This run took 87 seconds.
$ date
--- stdout ---
Fri Aug 15 06:59:09 UTC 2025
--- end ---
$ git clone file:///srv/git/wikimedia-portals.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'prod' (https://gerrit.wikimedia.org/r/wikimedia/portals/deploy) registered for path 'prod'
Cloning into '/src/repo/prod'...
--- stdout ---
Submodule path 'prod': checked out 'ae1009042ab69b0ea76ce04463cb917416567f94'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
786e32855a31fd5956d653456b41527d4457c994 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"glob-watcher"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/anymatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/anymatch/node_modules/braces",
"node_modules/chokidar/node_modules/braces",
"node_modules/liftoff/node_modules/braces",
"node_modules/matchdep/node_modules/braces",
"node_modules/readdirp/node_modules/braces"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.12",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"glob-watcher"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"isDirect": false,
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/css-color-function/node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089718,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/css-color-function/node_modules/color-string"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-declaration-sorter": {
"name": "css-declaration-sorter",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.1.2",
"nodes": [
"node_modules/css-declaration-sorter"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "moderate",
"isDirect": true,
"via": [
"cssnano-preset-default",
"postcss"
],
"effects": [],
"range": "<=4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "moderate",
"isDirect": false,
"via": [
"css-declaration-sorter",
"cssnano-util-raw-cache",
"postcss",
"postcss-calc",
"postcss-colormin",
"postcss-convert-values",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-svgo",
"postcss-unique-selectors"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"cssnano-util-raw-cache": {
"name": "cssnano-util-raw-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/cssnano-util-raw-cache"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"liftoff",
"matchdep"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/liftoff/node_modules/findup-sync",
"node_modules/matchdep/node_modules/findup-sync"
],
"fixAvailable": true
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"chokidar"
],
"effects": [
"gulp"
],
"range": "5.0.0 - 5.0.5",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"isDirect": true,
"via": [
"glob-watcher",
"gulp-cli"
],
"effects": [],
"range": "4.0.0 - 4.0.2",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"gulp-cli": {
"name": "gulp-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"liftoff",
"matchdep"
],
"effects": [],
"range": "1.3.0 - 2.3.0",
"nodes": [
"node_modules/gulp-cli"
],
"fixAvailable": true
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "high",
"isDirect": true,
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-htmlmin": {
"name": "gulp-htmlmin",
"severity": "high",
"isDirect": true,
"via": [
"html-minifier"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-htmlmin"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "high",
"isDirect": true,
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"html-minifier": {
"name": "html-minifier",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1105440,
"name": "html-minifier",
"dependency": "html-minifier",
"title": "kangax html-minifier REDoS vulnerability",
"url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=4.0.0"
}
],
"effects": [
"gulp-htmlmin"
],
"range": "*",
"nodes": [
"node_modules/html-minifier"
],
"fixAvailable": false
},
"liftoff": {
"name": "liftoff",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync"
],
"effects": [
"gulp-cli"
],
"range": "2.2.3 - 3.1.0",
"nodes": [
"node_modules/liftoff"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106907,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106902,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util",
"postcss-initial"
],
"range": "*",
"nodes": [
"node_modules/lodash.template",
"node_modules/postcss-initial/node_modules/lodash.template"
],
"fixAvailable": false
},
"matchdep": {
"name": "matchdep",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync",
"micromatch"
],
"effects": [
"gulp-cli"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/matchdep"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"matchdep",
"readdirp"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/anymatch/node_modules/micromatch",
"node_modules/liftoff/node_modules/micromatch",
"node_modules/matchdep/node_modules/micromatch",
"node_modules/readdirp/node_modules/micromatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/css-select/node_modules/nth-check",
"node_modules/svgo/node_modules/nth-check"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1093539,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<7.0.36"
},
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"css-declaration-sorter",
"cssnano",
"cssnano-preset-default",
"cssnano-util-raw-cache",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-colormin",
"postcss-convert-values",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-nesting",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not",
"postcss-svgo",
"postcss-unique-selectors",
"stylehacks"
],
"range": "<=8.4.30",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-declaration-sorter/node_modules/postcss",
"node_modules/cssnano-preset-default/node_modules/postcss",
"node_modules/cssnano-util-raw-cache/node_modules/postcss",
"node_modules/cssnano/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-colormin/node_modules/postcss",
"node_modules/postcss-convert-values/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-discard-comments/node_modules/postcss",
"node_modules/postcss-discard-duplicates/node_modules/postcss",
"node_modules/postcss-discard-empty/node_modules/postcss",
"node_modules/postcss-discard-overridden/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-merge-longhand/node_modules/postcss",
"node_modules/postcss-merge-rules/node_modules/postcss",
"node_modules/postcss-minify-font-values/node_modules/postcss",
"node_modules/postcss-minify-gradients/node_modules/postcss",
"node_modules/postcss-minify-params/node_modules/postcss",
"node_modules/postcss-minify-selectors/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-normalize-charset/node_modules/postcss",
"node_modules/postcss-normalize-display-values/node_modules/postcss",
"node_modules/postcss-normalize-positions/node_modules/postcss",
"node_modules/postcss-normalize-repeat-style/node_modules/postcss",
"node_modules/postcss-normalize-string/node_modules/postcss",
"node_modules/postcss-normalize-timing-functions/node_modules/postcss",
"node_modules/postcss-normalize-unicode/node_modules/postcss",
"node_modules/postcss-normalize-url/node_modules/postcss",
"node_modules/postcss-normalize-whitespace/node_modules/postcss",
"node_modules/postcss-ordered-values/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-reduce-initial/node_modules/postcss",
"node_modules/postcss-reduce-transforms/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss",
"node_modules/postcss-svgo/node_modules/postcss",
"node_modules/postcss-unique-selectors/node_modules/postcss",
"node_modules/stylehacks/node_modules/postcss"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-calc": {
"name": "postcss-calc",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.1.0 - 7.0.5",
"nodes": [
"node_modules/postcss-calc",
"node_modules/postcss-cssnext/node_modules/postcss-calc"
],
"fixAvailable": true
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": true
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": false
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-colormin": {
"name": "postcss-colormin",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-colormin"
],
"fixAvailable": true
},
"postcss-convert-values": {
"name": "postcss-convert-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-convert-values"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"postcss-selector-matches"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-discard-comments": {
"name": "postcss-discard-comments",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-discard-comments"
],
"fixAvailable": true
},
"postcss-discard-duplicates": {
"name": "postcss-discard-duplicates",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.2",
"nodes": [
"node_modules/postcss-discard-duplicates"
],
"fixAvailable": true
},
"postcss-discard-empty": {
"name": "postcss-discard-empty",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-discard-empty"
],
"fixAvailable": true
},
"postcss-discard-overridden": {
"name": "postcss-discard-overridden",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-discard-overridden"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template",
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.2 || 4.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-merge-longhand": {
"name": "postcss-merge-longhand",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"stylehacks"
],
"effects": [],
"range": "<=4.0.11",
"nodes": [
"node_modules/postcss-merge-longhand"
],
"fixAvailable": true
},
"postcss-merge-rules": {
"name": "postcss-merge-rules",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-merge-rules"
],
"fixAvailable": true
},
"postcss-minify-font-values": {
"name": "postcss-minify-font-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-font-values"
],
"fixAvailable": true
},
"postcss-minify-gradients": {
"name": "postcss-minify-gradients",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-gradients"
],
"fixAvailable": true
},
"postcss-minify-params": {
"name": "postcss-minify-params",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-params"
],
"fixAvailable": true
},
"postcss-minify-selectors": {
"name": "postcss-minify-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-selectors"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-normalize-charset": {
"name": "postcss-normalize-charset",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-charset"
],
"fixAvailable": true
},
"postcss-normalize-display-values": {
"name": "postcss-normalize-display-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-display-values"
],
"fixAvailable": true
},
"postcss-normalize-positions": {
"name": "postcss-normalize-positions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-positions"
],
"fixAvailable": true
},
"postcss-normalize-repeat-style": {
"name": "postcss-normalize-repeat-style",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-repeat-style"
],
"fixAvailable": true
},
"postcss-normalize-string": {
"name": "postcss-normalize-string",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-string"
],
"fixAvailable": true
},
"postcss-normalize-timing-functions": {
"name": "postcss-normalize-timing-functions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-timing-functions"
],
"fixAvailable": true
},
"postcss-normalize-unicode": {
"name": "postcss-normalize-unicode",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-unicode"
],
"fixAvailable": true
},
"postcss-normalize-url": {
"name": "postcss-normalize-url",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-normalize-url"
],
"fixAvailable": true
},
"postcss-normalize-whitespace": {
"name": "postcss-normalize-whitespace",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-whitespace"
],
"fixAvailable": true
},
"postcss-ordered-values": {
"name": "postcss-ordered-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/postcss-ordered-values"
],
"fixAvailable": true
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-reduce-initial": {
"name": "postcss-reduce-initial",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-reduce-initial"
],
"fixAvailable": true
},
"postcss-reduce-transforms": {
"name": "postcss-reduce-transforms",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-reduce-transforms"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"postcss",
"svgo"
],
"effects": [],
"range": "<=5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"postcss-unique-selectors": {
"name": "postcss-unique-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-unique-selectors"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/readdirp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"stylehacks": {
"name": "stylehacks",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-merge-longhand"
],
"range": "<=4.0.3",
"nodes": [
"node_modules/stylehacks"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 68,
"high": 20,
"critical": 0,
"total": 88
},
"dependencies": {
"prod": 1,
"dev": 1538,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1538
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"glob-watcher"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/anymatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/anymatch/node_modules/braces",
"node_modules/chokidar/node_modules/braces",
"node_modules/liftoff/node_modules/braces",
"node_modules/matchdep/node_modules/braces",
"node_modules/readdirp/node_modules/braces"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.12",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"glob-watcher"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"isDirect": false,
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/css-color-function/node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089718,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/css-color-function/node_modules/color-string"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-declaration-sorter": {
"name": "css-declaration-sorter",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.1.2",
"nodes": [
"node_modules/css-declaration-sorter"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "moderate",
"isDirect": true,
"via": [
"cssnano-preset-default",
"postcss"
],
"effects": [],
"range": "<=4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "moderate",
"isDirect": false,
"via": [
"css-declaration-sorter",
"cssnano-util-raw-cache",
"postcss",
"postcss-calc",
"postcss-colormin",
"postcss-convert-values",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-svgo",
"postcss-unique-selectors"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"cssnano-util-raw-cache": {
"name": "cssnano-util-raw-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/cssnano-util-raw-cache"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"liftoff",
"matchdep"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/liftoff/node_modules/findup-sync",
"node_modules/matchdep/node_modules/findup-sync"
],
"fixAvailable": true
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"chokidar"
],
"effects": [
"gulp"
],
"range": "5.0.0 - 5.0.5",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"isDirect": true,
"via": [
"glob-watcher",
"gulp-cli"
],
"effects": [],
"range": "4.0.0 - 4.0.2",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"gulp-cli": {
"name": "gulp-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"liftoff",
"matchdep"
],
"effects": [],
"range": "1.3.0 - 2.3.0",
"nodes": [
"node_modules/gulp-cli"
],
"fixAvailable": true
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "high",
"isDirect": true,
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-htmlmin": {
"name": "gulp-htmlmin",
"severity": "high",
"isDirect": true,
"via": [
"html-minifier"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-htmlmin"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "high",
"isDirect": true,
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"html-minifier": {
"name": "html-minifier",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1105440,
"name": "html-minifier",
"dependency": "html-minifier",
"title": "kangax html-minifier REDoS vulnerability",
"url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=4.0.0"
}
],
"effects": [
"gulp-htmlmin"
],
"range": "*",
"nodes": [
"node_modules/html-minifier"
],
"fixAvailable": false
},
"liftoff": {
"name": "liftoff",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync"
],
"effects": [
"gulp-cli"
],
"range": "2.2.3 - 3.1.0",
"nodes": [
"node_modules/liftoff"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106907,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106902,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util",
"postcss-initial"
],
"range": "*",
"nodes": [
"node_modules/lodash.template",
"node_modules/postcss-initial/node_modules/lodash.template"
],
"fixAvailable": false
},
"matchdep": {
"name": "matchdep",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync",
"micromatch"
],
"effects": [
"gulp-cli"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/matchdep"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"matchdep",
"readdirp"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/anymatch/node_modules/micromatch",
"node_modules/liftoff/node_modules/micromatch",
"node_modules/matchdep/node_modules/micromatch",
"node_modules/readdirp/node_modules/micromatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/css-select/node_modules/nth-check",
"node_modules/svgo/node_modules/nth-check"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1093539,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<7.0.36"
},
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"css-declaration-sorter",
"cssnano",
"cssnano-preset-default",
"cssnano-util-raw-cache",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-colormin",
"postcss-convert-values",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-nesting",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not",
"postcss-svgo",
"postcss-unique-selectors",
"stylehacks"
],
"range": "<=8.4.30",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-declaration-sorter/node_modules/postcss",
"node_modules/cssnano-preset-default/node_modules/postcss",
"node_modules/cssnano-util-raw-cache/node_modules/postcss",
"node_modules/cssnano/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-colormin/node_modules/postcss",
"node_modules/postcss-convert-values/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-discard-comments/node_modules/postcss",
"node_modules/postcss-discard-duplicates/node_modules/postcss",
"node_modules/postcss-discard-empty/node_modules/postcss",
"node_modules/postcss-discard-overridden/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-merge-longhand/node_modules/postcss",
"node_modules/postcss-merge-rules/node_modules/postcss",
"node_modules/postcss-minify-font-values/node_modules/postcss",
"node_modules/postcss-minify-gradients/node_modules/postcss",
"node_modules/postcss-minify-params/node_modules/postcss",
"node_modules/postcss-minify-selectors/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-normalize-charset/node_modules/postcss",
"node_modules/postcss-normalize-display-values/node_modules/postcss",
"node_modules/postcss-normalize-positions/node_modules/postcss",
"node_modules/postcss-normalize-repeat-style/node_modules/postcss",
"node_modules/postcss-normalize-string/node_modules/postcss",
"node_modules/postcss-normalize-timing-functions/node_modules/postcss",
"node_modules/postcss-normalize-unicode/node_modules/postcss",
"node_modules/postcss-normalize-url/node_modules/postcss",
"node_modules/postcss-normalize-whitespace/node_modules/postcss",
"node_modules/postcss-ordered-values/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-reduce-initial/node_modules/postcss",
"node_modules/postcss-reduce-transforms/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss",
"node_modules/postcss-svgo/node_modules/postcss",
"node_modules/postcss-unique-selectors/node_modules/postcss",
"node_modules/stylehacks/node_modules/postcss"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-calc": {
"name": "postcss-calc",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.1.0 - 7.0.5",
"nodes": [
"node_modules/postcss-calc",
"node_modules/postcss-cssnext/node_modules/postcss-calc"
],
"fixAvailable": true
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": false
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": true
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-colormin": {
"name": "postcss-colormin",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-colormin"
],
"fixAvailable": true
},
"postcss-convert-values": {
"name": "postcss-convert-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-convert-values"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"postcss-selector-matches"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-discard-comments": {
"name": "postcss-discard-comments",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-discard-comments"
],
"fixAvailable": true
},
"postcss-discard-duplicates": {
"name": "postcss-discard-duplicates",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.2",
"nodes": [
"node_modules/postcss-discard-duplicates"
],
"fixAvailable": true
},
"postcss-discard-empty": {
"name": "postcss-discard-empty",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-discard-empty"
],
"fixAvailable": true
},
"postcss-discard-overridden": {
"name": "postcss-discard-overridden",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-discard-overridden"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template",
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.2 || 4.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-merge-longhand": {
"name": "postcss-merge-longhand",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"stylehacks"
],
"effects": [],
"range": "<=4.0.11",
"nodes": [
"node_modules/postcss-merge-longhand"
],
"fixAvailable": true
},
"postcss-merge-rules": {
"name": "postcss-merge-rules",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-merge-rules"
],
"fixAvailable": true
},
"postcss-minify-font-values": {
"name": "postcss-minify-font-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-font-values"
],
"fixAvailable": true
},
"postcss-minify-gradients": {
"name": "postcss-minify-gradients",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-gradients"
],
"fixAvailable": true
},
"postcss-minify-params": {
"name": "postcss-minify-params",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-params"
],
"fixAvailable": true
},
"postcss-minify-selectors": {
"name": "postcss-minify-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-selectors"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-normalize-charset": {
"name": "postcss-normalize-charset",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-charset"
],
"fixAvailable": true
},
"postcss-normalize-display-values": {
"name": "postcss-normalize-display-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-display-values"
],
"fixAvailable": true
},
"postcss-normalize-positions": {
"name": "postcss-normalize-positions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-positions"
],
"fixAvailable": true
},
"postcss-normalize-repeat-style": {
"name": "postcss-normalize-repeat-style",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-repeat-style"
],
"fixAvailable": true
},
"postcss-normalize-string": {
"name": "postcss-normalize-string",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-string"
],
"fixAvailable": true
},
"postcss-normalize-timing-functions": {
"name": "postcss-normalize-timing-functions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-timing-functions"
],
"fixAvailable": true
},
"postcss-normalize-unicode": {
"name": "postcss-normalize-unicode",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-unicode"
],
"fixAvailable": true
},
"postcss-normalize-url": {
"name": "postcss-normalize-url",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-normalize-url"
],
"fixAvailable": true
},
"postcss-normalize-whitespace": {
"name": "postcss-normalize-whitespace",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-whitespace"
],
"fixAvailable": true
},
"postcss-ordered-values": {
"name": "postcss-ordered-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/postcss-ordered-values"
],
"fixAvailable": true
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-reduce-initial": {
"name": "postcss-reduce-initial",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-reduce-initial"
],
"fixAvailable": true
},
"postcss-reduce-transforms": {
"name": "postcss-reduce-transforms",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-reduce-transforms"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"postcss",
"svgo"
],
"effects": [],
"range": "<=5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"postcss-unique-selectors": {
"name": "postcss-unique-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-unique-selectors"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/readdirp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"stylehacks": {
"name": "stylehacks",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-merge-longhand"
],
"range": "<=4.0.3",
"nodes": [
"node_modules/stylehacks"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 68,
"high": 20,
"critical": 0,
"total": 88
},
"dependencies": {
"prod": 1,
"dev": 1538,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1538
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.2.1',
npm WARN EBADENGINE required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1538,
"removed": 0,
"changed": 0,
"audited": 1539,
"funding": 210,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"glob-watcher"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/anymatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 8.6.5",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/anymatch/node_modules/braces",
"node_modules/chokidar/node_modules/braces",
"node_modules/liftoff/node_modules/braces",
"node_modules/matchdep/node_modules/braces",
"node_modules/readdirp/node_modules/braces"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"cheerio": {
"name": "cheerio",
"severity": "high",
"isDirect": false,
"via": [
"css-select",
"lodash.pick"
],
"effects": [
"gulp-inline"
],
"range": "0.19.0 - 1.0.0-rc.12",
"nodes": [
"node_modules/cheerio"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"glob-watcher"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/chokidar"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"color": {
"name": "color",
"severity": "moderate",
"isDirect": false,
"via": [
"color-string"
],
"effects": [
"css-color-function"
],
"range": "<=0.11.4",
"nodes": [
"node_modules/css-color-function/node_modules/color"
],
"fixAvailable": true
},
"color-string": {
"name": "color-string",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1089718,
"name": "color-string",
"dependency": "color-string",
"title": "Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.5.5"
}
],
"effects": [
"color"
],
"range": "<1.5.5",
"nodes": [
"node_modules/css-color-function/node_modules/color-string"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"css-color-function": {
"name": "css-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"color"
],
"effects": [
"postcss-color-function"
],
"range": "*",
"nodes": [
"node_modules/css-color-function"
],
"fixAvailable": true
},
"css-declaration-sorter": {
"name": "css-declaration-sorter",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.1.2",
"nodes": [
"node_modules/css-declaration-sorter"
],
"fixAvailable": true
},
"css-select": {
"name": "css-select",
"severity": "high",
"isDirect": false,
"via": [
"nth-check"
],
"effects": [
"cheerio",
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select",
"node_modules/svgo/node_modules/css-select"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"cssnano": {
"name": "cssnano",
"severity": "moderate",
"isDirect": true,
"via": [
"cssnano-preset-default",
"postcss"
],
"effects": [],
"range": "<=4.1.11",
"nodes": [
"node_modules/cssnano"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"cssnano-preset-default": {
"name": "cssnano-preset-default",
"severity": "moderate",
"isDirect": false,
"via": [
"css-declaration-sorter",
"cssnano-util-raw-cache",
"postcss",
"postcss-calc",
"postcss-colormin",
"postcss-convert-values",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-svgo",
"postcss-unique-selectors"
],
"effects": [
"cssnano"
],
"range": "<=4.0.8",
"nodes": [
"node_modules/cssnano-preset-default"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"cssnano-util-raw-cache": {
"name": "cssnano-util-raw-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/cssnano-util-raw-cache"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"liftoff",
"matchdep"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/liftoff/node_modules/findup-sync",
"node_modules/matchdep/node_modules/findup-sync"
],
"fixAvailable": true
},
"glob-watcher": {
"name": "glob-watcher",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"chokidar"
],
"effects": [
"gulp"
],
"range": "5.0.0 - 5.0.5",
"nodes": [
"node_modules/glob-watcher"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"gulp": {
"name": "gulp",
"severity": "high",
"isDirect": true,
"via": [
"glob-watcher",
"gulp-cli"
],
"effects": [],
"range": "4.0.0 - 4.0.2",
"nodes": [
"node_modules/gulp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"gulp-cli": {
"name": "gulp-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"liftoff",
"matchdep"
],
"effects": [],
"range": "1.3.0 - 2.3.0",
"nodes": [
"node_modules/gulp-cli"
],
"fixAvailable": true
},
"gulp-compile-handlebars": {
"name": "gulp-compile-handlebars",
"severity": "high",
"isDirect": true,
"via": [
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-compile-handlebars"
],
"fixAvailable": false
},
"gulp-htmlmin": {
"name": "gulp-htmlmin",
"severity": "high",
"isDirect": true,
"via": [
"html-minifier"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-htmlmin"
],
"fixAvailable": false
},
"gulp-inline": {
"name": "gulp-inline",
"severity": "high",
"isDirect": true,
"via": [
"cheerio",
"gulp-util"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/gulp-inline"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"gulp-compile-handlebars",
"gulp-inline"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": false
},
"html-minifier": {
"name": "html-minifier",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1105440,
"name": "html-minifier",
"dependency": "html-minifier",
"title": "kangax html-minifier REDoS vulnerability",
"url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=4.0.0"
}
],
"effects": [
"gulp-htmlmin"
],
"range": "*",
"nodes": [
"node_modules/html-minifier"
],
"fixAvailable": false
},
"liftoff": {
"name": "liftoff",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync"
],
"effects": [
"gulp-cli"
],
"range": "2.2.3 - 3.1.0",
"nodes": [
"node_modules/liftoff"
],
"fixAvailable": true
},
"lodash.pick": {
"name": "lodash.pick",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106907,
"name": "lodash.pick",
"dependency": "lodash.pick",
"title": "Prototype Pollution in lodash",
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
"severity": "high",
"cwe": [
"CWE-770",
"CWE-1321"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": ">=4.0.0 <=4.4.0"
}
],
"effects": [
"cheerio"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/lodash.pick"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106902,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util",
"postcss-initial"
],
"range": "*",
"nodes": [
"node_modules/lodash.template",
"node_modules/postcss-initial/node_modules/lodash.template"
],
"fixAvailable": false
},
"matchdep": {
"name": "matchdep",
"severity": "moderate",
"isDirect": false,
"via": [
"findup-sync",
"micromatch"
],
"effects": [
"gulp-cli"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/matchdep"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"matchdep",
"readdirp"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/anymatch/node_modules/micromatch",
"node_modules/liftoff/node_modules/micromatch",
"node_modules/matchdep/node_modules/micromatch",
"node_modules/readdirp/node_modules/micromatch"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095141,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/css-select/node_modules/nth-check",
"node_modules/svgo/node_modules/nth-check"
],
"fixAvailable": {
"name": "gulp-inline",
"version": "0.1.2",
"isSemVerMajor": true
}
},
"pixrem": {
"name": "pixrem",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/pixrem"
],
"fixAvailable": true
},
"pleeease-filters": {
"name": "pleeease-filters",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/pleeease-filters"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1093539,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<7.0.36"
},
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"css-declaration-sorter",
"cssnano",
"cssnano-preset-default",
"cssnano-util-raw-cache",
"pixrem",
"pleeease-filters",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-colormin",
"postcss-convert-values",
"postcss-cssnext",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-discard-comments",
"postcss-discard-duplicates",
"postcss-discard-empty",
"postcss-discard-overridden",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-merge-longhand",
"postcss-merge-rules",
"postcss-minify-font-values",
"postcss-minify-gradients",
"postcss-minify-params",
"postcss-minify-selectors",
"postcss-nesting",
"postcss-normalize-charset",
"postcss-normalize-display-values",
"postcss-normalize-positions",
"postcss-normalize-repeat-style",
"postcss-normalize-string",
"postcss-normalize-timing-functions",
"postcss-normalize-unicode",
"postcss-normalize-url",
"postcss-normalize-whitespace",
"postcss-ordered-values",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-reduce-initial",
"postcss-reduce-transforms",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not",
"postcss-svgo",
"postcss-unique-selectors",
"stylehacks"
],
"range": "<=8.4.30",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-declaration-sorter/node_modules/postcss",
"node_modules/cssnano-preset-default/node_modules/postcss",
"node_modules/cssnano-util-raw-cache/node_modules/postcss",
"node_modules/cssnano/node_modules/postcss",
"node_modules/pixrem/node_modules/postcss",
"node_modules/pleeease-filters/node_modules/postcss",
"node_modules/postcss-apply/node_modules/postcss",
"node_modules/postcss-attribute-case-insensitive/node_modules/postcss",
"node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-color-function/node_modules/postcss",
"node_modules/postcss-color-gray/node_modules/postcss",
"node_modules/postcss-color-hex-alpha/node_modules/postcss",
"node_modules/postcss-color-hsl/node_modules/postcss",
"node_modules/postcss-color-hwb/node_modules/postcss",
"node_modules/postcss-color-rebeccapurple/node_modules/postcss",
"node_modules/postcss-color-rgb/node_modules/postcss",
"node_modules/postcss-color-rgba-fallback/node_modules/postcss",
"node_modules/postcss-colormin/node_modules/postcss",
"node_modules/postcss-convert-values/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss",
"node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss",
"node_modules/postcss-custom-media/node_modules/postcss",
"node_modules/postcss-custom-properties/node_modules/postcss",
"node_modules/postcss-custom-selectors/node_modules/postcss",
"node_modules/postcss-discard-comments/node_modules/postcss",
"node_modules/postcss-discard-duplicates/node_modules/postcss",
"node_modules/postcss-discard-empty/node_modules/postcss",
"node_modules/postcss-discard-overridden/node_modules/postcss",
"node_modules/postcss-font-family-system-ui/node_modules/postcss",
"node_modules/postcss-font-variant/node_modules/postcss",
"node_modules/postcss-image-set-polyfill/node_modules/postcss",
"node_modules/postcss-initial/node_modules/postcss",
"node_modules/postcss-media-minmax/node_modules/postcss",
"node_modules/postcss-merge-longhand/node_modules/postcss",
"node_modules/postcss-merge-rules/node_modules/postcss",
"node_modules/postcss-minify-font-values/node_modules/postcss",
"node_modules/postcss-minify-gradients/node_modules/postcss",
"node_modules/postcss-minify-params/node_modules/postcss",
"node_modules/postcss-minify-selectors/node_modules/postcss",
"node_modules/postcss-nesting/node_modules/postcss",
"node_modules/postcss-normalize-charset/node_modules/postcss",
"node_modules/postcss-normalize-display-values/node_modules/postcss",
"node_modules/postcss-normalize-positions/node_modules/postcss",
"node_modules/postcss-normalize-repeat-style/node_modules/postcss",
"node_modules/postcss-normalize-string/node_modules/postcss",
"node_modules/postcss-normalize-timing-functions/node_modules/postcss",
"node_modules/postcss-normalize-unicode/node_modules/postcss",
"node_modules/postcss-normalize-url/node_modules/postcss",
"node_modules/postcss-normalize-whitespace/node_modules/postcss",
"node_modules/postcss-ordered-values/node_modules/postcss",
"node_modules/postcss-pseudo-class-any-link/node_modules/postcss",
"node_modules/postcss-pseudoelements/node_modules/postcss",
"node_modules/postcss-reduce-initial/node_modules/postcss",
"node_modules/postcss-reduce-transforms/node_modules/postcss",
"node_modules/postcss-replace-overflow-wrap/node_modules/postcss",
"node_modules/postcss-selector-matches/node_modules/postcss",
"node_modules/postcss-selector-not/node_modules/postcss",
"node_modules/postcss-svgo/node_modules/postcss",
"node_modules/postcss-unique-selectors/node_modules/postcss",
"node_modules/stylehacks/node_modules/postcss"
],
"fixAvailable": {
"name": "cssnano",
"version": "7.1.0",
"isSemVerMajor": true
}
},
"postcss-apply": {
"name": "postcss-apply",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.10.0",
"nodes": [
"node_modules/postcss-apply"
],
"fixAvailable": false
},
"postcss-attribute-case-insensitive": {
"name": "postcss-attribute-case-insensitive",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-attribute-case-insensitive"
],
"fixAvailable": false
},
"postcss-calc": {
"name": "postcss-calc",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.1.0 - 7.0.5",
"nodes": [
"node_modules/postcss-calc",
"node_modules/postcss-cssnext/node_modules/postcss-calc"
],
"fixAvailable": true
},
"postcss-color-function": {
"name": "postcss-color-function",
"severity": "moderate",
"isDirect": false,
"via": [
"css-color-function",
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-function"
],
"fixAvailable": true
},
"postcss-color-gray": {
"name": "postcss-color-gray",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.0.0 - 4.1.0",
"nodes": [
"node_modules/postcss-color-gray"
],
"fixAvailable": true
},
"postcss-color-hex-alpha": {
"name": "postcss-color-hex-alpha",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.3.0 - 3.0.0",
"nodes": [
"node_modules/postcss-color-hex-alpha"
],
"fixAvailable": true
},
"postcss-color-hsl": {
"name": "postcss-color-hsl",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "*",
"nodes": [
"node_modules/postcss-color-hsl"
],
"fixAvailable": false
},
"postcss-color-hwb": {
"name": "postcss-color-hwb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=1.2.0",
"nodes": [
"node_modules/postcss-color-hwb"
],
"fixAvailable": true
},
"postcss-color-rebeccapurple": {
"name": "postcss-color-rebeccapurple",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.1.0",
"nodes": [
"node_modules/postcss-color-rebeccapurple"
],
"fixAvailable": true
},
"postcss-color-rgb": {
"name": "postcss-color-rgb",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-color-rgb"
],
"fixAvailable": true
},
"postcss-color-rgba-fallback": {
"name": "postcss-color-rgba-fallback",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-color-rgba-fallback"
],
"fixAvailable": true
},
"postcss-colormin": {
"name": "postcss-colormin",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-colormin"
],
"fixAvailable": true
},
"postcss-convert-values": {
"name": "postcss-convert-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-convert-values"
],
"fixAvailable": true
},
"postcss-cssnext": {
"name": "postcss-cssnext",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"pixrem",
"pleeease-filters",
"postcss",
"postcss-apply",
"postcss-attribute-case-insensitive",
"postcss-calc",
"postcss-color-function",
"postcss-color-gray",
"postcss-color-hex-alpha",
"postcss-color-hsl",
"postcss-color-hwb",
"postcss-color-rebeccapurple",
"postcss-color-rgb",
"postcss-color-rgba-fallback",
"postcss-custom-media",
"postcss-custom-properties",
"postcss-custom-selectors",
"postcss-font-family-system-ui",
"postcss-font-variant",
"postcss-image-set-polyfill",
"postcss-initial",
"postcss-media-minmax",
"postcss-nesting",
"postcss-pseudo-class-any-link",
"postcss-pseudoelements",
"postcss-replace-overflow-wrap",
"postcss-selector-matches",
"postcss-selector-not"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/postcss-cssnext"
],
"fixAvailable": false
},
"postcss-custom-media": {
"name": "postcss-custom-media",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "4.0.0 - 6.0.0",
"nodes": [
"node_modules/postcss-custom-media"
],
"fixAvailable": true
},
"postcss-custom-properties": {
"name": "postcss-custom-properties",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "3.3.0 - 7.0.0",
"nodes": [
"node_modules/postcss-custom-properties"
],
"fixAvailable": true
},
"postcss-custom-selectors": {
"name": "postcss-custom-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"postcss-selector-matches"
],
"effects": [],
"range": "2.3.0 - 4.0.1",
"nodes": [
"node_modules/postcss-custom-selectors"
],
"fixAvailable": true
},
"postcss-discard-comments": {
"name": "postcss-discard-comments",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-discard-comments"
],
"fixAvailable": true
},
"postcss-discard-duplicates": {
"name": "postcss-discard-duplicates",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.2",
"nodes": [
"node_modules/postcss-discard-duplicates"
],
"fixAvailable": true
},
"postcss-discard-empty": {
"name": "postcss-discard-empty",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-discard-empty"
],
"fixAvailable": true
},
"postcss-discard-overridden": {
"name": "postcss-discard-overridden",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-discard-overridden"
],
"fixAvailable": true
},
"postcss-font-family-system-ui": {
"name": "postcss-font-family-system-ui",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-font-family-system-ui"
],
"fixAvailable": false
},
"postcss-font-variant": {
"name": "postcss-font-variant",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-font-variant"
],
"fixAvailable": true
},
"postcss-image-set-polyfill": {
"name": "postcss-image-set-polyfill",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-image-set-polyfill"
],
"fixAvailable": false
},
"postcss-initial": {
"name": "postcss-initial",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template",
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=3.0.2 || 4.0.0",
"nodes": [
"node_modules/postcss-initial"
],
"fixAvailable": false
},
"postcss-media-minmax": {
"name": "postcss-media-minmax",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.2.0 - 3.0.0",
"nodes": [
"node_modules/postcss-media-minmax"
],
"fixAvailable": true
},
"postcss-merge-longhand": {
"name": "postcss-merge-longhand",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss",
"stylehacks"
],
"effects": [],
"range": "<=4.0.11",
"nodes": [
"node_modules/postcss-merge-longhand"
],
"fixAvailable": true
},
"postcss-merge-rules": {
"name": "postcss-merge-rules",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-merge-rules"
],
"fixAvailable": true
},
"postcss-minify-font-values": {
"name": "postcss-minify-font-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-font-values"
],
"fixAvailable": true
},
"postcss-minify-gradients": {
"name": "postcss-minify-gradients",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-gradients"
],
"fixAvailable": true
},
"postcss-minify-params": {
"name": "postcss-minify-params",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-params"
],
"fixAvailable": true
},
"postcss-minify-selectors": {
"name": "postcss-minify-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-minify-selectors"
],
"fixAvailable": true
},
"postcss-nesting": {
"name": "postcss-nesting",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/postcss-nesting"
],
"fixAvailable": false
},
"postcss-normalize-charset": {
"name": "postcss-normalize-charset",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-charset"
],
"fixAvailable": true
},
"postcss-normalize-display-values": {
"name": "postcss-normalize-display-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-display-values"
],
"fixAvailable": true
},
"postcss-normalize-positions": {
"name": "postcss-normalize-positions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-positions"
],
"fixAvailable": true
},
"postcss-normalize-repeat-style": {
"name": "postcss-normalize-repeat-style",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-repeat-style"
],
"fixAvailable": true
},
"postcss-normalize-string": {
"name": "postcss-normalize-string",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-string"
],
"fixAvailable": true
},
"postcss-normalize-timing-functions": {
"name": "postcss-normalize-timing-functions",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-timing-functions"
],
"fixAvailable": true
},
"postcss-normalize-unicode": {
"name": "postcss-normalize-unicode",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-normalize-unicode"
],
"fixAvailable": true
},
"postcss-normalize-url": {
"name": "postcss-normalize-url",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.1.0 - 4.0.1",
"nodes": [
"node_modules/postcss-normalize-url"
],
"fixAvailable": true
},
"postcss-normalize-whitespace": {
"name": "postcss-normalize-whitespace",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-normalize-whitespace"
],
"fixAvailable": true
},
"postcss-ordered-values": {
"name": "postcss-ordered-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.1.2",
"nodes": [
"node_modules/postcss-ordered-values"
],
"fixAvailable": true
},
"postcss-pseudo-class-any-link": {
"name": "postcss-pseudo-class-any-link",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=5.0.0",
"nodes": [
"node_modules/postcss-pseudo-class-any-link"
],
"fixAvailable": true
},
"postcss-pseudoelements": {
"name": "postcss-pseudoelements",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": ">=2.2.0",
"nodes": [
"node_modules/postcss-pseudoelements"
],
"fixAvailable": true
},
"postcss-reduce-initial": {
"name": "postcss-reduce-initial",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.3",
"nodes": [
"node_modules/postcss-reduce-initial"
],
"fixAvailable": true
},
"postcss-reduce-transforms": {
"name": "postcss-reduce-transforms",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-reduce-transforms"
],
"fixAvailable": true
},
"postcss-replace-overflow-wrap": {
"name": "postcss-replace-overflow-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-cssnext"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-replace-overflow-wrap"
],
"fixAvailable": false
},
"postcss-selector-matches": {
"name": "postcss-selector-matches",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-matches"
],
"fixAvailable": true
},
"postcss-selector-not": {
"name": "postcss-selector-not",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.1",
"nodes": [
"node_modules/postcss-selector-not"
],
"fixAvailable": true
},
"postcss-svgo": {
"name": "postcss-svgo",
"severity": "high",
"isDirect": false,
"via": [
"postcss",
"svgo"
],
"effects": [],
"range": "<=5.0.0-rc.2",
"nodes": [
"node_modules/postcss-svgo"
],
"fixAvailable": true
},
"postcss-unique-selectors": {
"name": "postcss-unique-selectors",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/postcss-unique-selectors"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/readdirp"
],
"fixAvailable": {
"name": "gulp",
"version": "5.0.1",
"isSemVerMajor": true
}
},
"stylehacks": {
"name": "stylehacks",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"postcss-merge-longhand"
],
"range": "<=4.0.3",
"nodes": [
"node_modules/stylehacks"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": false,
"via": [
"css-select"
],
"effects": [
"postcss-svgo"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 68,
"high": 20,
"critical": 0,
"total": 88
},
"dependencies": {
"prod": 1,
"dev": 1538,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1538
}
}
}
}
--- end ---
{"added": 1538, "removed": 0, "changed": 0, "audited": 1539, "funding": 210, "audit": {"auditReportVersion": 2, "vulnerabilities": {"anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar", "glob-watcher"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/anymatch"], "fixAvailable": {"name": "gulp", "version": "5.0.1", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 8.6.5", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["node_modules/anymatch/node_modules/braces", "node_modules/chokidar/node_modules/braces", "node_modules/liftoff/node_modules/braces", "node_modules/matchdep/node_modules/braces", "node_modules/readdirp/node_modules/braces"], "fixAvailable": {"name": "gulp", "version": "5.0.1", "isSemVerMajor": true}}, "cheerio": {"name": "cheerio", "severity": "high", "isDirect": false, "via": ["css-select", "lodash.pick"], "effects": ["gulp-inline"], "range": "0.19.0 - 1.0.0-rc.12", "nodes": ["node_modules/cheerio"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["glob-watcher"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/chokidar"], "fixAvailable": {"name": "gulp", "version": "5.0.1", "isSemVerMajor": true}}, "color": {"name": "color", "severity": "moderate", "isDirect": false, "via": ["color-string"], "effects": ["css-color-function"], "range": "<=0.11.4", "nodes": ["node_modules/css-color-function/node_modules/color"], "fixAvailable": true}, "color-string": {"name": "color-string", "severity": "moderate", "isDirect": false, "via": [{"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}], "effects": ["color"], "range": "<1.5.5", "nodes": ["node_modules/css-color-function/node_modules/color-string"], "fixAvailable": true}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["pre-commit"], "range": "<6.0.6", "nodes": ["node_modules/pre-commit/node_modules/cross-spawn"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}, "css-color-function": {"name": "css-color-function", "severity": "moderate", "isDirect": false, "via": ["color"], "effects": ["postcss-color-function"], "range": "*", "nodes": ["node_modules/css-color-function"], "fixAvailable": true}, "css-declaration-sorter": {"name": "css-declaration-sorter", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=5.1.2", "nodes": ["node_modules/css-declaration-sorter"], "fixAvailable": true}, "css-select": {"name": "css-select", "severity": "high", "isDirect": false, "via": ["nth-check"], "effects": ["cheerio", "svgo"], "range": "<=3.1.0", "nodes": ["node_modules/css-select", "node_modules/svgo/node_modules/css-select"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "cssnano": {"name": "cssnano", "severity": "moderate", "isDirect": true, "via": ["cssnano-preset-default", "postcss"], "effects": [], "range": "<=4.1.11", "nodes": ["node_modules/cssnano"], "fixAvailable": {"name": "cssnano", "version": "7.1.0", "isSemVerMajor": true}}, "cssnano-preset-default": {"name": "cssnano-preset-default", "severity": "moderate", "isDirect": false, "via": ["css-declaration-sorter", "cssnano-util-raw-cache", "postcss", "postcss-calc", "postcss-colormin", "postcss-convert-values", "postcss-discard-comments", "postcss-discard-duplicates", "postcss-discard-empty", "postcss-discard-overridden", "postcss-merge-longhand", "postcss-merge-rules", "postcss-minify-font-values", "postcss-minify-gradients", "postcss-minify-params", "postcss-minify-selectors", "postcss-normalize-charset", "postcss-normalize-display-values", "postcss-normalize-positions", "postcss-normalize-repeat-style", "postcss-normalize-string", "postcss-normalize-timing-functions", "postcss-normalize-unicode", "postcss-normalize-url", "postcss-normalize-whitespace", "postcss-ordered-values", "postcss-reduce-initial", "postcss-reduce-transforms", "postcss-svgo", "postcss-unique-selectors"], "effects": ["cssnano"], "range": "<=4.0.8", "nodes": ["node_modules/cssnano-preset-default"], "fixAvailable": {"name": "cssnano", "version": "7.1.0", "isSemVerMajor": true}}, "cssnano-util-raw-cache": {"name": "cssnano-util-raw-cache", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "*", "nodes": ["node_modules/cssnano-util-raw-cache"], "fixAvailable": true}, "findup-sync": {"name": "findup-sync", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["liftoff", "matchdep"], "range": "0.4.0 - 3.0.0", "nodes": ["node_modules/liftoff/node_modules/findup-sync", "node_modules/matchdep/node_modules/findup-sync"], "fixAvailable": true}, "glob-watcher": {"name": "glob-watcher", "severity": "high", "isDirect": false, "via": ["anymatch", "chokidar"], "effects": ["gulp"], "range": "5.0.0 - 5.0.5", "nodes": ["node_modules/glob-watcher"], "fixAvailable": {"name": "gulp", "version": "5.0.1", "isSemVerMajor": true}}, "gulp": {"name": "gulp", "severity": "high", "isDirect": true, "via": ["glob-watcher", "gulp-cli"], "effects": [], "range": "4.0.0 - 4.0.2", "nodes": ["node_modules/gulp"], "fixAvailable": {"name": "gulp", "version": "5.0.1", "isSemVerMajor": true}}, "gulp-cli": {"name": "gulp-cli", "severity": "moderate", "isDirect": false, "via": ["liftoff", "matchdep"], "effects": [], "range": "1.3.0 - 2.3.0", "nodes": ["node_modules/gulp-cli"], "fixAvailable": true}, "gulp-compile-handlebars": {"name": "gulp-compile-handlebars", "severity": "high", "isDirect": true, "via": ["gulp-util"], "effects": [], "range": "*", "nodes": ["node_modules/gulp-compile-handlebars"], "fixAvailable": false}, "gulp-htmlmin": {"name": "gulp-htmlmin", "severity": "high", "isDirect": true, "via": ["html-minifier"], "effects": [], "range": "*", "nodes": ["node_modules/gulp-htmlmin"], "fixAvailable": false}, "gulp-inline": {"name": "gulp-inline", "severity": "high", "isDirect": true, "via": ["cheerio", "gulp-util"], "effects": [], "range": "*", "nodes": ["node_modules/gulp-inline"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "gulp-util": {"name": "gulp-util", "severity": "high", "isDirect": false, "via": ["lodash.template"], "effects": ["gulp-compile-handlebars", "gulp-inline"], "range": ">=1.1.0", "nodes": ["node_modules/gulp-util"], "fixAvailable": false}, "html-minifier": {"name": "html-minifier", "severity": "high", "isDirect": false, "via": [{"source": 1105440, "name": "html-minifier", "dependency": "html-minifier", "title": "kangax html-minifier REDoS vulnerability", "url": "https://github.com/advisories/GHSA-pfq8-rq6v-vf5m", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=4.0.0"}], "effects": ["gulp-htmlmin"], "range": "*", "nodes": ["node_modules/html-minifier"], "fixAvailable": false}, "liftoff": {"name": "liftoff", "severity": "moderate", "isDirect": false, "via": ["findup-sync"], "effects": ["gulp-cli"], "range": "2.2.3 - 3.1.0", "nodes": ["node_modules/liftoff"], "fixAvailable": true}, "lodash.pick": {"name": "lodash.pick", "severity": "high", "isDirect": false, "via": [{"source": 1106907, "name": "lodash.pick", "dependency": "lodash.pick", "title": "Prototype Pollution in lodash", "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw", "severity": "high", "cwe": ["CWE-770", "CWE-1321"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": ">=4.0.0 <=4.4.0"}], "effects": ["cheerio"], "range": ">=4.0.0", "nodes": ["node_modules/lodash.pick"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "lodash.template": {"name": "lodash.template", "severity": "high", "isDirect": false, "via": [{"source": 1106902, "name": "lodash.template", "dependency": "lodash.template", "title": "Command Injection in lodash", "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "severity": "high", "cwe": ["CWE-77", "CWE-94"], "cvss": {"score": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=4.5.0"}], "effects": ["gulp-util", "postcss-initial"], "range": "*", "nodes": ["node_modules/lodash.template", "node_modules/postcss-initial/node_modules/lodash.template"], "fixAvailable": false}, "matchdep": {"name": "matchdep", "severity": "moderate", "isDirect": false, "via": ["findup-sync", "micromatch"], "effects": ["gulp-cli"], "range": ">=1.0.1", "nodes": ["node_modules/matchdep"], "fixAvailable": true}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "findup-sync", "matchdep", "readdirp"], "range": "<=4.0.7", "nodes": ["node_modules/anymatch/node_modules/micromatch", "node_modules/liftoff/node_modules/micromatch", "node_modules/matchdep/node_modules/micromatch", "node_modules/readdirp/node_modules/micromatch"], "fixAvailable": {"name": "gulp", "version": "5.0.1", "isSemVerMajor": true}}, "nth-check": {"name": "nth-check", "severity": "high", "isDirect": false, "via": [{"source": 1095141, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["node_modules/css-select/node_modules/nth-check", "node_modules/svgo/node_modules/nth-check"], "fixAvailable": {"name": "gulp-inline", "version": "0.1.2", "isSemVerMajor": true}}, "pixrem": {"name": "pixrem", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/pixrem"], "fixAvailable": true}, "pleeease-filters": {"name": "pleeease-filters", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "*", "nodes": ["node_modules/pleeease-filters"], "fixAvailable": true}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1093539, "name": "postcss", "dependency": "postcss", "title": "Regular Expression Denial of Service in postcss", "url": "https://github.com/advisories/GHSA-566m-qj78-rww5", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<7.0.36"}, {"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["autoprefixer", "css-declaration-sorter", "cssnano", "cssnano-preset-default", "cssnano-util-raw-cache", "pixrem", "pleeease-filters", "postcss-apply", "postcss-attribute-case-insensitive", "postcss-calc", "postcss-color-function", "postcss-color-gray", "postcss-color-hex-alpha", "postcss-color-hsl", "postcss-color-hwb", "postcss-color-rebeccapurple", "postcss-color-rgb", "postcss-color-rgba-fallback", "postcss-colormin", "postcss-convert-values", "postcss-cssnext", "postcss-custom-media", "postcss-custom-properties", "postcss-custom-selectors", "postcss-discard-comments", "postcss-discard-duplicates", "postcss-discard-empty", "postcss-discard-overridden", "postcss-font-family-system-ui", "postcss-font-variant", "postcss-image-set-polyfill", "postcss-initial", "postcss-media-minmax", "postcss-merge-longhand", "postcss-merge-rules", "postcss-minify-font-values", "postcss-minify-gradients", "postcss-minify-params", "postcss-minify-selectors", "postcss-nesting", "postcss-normalize-charset", "postcss-normalize-display-values", "postcss-normalize-positions", "postcss-normalize-repeat-style", "postcss-normalize-string", "postcss-normalize-timing-functions", "postcss-normalize-unicode", "postcss-normalize-url", "postcss-normalize-whitespace", "postcss-ordered-values", "postcss-pseudo-class-any-link", "postcss-pseudoelements", "postcss-reduce-initial", "postcss-reduce-transforms", "postcss-replace-overflow-wrap", "postcss-selector-matches", "postcss-selector-not", "postcss-svgo", "postcss-unique-selectors", "stylehacks"], "range": "<=8.4.30", "nodes": ["node_modules/autoprefixer/node_modules/postcss", "node_modules/css-declaration-sorter/node_modules/postcss", "node_modules/cssnano-preset-default/node_modules/postcss", "node_modules/cssnano-util-raw-cache/node_modules/postcss", "node_modules/cssnano/node_modules/postcss", "node_modules/pixrem/node_modules/postcss", "node_modules/pleeease-filters/node_modules/postcss", "node_modules/postcss-apply/node_modules/postcss", "node_modules/postcss-attribute-case-insensitive/node_modules/postcss", "node_modules/postcss-calc/node_modules/postcss", "node_modules/postcss-color-function/node_modules/postcss", "node_modules/postcss-color-gray/node_modules/postcss", "node_modules/postcss-color-hex-alpha/node_modules/postcss", "node_modules/postcss-color-hsl/node_modules/postcss", "node_modules/postcss-color-hwb/node_modules/postcss", "node_modules/postcss-color-rebeccapurple/node_modules/postcss", "node_modules/postcss-color-rgb/node_modules/postcss", "node_modules/postcss-color-rgba-fallback/node_modules/postcss", "node_modules/postcss-colormin/node_modules/postcss", "node_modules/postcss-convert-values/node_modules/postcss", "node_modules/postcss-cssnext/node_modules/postcss", "node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss", "node_modules/postcss-custom-media/node_modules/postcss", "node_modules/postcss-custom-properties/node_modules/postcss", "node_modules/postcss-custom-selectors/node_modules/postcss", "node_modules/postcss-discard-comments/node_modules/postcss", "node_modules/postcss-discard-duplicates/node_modules/postcss", "node_modules/postcss-discard-empty/node_modules/postcss", "node_modules/postcss-discard-overridden/node_modules/postcss", "node_modules/postcss-font-family-system-ui/node_modules/postcss", "node_modules/postcss-font-variant/node_modules/postcss", "node_modules/postcss-image-set-polyfill/node_modules/postcss", "node_modules/postcss-initial/node_modules/postcss", "node_modules/postcss-media-minmax/node_modules/postcss", "node_modules/postcss-merge-longhand/node_modules/postcss", "node_modules/postcss-merge-rules/node_modules/postcss", "node_modules/postcss-minify-font-values/node_modules/postcss", "node_modules/postcss-minify-gradients/node_modules/postcss", "node_modules/postcss-minify-params/node_modules/postcss", "node_modules/postcss-minify-selectors/node_modules/postcss", "node_modules/postcss-nesting/node_modules/postcss", "node_modules/postcss-normalize-charset/node_modules/postcss", "node_modules/postcss-normalize-display-values/node_modules/postcss", "node_modules/postcss-normalize-positions/node_modules/postcss", "node_modules/postcss-normalize-repeat-style/node_modules/postcss", "node_modules/postcss-normalize-string/node_modules/postcss", "node_modules/postcss-normalize-timing-functions/node_modules/postcss", "node_modules/postcss-normalize-unicode/node_modules/postcss", "node_modules/postcss-normalize-url/node_modules/postcss", "node_modules/postcss-normalize-whitespace/node_modules/postcss", "node_modules/postcss-ordered-values/node_modules/postcss", "node_modules/postcss-pseudo-class-any-link/node_modules/postcss", "node_modules/postcss-pseudoelements/node_modules/postcss", "node_modules/postcss-reduce-initial/node_modules/postcss", "node_modules/postcss-reduce-transforms/node_modules/postcss", "node_modules/postcss-replace-overflow-wrap/node_modules/postcss", "node_modules/postcss-selector-matches/node_modules/postcss", "node_modules/postcss-selector-not/node_modules/postcss", "node_modules/postcss-svgo/node_modules/postcss", "node_modules/postcss-unique-selectors/node_modules/postcss", "node_modules/stylehacks/node_modules/postcss"], "fixAvailable": {"name": "cssnano", "version": "7.1.0", "isSemVerMajor": true}}, "postcss-apply": {"name": "postcss-apply", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=0.10.0", "nodes": ["node_modules/postcss-apply"], "fixAvailable": false}, "postcss-attribute-case-insensitive": {"name": "postcss-attribute-case-insensitive", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=3.0.1", "nodes": ["node_modules/postcss-attribute-case-insensitive"], "fixAvailable": false}, "postcss-calc": {"name": "postcss-calc", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "4.1.0 - 7.0.5", "nodes": ["node_modules/postcss-calc", "node_modules/postcss-cssnext/node_modules/postcss-calc"], "fixAvailable": true}, "postcss-color-function": {"name": "postcss-color-function", "severity": "moderate", "isDirect": false, "via": ["css-color-function", "postcss"], "effects": [], "range": "*", "nodes": ["node_modules/postcss-color-function"], "fixAvailable": true}, "postcss-color-gray": {"name": "postcss-color-gray", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "3.0.0 - 4.1.0", "nodes": ["node_modules/postcss-color-gray"], "fixAvailable": true}, "postcss-color-hex-alpha": {"name": "postcss-color-hex-alpha", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.3.0 - 3.0.0", "nodes": ["node_modules/postcss-color-hex-alpha"], "fixAvailable": true}, "postcss-color-hsl": {"name": "postcss-color-hsl", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "*", "nodes": ["node_modules/postcss-color-hsl"], "fixAvailable": false}, "postcss-color-hwb": {"name": "postcss-color-hwb", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": ">=1.2.0", "nodes": ["node_modules/postcss-color-hwb"], "fixAvailable": true}, "postcss-color-rebeccapurple": {"name": "postcss-color-rebeccapurple", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.2.0 - 3.1.0", "nodes": ["node_modules/postcss-color-rebeccapurple"], "fixAvailable": true}, "postcss-color-rgb": {"name": "postcss-color-rgb", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "*", "nodes": ["node_modules/postcss-color-rgb"], "fixAvailable": true}, "postcss-color-rgba-fallback": {"name": "postcss-color-rgba-fallback", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=3.0.0", "nodes": ["node_modules/postcss-color-rgba-fallback"], "fixAvailable": true}, "postcss-colormin": {"name": "postcss-colormin", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.3", "nodes": ["node_modules/postcss-colormin"], "fixAvailable": true}, "postcss-convert-values": {"name": "postcss-convert-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-convert-values"], "fixAvailable": true}, "postcss-cssnext": {"name": "postcss-cssnext", "severity": "moderate", "isDirect": true, "via": ["autoprefixer", "pixrem", "pleeease-filters", "postcss", "postcss-apply", "postcss-attribute-case-insensitive", "postcss-calc", "postcss-color-function", "postcss-color-gray", "postcss-color-hex-alpha", "postcss-color-hsl", "postcss-color-hwb", "postcss-color-rebeccapurple", "postcss-color-rgb", "postcss-color-rgba-fallback", "postcss-custom-media", "postcss-custom-properties", "postcss-custom-selectors", "postcss-font-family-system-ui", "postcss-font-variant", "postcss-image-set-polyfill", "postcss-initial", "postcss-media-minmax", "postcss-nesting", "postcss-pseudo-class-any-link", "postcss-pseudoelements", "postcss-replace-overflow-wrap", "postcss-selector-matches", "postcss-selector-not"], "effects": [], "range": "*", "nodes": ["node_modules/postcss-cssnext"], "fixAvailable": false}, "postcss-custom-media": {"name": "postcss-custom-media", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "4.0.0 - 6.0.0", "nodes": ["node_modules/postcss-custom-media"], "fixAvailable": true}, "postcss-custom-properties": {"name": "postcss-custom-properties", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "3.3.0 - 7.0.0", "nodes": ["node_modules/postcss-custom-properties"], "fixAvailable": true}, "postcss-custom-selectors": {"name": "postcss-custom-selectors", "severity": "moderate", "isDirect": false, "via": ["postcss", "postcss-selector-matches"], "effects": [], "range": "2.3.0 - 4.0.1", "nodes": ["node_modules/postcss-custom-selectors"], "fixAvailable": true}, "postcss-discard-comments": {"name": "postcss-discard-comments", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-discard-comments"], "fixAvailable": true}, "postcss-discard-duplicates": {"name": "postcss-discard-duplicates", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.1.0 - 4.0.2", "nodes": ["node_modules/postcss-discard-duplicates"], "fixAvailable": true}, "postcss-discard-empty": {"name": "postcss-discard-empty", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.1.0 - 4.0.1", "nodes": ["node_modules/postcss-discard-empty"], "fixAvailable": true}, "postcss-discard-overridden": {"name": "postcss-discard-overridden", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-discard-overridden"], "fixAvailable": true}, "postcss-font-family-system-ui": {"name": "postcss-font-family-system-ui", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=3.0.0", "nodes": ["node_modules/postcss-font-family-system-ui"], "fixAvailable": false}, "postcss-font-variant": {"name": "postcss-font-variant", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.2.0 - 3.0.0", "nodes": ["node_modules/postcss-font-variant"], "fixAvailable": true}, "postcss-image-set-polyfill": {"name": "postcss-image-set-polyfill", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=0.4.4", "nodes": ["node_modules/postcss-image-set-polyfill"], "fixAvailable": false}, "postcss-initial": {"name": "postcss-initial", "severity": "high", "isDirect": false, "via": ["lodash.template", "postcss"], "effects": ["postcss-cssnext"], "range": "<=3.0.2 || 4.0.0", "nodes": ["node_modules/postcss-initial"], "fixAvailable": false}, "postcss-media-minmax": {"name": "postcss-media-minmax", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.2.0 - 3.0.0", "nodes": ["node_modules/postcss-media-minmax"], "fixAvailable": true}, "postcss-merge-longhand": {"name": "postcss-merge-longhand", "severity": "moderate", "isDirect": false, "via": ["postcss", "stylehacks"], "effects": [], "range": "<=4.0.11", "nodes": ["node_modules/postcss-merge-longhand"], "fixAvailable": true}, "postcss-merge-rules": {"name": "postcss-merge-rules", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.3", "nodes": ["node_modules/postcss-merge-rules"], "fixAvailable": true}, "postcss-minify-font-values": {"name": "postcss-minify-font-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-font-values"], "fixAvailable": true}, "postcss-minify-gradients": {"name": "postcss-minify-gradients", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-gradients"], "fixAvailable": true}, "postcss-minify-params": {"name": "postcss-minify-params", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-params"], "fixAvailable": true}, "postcss-minify-selectors": {"name": "postcss-minify-selectors", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-minify-selectors"], "fixAvailable": true}, "postcss-nesting": {"name": "postcss-nesting", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=6.0.0", "nodes": ["node_modules/postcss-nesting"], "fixAvailable": false}, "postcss-normalize-charset": {"name": "postcss-normalize-charset", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-normalize-charset"], "fixAvailable": true}, "postcss-normalize-display-values": {"name": "postcss-normalize-display-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-display-values"], "fixAvailable": true}, "postcss-normalize-positions": {"name": "postcss-normalize-positions", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-positions"], "fixAvailable": true}, "postcss-normalize-repeat-style": {"name": "postcss-normalize-repeat-style", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-repeat-style"], "fixAvailable": true}, "postcss-normalize-string": {"name": "postcss-normalize-string", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-string"], "fixAvailable": true}, "postcss-normalize-timing-functions": {"name": "postcss-normalize-timing-functions", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-timing-functions"], "fixAvailable": true}, "postcss-normalize-unicode": {"name": "postcss-normalize-unicode", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-normalize-unicode"], "fixAvailable": true}, "postcss-normalize-url": {"name": "postcss-normalize-url", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.1.0 - 4.0.1", "nodes": ["node_modules/postcss-normalize-url"], "fixAvailable": true}, "postcss-normalize-whitespace": {"name": "postcss-normalize-whitespace", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-normalize-whitespace"], "fixAvailable": true}, "postcss-ordered-values": {"name": "postcss-ordered-values", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.1.2", "nodes": ["node_modules/postcss-ordered-values"], "fixAvailable": true}, "postcss-pseudo-class-any-link": {"name": "postcss-pseudo-class-any-link", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=5.0.0", "nodes": ["node_modules/postcss-pseudo-class-any-link"], "fixAvailable": true}, "postcss-pseudoelements": {"name": "postcss-pseudoelements", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": ">=2.2.0", "nodes": ["node_modules/postcss-pseudoelements"], "fixAvailable": true}, "postcss-reduce-initial": {"name": "postcss-reduce-initial", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.3", "nodes": ["node_modules/postcss-reduce-initial"], "fixAvailable": true}, "postcss-reduce-transforms": {"name": "postcss-reduce-transforms", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.2", "nodes": ["node_modules/postcss-reduce-transforms"], "fixAvailable": true}, "postcss-replace-overflow-wrap": {"name": "postcss-replace-overflow-wrap", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-cssnext"], "range": "<=2.0.0", "nodes": ["node_modules/postcss-replace-overflow-wrap"], "fixAvailable": false}, "postcss-selector-matches": {"name": "postcss-selector-matches", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=3.0.1", "nodes": ["node_modules/postcss-selector-matches"], "fixAvailable": true}, "postcss-selector-not": {"name": "postcss-selector-not", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=3.0.1", "nodes": ["node_modules/postcss-selector-not"], "fixAvailable": true}, "postcss-svgo": {"name": "postcss-svgo", "severity": "high", "isDirect": false, "via": ["postcss", "svgo"], "effects": [], "range": "<=5.0.0-rc.2", "nodes": ["node_modules/postcss-svgo"], "fixAvailable": true}, "postcss-unique-selectors": {"name": "postcss-unique-selectors", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.0.1", "nodes": ["node_modules/postcss-unique-selectors"], "fixAvailable": true}, "pre-commit": {"name": "pre-commit", "severity": "high", "isDirect": true, "via": ["cross-spawn"], "effects": [], "range": ">=1.1.0", "nodes": ["node_modules/pre-commit"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/readdirp"], "fixAvailable": {"name": "gulp", "version": "5.0.1", "isSemVerMajor": true}}, "stylehacks": {"name": "stylehacks", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["postcss-merge-longhand"], "range": "<=4.0.3", "nodes": ["node_modules/stylehacks"], "fixAvailable": true}, "svgo": {"name": "svgo", "severity": "high", "isDirect": false, "via": ["css-select"], "effects": ["postcss-svgo"], "range": "1.0.0 - 1.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 68, "high": 20, "critical": 0, "total": 88}, "dependencies": {"prod": 1, "dev": 1538, "optional": 37, "peer": 1, "peerOptional": 0, "total": 1538}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.2.1',
npm WARN EBADENGINE required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated lodash.template@3.6.2: This package is deprecated. Use https://socket.dev/npm/package/eta instead.
npm WARN deprecated lodash.pick@4.4.0: This package is deprecated. Use destructuring assignment syntax instead.
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated lodash.template@4.5.0: This package is deprecated. Use https://socket.dev/npm/package/eta instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated q@1.5.1: You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other.
npm WARN deprecated
npm WARN deprecated (For a CapTP with native promises, see @endo/eventual-send and @endo/captp)
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at https://moox.io/blog/deprecating-cssnext/
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1505 packages, and audited 1506 packages in 18s
210 packages are looking for funding
run `npm fund` for details
# npm audit report
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install gulp@5.0.1, which is a breaking change
node_modules/anymatch/node_modules/braces
node_modules/chokidar/node_modules/braces
node_modules/liftoff/node_modules/braces
node_modules/matchdep/node_modules/braces
node_modules/readdirp/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/chokidar
glob-watcher 5.0.0 - 5.0.5
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of chokidar
node_modules/glob-watcher
gulp 4.0.0 - 4.0.2
Depends on vulnerable versions of glob-watcher
Depends on vulnerable versions of gulp-cli
node_modules/gulp
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/anymatch/node_modules/micromatch
node_modules/liftoff/node_modules/micromatch
node_modules/matchdep/node_modules/micromatch
node_modules/readdirp/node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/anymatch
findup-sync 0.4.0 - 3.0.0
Depends on vulnerable versions of micromatch
node_modules/liftoff/node_modules/findup-sync
node_modules/matchdep/node_modules/findup-sync
liftoff 2.2.3 - 3.1.0
Depends on vulnerable versions of findup-sync
node_modules/liftoff
gulp-cli 1.3.0 - 2.3.0
Depends on vulnerable versions of liftoff
Depends on vulnerable versions of matchdep
node_modules/gulp-cli
matchdep >=1.0.1
Depends on vulnerable versions of findup-sync
Depends on vulnerable versions of micromatch
node_modules/matchdep
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/readdirp
color-string <1.5.5
Severity: moderate
Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-257v-vj4p-3w2h
fix available via `npm audit fix`
node_modules/css-color-function/node_modules/color-string
color <=0.11.4
Depends on vulnerable versions of color-string
node_modules/css-color-function/node_modules/color
css-color-function *
Depends on vulnerable versions of color
node_modules/css-color-function
postcss-color-function *
Depends on vulnerable versions of css-color-function
Depends on vulnerable versions of postcss
node_modules/postcss-color-function
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install pre-commit@1.0.10, which is a breaking change
node_modules/pre-commit/node_modules/cross-spawn
pre-commit >=1.1.0
Depends on vulnerable versions of cross-spawn
node_modules/pre-commit
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
No fix available
node_modules/html-minifier
gulp-htmlmin *
Depends on vulnerable versions of html-minifier
node_modules/gulp-htmlmin
lodash.pick >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install gulp-inline@0.1.2, which is a breaking change
node_modules/lodash.pick
cheerio 0.19.0 - 1.0.0-rc.12
Depends on vulnerable versions of css-select
Depends on vulnerable versions of lodash.pick
node_modules/cheerio
gulp-inline *
Depends on vulnerable versions of cheerio
Depends on vulnerable versions of gulp-util
node_modules/gulp-inline
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix --force`
Will install gulp-inline@0.1.2, which is a breaking change
node_modules/lodash.template
node_modules/postcss-initial/node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp-util
gulp-compile-handlebars *
Depends on vulnerable versions of gulp-util
node_modules/gulp-compile-handlebars
postcss-initial <=3.0.2 || 4.0.0
Depends on vulnerable versions of lodash.template
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-cssnext *
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of pixrem
Depends on vulnerable versions of pleeease-filters
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-apply
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-color-function
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-hsl
Depends on vulnerable versions of postcss-color-hwb
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-color-rgb
Depends on vulnerable versions of postcss-color-rgba-fallback
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-font-family-system-ui
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-image-set-polyfill
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-pseudoelements
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-cssnext
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install gulp-inline@0.1.2, which is a breaking change
node_modules/css-select/node_modules/nth-check
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
postcss <=8.4.30
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install cssnano@7.1.0, which is a breaking change
node_modules/autoprefixer/node_modules/postcss
node_modules/css-declaration-sorter/node_modules/postcss
node_modules/cssnano-preset-default/node_modules/postcss
node_modules/cssnano-util-raw-cache/node_modules/postcss
node_modules/cssnano/node_modules/postcss
node_modules/pixrem/node_modules/postcss
node_modules/pleeease-filters/node_modules/postcss
node_modules/postcss-apply/node_modules/postcss
node_modules/postcss-attribute-case-insensitive/node_modules/postcss
node_modules/postcss-calc/node_modules/postcss
node_modules/postcss-color-function/node_modules/postcss
node_modules/postcss-color-gray/node_modules/postcss
node_modules/postcss-color-hex-alpha/node_modules/postcss
node_modules/postcss-color-hsl/node_modules/postcss
node_modules/postcss-color-hwb/node_modules/postcss
node_modules/postcss-color-rebeccapurple/node_modules/postcss
node_modules/postcss-color-rgb/node_modules/postcss
node_modules/postcss-color-rgba-fallback/node_modules/postcss
node_modules/postcss-colormin/node_modules/postcss
node_modules/postcss-convert-values/node_modules/postcss
node_modules/postcss-cssnext/node_modules/postcss
node_modules/postcss-cssnext/node_modules/postcss-calc/node_modules/postcss
node_modules/postcss-custom-media/node_modules/postcss
node_modules/postcss-custom-properties/node_modules/postcss
node_modules/postcss-custom-selectors/node_modules/postcss
node_modules/postcss-discard-comments/node_modules/postcss
node_modules/postcss-discard-duplicates/node_modules/postcss
node_modules/postcss-discard-empty/node_modules/postcss
node_modules/postcss-discard-overridden/node_modules/postcss
node_modules/postcss-font-family-system-ui/node_modules/postcss
node_modules/postcss-font-variant/node_modules/postcss
node_modules/postcss-image-set-polyfill/node_modules/postcss
node_modules/postcss-initial/node_modules/postcss
node_modules/postcss-media-minmax/node_modules/postcss
node_modules/postcss-merge-longhand/node_modules/postcss
node_modules/postcss-merge-rules/node_modules/postcss
node_modules/postcss-minify-font-values/node_modules/postcss
node_modules/postcss-minify-gradients/node_modules/postcss
node_modules/postcss-minify-params/node_modules/postcss
node_modules/postcss-minify-selectors/node_modules/postcss
node_modules/postcss-nesting/node_modules/postcss
node_modules/postcss-normalize-charset/node_modules/postcss
node_modules/postcss-normalize-display-values/node_modules/postcss
node_modules/postcss-normalize-positions/node_modules/postcss
node_modules/postcss-normalize-repeat-style/node_modules/postcss
node_modules/postcss-normalize-string/node_modules/postcss
node_modules/postcss-normalize-timing-functions/node_modules/postcss
node_modules/postcss-normalize-unicode/node_modules/postcss
node_modules/postcss-normalize-url/node_modules/postcss
node_modules/postcss-normalize-whitespace/node_modules/postcss
node_modules/postcss-ordered-values/node_modules/postcss
node_modules/postcss-pseudo-class-any-link/node_modules/postcss
node_modules/postcss-pseudoelements/node_modules/postcss
node_modules/postcss-reduce-initial/node_modules/postcss
node_modules/postcss-reduce-transforms/node_modules/postcss
node_modules/postcss-replace-overflow-wrap/node_modules/postcss
node_modules/postcss-selector-matches/node_modules/postcss
node_modules/postcss-selector-not/node_modules/postcss
node_modules/postcss-svgo/node_modules/postcss
node_modules/postcss-unique-selectors/node_modules/postcss
node_modules/stylehacks/node_modules/postcss
autoprefixer 1.0.20131222 - 8.6.5
Depends on vulnerable versions of postcss
node_modules/autoprefixer
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache *
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
pixrem <=4.0.1
Depends on vulnerable versions of postcss
node_modules/pixrem
pleeease-filters *
Depends on vulnerable versions of postcss
node_modules/pleeease-filters
postcss-apply <=0.10.0
Depends on vulnerable versions of postcss
node_modules/postcss-apply
postcss-attribute-case-insensitive <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
node_modules/postcss-cssnext/node_modules/postcss-calc
postcss-color-gray 3.0.0 - 4.1.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-hsl *
Depends on vulnerable versions of postcss
node_modules/postcss-color-hsl
postcss-color-hwb >=1.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hwb
postcss-color-rebeccapurple 1.2.0 - 3.1.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-color-rgb *
Depends on vulnerable versions of postcss
node_modules/postcss-color-rgb
postcss-color-rgba-fallback <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rgba-fallback
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 7.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 4.0.1
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-selector-matches
node_modules/postcss-custom-selectors
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-font-family-system-ui <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-font-family-system-ui
postcss-font-variant 1.2.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-image-set-polyfill <=0.4.4
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-polyfill
postcss-media-minmax 1.2.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-nesting <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-pseudo-class-any-link <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-pseudoelements >=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudoelements
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-selector-matches <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
88 vulnerabilities (68 moderate, 20 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.2.1',
npm WARN EBADENGINE required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated lodash.pick@4.4.0: This package is deprecated. Use destructuring assignment syntax instead.
npm WARN deprecated lodash.template@3.6.2: This package is deprecated. Use https://socket.dev/npm/package/eta instead.
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated lodash.template@4.5.0: This package is deprecated. Use https://socket.dev/npm/package/eta instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated q@1.5.1: You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other.
npm WARN deprecated
npm WARN deprecated (For a CapTP with native promises, see @endo/eventual-send and @endo/captp)
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated postcss-cssnext@3.1.1: 'postcss-cssnext' has been deprecated in favor of 'postcss-preset-env'. Read more at https://moox.io/blog/deprecating-cssnext/
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1505 packages, and audited 1506 packages in 23s
210 packages are looking for funding
run `npm fund` for details
88 vulnerabilities (68 moderate, 20 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
33 sources checked
/src/repo/src/common/assets/postcss/_app-badge.css
/src/repo/src/common/assets/postcss/_base-portal.css
/src/repo/src/common/assets/postcss/_base.css
/src/repo/src/common/assets/postcss/_buttons.css
/src/repo/src/common/assets/postcss/_central-featured.css
/src/repo/src/common/assets/postcss/_central-textlogo.css
/src/repo/src/common/assets/postcss/_footer.css
/src/repo/src/common/assets/postcss/_forms.css
/src/repo/src/common/assets/postcss/_localization.css
/src/repo/src/common/assets/postcss/_media-print.css
/src/repo/src/common/assets/postcss/_other-languages-bookshelf.css
/src/repo/src/common/assets/postcss/_other-languages.css
/src/repo/src/common/assets/postcss/_other-projects.css
/src/repo/src/common/assets/postcss/_search-language-picker.css
/src/repo/src/common/assets/postcss/_search-suggestions.css
/src/repo/src/common/assets/postcss/_search.css
/src/repo/src/common/assets/postcss/_vars.css
/src/repo/src/common/assets/postcss/_wm-portal.css
/src/repo/src/wikimedia.org/assets/postcss/_wikimedia-custom.css
/src/repo/src/wikimedia.org/assets/postcss/style.css
/src/repo/src/wikibooks.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikibooks.org/assets/postcss/style.css
/src/repo/src/wikipedia.org/assets/postcss/style.css
/src/repo/src/wikinews.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikinews.org/assets/postcss/style.css
/src/repo/src/wikiquote.org/assets/postcss/_wikibooks-custom.css
/src/repo/src/wikiquote.org/assets/postcss/style.css
/src/repo/src/wikivoyage.org/assets/postcss/_wikivoyage-custom.css
/src/repo/src/wikivoyage.org/assets/postcss/style.css
/src/repo/src/wikiversity.org/assets/postcss/_wikinews-custom.css
/src/repo/src/wikiversity.org/assets/postcss/style.css
/src/repo/src/wiktionary.org/assets/postcss/_wiktionary-custom.css
/src/repo/src/wiktionary.org/assets/postcss/style.css
0 problems found
--- stdout ---
> test
> npm -s run lint:styles && npm -s run lint:js
/src/repo/data/site-stats.js
137:14 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
147:8 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/data/stats.js
50:1 warning The type 'sort' is undefined jsdoc/no-undefined-types
50:1 warning The type 'latin' is undefined jsdoc/no-undefined-types
88:15 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
91:21 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
302:1 warning Missing JSDoc @return type jsdoc/require-returns-type
308:1 warning This line has a length of 130. Maximum allowed is 100 max-len
322:1 warning This line has a length of 101. Maximum allowed is 100 max-len
/src/repo/data/utils.js
13:3 warning Found unlink from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
37:5 warning Found stat from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/gulpfile.js/prod.js
49:8 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
55:1 warning This line has a length of 108. Maximum allowed is 100 max-len
68:7 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
70:3 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
72:22 warning Found unlinkSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/gulpfile.js/sprites.js
16:4 warning Found unlink from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/src/common/assets/js/mediawiki.lite.js
1:1 warning Unused eslint-disable directive (no problems were reported from 'no-redeclare')
/src/repo/src/common/assets/js/page-localized.js
14:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
15:1 warning Missing JSDoc @param "translationsHash" type jsdoc/require-param-type
16:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
17:1 warning Missing JSDoc @param "rtlLangs" type jsdoc/require-param-type
/src/repo/src/common/assets/js/topten-localized.js
12:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
13:1 warning Missing JSDoc @param "wmTest" type jsdoc/require-param-type
117:1 warning This line has a length of 101. Maximum allowed is 100 max-len
122:1 warning This line has a length of 117. Maximum allowed is 100 max-len
/src/repo/src/common/assets/js/wm-portal.js
228:4 warning Unused eslint-disable directive (no problems were reported from 'security/detect-unsafe-regex')
/src/repo/src/common/assets/js/wm-typeahead.js
216:4 warning Unused eslint-disable directive (no problems were reported from 'security/detect-non-literal-regexp')
✖ 28 problems (0 errors, 28 warnings)
0 errors and 3 warnings potentially fixable with the `--fix` option.
--- end ---
{}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{"1089718": {"source": 1089718, "name": "color-string", "dependency": "color-string", "title": "Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-257v-vj4p-3w2h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<1.5.5"}}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp4cz23570
--- stderr ---
pre-commit:
pre-commit: No changes detected.
pre-commit: Skipping the pre-commit hook.
pre-commit:
--- stdout ---
On branch master
Your branch is up to date with 'origin/master'.
nothing to commit, working tree clean
--- end ---