This run took 10 seconds.
$ date
--- stdout ---
Sat Feb 21 14:23:22 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-GraphQL.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
2f4920cfdf82c71ea3df8af3f5fe735c28b5ebdf refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/helpers": {
"name": "@babel/helpers",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104001,
"name": "@babel/helpers",
"dependency": "@babel/helpers",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/helpers"
],
"fixAvailable": true
},
"@babel/traverse": {
"name": "@babel/traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096886,
"name": "@babel/traverse",
"dependency": "@babel/traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [],
"range": "<7.23.2",
"nodes": [
"node_modules/@babel/traverse"
],
"fixAvailable": true
},
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint",
"eslint-plugin-unicorn"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc",
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@humanwhocodes/config-array": {
"name": "@humanwhocodes/config-array",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "*",
"nodes": [
"node_modules/@humanwhocodes/config-array"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@typescript-eslint/typescript-estree": {
"name": "@typescript-eslint/typescript-estree",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"@typescript-eslint/utils"
],
"range": ">=6.16.0",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree"
],
"fixAvailable": true
},
"@typescript-eslint/utils": {
"name": "@typescript-eslint/utils",
"severity": "high",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"eslint"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@typescript-eslint/utils"
],
"fixAvailable": true
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113398,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
}
],
"effects": [],
"range": "<6.14.0",
"nodes": [
"node_modules/ajv"
],
"fixAvailable": true
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": true
},
"asn1.js": {
"name": "asn1.js",
"severity": "moderate",
"isDirect": false,
"via": [
"bn.js"
],
"effects": [
"parse-asn1"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/asn1.js"
],
"fixAvailable": true
},
"bn.js": {
"name": "bn.js",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113402,
"name": "bn.js",
"dependency": "bn.js",
"title": "bn.js affected by an infinite loop",
"url": "https://github.com/advisories/GHSA-378v-28hj-76wf",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.2.3"
}
],
"effects": [
"asn1.js",
"browserify-rsa",
"browserify-sign",
"create-ecdh",
"diffie-hellman",
"elliptic",
"miller-rabin",
"public-encrypt"
],
"range": "<5.2.3",
"nodes": [
"node_modules/bn.js",
"node_modules/elliptic/node_modules/bn.js"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1105443,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=1.0.0 <=1.1.11"
},
{
"source": 1105444,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <=2.0.1"
}
],
"effects": [],
"range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/eslint-plugin-n/node_modules/brace-expansion"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/braces",
"node_modules/chokidar/node_modules/braces",
"node_modules/findup-sync/node_modules/braces",
"node_modules/liftup/node_modules/braces"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"browserify-rsa": {
"name": "browserify-rsa",
"severity": "moderate",
"isDirect": false,
"via": [
"bn.js"
],
"effects": [],
"range": "<=4.0.1",
"nodes": [
"node_modules/browserify-rsa"
],
"fixAvailable": true
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1102445,
"name": "browserify-sign",
"dependency": "browserify-sign",
"title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
"url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
"severity": "high",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.6.0 <=4.2.1"
},
"bn.js",
"parse-asn1"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/browserify-sign"
],
"fixAvailable": true
},
"cacache": {
"name": "cacache",
"severity": "high",
"isDirect": false,
"via": [
"glob",
"move-concurrently",
"rimraf"
],
"effects": [
"terser-webpack-plugin"
],
"range": "<=19.0.1",
"nodes": [
"node_modules/cacache"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"cipher-base": {
"name": "cipher-base",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109536,
"name": "cipher-base",
"dependency": "cipher-base",
"title": "cipher-base is missing type checks, leading to hash rewind and passing on crafted data",
"url": "https://github.com/advisories/GHSA-cpq7-6gpm-g9rc",
"severity": "critical",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<=1.0.4"
}
],
"effects": [],
"range": "<=1.0.4",
"nodes": [
"node_modules/cipher-base"
],
"fixAvailable": true
},
"clean-webpack-plugin": {
"name": "clean-webpack-plugin",
"severity": "high",
"isDirect": true,
"via": [
"del"
],
"effects": [],
"range": ">=2.0.0",
"nodes": [
"node_modules/clean-webpack-plugin"
],
"fixAvailable": {
"name": "clean-webpack-plugin",
"version": "1.0.1",
"isSemVerMajor": true
}
},
"codemirror-graphql": {
"name": "codemirror-graphql",
"severity": "high",
"isDirect": false,
"via": [
"graphql-language-service-interface",
"graphql-language-service-parser"
],
"effects": [
"graphiql"
],
"range": "0.6.4 - 1.1.1-canary-efc41fcd.0",
"nodes": [
"node_modules/codemirror-graphql"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"copy-concurrently": {
"name": "copy-concurrently",
"severity": "high",
"isDirect": false,
"via": [
"rimraf"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/copy-concurrently"
],
"fixAvailable": true
},
"create-ecdh": {
"name": "create-ecdh",
"severity": "moderate",
"isDirect": false,
"via": [
"bn.js"
],
"effects": [
"crypto-browserify"
],
"range": "*",
"nodes": [
"node_modules/create-ecdh"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"cross-fetch": {
"name": "cross-fetch",
"severity": "low",
"isDirect": false,
"via": [
"node-fetch"
],
"effects": [
"graphql-request"
],
"range": "2.0.0 - 2.2.3 || 3.0.0 - 3.0.5",
"nodes": [
"node_modules/cross-fetch"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [],
"range": "<6.0.6",
"nodes": [
"node_modules/cross-spawn"
],
"fixAvailable": true
},
"crypto-browserify": {
"name": "crypto-browserify",
"severity": "moderate",
"isDirect": false,
"via": [
"create-ecdh",
"diffie-hellman",
"public-encrypt"
],
"effects": [
"node-libs-browser"
],
"range": ">=3.4.0",
"nodes": [
"node_modules/crypto-browserify"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": true,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.4",
"isSemVerMajor": true
}
},
"del": {
"name": "del",
"severity": "high",
"isDirect": false,
"via": [
"globby",
"rimraf"
],
"effects": [
"clean-webpack-plugin"
],
"range": "<=7.1.0",
"nodes": [
"node_modules/del"
],
"fixAvailable": {
"name": "clean-webpack-plugin",
"version": "1.0.1",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112704,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "4.0.0 - 4.0.3",
"nodes": [
"node_modules/diff"
],
"fixAvailable": true
},
"diffie-hellman": {
"name": "diffie-hellman",
"severity": "moderate",
"isDirect": false,
"via": [
"bn.js",
"miller-rabin"
],
"effects": [
"crypto-browserify"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/diffie-hellman"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"dset": {
"name": "dset",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099553,
"name": "dset",
"dependency": "dset",
"title": "dset Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-f6v4-cf5j-vf3w",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"
},
"range": "<3.1.4"
}
],
"effects": [],
"range": "<3.1.4",
"nodes": [
"node_modules/dset"
],
"fixAvailable": true
},
"elliptic": {
"name": "elliptic",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1102901,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)",
"url": "https://github.com/advisories/GHSA-vjh7-7g9h-fjfh",
"severity": "critical",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=6.6.0"
},
{
"source": 1109566,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic's EDDSA missing signature length check",
"url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": ">=4.0.0 <=6.5.6"
},
{
"source": 1109567,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero",
"url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw",
"severity": "low",
"cwe": [
"CWE-130"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": ">=2.0.0 <=6.5.6"
},
{
"source": 1109568,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic allows BER-encoded signatures",
"url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": ">=5.2.1 <=6.5.6"
},
{
"source": 1111036,
"name": "elliptic",
"dependency": "elliptic",
"title": "Valid ECDSA signatures erroneously rejected in Elliptic",
"url": "https://github.com/advisories/GHSA-fc9h-whq2-v747",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 4.8,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.6.0"
},
{
"source": 1111037,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic's verify function omits uniqueness validation",
"url": "https://github.com/advisories/GHSA-434g-2637-qmqr",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<6.5.6"
},
{
"source": 1112030,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation",
"url": "https://github.com/advisories/GHSA-848j-6mx2-7j84",
"severity": "low",
"cwe": [
"CWE-1240"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=6.6.1"
},
"bn.js"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/elliptic"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "high",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"file-entry-cache",
"minimatch"
],
"effects": [
"@typescript-eslint/utils",
"eslint-config-wikimedia",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-vue",
"grunt-eslint"
],
"range": "0.7.1 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-unicorn",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jest": {
"name": "eslint-plugin-jest",
"severity": "high",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "25.0.1 - 29.12.2",
"nodes": [
"node_modules/eslint-plugin-jest"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "high",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-mediawiki": {
"name": "eslint-plugin-mediawiki",
"severity": "high",
"isDirect": false,
"via": [
"eslint-plugin-vue"
],
"effects": [],
"range": "0.2.3 - 0.7.0",
"nodes": [
"node_modules/eslint-plugin-mediawiki"
],
"fixAvailable": true
},
"eslint-plugin-n": {
"name": "eslint-plugin-n",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [],
"range": "<=17.21.1",
"nodes": [
"node_modules/eslint-plugin-n"
],
"fixAvailable": true
},
"eslint-plugin-unicorn": {
"name": "eslint-plugin-unicorn",
"severity": "high",
"isDirect": false,
"via": [
"@eslint/eslintrc"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "50.0.0 - 54.0.0",
"nodes": [
"node_modules/eslint-plugin-unicorn"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "high",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-mediawiki"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"file-entry-cache": {
"name": "file-entry-cache",
"severity": "high",
"isDirect": false,
"via": [
"flat-cache"
],
"effects": [
"eslint"
],
"range": "4.0.0 - 7.0.2",
"nodes": [
"node_modules/file-entry-cache"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"webpack-cli"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/webpack-cli/node_modules/findup-sync"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"flat-cache": {
"name": "flat-cache",
"severity": "high",
"isDirect": false,
"via": [
"rimraf"
],
"effects": [
"file-entry-cache"
],
"range": "1.3.4 - 4.0.0",
"nodes": [
"node_modules/flat-cache"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"glob": {
"name": "glob",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"cacache",
"globby",
"rimraf"
],
"range": "3.0.0 - 10.5.0",
"nodes": [
"node_modules/glob"
],
"fixAvailable": {
"name": "clean-webpack-plugin",
"version": "1.0.1",
"isSemVerMajor": true
}
},
"globby": {
"name": "globby",
"severity": "high",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"del"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/globby"
],
"fixAvailable": {
"name": "clean-webpack-plugin",
"version": "1.0.1",
"isSemVerMajor": true
}
},
"graphiql": {
"name": "graphiql",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1089589,
"name": "graphiql",
"dependency": "graphiql",
"title": "GraphiQL introspection schema template injection attack",
"url": "https://github.com/advisories/GHSA-x4r7-m2q9-69c8",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"
},
"range": ">=0.5.0 <1.4.7"
},
"codemirror-graphql",
"markdown-it"
],
"effects": [],
"range": "0.5.0 - 1.4.7-canary-85a66743.0",
"nodes": [
"node_modules/graphiql"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"graphql-config": {
"name": "graphql-config",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"graphql-language-service-interface",
"graphql-language-service-types",
"graphql-language-service-utils"
],
"range": "*",
"nodes": [
"node_modules/graphql-config",
"node_modules/graphql-language-service-types/node_modules/graphql-config"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"graphql-language-service-interface": {
"name": "graphql-language-service-interface",
"severity": "high",
"isDirect": false,
"via": [
"graphql-config",
"graphql-language-service-parser",
"graphql-language-service-utils"
],
"effects": [
"codemirror-graphql"
],
"range": "*",
"nodes": [
"node_modules/graphql-language-service-interface"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"graphql-language-service-parser": {
"name": "graphql-language-service-parser",
"severity": "high",
"isDirect": false,
"via": [
"graphql-language-service-types"
],
"effects": [
"codemirror-graphql",
"graphql-language-service-interface"
],
"range": "",
"nodes": [
"node_modules/graphql-language-service-parser"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"graphql-language-service-types": {
"name": "graphql-language-service-types",
"severity": "high",
"isDirect": false,
"via": [
"graphql-config"
],
"effects": [
"graphql-language-service-parser"
],
"range": "1.0.18 - 1.6.0-alpha.8 || >=1.8.6-canary-1d1d33de.0",
"nodes": [
"node_modules/graphql-language-service-types"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"graphql-language-service-utils": {
"name": "graphql-language-service-utils",
"severity": "high",
"isDirect": false,
"via": [
"graphql-config"
],
"effects": [
"graphql-language-service-interface"
],
"range": "0.0.21 - 2.4.0-alpha.9",
"nodes": [
"node_modules/graphql-language-service-utils"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"graphql-request": {
"name": "graphql-request",
"severity": "low",
"isDirect": false,
"via": [
"cross-fetch"
],
"effects": [],
"range": "1.5.1 - 1.8.2",
"nodes": [
"node_modules/graphql-request"
],
"fixAvailable": true
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"glob",
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "<=17.3.2 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "20.2.0",
"isSemVerMajor": true
}
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.4",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112714,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.14.2"
},
{
"source": 1112715,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [],
"range": "<3.14.2 || >=4.0.0 <4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": true
},
"lodash": {
"name": "lodash",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
}
],
"effects": [],
"range": "4.0.0 - 4.17.21",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1092663,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<12.3.2"
}
],
"effects": [
"graphiql"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "graphiql",
"version": "5.2.2",
"isSemVerMajor": true
}
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"readdirp",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/findup-sync/node_modules/micromatch",
"node_modules/liftup/node_modules/micromatch",
"node_modules/micromatch"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"miller-rabin": {
"name": "miller-rabin",
"severity": "moderate",
"isDirect": false,
"via": [
"bn.js"
],
"effects": [
"diffie-hellman"
],
"range": "*",
"nodes": [
"node_modules/miller-rabin"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113371,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<10.2.1"
}
],
"effects": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"@typescript-eslint/typescript-estree",
"eslint",
"eslint-plugin-n",
"glob",
"graphql-config",
"grunt"
],
"range": "<10.2.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/eslint-plugin-n/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/graphql-language-service-types/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"move-concurrently": {
"name": "move-concurrently",
"severity": "high",
"isDirect": false,
"via": [
"copy-concurrently",
"rimraf"
],
"effects": [
"cacache"
],
"range": "*",
"nodes": [
"node_modules/move-concurrently"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095073,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch forwards secure headers to untrusted sites",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"cwe": [
"CWE-173",
"CWE-200",
"CWE-601"
],
"cvss": {
"score": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<2.6.7"
},
{
"source": 1098225,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "The `size` option isn't honored after following a redirect in node-fetch",
"url": "https://github.com/advisories/GHSA-w7rc-rwvf-8q5r",
"severity": "low",
"cwe": [
"CWE-20",
"CWE-770"
],
"cvss": {
"score": 2.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.6.1"
}
],
"effects": [
"cross-fetch"
],
"range": "<=2.6.6",
"nodes": [
"node_modules/node-fetch"
],
"fixAvailable": true
},
"node-libs-browser": {
"name": "node-libs-browser",
"severity": "moderate",
"isDirect": false,
"via": [
"crypto-browserify"
],
"effects": [
"webpack"
],
"range": "0.4.2 || >=1.0.0",
"nodes": [
"node_modules/node-libs-browser"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"parse-asn1": {
"name": "parse-asn1",
"severity": "moderate",
"isDirect": false,
"via": [
"asn1.js"
],
"effects": [
"browserify-sign"
],
"range": "*",
"nodes": [
"node_modules/parse-asn1"
],
"fixAvailable": true
},
"pbkdf2": {
"name": "pbkdf2",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1105692,
"name": "pbkdf2",
"dependency": "pbkdf2",
"title": "pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos",
"url": "https://github.com/advisories/GHSA-h7cp-r72f-jxh6",
"severity": "critical",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=3.0.10 <=3.1.2"
},
{
"source": 1113204,
"name": "pbkdf2",
"dependency": "pbkdf2",
"title": "pbkdf2 silently disregards Uint8Array input, returning static keys",
"url": "https://github.com/advisories/GHSA-v62p-rq8g-8h59",
"severity": "critical",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=1.0.0 <=3.1.2"
}
],
"effects": [],
"range": "3.0.3 - 3.1.2",
"nodes": [
"node_modules/pbkdf2"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109574,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"css-loader",
"icss-utils",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.4",
"isSemVerMajor": true
}
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.3",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.4",
"isSemVerMajor": true
}
},
"public-encrypt": {
"name": "public-encrypt",
"severity": "moderate",
"isDirect": false,
"via": [
"bn.js",
"parse-asn1"
],
"effects": [
"crypto-browserify"
],
"range": "*",
"nodes": [
"node_modules/public-encrypt"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": true
},
"rimraf": {
"name": "rimraf",
"severity": "high",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"cacache",
"copy-concurrently",
"del",
"flat-cache",
"move-concurrently"
],
"range": "2.3.0 - 3.0.2 || 4.2.0 - 5.0.10",
"nodes": [
"node_modules/flat-cache/node_modules/rimraf",
"node_modules/rimraf"
],
"fixAvailable": {
"name": "clean-webpack-plugin",
"version": "1.0.1",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112918,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0-alpha <5.7.2"
}
],
"effects": [],
"range": "2.0.0-alpha - 5.7.1",
"nodes": [
"node_modules/semver"
],
"fixAvailable": true
},
"sha.js": {
"name": "sha.js",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109535,
"name": "sha.js",
"dependency": "sha.js",
"title": "sha.js is missing type checks leading to hash rewind and passing on crafted data",
"url": "https://github.com/advisories/GHSA-95m3-7q98-8xr5",
"severity": "critical",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<=2.4.11"
}
],
"effects": [],
"range": "<=2.4.11",
"nodes": [
"node_modules/sha.js"
],
"fixAvailable": true
},
"terser-webpack-plugin": {
"name": "terser-webpack-plugin",
"severity": "high",
"isDirect": false,
"via": [
"cacache"
],
"effects": [
"webpack"
],
"range": "<=4.2.3",
"nodes": [
"node_modules/terser-webpack-plugin"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"undici": {
"name": "undici",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096502,
"name": "undici",
"dependency": "undici",
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"url": "https://github.com/advisories/GHSA-wqq4-5wpv-mx2g",
"severity": "low",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 3.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<5.26.2"
},
{
"source": 1097221,
"name": "undici",
"dependency": "undici",
"title": "Undici proxy-authorization header not cleared on cross-origin redirect in fetch",
"url": "https://github.com/advisories/GHSA-3787-6prv-h9w3",
"severity": "low",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 3.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<=5.28.2"
},
{
"source": 1101610,
"name": "undici",
"dependency": "undici",
"title": "Use of Insufficiently Random Values in undici",
"url": "https://github.com/advisories/GHSA-c76h-2ccp-4975",
"severity": "moderate",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 6.8,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
},
"range": ">=4.5.0 <5.28.5"
},
{
"source": 1109581,
"name": "undici",
"dependency": "undici",
"title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"url": "https://github.com/advisories/GHSA-9qxr-qj54-h672",
"severity": "low",
"cwe": [
"CWE-284"
],
"cvss": {
"score": 2.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"
},
"range": "<5.28.4"
},
{
"source": 1109583,
"name": "undici",
"dependency": "undici",
"title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
"url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7",
"severity": "low",
"cwe": [
"CWE-200",
"CWE-285",
"CWE-863"
],
"cvss": {
"score": 3.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<5.28.4"
},
{
"source": 1112496,
"name": "undici",
"dependency": "undici",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.23.0"
},
{
"source": 1113069,
"name": "undici",
"dependency": "undici",
"title": "undici Denial of Service attack via bad certificate data",
"url": "https://github.com/advisories/GHSA-cxrh-j4jr-qwg3",
"severity": "low",
"cwe": [
"CWE-401"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<5.29.0"
}
],
"effects": [],
"range": "<=6.22.0",
"nodes": [
"node_modules/undici"
],
"fixAvailable": true
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": true,
"via": [
"micromatch",
"node-libs-browser",
"terser-webpack-plugin"
],
"effects": [
"webpack-cli"
],
"range": "2.0.0-beta - 5.1.0",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "webpack",
"version": "5.105.2",
"isSemVerMajor": true
}
},
"webpack-cli": {
"name": "webpack-cli",
"severity": "moderate",
"isDirect": true,
"via": [
"findup-sync",
"webpack"
],
"effects": [],
"range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1",
"nodes": [
"node_modules/webpack-cli"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "6.0.1",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 4,
"moderate": 27,
"high": 45,
"critical": 5,
"total": 81
},
"dependencies": {
"prod": 167,
"dev": 771,
"optional": 26,
"peer": 1,
"peerOptional": 0,
"total": 938
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires overblog/dataloader-php ^0.5.2 -> satisfiable by overblog/dataloader-php[v0.5.2, v0.5.3].
- overblog/dataloader-php[v0.5.2, ..., v0.5.3] require php ^5.5|^7.0 -> your php version (8.4.18) does not satisfy that requirement.
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1268, in main
libup.run()
~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1185, in run
"composer": self.composer_audit(),
~~~~~~~~~~~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 147, in composer_audit
self.ensure_composer_lock()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 106, in ensure_composer_lock
self.check_call(["composer", "install"])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/shell2.py", line 66, in check_call
res.check_returncode()
~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/subprocess.py", line 508, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
self.stderr)
subprocess.CalledProcessError: Command '['/usr/bin/composer', 'install']' returned non-zero exit status 2.