This run took 83 seconds.
From 2f943fab40443dcf47d4ddef688779bb4391e4a7 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 29 Jan 2026 19:00:33 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* body-parser: 1.20.3 → 1.20.4
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
* lodash: 4.17.21 → 4.17.23
* https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
* qs: 6.13.0 → 6.14.1
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
Change-Id: I82a6e4677d175315553e3177f9c1b83babf31733
---
package-lock.json | 257 ++++++++++++++++++++++++----------------------
1 file changed, 137 insertions(+), 120 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index a44e7d6..a75cc5e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -463,19 +463,22 @@
}
},
"node_modules/@eslint/js": {
- "version": "8.57.0",
+ "version": "8.57.1",
+ "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.1.tgz",
+ "integrity": "sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==",
"dev": true,
- "license": "MIT",
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
}
},
"node_modules/@humanwhocodes/config-array": {
- "version": "0.11.14",
+ "version": "0.13.0",
+ "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.13.0.tgz",
+ "integrity": "sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw==",
+ "deprecated": "Use @eslint/config-array instead",
"dev": true,
- "license": "Apache-2.0",
"dependencies": {
- "@humanwhocodes/object-schema": "^2.0.2",
+ "@humanwhocodes/object-schema": "^2.0.3",
"debug": "^4.3.1",
"minimatch": "^3.0.5"
},
@@ -496,9 +499,11 @@
}
},
"node_modules/@humanwhocodes/object-schema": {
- "version": "2.0.2",
- "dev": true,
- "license": "BSD-3-Clause"
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz",
+ "integrity": "sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==",
+ "deprecated": "Use @eslint/object-schema instead",
+ "dev": true
},
"node_modules/@istanbuljs/schema": {
"version": "0.1.3",
@@ -1791,23 +1796,23 @@
"license": "MIT"
},
"node_modules/body-parser": {
- "version": "1.20.3",
- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz",
- "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==",
+ "version": "1.20.4",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
+ "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
"dev": true,
"dependencies": {
- "bytes": "3.1.2",
+ "bytes": "~3.1.2",
"content-type": "~1.0.5",
"debug": "2.6.9",
"depd": "2.0.0",
- "destroy": "1.2.0",
- "http-errors": "2.0.0",
- "iconv-lite": "0.4.24",
- "on-finished": "2.4.1",
- "qs": "6.13.0",
- "raw-body": "2.5.2",
+ "destroy": "~1.2.0",
+ "http-errors": "~2.0.1",
+ "iconv-lite": "~0.4.24",
+ "on-finished": "~2.4.1",
+ "qs": "~6.14.0",
+ "raw-body": "~2.5.3",
"type-is": "~1.6.18",
- "unpipe": "1.0.0"
+ "unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.8",
@@ -2021,36 +2026,33 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/call-bind": {
- "version": "1.0.7",
- "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
- "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
+ "node_modules/call-bind-apply-helpers": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+ "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
"dev": true,
"dependencies": {
- "es-define-property": "^1.0.0",
"es-errors": "^1.3.0",
- "function-bind": "^1.1.2",
- "get-intrinsic": "^1.2.4",
- "set-function-length": "^1.2.1"
+ "function-bind": "^1.1.2"
},
"engines": {
"node": ">= 0.4"
- },
- "funding": {
- "url": "https://github.com/sponsors/ljharb"
}
},
- "node_modules/call-bind-apply-helpers": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
- "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+ "node_modules/call-bound": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+ "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
"dev": true,
"dependencies": {
- "es-errors": "^1.3.0",
- "function-bind": "^1.1.2"
+ "call-bind-apply-helpers": "^1.0.2",
+ "get-intrinsic": "^1.3.0"
},
"engines": {
"node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/callsites": {
@@ -2912,23 +2914,6 @@
"node": ">=10"
}
},
- "node_modules/define-data-property": {
- "version": "1.1.4",
- "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
- "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
- "dev": true,
- "dependencies": {
- "es-define-property": "^1.0.0",
- "es-errors": "^1.3.0",
- "gopd": "^1.0.1"
- },
- "engines": {
- "node": ">= 0.4"
- },
- "funding": {
- "url": "https://github.com/sponsors/ljharb"
- }
- },
"node_modules/define-properties": {
"version": "1.1.3",
"dev": true,
@@ -3536,15 +3521,17 @@
}
},
"node_modules/eslint": {
- "version": "8.57.0",
+ "version": "8.57.1",
+ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz",
+ "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==",
+ "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.",
"dev": true,
- "license": "MIT",
"dependencies": {
"@eslint-community/eslint-utils": "^4.2.0",
"@eslint-community/regexpp": "^4.6.1",
"@eslint/eslintrc": "^2.1.4",
- "@eslint/js": "8.57.0",
- "@humanwhocodes/config-array": "^0.11.14",
+ "@eslint/js": "8.57.1",
+ "@humanwhocodes/config-array": "^0.13.0",
"@humanwhocodes/module-importer": "^1.0.1",
"@nodelib/fs.walk": "^1.2.8",
"@ungap/structured-clone": "^1.2.0",
@@ -5462,18 +5449,6 @@
"node": ">= 0.10"
}
},
- "node_modules/has-property-descriptors": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
- "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
- "dev": true,
- "dependencies": {
- "es-define-property": "^1.0.0"
- },
- "funding": {
- "url": "https://github.com/sponsors/ljharb"
- }
- },
"node_modules/has-symbol-support-x": {
"version": "1.4.2",
"dev": true,
@@ -5600,25 +5575,29 @@
"license": "BSD-2-Clause"
},
"node_modules/http-errors": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
- "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==",
+ "version": "2.0.1",
+ "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+ "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
"dev": true,
"dependencies": {
- "depd": "2.0.0",
- "inherits": "2.0.4",
- "setprototypeof": "1.2.0",
- "statuses": "2.0.1",
- "toidentifier": "1.0.1"
+ "depd": "~2.0.0",
+ "inherits": "~2.0.4",
+ "setprototypeof": "~1.2.0",
+ "statuses": "~2.0.2",
+ "toidentifier": "~1.0.1"
},
"engines": {
"node": ">= 0.8"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/express"
}
},
"node_modules/http-errors/node_modules/statuses": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
- "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+ "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
"dev": true,
"engines": {
"node": ">= 0.8"
@@ -6706,9 +6685,10 @@
}
},
"node_modules/lodash": {
- "version": "4.17.21",
- "dev": true,
- "license": "MIT"
+ "version": "4.17.23",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+ "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "dev": true
},
"node_modules/lodash._basecopy": {
"version": "3.0.1",
@@ -7456,9 +7436,9 @@
"dev": true
},
"node_modules/object-inspect": {
- "version": "1.13.2",
- "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz",
- "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==",
+ "version": "1.13.4",
+ "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+ "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
"dev": true,
"engines": {
"node": ">= 0.4"
@@ -8118,12 +8098,12 @@
}
},
"node_modules/qs": {
- "version": "6.13.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
- "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
+ "version": "6.14.1",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
+ "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
"dev": true,
"dependencies": {
- "side-channel": "^1.0.6"
+ "side-channel": "^1.1.0"
},
"engines": {
"node": ">=0.6"
@@ -8207,15 +8187,15 @@
}
},
"node_modules/raw-body": {
- "version": "2.5.2",
- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
- "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
+ "version": "2.5.3",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+ "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
"dev": true,
"dependencies": {
- "bytes": "3.1.2",
- "http-errors": "2.0.0",
- "iconv-lite": "0.4.24",
- "unpipe": "1.0.0"
+ "bytes": "~3.1.2",
+ "http-errors": "~2.0.1",
+ "iconv-lite": "~0.4.24",
+ "unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.8"
@@ -8799,23 +8779,6 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/set-function-length": {
- "version": "1.2.2",
- "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
- "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
- "dev": true,
- "dependencies": {
- "define-data-property": "^1.1.4",
- "es-errors": "^1.3.0",
- "function-bind": "^1.1.2",
- "get-intrinsic": "^1.2.4",
- "gopd": "^1.0.1",
- "has-property-descriptors": "^1.0.2"
- },
- "engines": {
- "node": ">= 0.4"
- }
- },
"node_modules/setprototypeof": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
@@ -8842,15 +8805,69 @@
}
},
"node_modules/side-channel": {
- "version": "1.0.6",
- "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz",
- "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==",
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+ "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+ "dev": true,
+ "dependencies": {
+ "es-errors": "^1.3.0",
+ "object-inspect": "^1.13.3",
+ "side-channel-list": "^1.0.0",
+ "side-channel-map": "^1.0.1",
+ "side-channel-weakmap": "^1.0.2"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/side-channel-list": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
+ "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+ "dev": true,
+ "dependencies": {
+ "es-errors": "^1.3.0",
+ "object-inspect": "^1.13.3"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/side-channel-map": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+ "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+ "dev": true,
+ "dependencies": {
+ "call-bound": "^1.0.2",
+ "es-errors": "^1.3.0",
+ "get-intrinsic": "^1.2.5",
+ "object-inspect": "^1.13.3"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/side-channel-weakmap": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+ "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.7",
+ "call-bound": "^1.0.2",
"es-errors": "^1.3.0",
- "get-intrinsic": "^1.2.4",
- "object-inspect": "^1.13.1"
+ "get-intrinsic": "^1.2.5",
+ "object-inspect": "^1.13.3",
+ "side-channel-map": "^1.0.1"
},
"engines": {
"node": ">= 0.4"
--
2.47.3
$ date
--- stdout ---
Thu Jan 29 18:59:17 UTC 2026
--- end ---
$ git clone file:///srv/git/oojs-core.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
622bafc73f95a0ee9b597346458bf3a35655edd6 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"bin-check": {
"name": "bin-check",
"severity": "high",
"isDirect": false,
"via": [
"execa"
],
"effects": [
"bin-wrapper"
],
"range": ">=4.1.0",
"nodes": [
"node_modules/bin-check"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-version": {
"name": "bin-version",
"severity": "high",
"isDirect": false,
"via": [
"find-versions"
],
"effects": [
"bin-version-check"
],
"range": "<=4.0.0",
"nodes": [
"node_modules/bin-version"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-version-check": {
"name": "bin-version-check",
"severity": "high",
"isDirect": false,
"via": [
"bin-version"
],
"effects": [
"bin-wrapper"
],
"range": "<=4.0.0",
"nodes": [
"node_modules/bin-version-check"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-wrapper": {
"name": "bin-wrapper",
"severity": "high",
"isDirect": false,
"via": [
"bin-check",
"bin-version-check",
"download"
],
"effects": [
"saucelabs"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/bin-wrapper"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2",
"nodes": [
"node_modules/body-parser"
],
"fixAvailable": true
},
"cacheable-request": {
"name": "cacheable-request",
"severity": "high",
"isDirect": false,
"via": [
"http-cache-semantics"
],
"effects": [
"got"
],
"range": "0.1.0 - 2.1.4",
"nodes": [
"node_modules/download/node_modules/cacheable-request"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"execa"
],
"range": "<6.0.6",
"nodes": [
"node_modules/execa/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"download": {
"name": "download",
"severity": "moderate",
"isDirect": false,
"via": [
"got"
],
"effects": [
"bin-wrapper"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/download"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112686,
"name": "eslint",
"dependency": "eslint",
"title": "eslint has a Stack Overflow when serializing objects with circular references",
"url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<9.26.0"
}
],
"effects": [
"eslint-config-wikimedia"
],
"range": "<9.26.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"execa": {
"name": "execa",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"bin-check"
],
"range": "0.5.0 - 0.9.0",
"nodes": [
"node_modules/execa"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"find-versions": {
"name": "find-versions",
"severity": "high",
"isDirect": false,
"via": [
"semver-regex"
],
"effects": [
"bin-version"
],
"range": "<=3.2.0",
"nodes": [
"node_modules/find-versions"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"got": {
"name": "got",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088948,
"name": "got",
"dependency": "got",
"title": "Got allows a redirect to a UNIX socket",
"url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
"severity": "moderate",
"cwe": [],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<11.8.5"
},
"cacheable-request"
],
"effects": [
"download"
],
"range": "<=11.8.3",
"nodes": [
"node_modules/download/node_modules/got"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"remap-istanbul"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"http-cache-semantics": {
"name": "http-cache-semantics",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1102456,
"name": "http-cache-semantics",
"dependency": "http-cache-semantics",
"title": "http-cache-semantics vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-rc47-6667-2j5j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.1.1"
}
],
"effects": [
"cacheable-request"
],
"range": "<4.1.1",
"nodes": [
"node_modules/download/node_modules/http-cache-semantics"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"karma-remap-istanbul": {
"name": "karma-remap-istanbul",
"severity": "high",
"isDirect": true,
"via": [
"remap-istanbul"
],
"effects": [],
"range": ">=0.0.3",
"nodes": [
"node_modules/karma-remap-istanbul"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"karma-sauce-launcher": {
"name": "karma-sauce-launcher",
"severity": "moderate",
"isDirect": true,
"via": [
"saucelabs"
],
"effects": [],
"range": ">=4.1.5",
"nodes": [
"node_modules/karma-sauce-launcher"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
}
],
"effects": [],
"range": "4.0.0 - 4.17.21",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106902,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util"
],
"range": "*",
"nodes": [
"node_modules/lodash.template"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/meow"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1111755,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.14.1"
}
],
"effects": [
"body-parser"
],
"range": "<6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"remap-istanbul": {
"name": "remap-istanbul",
"severity": "high",
"isDirect": false,
"via": [
"gulp-util"
],
"effects": [
"karma-remap-istanbul"
],
"range": "<=0.9.6",
"nodes": [
"node_modules/remap-istanbul"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"saucelabs": {
"name": "saucelabs",
"severity": "moderate",
"isDirect": false,
"via": [
"bin-wrapper"
],
"effects": [
"karma-sauce-launcher"
],
"range": "4.1.0 - 7.1.2",
"nodes": [
"node_modules/saucelabs"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"semver-regex": {
"name": "semver-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1092475,
"name": "semver-regex",
"dependency": "semver-regex",
"title": "semver-regex Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1092605,
"name": "semver-regex",
"dependency": "semver-regex",
"title": "Regular expression denial of service in semver-regex",
"url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch",
"severity": "low",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.4"
}
],
"effects": [
"find-versions"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/semver-regex"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 6,
"high": 19,
"critical": 0,
"total": 25
},
"dependencies": {
"prod": 1,
"dev": 942,
"optional": 3,
"peer": 1,
"peerOptional": 0,
"total": 942
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"bin-check": {
"name": "bin-check",
"severity": "high",
"isDirect": false,
"via": [
"execa"
],
"effects": [
"bin-wrapper"
],
"range": ">=4.1.0",
"nodes": [
"node_modules/bin-check"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-version": {
"name": "bin-version",
"severity": "high",
"isDirect": false,
"via": [
"find-versions"
],
"effects": [
"bin-version-check"
],
"range": "<=4.0.0",
"nodes": [
"node_modules/bin-version"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-version-check": {
"name": "bin-version-check",
"severity": "high",
"isDirect": false,
"via": [
"bin-version"
],
"effects": [
"bin-wrapper"
],
"range": "<=4.0.0",
"nodes": [
"node_modules/bin-version-check"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-wrapper": {
"name": "bin-wrapper",
"severity": "high",
"isDirect": false,
"via": [
"bin-check",
"bin-version-check",
"download"
],
"effects": [
"saucelabs"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/bin-wrapper"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2",
"nodes": [
"node_modules/body-parser"
],
"fixAvailable": true
},
"cacheable-request": {
"name": "cacheable-request",
"severity": "high",
"isDirect": false,
"via": [
"http-cache-semantics"
],
"effects": [
"got"
],
"range": "0.1.0 - 2.1.4",
"nodes": [
"node_modules/download/node_modules/cacheable-request"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"execa"
],
"range": "<6.0.6",
"nodes": [
"node_modules/execa/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"download": {
"name": "download",
"severity": "moderate",
"isDirect": false,
"via": [
"got"
],
"effects": [
"bin-wrapper"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/download"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112686,
"name": "eslint",
"dependency": "eslint",
"title": "eslint has a Stack Overflow when serializing objects with circular references",
"url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<9.26.0"
}
],
"effects": [
"eslint-config-wikimedia"
],
"range": "<9.26.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"execa": {
"name": "execa",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"bin-check"
],
"range": "0.5.0 - 0.9.0",
"nodes": [
"node_modules/execa"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"find-versions": {
"name": "find-versions",
"severity": "high",
"isDirect": false,
"via": [
"semver-regex"
],
"effects": [
"bin-version"
],
"range": "<=3.2.0",
"nodes": [
"node_modules/find-versions"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"got": {
"name": "got",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088948,
"name": "got",
"dependency": "got",
"title": "Got allows a redirect to a UNIX socket",
"url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
"severity": "moderate",
"cwe": [],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<11.8.5"
},
"cacheable-request"
],
"effects": [
"download"
],
"range": "<=11.8.3",
"nodes": [
"node_modules/download/node_modules/got"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"remap-istanbul"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"http-cache-semantics": {
"name": "http-cache-semantics",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1102456,
"name": "http-cache-semantics",
"dependency": "http-cache-semantics",
"title": "http-cache-semantics vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-rc47-6667-2j5j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.1.1"
}
],
"effects": [
"cacheable-request"
],
"range": "<4.1.1",
"nodes": [
"node_modules/download/node_modules/http-cache-semantics"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"karma-remap-istanbul": {
"name": "karma-remap-istanbul",
"severity": "high",
"isDirect": true,
"via": [
"remap-istanbul"
],
"effects": [],
"range": ">=0.0.3",
"nodes": [
"node_modules/karma-remap-istanbul"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"karma-sauce-launcher": {
"name": "karma-sauce-launcher",
"severity": "moderate",
"isDirect": true,
"via": [
"saucelabs"
],
"effects": [],
"range": ">=4.1.5",
"nodes": [
"node_modules/karma-sauce-launcher"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
}
],
"effects": [],
"range": "4.0.0 - 4.17.21",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106902,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util"
],
"range": "*",
"nodes": [
"node_modules/lodash.template"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/meow"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1111755,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.14.1"
}
],
"effects": [
"body-parser"
],
"range": "<6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"remap-istanbul": {
"name": "remap-istanbul",
"severity": "high",
"isDirect": false,
"via": [
"gulp-util"
],
"effects": [
"karma-remap-istanbul"
],
"range": "<=0.9.6",
"nodes": [
"node_modules/remap-istanbul"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"saucelabs": {
"name": "saucelabs",
"severity": "moderate",
"isDirect": false,
"via": [
"bin-wrapper"
],
"effects": [
"karma-sauce-launcher"
],
"range": "4.1.0 - 7.1.2",
"nodes": [
"node_modules/saucelabs"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"semver-regex": {
"name": "semver-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1092475,
"name": "semver-regex",
"dependency": "semver-regex",
"title": "semver-regex Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1092605,
"name": "semver-regex",
"dependency": "semver-regex",
"title": "Regular expression denial of service in semver-regex",
"url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch",
"severity": "low",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.4"
}
],
"effects": [
"find-versions"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/semver-regex"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 6,
"high": 19,
"critical": 0,
"total": 25
},
"dependencies": {
"prod": 1,
"dev": 942,
"optional": 3,
"peer": 1,
"peerOptional": 0,
"total": 942
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 942,
"removed": 0,
"changed": 0,
"audited": 943,
"funding": 117,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"bin-check": {
"name": "bin-check",
"severity": "high",
"isDirect": false,
"via": [
"execa"
],
"effects": [
"bin-wrapper"
],
"range": ">=4.1.0",
"nodes": [
"node_modules/bin-check"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-version": {
"name": "bin-version",
"severity": "high",
"isDirect": false,
"via": [
"find-versions"
],
"effects": [
"bin-version-check"
],
"range": "<=4.0.0",
"nodes": [
"node_modules/bin-version"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-version-check": {
"name": "bin-version-check",
"severity": "high",
"isDirect": false,
"via": [
"bin-version"
],
"effects": [
"bin-wrapper"
],
"range": "<=4.0.0",
"nodes": [
"node_modules/bin-version-check"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"bin-wrapper": {
"name": "bin-wrapper",
"severity": "high",
"isDirect": false,
"via": [
"bin-check",
"bin-version-check",
"download"
],
"effects": [
"saucelabs"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/bin-wrapper"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2",
"nodes": [
""
],
"fixAvailable": true
},
"cacheable-request": {
"name": "cacheable-request",
"severity": "high",
"isDirect": false,
"via": [
"http-cache-semantics"
],
"effects": [
"got"
],
"range": "0.1.0 - 2.1.4",
"nodes": [
"node_modules/download/node_modules/cacheable-request"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"execa"
],
"range": "<6.0.6",
"nodes": [
"node_modules/execa/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"download": {
"name": "download",
"severity": "moderate",
"isDirect": false,
"via": [
"got"
],
"effects": [
"bin-wrapper"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/download"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112686,
"name": "eslint",
"dependency": "eslint",
"title": "eslint has a Stack Overflow when serializing objects with circular references",
"url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<9.26.0"
}
],
"effects": [
"eslint-config-wikimedia"
],
"range": "<9.26.0",
"nodes": [
"",
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"execa": {
"name": "execa",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"bin-check"
],
"range": "0.5.0 - 0.9.0",
"nodes": [
"node_modules/execa"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"find-versions": {
"name": "find-versions",
"severity": "high",
"isDirect": false,
"via": [
"semver-regex"
],
"effects": [
"bin-version"
],
"range": "<=3.2.0",
"nodes": [
"node_modules/find-versions"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"got": {
"name": "got",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088948,
"name": "got",
"dependency": "got",
"title": "Got allows a redirect to a UNIX socket",
"url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
"severity": "moderate",
"cwe": [],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<11.8.5"
},
"cacheable-request"
],
"effects": [
"download"
],
"range": "<=11.8.3",
"nodes": [
"node_modules/download/node_modules/got"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"gulp-util": {
"name": "gulp-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash.template"
],
"effects": [
"remap-istanbul"
],
"range": ">=1.1.0",
"nodes": [
"node_modules/gulp-util"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"http-cache-semantics": {
"name": "http-cache-semantics",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1102456,
"name": "http-cache-semantics",
"dependency": "http-cache-semantics",
"title": "http-cache-semantics vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-rc47-6667-2j5j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.1.1"
}
],
"effects": [
"cacheable-request"
],
"range": "<4.1.1",
"nodes": [
"node_modules/download/node_modules/http-cache-semantics"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"karma-remap-istanbul": {
"name": "karma-remap-istanbul",
"severity": "high",
"isDirect": true,
"via": [
"remap-istanbul"
],
"effects": [],
"range": ">=0.0.3",
"nodes": [
"node_modules/karma-remap-istanbul"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"karma-sauce-launcher": {
"name": "karma-sauce-launcher",
"severity": "moderate",
"isDirect": true,
"via": [
"saucelabs"
],
"effects": [],
"range": ">=4.1.5",
"nodes": [
"node_modules/karma-sauce-launcher"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
}
],
"effects": [],
"range": "4.0.0 - 4.17.21",
"nodes": [
""
],
"fixAvailable": true
},
"lodash.template": {
"name": "lodash.template",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106902,
"name": "lodash.template",
"dependency": "lodash.template",
"title": "Command Injection in lodash",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-94"
],
"cvss": {
"score": 7.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=4.5.0"
}
],
"effects": [
"gulp-util"
],
"range": "*",
"nodes": [
"node_modules/lodash.template"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/meow"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1111755,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.14.1"
}
],
"effects": [
"body-parser"
],
"range": "<6.14.1",
"nodes": [
""
],
"fixAvailable": true
},
"remap-istanbul": {
"name": "remap-istanbul",
"severity": "high",
"isDirect": false,
"via": [
"gulp-util"
],
"effects": [
"karma-remap-istanbul"
],
"range": "<=0.9.6",
"nodes": [
"node_modules/remap-istanbul"
],
"fixAvailable": {
"name": "karma-remap-istanbul",
"version": "0.0.2",
"isSemVerMajor": true
}
},
"saucelabs": {
"name": "saucelabs",
"severity": "moderate",
"isDirect": false,
"via": [
"bin-wrapper"
],
"effects": [
"karma-sauce-launcher"
],
"range": "4.1.0 - 7.1.2",
"nodes": [
"node_modules/saucelabs"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"semver-regex": {
"name": "semver-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1092475,
"name": "semver-regex",
"dependency": "semver-regex",
"title": "semver-regex Regular Expression Denial of Service (ReDOS)",
"url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1092605,
"name": "semver-regex",
"dependency": "semver-regex",
"title": "Regular expression denial of service in semver-regex",
"url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch",
"severity": "low",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.4"
}
],
"effects": [
"find-versions"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/semver-regex"
],
"fixAvailable": {
"name": "karma-sauce-launcher",
"version": "4.1.4",
"isSemVerMajor": true
}
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 6,
"high": 19,
"critical": 0,
"total": 25
},
"dependencies": {
"prod": 1,
"dev": 942,
"optional": 3,
"peer": 1,
"peerOptional": 0,
"total": 942
}
}
}
}
--- end ---
{"added": 942, "removed": 0, "changed": 0, "audited": 943, "funding": 117, "audit": {"auditReportVersion": 2, "vulnerabilities": {"bin-check": {"name": "bin-check", "severity": "high", "isDirect": false, "via": ["execa"], "effects": ["bin-wrapper"], "range": ">=4.1.0", "nodes": ["node_modules/bin-check"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "bin-version": {"name": "bin-version", "severity": "high", "isDirect": false, "via": ["find-versions"], "effects": ["bin-version-check"], "range": "<=4.0.0", "nodes": ["node_modules/bin-version"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "bin-version-check": {"name": "bin-version-check", "severity": "high", "isDirect": false, "via": ["bin-version"], "effects": ["bin-wrapper"], "range": "<=4.0.0", "nodes": ["node_modules/bin-version-check"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "bin-wrapper": {"name": "bin-wrapper", "severity": "high", "isDirect": false, "via": ["bin-check", "bin-version-check", "download"], "effects": ["saucelabs"], "range": ">=0.4.0", "nodes": ["node_modules/bin-wrapper"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "body-parser": {"name": "body-parser", "severity": "high", "isDirect": false, "via": ["qs"], "effects": [], "range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2", "nodes": [""], "fixAvailable": true}, "cacheable-request": {"name": "cacheable-request", "severity": "high", "isDirect": false, "via": ["http-cache-semantics"], "effects": ["got"], "range": "0.1.0 - 2.1.4", "nodes": ["node_modules/download/node_modules/cacheable-request"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["execa"], "range": "<6.0.6", "nodes": ["node_modules/execa/node_modules/cross-spawn"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "download": {"name": "download", "severity": "moderate", "isDirect": false, "via": ["got"], "effects": ["bin-wrapper"], "range": ">=4.0.0", "nodes": ["node_modules/download"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "eslint": {"name": "eslint", "severity": "moderate", "isDirect": false, "via": [{"source": 1112686, "name": "eslint", "dependency": "eslint", "title": "eslint has a Stack Overflow when serializing objects with circular references", "url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<9.26.0"}], "effects": ["eslint-config-wikimedia"], "range": "<9.26.0", "nodes": ["", "node_modules/eslint"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint"], "effects": [], "range": ">=0.9.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "execa": {"name": "execa", "severity": "high", "isDirect": false, "via": ["cross-spawn"], "effects": ["bin-check"], "range": "0.5.0 - 0.9.0", "nodes": ["node_modules/execa"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "find-versions": {"name": "find-versions", "severity": "high", "isDirect": false, "via": ["semver-regex"], "effects": ["bin-version"], "range": "<=3.2.0", "nodes": ["node_modules/find-versions"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "got": {"name": "got", "severity": "high", "isDirect": false, "via": [{"source": 1088948, "name": "got", "dependency": "got", "title": "Got allows a redirect to a UNIX socket", "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97", "severity": "moderate", "cwe": [], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<11.8.5"}, "cacheable-request"], "effects": ["download"], "range": "<=11.8.3", "nodes": ["node_modules/download/node_modules/got"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "gulp-util": {"name": "gulp-util", "severity": "high", "isDirect": false, "via": ["lodash.template"], "effects": ["remap-istanbul"], "range": ">=1.1.0", "nodes": ["node_modules/gulp-util"], "fixAvailable": {"name": "karma-remap-istanbul", "version": "0.0.2", "isSemVerMajor": true}}, "http-cache-semantics": {"name": "http-cache-semantics", "severity": "high", "isDirect": false, "via": [{"source": 1102456, "name": "http-cache-semantics", "dependency": "http-cache-semantics", "title": "http-cache-semantics vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-rc47-6667-2j5j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<4.1.1"}], "effects": ["cacheable-request"], "range": "<4.1.1", "nodes": ["node_modules/download/node_modules/http-cache-semantics"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "karma-remap-istanbul": {"name": "karma-remap-istanbul", "severity": "high", "isDirect": true, "via": ["remap-istanbul"], "effects": [], "range": ">=0.0.3", "nodes": ["node_modules/karma-remap-istanbul"], "fixAvailable": {"name": "karma-remap-istanbul", "version": "0.0.2", "isSemVerMajor": true}}, "karma-sauce-launcher": {"name": "karma-sauce-launcher", "severity": "moderate", "isDirect": true, "via": ["saucelabs"], "effects": [], "range": ">=4.1.5", "nodes": ["node_modules/karma-sauce-launcher"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "lodash": {"name": "lodash", "severity": "moderate", "isDirect": false, "via": [{"source": 1112455, "name": "lodash", "dependency": "lodash", "title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions", "url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=4.0.0 <=4.17.22"}], "effects": [], "range": "4.0.0 - 4.17.21", "nodes": [""], "fixAvailable": true}, "lodash.template": {"name": "lodash.template", "severity": "high", "isDirect": false, "via": [{"source": 1106902, "name": "lodash.template", "dependency": "lodash.template", "title": "Command Injection in lodash", "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "severity": "high", "cwe": ["CWE-77", "CWE-94"], "cvss": {"score": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=4.5.0"}], "effects": ["gulp-util"], "range": "*", "nodes": ["node_modules/lodash.template"], "fixAvailable": {"name": "karma-remap-istanbul", "version": "0.0.2", "isSemVerMajor": true}}, "meow": {"name": "meow", "severity": "high", "isDirect": false, "via": ["trim-newlines"], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": ["node_modules/meow"], "fixAvailable": true}, "qs": {"name": "qs", "severity": "high", "isDirect": false, "via": [{"source": 1111755, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "high", "cwe": ["CWE-20"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.14.1"}], "effects": ["body-parser"], "range": "<6.14.1", "nodes": [""], "fixAvailable": true}, "remap-istanbul": {"name": "remap-istanbul", "severity": "high", "isDirect": false, "via": ["gulp-util"], "effects": ["karma-remap-istanbul"], "range": "<=0.9.6", "nodes": ["node_modules/remap-istanbul"], "fixAvailable": {"name": "karma-remap-istanbul", "version": "0.0.2", "isSemVerMajor": true}}, "saucelabs": {"name": "saucelabs", "severity": "moderate", "isDirect": false, "via": ["bin-wrapper"], "effects": ["karma-sauce-launcher"], "range": "4.1.0 - 7.1.2", "nodes": ["node_modules/saucelabs"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "semver-regex": {"name": "semver-regex", "severity": "high", "isDirect": false, "via": [{"source": 1092475, "name": "semver-regex", "dependency": "semver-regex", "title": "semver-regex Regular Expression Denial of Service (ReDOS)", "url": "https://github.com/advisories/GHSA-44c6-4v22-4mhx", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1092605, "name": "semver-regex", "dependency": "semver-regex", "title": "Regular expression denial of service in semver-regex", "url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch", "severity": "low", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.4"}], "effects": ["find-versions"], "range": "<=3.1.3", "nodes": ["node_modules/semver-regex"], "fixAvailable": {"name": "karma-sauce-launcher", "version": "4.1.4", "isSemVerMajor": true}}, "trim-newlines": {"name": "trim-newlines", "severity": "high", "isDirect": false, "via": [{"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}], "effects": ["meow"], "range": "<3.0.1", "nodes": ["node_modules/trim-newlines"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 6, "high": 19, "critical": 0, "total": 25}, "dependencies": {"prod": 1, "dev": 942, "optional": 3, "peer": 1, "peerOptional": 0, "total": 942}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 941 packages, and audited 942 packages in 22s
117 packages are looking for funding
run `npm fund` for details
# npm audit report
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install karma-sauce-launcher@4.1.4, which is a breaking change
node_modules/execa/node_modules/cross-spawn
execa 0.5.0 - 0.9.0
Depends on vulnerable versions of cross-spawn
node_modules/execa
bin-check >=4.1.0
Depends on vulnerable versions of execa
node_modules/bin-check
bin-wrapper >=0.4.0
Depends on vulnerable versions of bin-check
Depends on vulnerable versions of bin-version-check
Depends on vulnerable versions of download
node_modules/bin-wrapper
saucelabs 4.1.0 - 7.1.2
Depends on vulnerable versions of bin-wrapper
node_modules/saucelabs
karma-sauce-launcher >=4.1.5
Depends on vulnerable versions of saucelabs
node_modules/karma-sauce-launcher
eslint <9.26.0
Severity: moderate
eslint has a Stack Overflow when serializing objects with circular references - https://github.com/advisories/GHSA-p5wg-g6qr-c7cg
fix available via `npm audit fix --force`
Will install eslint-config-wikimedia@0.8.1, which is a breaking change
node_modules/eslint
eslint-config-wikimedia >=0.9.0
Depends on vulnerable versions of eslint
node_modules/eslint-config-wikimedia
got <=11.8.3
Severity: high
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
Depends on vulnerable versions of cacheable-request
fix available via `npm audit fix --force`
Will install karma-sauce-launcher@4.1.4, which is a breaking change
node_modules/download/node_modules/got
download >=4.0.0
Depends on vulnerable versions of got
node_modules/download
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix --force`
Will install karma-sauce-launcher@4.1.4, which is a breaking change
node_modules/download/node_modules/http-cache-semantics
cacheable-request 0.1.0 - 2.1.4
Depends on vulnerable versions of http-cache-semantics
node_modules/download/node_modules/cacheable-request
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix --force`
Will install karma-remap-istanbul@0.0.2, which is a breaking change
node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp-util
remap-istanbul <=0.9.6
Depends on vulnerable versions of gulp-util
node_modules/remap-istanbul
karma-remap-istanbul >=0.0.3
Depends on vulnerable versions of remap-istanbul
node_modules/karma-remap-istanbul
semver-regex <=3.1.3
Severity: high
semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx
Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch
fix available via `npm audit fix --force`
Will install karma-sauce-launcher@4.1.4, which is a breaking change
node_modules/semver-regex
find-versions <=3.2.0
Depends on vulnerable versions of semver-regex
node_modules/find-versions
bin-version <=4.0.0
Depends on vulnerable versions of find-versions
node_modules/bin-version
bin-version-check <=4.0.0
Depends on vulnerable versions of bin-version
node_modules/bin-version-check
trim-newlines <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix`
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
22 vulnerabilities (5 moderate, 17 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 941 packages, and audited 942 packages in 19s
117 packages are looking for funding
run `npm fund` for details
22 vulnerabilities (5 moderate, 17 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
(node:160) Warning: Accessing non-existent property 'VERSION' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---
> oojs@7.0.1 test
> npm run build-dev && karma start && qunit --require ./tests/setup-node tests/unit/ && npm run lint && npm run doc
> oojs@7.0.1 build-dev
> grunt build-dev
Running "set-meta" task
Running "set-dev" task
Running "clean:dist" (clean) task
>> 0 paths cleaned.
Running "concat:dev" (concat) task
Done.
29 01 2026 19:00:14.801:INFO [karma-server]: Karma v6.3.18 server started at http://localhost:9876/
29 01 2026 19:00:14.802:INFO [launcher]: Launching browsers FirefoxHeadless, ChromeCustom with concurrency unlimited
29 01 2026 19:00:14.806:INFO [launcher]: Starting browser FirefoxHeadless
29 01 2026 19:00:15.532:INFO [launcher]: Starting browser ChromeHeadless
29 01 2026 19:00:21.596:INFO [Chrome Headless 142.0.0.0 (Linux x86_64)]: Connected on socket 8Lh5njRtzC5tJvL8AAAB with id 75160858
Chrome Headless 142.0.0.0 (Linux x86_64) WARN: 'QUnit.load is deprecated and will be removed in QUnit 3.0. https://qunitjs.com/api/QUnit/load/'
Chrome Headless 142.0.0.0 (Linux x86_64) WARN: 'QUnit.load is deprecated and will be removed in QUnit 3.0. https://qunitjs.com/api/QUnit/load/'
............................................................
Chrome Headless 142.0.0.0 (Linux x86_64): Executed 60 of 60 SUCCESS (0.143 secs / 0.11 secs)
29 01 2026 19:00:24.102:INFO [Firefox 140.0 (Linux x86_64)]: Connected on socket kaYfLTywZeKCUvvYAAAD with id 78778683
WARN: 'QUnit.load is deprecated and will be removed in QUnit 3.0. https://qunitjs.com/api/QUnit/load/'
WARN: 'QUnit.load is deprecated and will be removed in QUnit 3.0. https://qunitjs.com/api/QUnit/load/'
............................................................
Firefox 140.0 (Linux x86_64): Executed 60 of 60 SUCCESS (0.153 secs / 0.121 secs)
TOTAL: 120 SUCCESS
TOTAL: 120 SUCCESS
=============================== Coverage summary ===============================
Statements : 100% ( 446/446 )
Branches : 100% ( 270/270 )
Functions : 100% ( 60/60 )
Lines : 100% ( 429/429 )
================================================================================
TAP version 13
ok 1 EmitterList > addItems
ok 2 EmitterList > moveItem
ok 3 EmitterList > clearItems
ok 4 EmitterList > removeItems
ok 5 EmitterList > aggregate
ok 6 EmitterList > Events
ok 7 EventEmitter > on
ok 8 EventEmitter > once
ok 9 EventEmitter > once - nested
ok 10 EventEmitter > once - off
ok 11 EventEmitter > emit
ok 12 EventEmitter > off
ok 13 EventEmitter > connect
ok 14 EventEmitter > disconnect( host )
ok 15 EventEmitter > disconnect( host, methods )
ok 16 EventEmitter > disconnect( host, array methods )
ok 17 EventEmitter > disconnect( host, unbound methods )
ok 18 EventEmitter > chainable
ok 19 Factory > invalid registration
ok 20 Factory > registeration and lookup [Class.key]
ok 21 Factory > registeration and lookup [Class.static.name]
ok 22 Factory > registeration and lookup [key and name]
ok 23 Factory > registeration and lookup [unknown]
ok 24 Factory > invalid creation
ok 25 Factory > valid creation
ok 26 Registry > register/unregister
ok 27 Registry > lookup
ok 28 SortedEmitterList > addItems
ok 29 SortedEmitterList > Events
ok 30 core > initClass
ok 31 core > inheritClass
ok 32 core > mixinClass
ok 33 core > isSubclass
ok 34 core > getProp( Object )
ok 35 core > getProp( Function )
ok 36 core > getProp( Array )
ok 37 core > setProp( Object )
ok 38 core > setProp( Function )
ok 39 core > setProp( Array )
ok 40 core > deleteProp( Object )
ok 41 core > deleteProp( Function )
ok 42 core > deleteProp( Array )
ok 43 core > cloneObject
ok 44 core > getObjectValues
ok 45 core > binarySearch
ok 46 core > compare
ok 47 core > compare( Node, Node )
ok 48 core > compare( Object, Object, Boolean asymmetrical )
ok 49 core > copy( source )
ok 50 core > copy( source, Function leafCallback )
ok 51 core > copy( source, Function leafCallback, Function nodeCallback )
ok 52 core > getHash: Basic usage
ok 53 core > getHash: Complex usage
ok 54 core > unique
ok 55 core > simpleArrayUnion
ok 56 core > simpleArrayIntersection
ok 57 core > simpleArrayDifference
ok 58 util > isPlainObject
1..58
# pass 58
# skip 0
# todo 0
# fail 0
> oojs@7.0.1 lint
> eslint --cache .
> oojs@7.0.1 doc
> jsdoc -c jsdoc.json
--- end ---
{"1111755": {"source": 1111755, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "high", "cwe": ["CWE-20"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.14.1"}}
Upgrading n:body-parser from 1.20.3 -> 1.20.4
{"1112455": {"source": 1112455, "name": "lodash", "dependency": "lodash", "title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions", "url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=4.0.0 <=4.17.22"}}
Upgrading n:lodash from 4.17.21 -> 4.17.23
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
{"1111755": {"source": 1111755, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "high", "cwe": ["CWE-20"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.14.1"}}
Upgrading n:qs from 6.13.0 -> 6.14.1
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* body-parser: 1.20.3 → 1.20.4
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
* lodash: 4.17.21 → 4.17.23
* https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
* qs: 6.13.0 → 6.14.1
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpbr7kveob
--- stdout ---
[master 2f943fa] build: Updating npm dependencies
1 file changed, 137 insertions(+), 120 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 2f943fab40443dcf47d4ddef688779bb4391e4a7 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 29 Jan 2026 19:00:33 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* body-parser: 1.20.3 → 1.20.4
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
* lodash: 4.17.21 → 4.17.23
* https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
* qs: 6.13.0 → 6.14.1
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
Change-Id: I82a6e4677d175315553e3177f9c1b83babf31733
---
package-lock.json | 257 ++++++++++++++++++++++++----------------------
1 file changed, 137 insertions(+), 120 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index a44e7d6..a75cc5e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -463,19 +463,22 @@
}
},
"node_modules/@eslint/js": {
- "version": "8.57.0",
+ "version": "8.57.1",
+ "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.1.tgz",
+ "integrity": "sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==",
"dev": true,
- "license": "MIT",
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
}
},
"node_modules/@humanwhocodes/config-array": {
- "version": "0.11.14",
+ "version": "0.13.0",
+ "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.13.0.tgz",
+ "integrity": "sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw==",
+ "deprecated": "Use @eslint/config-array instead",
"dev": true,
- "license": "Apache-2.0",
"dependencies": {
- "@humanwhocodes/object-schema": "^2.0.2",
+ "@humanwhocodes/object-schema": "^2.0.3",
"debug": "^4.3.1",
"minimatch": "^3.0.5"
},
@@ -496,9 +499,11 @@
}
},
"node_modules/@humanwhocodes/object-schema": {
- "version": "2.0.2",
- "dev": true,
- "license": "BSD-3-Clause"
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz",
+ "integrity": "sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==",
+ "deprecated": "Use @eslint/object-schema instead",
+ "dev": true
},
"node_modules/@istanbuljs/schema": {
"version": "0.1.3",
@@ -1791,23 +1796,23 @@
"license": "MIT"
},
"node_modules/body-parser": {
- "version": "1.20.3",
- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz",
- "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==",
+ "version": "1.20.4",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
+ "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
"dev": true,
"dependencies": {
- "bytes": "3.1.2",
+ "bytes": "~3.1.2",
"content-type": "~1.0.5",
"debug": "2.6.9",
"depd": "2.0.0",
- "destroy": "1.2.0",
- "http-errors": "2.0.0",
- "iconv-lite": "0.4.24",
- "on-finished": "2.4.1",
- "qs": "6.13.0",
- "raw-body": "2.5.2",
+ "destroy": "~1.2.0",
+ "http-errors": "~2.0.1",
+ "iconv-lite": "~0.4.24",
+ "on-finished": "~2.4.1",
+ "qs": "~6.14.0",
+ "raw-body": "~2.5.3",
"type-is": "~1.6.18",
- "unpipe": "1.0.0"
+ "unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.8",
@@ -2021,36 +2026,33 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/call-bind": {
- "version": "1.0.7",
- "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
- "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
+ "node_modules/call-bind-apply-helpers": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+ "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
"dev": true,
"dependencies": {
- "es-define-property": "^1.0.0",
"es-errors": "^1.3.0",
- "function-bind": "^1.1.2",
- "get-intrinsic": "^1.2.4",
- "set-function-length": "^1.2.1"
+ "function-bind": "^1.1.2"
},
"engines": {
"node": ">= 0.4"
- },
- "funding": {
- "url": "https://github.com/sponsors/ljharb"
}
},
- "node_modules/call-bind-apply-helpers": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
- "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+ "node_modules/call-bound": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+ "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
"dev": true,
"dependencies": {
- "es-errors": "^1.3.0",
- "function-bind": "^1.1.2"
+ "call-bind-apply-helpers": "^1.0.2",
+ "get-intrinsic": "^1.3.0"
},
"engines": {
"node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/callsites": {
@@ -2912,23 +2914,6 @@
"node": ">=10"
}
},
- "node_modules/define-data-property": {
- "version": "1.1.4",
- "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
- "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
- "dev": true,
- "dependencies": {
- "es-define-property": "^1.0.0",
- "es-errors": "^1.3.0",
- "gopd": "^1.0.1"
- },
- "engines": {
- "node": ">= 0.4"
- },
- "funding": {
- "url": "https://github.com/sponsors/ljharb"
- }
- },
"node_modules/define-properties": {
"version": "1.1.3",
"dev": true,
@@ -3536,15 +3521,17 @@
}
},
"node_modules/eslint": {
- "version": "8.57.0",
+ "version": "8.57.1",
+ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz",
+ "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==",
+ "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.",
"dev": true,
- "license": "MIT",
"dependencies": {
"@eslint-community/eslint-utils": "^4.2.0",
"@eslint-community/regexpp": "^4.6.1",
"@eslint/eslintrc": "^2.1.4",
- "@eslint/js": "8.57.0",
- "@humanwhocodes/config-array": "^0.11.14",
+ "@eslint/js": "8.57.1",
+ "@humanwhocodes/config-array": "^0.13.0",
"@humanwhocodes/module-importer": "^1.0.1",
"@nodelib/fs.walk": "^1.2.8",
"@ungap/structured-clone": "^1.2.0",
@@ -5462,18 +5449,6 @@
"node": ">= 0.10"
}
},
- "node_modules/has-property-descriptors": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
- "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
- "dev": true,
- "dependencies": {
- "es-define-property": "^1.0.0"
- },
- "funding": {
- "url": "https://github.com/sponsors/ljharb"
- }
- },
"node_modules/has-symbol-support-x": {
"version": "1.4.2",
"dev": true,
@@ -5600,25 +5575,29 @@
"license": "BSD-2-Clause"
},
"node_modules/http-errors": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
- "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==",
+ "version": "2.0.1",
+ "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+ "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
"dev": true,
"dependencies": {
- "depd": "2.0.0",
- "inherits": "2.0.4",
- "setprototypeof": "1.2.0",
- "statuses": "2.0.1",
- "toidentifier": "1.0.1"
+ "depd": "~2.0.0",
+ "inherits": "~2.0.4",
+ "setprototypeof": "~1.2.0",
+ "statuses": "~2.0.2",
+ "toidentifier": "~1.0.1"
},
"engines": {
"node": ">= 0.8"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/express"
}
},
"node_modules/http-errors/node_modules/statuses": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
- "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+ "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
"dev": true,
"engines": {
"node": ">= 0.8"
@@ -6706,9 +6685,10 @@
}
},
"node_modules/lodash": {
- "version": "4.17.21",
- "dev": true,
- "license": "MIT"
+ "version": "4.17.23",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+ "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "dev": true
},
"node_modules/lodash._basecopy": {
"version": "3.0.1",
@@ -7456,9 +7436,9 @@
"dev": true
},
"node_modules/object-inspect": {
- "version": "1.13.2",
- "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz",
- "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==",
+ "version": "1.13.4",
+ "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+ "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
"dev": true,
"engines": {
"node": ">= 0.4"
@@ -8118,12 +8098,12 @@
}
},
"node_modules/qs": {
- "version": "6.13.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
- "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
+ "version": "6.14.1",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
+ "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
"dev": true,
"dependencies": {
- "side-channel": "^1.0.6"
+ "side-channel": "^1.1.0"
},
"engines": {
"node": ">=0.6"
@@ -8207,15 +8187,15 @@
}
},
"node_modules/raw-body": {
- "version": "2.5.2",
- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
- "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
+ "version": "2.5.3",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+ "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
"dev": true,
"dependencies": {
- "bytes": "3.1.2",
- "http-errors": "2.0.0",
- "iconv-lite": "0.4.24",
- "unpipe": "1.0.0"
+ "bytes": "~3.1.2",
+ "http-errors": "~2.0.1",
+ "iconv-lite": "~0.4.24",
+ "unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.8"
@@ -8799,23 +8779,6 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/set-function-length": {
- "version": "1.2.2",
- "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
- "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
- "dev": true,
- "dependencies": {
- "define-data-property": "^1.1.4",
- "es-errors": "^1.3.0",
- "function-bind": "^1.1.2",
- "get-intrinsic": "^1.2.4",
- "gopd": "^1.0.1",
- "has-property-descriptors": "^1.0.2"
- },
- "engines": {
- "node": ">= 0.4"
- }
- },
"node_modules/setprototypeof": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
@@ -8842,15 +8805,69 @@
}
},
"node_modules/side-channel": {
- "version": "1.0.6",
- "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz",
- "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==",
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+ "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+ "dev": true,
+ "dependencies": {
+ "es-errors": "^1.3.0",
+ "object-inspect": "^1.13.3",
+ "side-channel-list": "^1.0.0",
+ "side-channel-map": "^1.0.1",
+ "side-channel-weakmap": "^1.0.2"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/side-channel-list": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
+ "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+ "dev": true,
+ "dependencies": {
+ "es-errors": "^1.3.0",
+ "object-inspect": "^1.13.3"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/side-channel-map": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+ "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+ "dev": true,
+ "dependencies": {
+ "call-bound": "^1.0.2",
+ "es-errors": "^1.3.0",
+ "get-intrinsic": "^1.2.5",
+ "object-inspect": "^1.13.3"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/side-channel-weakmap": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+ "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
"dev": true,
"dependencies": {
- "call-bind": "^1.0.7",
+ "call-bound": "^1.0.2",
"es-errors": "^1.3.0",
- "get-intrinsic": "^1.2.4",
- "object-inspect": "^1.13.1"
+ "get-intrinsic": "^1.2.5",
+ "object-inspect": "^1.13.3",
+ "side-channel-map": "^1.0.1"
},
"engines": {
"node": ">= 0.4"
--
2.47.3
--- end ---