "range": "<=6.5.9", "nodes": ["node_modules/@storybook/core-client"], "fixAvailable": true}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/vue"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-controls/node_modules/@storybook/core-common", "node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common", "node_modules/@storybook/core-common", "node_modules/@storybook/core-server/node_modules/@storybook/core-common", "node_modules/@storybook/manager-webpack4/node_modules/@storybook/core-common", "node_modules/@storybook/vue/node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": ["@storybook/builder-webpack4", "@storybook/core-client", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "cpy", "ip", "webpack"], "effects": ["@storybook/core"], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": true}, "@storybook/csf-tools": {"name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": ["@mdx-js/mdx"], "effects": ["@storybook/codemod", "@storybook/core-server"], "range": "<=6.5.0-rc.1", "nodes": ["node_modules/@storybook/codemod/node_modules/@storybook/csf-tools", "node_modules/@storybook/csf-tools"], "fixAvailable": true}, "@storybook/manager-webpack4": {"name": "@storybook/manager-webpack4", "severity": "high", "isDirect": false, "via": ["@storybook/core-client", "@storybook/core-common", "@storybook/ui", "css-loader", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/manager-webpack4"], "fixAvailable": true}, "@storybook/mdx1-csf": {"name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": ["@mdx-js/mdx"], "effects": ["@storybook/addon-docs"], "range": "*", "nodes": ["node_modules/@storybook/mdx1-csf"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "@storybook/ui": {"name": "@storybook/ui", "severity": "moderate", "isDirect": false, "via": ["@storybook/components"], "effects": ["@storybook/core-client", "@storybook/manager-webpack4"], "range": "4.2.0-alpha.1 - 6.5.9", "nodes": ["node_modules/@storybook/ui"], "fixAvailable": true}, "@storybook/vue": {"name": "@storybook/vue", "severity": "high", "isDirect": true, "via": ["@storybook/core", "@storybook/core-common", "vue", "vue-docgen-loader", "vue-loader", "vue-template-compiler", "webpack"], "effects": [], "range": "*", "nodes": ["node_modules/@storybook/vue"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "@vue/component-compiler-utils": {"name": "@vue/component-compiler-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["vue-loader"], "range": "*", "nodes": ["node_modules/@vue/component-compiler-utils"], "fixAvailable": {"name": "vue-loader", "version": "17.4.2", "isSemVerMajor": true}}, "@wdio/cli": {"name": "@wdio/cli", "severity": "high", "isDirect": true, "via": ["webdriverio", "yarn-install"], "effects": ["@wdio/junit-reporter", "@wdio/local-runner", "@wdio/spec-reporter"], "range": "5.4.10 - 8.45.0", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/junit-reporter": {"name": "@wdio/junit-reporter", "severity": "high", "isDirect": true, "via": ["@wdio/cli"], "effects": [], "range": "<=8.0.0-alpha.631", "nodes": ["node_modules/@wdio/junit-reporter"], "fixAvailable": {"name": "@wdio/junit-reporter", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": ["@wdio/cli", "@wdio/runner"], "effects": [], "range": "<=8.45.0", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "high", "isDirect": false, "via": ["webdriverio"], "effects": ["@wdio/local-runner"], "range": "7.16.5 - 8.45.0", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/spec-reporter": {"name": "@wdio/spec-reporter", "severity": "high", "isDirect": true, "via": ["@wdio/cli"], "effects": [], "range": "6.0.4 - 8.0.0-alpha.631", "nodes": ["node_modules/@wdio/spec-reporter"], "fixAvailable": {"name": "@wdio/spec-reporter", "version": "9.15.0", "isSemVerMajor": true}}, "@wikimedia/wvui": {"name": "@wikimedia/wvui", "severity": "low", "isDirect": true, "via": ["vue"], "effects": [], "range": "*", "nodes": ["node_modules/@wikimedia/wvui"], "fixAvailable": false}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar", "sane"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "brace-expansion": {"name": "brace-expansion", "severity": "low", "isDirect": false, "via": [{"source": 1105443, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=1.0.0 <=1.1.11"}, {"source": 1105444, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <=2.0.1"}], "effects": [], "range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1", "nodes": ["", "", "", "", "", "", "", ""], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["node_modules/@storybook/addon-controls/node_modules/braces", "node_modules/@storybook/builder-webpack4/node_modules/braces", "node_modules/@storybook/codemod/node_modules/braces", "node_modules/@storybook/core-common/node_modules/braces", "node_modules/@storybook/core-server/node_modules/braces", "node_modules/@storybook/manager-webpack4/node_modules/braces", "node_modules/@storybook/vue/node_modules/braces", "node_modules/cpy/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/vue-docgen-loader/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["watchpack-chokidar2"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "cpy": {"name": "cpy", "severity": "moderate", "isDirect": false, "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": true}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["yarn-install"], "range": "<6.0.6", "nodes": ["node_modules/yarn-install/node_modules/cross-spawn"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/css-loader", "node_modules/@storybook/manager-webpack4/node_modules/css-loader"], "fixAvailable": true}, "devtools": {"name": "devtools", "severity": "high", "isDirect": false, "via": ["puppeteer-core"], "effects": [], "range": ">=7.16.5", "nodes": ["node_modules/devtools"], "fixAvailable": true}, "fast-glob": {"name": "fast-glob", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/cpy/node_modules/fast-glob"], "fixAvailable": true}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": true}, "globby": {"name": "globby", "severity": "moderate", "isDirect": false, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/cpy/node_modules/globby"], "fixAvailable": true}, "got": {"name": "got", "severity": "moderate", "isDirect": false, "via": [{"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}], "effects": ["package-json"], "range": "<11.8.5", "nodes": ["node_modules/got"], "fixAvailable": true}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "ip": {"name": "ip", "severity": "high", "isDirect": false, "via": [{"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/ip"], "fixAvailable": true}, "jest-haste-map": {"name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": ["sane"], "effects": ["@jest/transform"], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": ["node_modules/jest-haste-map"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "jscodeshift": {"name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["@storybook/cli", "@storybook/codemod", "vue-docgen-loader"], "range": "0.3.20 - 0.13.1", "nodes": ["node_modules/@storybook/codemod/node_modules/jscodeshift", "node_modules/jscodeshift", "node_modules/vue-docgen-loader/node_modules/jscodeshift"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "jsdoc": {"name": "jsdoc", "severity": "high", "isDirect": true, "via": ["taffydb"], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "4.0.4", "isSemVerMajor": true}}, "jsdoc-wmf-theme": {"name": "jsdoc-wmf-theme", "severity": "high", "isDirect": true, "via": ["taffydb"], "effects": [], "range": "<=0.0.12", "nodes": ["node_modules/jsdoc-wmf-theme"], "fixAvailable": {"name": "jsdoc-wmf-theme", "version": "1.1.0", "isSemVerMajor": true}}, "latest-version": {"name": "latest-version", "severity": "moderate", "isDirect": false, "via": ["package-json"], "effects": ["update-notifier"], "range": "0.2.0 - 5.1.0", "nodes": ["node_modules/latest-version"], "fixAvailable": true}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack"], "range": "<=4.0.7", "nodes": ["node_modules/@storybook/addon-controls/node_modules/micromatch", "node_modules/@storybook/builder-webpack4/node_modules/micromatch", "node_modules/@storybook/codemod/node_modules/micromatch", "node_modules/@storybook/core-common/node_modules/micromatch", "node_modules/@storybook/core-server/node_modules/micromatch", "node_modules/@storybook/manager-webpack4/node_modules/micromatch", "node_modules/@storybook/vue/node_modules/micromatch", "node_modules/cpy/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/vue-docgen-loader/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "mwbot": {"name": "mwbot", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["wdio-mediawiki"], "range": ">=0.1.6", "nodes": ["node_modules/mwbot"], "fixAvailable": false}, "package-json": {"name": "package-json", "severity": "moderate", "isDirect": false, "via": ["got"], "effects": ["latest-version"], "range": "<=6.5.0", "nodes": ["node_modules/package-json"], "fixAvailable": true}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["@storybook/builder-webpack4", "@vue/component-compiler-utils", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<8.4.31", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/@storybook/manager-webpack4/node_modules/postcss", "node_modules/@vue/component-compiler-utils/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": {"name": "vue-loader", "version": "17.4.2", "isSemVerMajor": true}}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "prismjs": {"name": "prismjs", "severity": "moderate", "isDirect": false, "via": [{"source": 1102459, "name": "prismjs", "dependency": "prismjs", "title": "PrismJS DOM Clobbering vulnerability", "url": "https://github.com/advisories/GHSA-x7hr-w5r2-h6wg", "severity": "moderate", "cwe": ["CWE-94"], "cvss": {"score": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}, "range": "<1.30.0"}], "effects": ["refractor"], "range": "<1.30.0", "nodes": ["node_modules/refractor/node_modules/prismjs"], "fixAvailable": {"name": "@storybook/addon-storysource", "version": "8.6.14", "isSemVerMajor": true}}, "puppeteer-core": {"name": "puppeteer-core", "severity": "high", "isDirect": false, "via": ["tar-fs", "ws"], "effects": ["devtools", "webdriverio"], "range": "10.0.0 - 22.11.1", "nodes": ["node_modules/devtools/node_modules/puppeteer-core", "node_modules/webdriverio/node_modules/puppeteer-core"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "react-syntax-highlighter": {"name": "react-syntax-highlighter", "severity": "moderate", "isDirect": false, "via": ["refractor"], "effects": ["@storybook/addon-storysource", "@storybook/components"], "range": ">=6.0.0", "nodes": ["node_modules/@storybook/addon-docs/node_modules/react-syntax-highlighter", "node_modules/react-syntax-highlighter"], "fixAvailable": {"name": "@storybook/addon-storysource", "version": "8.6.14", "isSemVerMajor": true}}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/watchpack-chokidar2/node_modules/readdirp"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "refractor": {"name": "refractor", "severity": "moderate", "isDirect": false, "via": ["prismjs"], "effects": ["react-syntax-highlighter"], "range": "<=4.6.0", "nodes": ["node_modules/refractor"], "fixAvailable": {"name": "@storybook/addon-storysource", "version": "8.6.14", "isSemVerMajor": true}}, "remark-mdx": {"name": "remark-mdx", "severity": "high", "isDirect": false, "via": ["remark-parse"], "effects": ["@mdx-js/mdx"], "range": "<=1.6.22", "nodes": ["node_modules/remark-mdx"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "remark-parse": {"name": "remark-parse", "severity": "high", "isDirect": false, "via": ["trim"], "effects": ["@mdx-js/mdx", "remark-mdx"], "range": "<=8.0.3", "nodes": ["node_modules/remark-parse"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["mwbot"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "sane": {"name": "sane", "severity": "moderate", "isDirect": false, "via": ["anymatch", "micromatch"], "effects": ["jest-haste-map"], "range": "1.5.0 - 4.1.0", "nodes": ["node_modules/sane"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "storybook": {"name": "storybook", "severity": "moderate", "isDirect": true, "via": ["@storybook/cli"], "effects": [], "range": "5.3.0 - 7.0.0-rc.11", "nodes": ["node_modules/storybook"], "fixAvailable": {"name": "storybook", "version": "9.0.9", "isSemVerMajor": true}}, "taffydb": {"name": "taffydb", "severity": "high", "isDirect": false, "via": [{"source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": ["CWE-20", "CWE-668"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<=2.7.3"}], "effects": ["jsdoc", "jsdoc-wmf-theme"], "range": "*", "nodes": ["node_modules/taffydb"], "fixAvailable": {"name": "jsdoc-wmf-theme", "version": "1.1.0", "isSemVerMajor": true}}, "tar-fs": {"name": "tar-fs", "severity": "high", "isDirect": false, "via": [{"source": 1104677, "name": "tar-fs", "dependency": "tar-fs", "title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File", "url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=2.0.0 <2.1.2"}, {"source": 1105197, "name": "tar-fs", "dependency": "tar-fs", "title": "tar-fs can extract outside the specified dir with a specific tarball", "url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 0, "vectorString": null}, "range": ">=2.0.0 <2.1.3"}], "effects": ["puppeteer-core"], "range": "2.0.0 - 2.1.2", "nodes": ["node_modules/tar-fs"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "terser-webpack-plugin": {"name": "terser-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["webpack"], "range": "<=2.2.1", "nodes": ["node_modules/@storybook/addon-controls/node_modules/terser-webpack-plugin", "node_modules/@storybook/builder-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin", "node_modules/@storybook/core-common/node_modules/terser-webpack-plugin", "node_modules/@storybook/core-server/node_modules/terser-webpack-plugin", "node_modules/@storybook/manager-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin", "node_modules/@storybook/vue/node_modules/terser-webpack-plugin"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}, "trim": {"name": "trim", "severity": "high", "isDirect": false, "via": [{"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}], "effects": ["remark-parse"], "range": "<0.0.3", "nodes": ["node_modules/trim"], "fixAvailable": {"name": "@storybook/addon-docs", "version": "9.0.9", "isSemVerMajor": true}}, "update-notifier": {"name": "update-notifier", "severity": "moderate", "isDirect": false, "via": ["latest-version"], "effects": [], "range": "0.2.0 - 5.1.0", "nodes": ["node_modules/update-notifier"], "fixAvailable": true}, "vue": {"name": "vue", "severity": "low", "isDirect": true, "via": [{"source": 1100238, "name": "vue", "dependency": "vue", "title": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function", "url": "https://github.com/advisories/GHSA-5j4c-8p2g-v4jx", "severity": "low", "cwe": ["CWE-1333"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0-alpha.1 <3.0.0-alpha.0"}], "effects": ["@storybook/vue", "@wikimedia/wvui"], "range": "2.0.0-alpha.1 - 2.7.16", "nodes": ["node_modules/vue"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "vue-docgen-loader": {"name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": ["jscodeshift"], "effects": ["@storybook/vue"], "range": "1.3.0-beta.0 - 2.0.0", "nodes": ["node_modules/vue-docgen-loader"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "vue-loader": {"name": "vue-loader", "severity": "moderate", "isDirect": true, "via": ["@vue/component-compiler-utils"], "effects": ["@storybook/vue"], "range": "15.0.0-beta.1 - 15.11.1", "nodes": ["node_modules/vue-loader"], "fixAvailable": {"name": "vue-loader", "version": "17.4.2", "isSemVerMajor": true}}, "vue-template-compiler": {"name": "vue-template-compiler", "severity": "moderate", "isDirect": true, "via": [{"source": 1098721, "name": "vue-template-compiler", "dependency": "vue-template-compiler", "title": "vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)", "url": "https://github.com/advisories/GHSA-g3ch-rx76-35fx", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}, "range": ">=2.0.0 <3.0.0"}], "effects": ["@storybook/vue"], "range": ">=2.0.0", "nodes": ["node_modules/vue-template-compiler"], "fixAvailable": {"name": "vue-template-compiler", "version": "0.1.0", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": ["webpack"], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/@storybook/addon-controls/node_modules/watchpack", "node_modules/@storybook/builder-webpack4/node_modules/watchpack", "node_modules/@storybook/core-common/node_modules/watchpack", "node_modules/@storybook/core-server/node_modules/webpack/node_modules/watchpack", "node_modules/@storybook/manager-webpack4/node_modules/watchpack", "node_modules/@storybook/vue/node_modules/watchpack"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "wdio-mediawiki": {"name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": ["mwbot"], "effects": [], "range": "*", "nodes": ["node_modules/wdio-mediawiki"], "fixAvailable": false}, "webdriverio": {"name": "webdriverio", "severity": "high", "isDirect": false, "via": ["devtools", "puppeteer-core"], "effects": ["@wdio/cli", "@wdio/runner"], "range": "7.16.5 - 8.45.0", "nodes": ["node_modules/webdriverio"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "webpack": {"name": "webpack", "severity": "high", "isDirect": false, "via": ["micromatch", "terser-webpack-plugin", "watchpack"], "effects": ["@storybook/core-common", "@storybook/core-server", "@storybook/vue", "terser-webpack-plugin"], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": ["node_modules/@storybook/addon-controls/node_modules/webpack", "node_modules/@storybook/builder-webpack4/node_modules/webpack", "node_modules/@storybook/core-common/node_modules/webpack", "node_modules/@storybook/core-server/node_modules/webpack", "node_modules/@storybook/manager-webpack4/node_modules/webpack", "node_modules/@storybook/vue/node_modules/webpack"], "fixAvailable": {"name": "@storybook/vue", "version": "5.0.11", "isSemVerMajor": true}}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}], "effects": ["@storybook/manager-webpack4"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": true}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.17.1"}], "effects": ["puppeteer-core"], "range": "8.0.0 - 8.17.0", "nodes": ["node_modules/devtools/node_modules/ws", "node_modules/webdriverio/node_modules/ws"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "yarn-install": {"name": "yarn-install", "severity": "high", "isDirect": false, "via": ["cross-spawn"], "effects": ["@wdio/cli"], "range": "*", "nodes": ["node_modules/yarn-install"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 3, "moderate": 43, "high": 36, "critical": 0, "total": 82}, "dependencies": {"prod": 1, "dev": 3215, "optional": 41, "peer": 386, "peerOptional": 0, "total": 3215}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 123 more (@babel/helper-create-class-features-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.27.4
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-transform-class-static-block@7.27.1
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 123 more (@babel/helper-create-class-features-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-transform-class-static-block@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-transform-class-static-block
npm WARN @babel/plugin-transform-class-static-block@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.27.4
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-transform-class-static-block@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-transform-class-static-block
npm WARN @babel/plugin-transform-class-static-block@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: fork-ts-checker-webpack-plugin@6.5.3
npm WARN Found: webpack@4.47.0
npm WARN node_modules/@storybook/builder-webpack4/node_modules/webpack
npm WARN webpack@"4" from @storybook/builder-webpack4@6.4.18
npm WARN node_modules/@storybook/builder-webpack4
npm WARN @storybook/builder-webpack4@"6.4.18" from @storybook/core-server@6.4.18
npm WARN node_modules/@storybook/core-server
npm WARN 5 more (@storybook/core-common, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer webpack@">= 4" from fork-ts-checker-webpack-plugin@6.5.3
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common/node_modules/fork-ts-checker-webpack-plugin
npm WARN fork-ts-checker-webpack-plugin@"^6.0.4" from @storybook/core-common@6.4.18
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common
npm WARN
npm WARN Conflicting peer dependency: webpack@5.99.9
npm WARN node_modules/webpack
npm WARN peer webpack@">= 4" from fork-ts-checker-webpack-plugin@6.5.3
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common/node_modules/fork-ts-checker-webpack-plugin
npm WARN fork-ts-checker-webpack-plugin@"^6.0.4" from @storybook/core-common@6.4.18
npm WARN node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common
npm WARN deprecated @types/easy-table@1.2.3: This is a stub types definition. easy-table provides its own type definitions, so you do not need this installed.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated move-concurrently@1.0.1: This package is no longer supported.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated figgy-pudding@3.5.2: This module is no longer supported.
npm WARN deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated npmlog@4.1.2: This package is no longer supported.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.12.1: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated copy-concurrently@1.0.5: This package is no longer supported.
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated consolidate@0.15.1: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated are-we-there-yet@1.1.7: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated fs-write-stream-atomic@1.0.10: This package is no longer supported.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated gauge@2.7.4: This package is no longer supported.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @storybook/vue@6.4.18: Vue2 will end-of-life on 2023-12-31, so we plan to remove support in Storybook's next major release. More info: https://github.com/storybookjs/storybook/discussions/24951
npm WARN deprecated vue@2.6.11: Vue 2 has reached EOL and is no longer actively maintained. See https://v2.vuejs.org/eol/ for more details.
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 3210 packages, and audited 3211 packages in 2m
394 packages are looking for funding
run `npm fund` for details
# npm audit report
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install @storybook/vue@5.0.11, which is a breaking change
node_modules/@storybook/addon-controls/node_modules/braces
node_modules/@storybook/builder-webpack4/node_modules/braces
node_modules/@storybook/codemod/node_modules/braces
node_modules/@storybook/core-common/node_modules/braces
node_modules/@storybook/core-server/node_modules/braces
node_modules/@storybook/manager-webpack4/node_modules/braces
node_modules/@storybook/vue/node_modules/braces
node_modules/cpy/node_modules/braces
node_modules/jscodeshift/node_modules/braces
node_modules/sane/node_modules/braces
node_modules/vue-docgen-loader/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/@storybook/addon-controls/node_modules/watchpack
node_modules/@storybook/builder-webpack4/node_modules/watchpack
node_modules/@storybook/core-common/node_modules/watchpack
node_modules/@storybook/core-server/node_modules/webpack/node_modules/watchpack
node_modules/@storybook/manager-webpack4/node_modules/watchpack
node_modules/@storybook/vue/node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of watchpack
node_modules/@storybook/addon-controls/node_modules/webpack
node_modules/@storybook/builder-webpack4/node_modules/webpack
node_modules/@storybook/core-common/node_modules/webpack
node_modules/@storybook/core-server/node_modules/webpack
node_modules/@storybook/manager-webpack4/node_modules/webpack
node_modules/@storybook/vue/node_modules/webpack
@storybook/core-common <=6.5.17-alpha.0
Depends on vulnerable versions of webpack
node_modules/@storybook/addon-controls/node_modules/@storybook/core-common
node_modules/@storybook/builder-webpack4/node_modules/@storybook/core-common
node_modules/@storybook/core-common
node_modules/@storybook/core-server/node_modules/@storybook/core-common
node_modules/@storybook/manager-webpack4/node_modules/@storybook/core-common
node_modules/@storybook/vue/node_modules/@storybook/core-common
@storybook/addon-controls 6.4.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-controls
@storybook/addon-docs <=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/mdx1-csf
node_modules/@storybook/addon-docs
@storybook/vue *
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-docgen-loader
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of webpack
node_modules/@storybook/vue
@storybook/core-server <=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3
Depends on vulnerable versions of @storybook/builder-webpack4
Depends on vulnerable versions of @storybook/core-client
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of @storybook/manager-webpack4
Depends on vulnerable versions of cpy
Depends on vulnerable versions of ip
Depends on vulnerable versions of webpack
node_modules/@storybook/core-server
@storybook/core 6.2.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-client
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
terser-webpack-plugin <=2.2.1
Depends on vulnerable versions of webpack
node_modules/@storybook/addon-controls/node_modules/terser-webpack-plugin
node_modules/@storybook/builder-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin
node_modules/@storybook/core-common/node_modules/terser-webpack-plugin
node_modules/@storybook/core-server/node_modules/terser-webpack-plugin
node_modules/@storybook/manager-webpack4/node_modules/webpack/node_modules/terser-webpack-plugin
node_modules/@storybook/vue/node_modules/terser-webpack-plugin
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/@storybook/addon-controls/node_modules/micromatch
node_modules/@storybook/builder-webpack4/node_modules/micromatch
node_modules/@storybook/codemod/node_modules/micromatch
node_modules/@storybook/core-common/node_modules/micromatch
node_modules/@storybook/core-server/node_modules/micromatch
node_modules/@storybook/manager-webpack4/node_modules/micromatch
node_modules/@storybook/vue/node_modules/micromatch
node_modules/cpy/node_modules/micromatch
node_modules/jscodeshift/node_modules/micromatch
node_modules/sane/node_modules/micromatch
node_modules/vue-docgen-loader/node_modules/micromatch
node_modules/watchpack-chokidar2/node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/sane/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
sane 1.5.0 - 4.1.0
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of micromatch
node_modules/sane
jest-haste-map 24.0.0-alpha.0 - 26.6.2
Depends on vulnerable versions of sane
node_modules/jest-haste-map
@jest/transform <=26.6.2
Depends on vulnerable versions of jest-haste-map
node_modules/@jest/transform
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/cpy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/cpy/node_modules/globby
cpy 7.0.0 - 8.1.2
Depends on vulnerable versions of globby
node_modules/cpy
fork-ts-checker-webpack-plugin 0.4.14 - 4.1.6
Depends on vulnerable versions of micromatch
node_modules/@storybook/builder-webpack4/node_modules/fork-ts-checker-webpack-plugin
jscodeshift 0.3.20 - 0.13.1
Depends on vulnerable versions of micromatch
node_modules/@storybook/codemod/node_modules/jscodeshift
node_modules/jscodeshift
node_modules/vue-docgen-loader/node_modules/jscodeshift
@storybook/cli <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/codemod
Depends on vulnerable versions of jscodeshift
Depends on vulnerable versions of update-notifier
node_modules/@storybook/cli
storybook 5.3.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/cli
node_modules/storybook
@storybook/codemod <=7.0.0-rc.11
Depends on vulnerable versions of @mdx-js/mdx
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of jscodeshift
node_modules/@storybook/codemod
vue-docgen-loader 1.3.0-beta.0 - 2.0.0
Depends on vulnerable versions of jscodeshift
node_modules/vue-docgen-loader
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/watchpack-chokidar2/node_modules/readdirp
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install @wdio/cli@9.15.0, which is a breaking change
node_modules/yarn-install/node_modules/cross-spawn
yarn-install *
Depends on vulnerable versions of cross-spawn
node_modules/yarn-install
@wdio/cli 5.4.10 - 8.45.0
Depends on vulnerable versions of webdriverio
Depends on vulnerable versions of yarn-install
node_modules/@wdio/cli
@wdio/junit-reporter <=8.0.0-alpha.631
Depends on vulnerable versions of @wdio/cli
node_modules/@wdio/junit-reporter
@wdio/local-runner <=8.45.0
Depends on vulnerable versions of @wdio/cli
Depends on vulnerable versions of @wdio/runner
node_modules/@wdio/local-runner
@wdio/spec-reporter 6.0.4 - 8.0.0-alpha.631
Depends on vulnerable versions of @wdio/cli
node_modules/@wdio/spec-reporter
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix`
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install vue-loader@17.4.2, which is a breaking change
node_modules/@storybook/builder-webpack4/node_modules/postcss
node_modules/@storybook/manager-webpack4/node_modules/postcss
node_modules/@vue/component-compiler-utils/node_modules/postcss
node_modules/autoprefixer/node_modules/postcss
node_modules/icss-utils/node_modules/postcss
node_modules/postcss-flexbugs-fixes/node_modules/postcss
node_modules/postcss-modules-extract-imports/node_modules/postcss
node_modules/postcss-modules-local-by-default/node_modules/postcss
node_modules/postcss-modules-scope/node_modules/postcss
node_modules/postcss-modules-values/node_modules/postcss
@storybook/builder-webpack4 *
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/ui
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-flexbugs-fixes
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/builder-webpack4
@vue/component-compiler-utils *
Depends on vulnerable versions of postcss
node_modules/@vue/component-compiler-utils
vue-loader 15.0.0-beta.1 - 15.11.1
Depends on vulnerable versions of @vue/component-compiler-utils
node_modules/vue-loader
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/@storybook/builder-webpack4/node_modules/css-loader
node_modules/@storybook/manager-webpack4/node_modules/css-loader
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-values
postcss-flexbugs-fixes <=4.2.1
Depends on vulnerable versions of postcss
node_modules/postcss-flexbugs-fixes
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
prismjs <1.30.0
Severity: moderate
PrismJS DOM Clobbering vulnerability - https://github.com/advisories/GHSA-x7hr-w5r2-h6wg
fix available via `npm audit fix --force`
Will install @storybook/addon-storysource@8.6.14, which is a breaking change
node_modules/refractor/node_modules/prismjs
refractor <=4.6.0
Depends on vulnerable versions of prismjs
node_modules/refractor
react-syntax-highlighter >=6.0.0
Depends on vulnerable versions of refractor
node_modules/@storybook/addon-docs/node_modules/react-syntax-highlighter
node_modules/react-syntax-highlighter
@storybook/addon-storysource <=7.6.0-beta.2
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of react-syntax-highlighter
node_modules/@storybook/addon-storysource
@storybook/components 4.2.0-alpha.1 - 6.5.9
Depends on vulnerable versions of react-syntax-highlighter
node_modules/@storybook/addon-docs/node_modules/@storybook/components
node_modules/@storybook/builder-webpack4/node_modules/@storybook/components
node_modules/@storybook/components
node_modules/@storybook/ui/node_modules/@storybook/components
@storybook/ui 4.2.0-alpha.1 - 6.5.9
Depends on vulnerable versions of @storybook/components
node_modules/@storybook/ui
@storybook/core-client <=6.5.9
Depends on vulnerable versions of @storybook/ui
node_modules/@storybook/core-client
@storybook/manager-webpack4 *
Depends on vulnerable versions of @storybook/core-client
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/ui
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/manager-webpack4
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
mwbot >=0.1.6
Depends on vulnerable versions of request
node_modules/mwbot
wdio-mediawiki *
Depends on vulnerable versions of mwbot
node_modules/wdio-mediawiki
taffydb *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
fix available via `npm audit fix --force`
Will install jsdoc@4.0.4, which is a breaking change
node_modules/taffydb
jsdoc 3.2.0-dev - 3.6.11
Depends on vulnerable versions of taffydb
node_modules/jsdoc
jsdoc-wmf-theme <=0.0.12
Depends on vulnerable versions of taffydb
node_modules/jsdoc-wmf-theme
tar-fs 2.0.0 - 2.1.2
Severity: high
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File - https://github.com/advisories/GHSA-pq67-2wwv-3xjx
tar-fs can extract outside the specified dir with a specific tarball - https://github.com/advisories/GHSA-8cj5-5rvv-wf4v
fix available via `npm audit fix --force`
Will install @wdio/cli@9.15.0, which is a breaking change
node_modules/tar-fs
puppeteer-core 10.0.0 - 22.11.1
Depends on vulnerable versions of tar-fs
Depends on vulnerable versions of ws
node_modules/devtools/node_modules/puppeteer-core
node_modules/webdriverio/node_modules/puppeteer-core
devtools >=7.16.5
Depends on vulnerable versions of puppeteer-core
node_modules/devtools
webdriverio 7.16.5 - 8.45.0
Depends on vulnerable versions of devtools
Depends on vulnerable versions of puppeteer-core
node_modules/webdriverio
@wdio/runner 7.16.5 - 8.45.0
Depends on vulnerable versions of webdriverio
node_modules/@wdio/runner
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix --force`
Will install @storybook/addon-docs@9.0.9, which is a breaking change
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
@storybook/csf-tools <=6.5.0-rc.1
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/codemod/node_modules/@storybook/csf-tools
node_modules/@storybook/csf-tools
@storybook/mdx1-csf *
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/mdx1-csf
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
vue 2.0.0-alpha.1 - 2.7.16
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function - https://github.com/advisories/GHSA-5j4c-8p2g-v4jx
fix available via `npm audit fix --force`
Will install @storybook/vue@5.0.11, which is a breaking change
node_modules/vue
@wikimedia/wvui *
Depends on vulnerable versions of vue
node_modules/@wikimedia/wvui
vue-template-compiler >=2.0.0
Severity: moderate
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-g3ch-rx76-35fx
fix available via `npm audit fix --force`
Will install vue-template-compiler@0.1.0, which is a breaking change
node_modules/vue-template-compiler
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix`
node_modules/webpack-dev-middleware
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install @wdio/cli@9.15.0, which is a breaking change
node_modules/devtools/node_modules/ws
node_modules/webdriverio/node_modules/ws
81 vulnerabilities (2 low, 43 moderate, 36 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 123 more (@babel/helper-create-class-features-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.27.4
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @babel/plugin-transform-class-static-block@7.27.1
npm WARN Found: @babel/core@7.11.6
npm WARN node_modules/@babel/core
npm WARN dev @babel/core@"7.11.6" from the root project
npm WARN 123 more (@babel/helper-create-class-features-plugin, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-transform-class-static-block@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-transform-class-static-block
npm WARN @babel/plugin-transform-class-static-block@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN
npm WARN Conflicting peer dependency: @babel/core@7.27.4
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.12.0" from @babel/plugin-transform-class-static-block@7.27.1
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-transform-class-static-block
npm WARN @babel/plugin-transform-class-static-block@"^7.27.1" from @babel/preset-env@7.27.1
npm WARN node_modules/@babel/preset-env
npm WARN deprecated @types/easy-table@1.2.3: This is a stub types definition. easy-table provides its own type definitions, so you do not need this installed.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated move-concurrently@1.0.1: This package is no longer supported.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated figgy-pudding@3.5.2: This module is no longer supported.
npm WARN deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated npmlog@4.1.2: This package is no longer supported.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.12.1: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated copy-concurrently@1.0.5: This package is no longer supported.
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated consolidate@0.15.1: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated are-we-there-yet@1.1.7: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated fs-write-stream-atomic@1.0.10: This package is no longer supported.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated gauge@3.0.2: This package is no longer supported.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated gauge@2.7.4: This package is no longer supported.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @storybook/vue@6.4.18: Vue2 will end-of-life on 2023-12-31, so we plan to remove support in Storybook's next major release. More info: https://github.com/storybookjs/storybook/discussions/24951
npm WARN deprecated vue@2.6.11: Vue 2 has reached EOL and is no longer actively maintained. See https://v2.vuejs.org/eol/ for more details.
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 3210 packages, and audited 3211 packages in 2m
394 packages are looking for funding
run `npm fund` for details
81 vulnerabilities (2 low, 43 moderate, 36 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> npm run lint
> lint
> npm run lint:eslint && npm run lint:styles && npm run lint:i18n
> lint:eslint
> eslint --cache --max-warnings 0 .
> lint:styles
> stylelint '**/*.{css,less}'
> lint:i18n
> banana-checker --requireLowerCase=0 i18n/
Checked 1 message directory.
--- end ---
{"1096729": {"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}}
{}
{"1096729": {"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}, "1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{}
{"1096729": {"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}, "1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{}
{"1096729": {"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}}
{}
{}
{"1105443": {"source": 1105443, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=1.0.0 <=1.1.11"}, "1105444": {"source": 1105444, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <=2.0.1"}}
Upgrading n:brace-expansion from 1.1.11, 2.0.1 -> 1.1.12, 2.0.2
{}
{}
{}
{}
{}
{}
{"1088948": {"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}}
{}
{"1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{"1088948": {"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}}
{"1088948": {"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}}
{}
{}
{}
{}
{}
{"1088948": {"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}}
{"1096729": {"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating brace-expansion to 1.1.12, 2.0.2
* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpw54ig54u
--- stdout ---
[REL1_39 d613fd7] build: Updating brace-expansion to 1.1.12, 2.0.2
1 file changed, 27 insertions(+), 29 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From d613fd75619ada5403e5010ffd15e97943b06316 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 15 Jun 2025 07:46:06 +0000
Subject: [PATCH] build: Updating brace-expansion to 1.1.12, 2.0.2
* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
Change-Id: I60296a8d7c8a71bdda546d24705e1dac0e6a86f2
---
package-lock.json | 56 +++++++++++++++++++++++------------------------
1 file changed, 27 insertions(+), 29 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index fd8affd..f2ecbf2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15574,9 +15574,9 @@
}
},
"node_modules/@wdio/config/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -19422,9 +19422,9 @@
}
},
"node_modules/brace-expansion": {
- "version": "1.1.11",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
- "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+ "version": "1.1.12",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+ "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -23656,11 +23656,10 @@
}
},
"node_modules/eslint-config-wikimedia/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0"
}
@@ -23983,11 +23982,10 @@
}
},
"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0"
}
@@ -25304,9 +25302,9 @@
}
},
"node_modules/filelist/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -32721,9 +32719,9 @@
"dev": true
},
"node_modules/mocha/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -35528,9 +35526,9 @@
}
},
"node_modules/readdir-glob/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -41130,9 +41128,9 @@
}
},
"node_modules/webdriverio/node_modules/brace-expansion": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
- "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+ "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0"
@@ -41501,9 +41499,9 @@
"dev": true
},
"node_modules/webpack": {
- "version": "5.99.8",
- "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.99.8.tgz",
- "integrity": "sha512-lQ3CPiSTpfOnrEGeXDwoq5hIGzSjmwD72GdfVzF7CQAI7t47rJG9eDWvcEkEn3CUQymAElVvDg3YNTlCYj+qUQ==",
+ "version": "5.99.9",
+ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.99.9.tgz",
+ "integrity": "sha512-brOPwM3JnmOa+7kd3NsmOUOwbDAj8FT9xDsG3IW0MgbN9yZV7Oi/s/+MNQ/EcSMqw7qfoRyXPoeEWT8zLVdVGg==",
"dev": true,
"peer": true,
"dependencies": {
--
2.39.5
--- end ---