This run took 100 seconds.
$ date
--- stdout ---
Sat Feb 28 15:59:51 UTC 2026
--- end ---
$ git clone file:///srv/git/wikimedia-toolhub.git /src/repo --depth=1 -b main
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/main
--- stdout ---
9ffc9befe20677ea1233a3f3abf7c86fa1c83d21 refs/heads/main
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@apollographql/graphql-upload-8-fork": {
"name": "@apollographql/graphql-upload-8-fork",
"severity": "high",
"isDirect": false,
"via": [
"busboy"
],
"effects": [
"apollo-server-core"
],
"range": "*",
"nodes": [
"node_modules/@apollographql/graphql-upload-8-fork"
],
"fixAvailable": true
},
"@babel/helpers": {
"name": "@babel/helpers",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104001,
"name": "@babel/helpers",
"dependency": "@babel/helpers",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/helpers"
],
"fixAvailable": true
},
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/runtime"
],
"fixAvailable": true
},
"@babel/runtime-corejs2": {
"name": "@babel/runtime-corejs2",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1103999,
"name": "@babel/runtime-corejs2",
"dependency": "@babel/runtime-corejs2",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/runtime-corejs2"
],
"fixAvailable": true
},
"@babel/runtime-corejs3": {
"name": "@babel/runtime-corejs3",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1103998,
"name": "@babel/runtime-corejs3",
"dependency": "@babel/runtime-corejs3",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/runtime-corejs3"
],
"fixAvailable": true
},
"@babel/traverse": {
"name": "@babel/traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096886,
"name": "@babel/traverse",
"dependency": "@babel/traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [],
"range": "<7.23.2",
"nodes": [
"node_modules/@babel/traverse"
],
"fixAvailable": true
},
"@casl/ability": {
"name": "@casl/ability",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1113148,
"name": "@casl/ability",
"dependency": "@casl/ability",
"title": "CASL Ability is Vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-x9vf-53q3-cvx6",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=2.4.0 <=6.7.4"
}
],
"effects": [],
"range": "2.4.0 - 6.7.3",
"nodes": [
"node_modules/@casl/ability"
],
"fixAvailable": {
"name": "@casl/ability",
"version": "6.8.0",
"isSemVerMajor": true
}
},
"@casl/vue": {
"name": "@casl/vue",
"severity": "low",
"isDirect": true,
"via": [
"vue"
],
"effects": [],
"range": "<=2.0.1",
"nodes": [
"node_modules/@casl/vue"
],
"fixAvailable": {
"name": "@casl/vue",
"version": "2.2.6",
"isSemVerMajor": true
}
},
"@intlify/message-compiler": {
"name": "@intlify/message-compiler",
"severity": "high",
"isDirect": false,
"via": [
"@intlify/message-resolver"
],
"effects": [],
"range": "9.1.0 - 9.1.10",
"nodes": [
"node_modules/@intlify/message-compiler"
],
"fixAvailable": true
},
"@intlify/message-resolver": {
"name": "@intlify/message-resolver",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1102471,
"name": "@intlify/message-resolver",
"dependency": "@intlify/message-resolver",
"title": "Vue I18n Allows Prototype Pollution in `handleFlatJson`",
"url": "https://github.com/advisories/GHSA-p2ph-7g93-hw3m",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.1.0 <9.1.11"
}
],
"effects": [
"@intlify/message-compiler"
],
"range": "9.1.0 - 9.1.10",
"nodes": [
"node_modules/@intlify/message-resolver"
],
"fixAvailable": true
},
"@sideway/formula": {
"name": "@sideway/formula",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1091026,
"name": "@sideway/formula",
"dependency": "@sideway/formula",
"title": "@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability",
"url": "https://github.com/advisories/GHSA-c2jc-4fpr-4vhg",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [],
"range": "3.0.0",
"nodes": [
"node_modules/@sideway/formula"
],
"fixAvailable": true
},
"@vue/cli": {
"name": "@vue/cli",
"severity": "high",
"isDirect": true,
"via": [
"@vue/cli-ui",
"download-git-repo",
"vue",
"vue-codemod"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/cli"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"@vue/cli-plugin-babel": {
"name": "@vue/cli-plugin-babel",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/cli-service"
],
"effects": [],
"range": ">=4.0.0-alpha.0",
"nodes": [
"node_modules/@vue/cli-plugin-babel"
],
"fixAvailable": {
"name": "@vue/cli-plugin-babel",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"@vue/cli-plugin-eslint": {
"name": "@vue/cli-plugin-eslint",
"severity": "high",
"isDirect": true,
"via": [
"@vue/cli-service",
"yorkie"
],
"effects": [],
"range": ">=3.9.0",
"nodes": [
"node_modules/@vue/cli-plugin-eslint"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"@vue/cli-plugin-router": {
"name": "@vue/cli-plugin-router",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/cli-service"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/cli-plugin-router"
],
"fixAvailable": false
},
"@vue/cli-plugin-unit-mocha": {
"name": "@vue/cli-plugin-unit-mocha",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/cli-service",
"mocha"
],
"effects": [],
"range": ">=4.0.0-alpha.0",
"nodes": [
"node_modules/@vue/cli-plugin-unit-mocha"
],
"fixAvailable": {
"name": "@vue/cli-plugin-unit-mocha",
"version": "4.5.19",
"isSemVerMajor": true
}
},
"@vue/cli-plugin-vuex": {
"name": "@vue/cli-plugin-vuex",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/cli-service"
],
"effects": [
"@vue/cli-service"
],
"range": "*",
"nodes": [
"node_modules/@vue/cli-plugin-vuex"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"@vue/cli-service": {
"name": "@vue/cli-service",
"severity": "moderate",
"isDirect": true,
"via": [
"@vue/cli-plugin-router",
"@vue/cli-plugin-vuex",
"@vue/component-compiler-utils",
"vue-loader",
"vue-template-compiler",
"webpack-dev-server"
],
"effects": [
"@vue/cli-plugin-babel",
"@vue/cli-plugin-eslint",
"@vue/cli-plugin-router",
"@vue/cli-plugin-unit-mocha",
"@vue/cli-plugin-vuex"
],
"range": "*",
"nodes": [
"node_modules/@vue/cli-service"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"@vue/cli-ui": {
"name": "@vue/cli-ui",
"severity": "high",
"isDirect": false,
"via": [
"parse-git-config"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/cli-ui"
],
"fixAvailable": true
},
"@vue/component-compiler-utils": {
"name": "@vue/component-compiler-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"@vue/cli-service",
"vue-loader"
],
"range": "*",
"nodes": [
"node_modules/@vue/component-compiler-utils"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"@vue/test-utils": {
"name": "@vue/test-utils",
"severity": "moderate",
"isDirect": true,
"via": [
"vue",
"vue-template-compiler"
],
"effects": [],
"range": "<=1.3.6",
"nodes": [
"node_modules/@vue/test-utils"
],
"fixAvailable": {
"name": "@vue/test-utils",
"version": "2.4.6",
"isSemVerMajor": true
}
},
"@wikimedia/jsonschema-tools": {
"name": "@wikimedia/jsonschema-tools",
"severity": "critical",
"isDirect": true,
"via": [
"json-schema-faker",
"rewire"
],
"effects": [],
"range": ">=0.10.0",
"nodes": [
"node_modules/@wikimedia/jsonschema-tools"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113428,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
},
{
"source": 1113429,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=7.0.0-alpha.0 <8.18.0"
}
],
"effects": [],
"range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0",
"nodes": [
"node_modules/ajv",
"node_modules/ajv-formats/node_modules/ajv",
"node_modules/css-minimizer-webpack-plugin/node_modules/ajv",
"node_modules/mini-css-extract-plugin/node_modules/ajv",
"node_modules/table/node_modules/ajv",
"node_modules/webpack-dev-middleware/node_modules/ajv",
"node_modules/webpack-dev-server/node_modules/ajv"
],
"fixAvailable": true
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094090,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.0.1"
},
{
"source": 1094091,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1094092,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"cwe": [
"CWE-697",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"node_modules/ansi-regex",
"node_modules/inquirer/node_modules/ansi-regex",
"node_modules/log-update/node_modules/ansi-regex",
"node_modules/mocha/node_modules/ansi-regex",
"node_modules/nyc/node_modules/ansi-regex",
"node_modules/wide-align/node_modules/ansi-regex"
],
"fixAvailable": true
},
"apollo-server-core": {
"name": "apollo-server-core",
"severity": "high",
"isDirect": false,
"via": [
"@apollographql/graphql-upload-8-fork",
{
"source": 1093178,
"name": "apollo-server-core",
"dependency": "apollo-server-core",
"title": "Prevent logging invalid header values",
"url": "https://github.com/advisories/GHSA-j5g3-5c8r-7qfx",
"severity": "low",
"cwe": [],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.26.1"
}
],
"effects": [],
"range": "<=2.26.2",
"nodes": [
"node_modules/apollo-server-core"
],
"fixAvailable": true
},
"async": {
"name": "async",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097691,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"range": ">=2.0.0 <2.6.4"
}
],
"effects": [],
"range": "2.0.0 - 2.6.3",
"nodes": [
"node_modules/portfinder/node_modules/async"
],
"fixAvailable": true
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099520,
"name": "body-parser",
"dependency": "body-parser",
"title": "body-parser vulnerable to denial of service when url encoding is enabled",
"url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7",
"severity": "high",
"cwe": [
"CWE-405"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<1.20.3"
},
"qs"
],
"effects": [
"express"
],
"range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2",
"nodes": [
"node_modules/body-parser"
],
"fixAvailable": true
},
"bonjour": {
"name": "bonjour",
"severity": "high",
"isDirect": false,
"via": [
"multicast-dns"
],
"effects": [],
"range": "3.3.1 - 3.5.0",
"nodes": [
"node_modules/bonjour"
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1105443,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=1.0.0 <=1.1.11"
}
],
"effects": [],
"range": "1.0.0 - 1.1.11",
"nodes": [
"node_modules/brace-expansion"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/@vue/cli-plugin-unit-mocha/node_modules/braces",
"node_modules/braces",
"node_modules/chokidar/node_modules/braces",
"node_modules/eslint-webpack-plugin/node_modules/braces",
"node_modules/fast-glob/node_modules/braces",
"node_modules/http-proxy-middleware/node_modules/braces",
"node_modules/mocha/node_modules/braces",
"node_modules/stylelint-config-wikimedia/node_modules/braces",
"node_modules/stylelint/node_modules/braces",
"node_modules/webpack-dev-server/node_modules/braces"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"busboy": {
"name": "busboy",
"severity": "high",
"isDirect": false,
"via": [
"dicer"
],
"effects": [
"@apollographql/graphql-upload-8-fork"
],
"range": "<=0.3.1",
"nodes": [
"node_modules/busboy"
],
"fixAvailable": true
},
"cacheable-request": {
"name": "cacheable-request",
"severity": "high",
"isDirect": false,
"via": [
"http-cache-semantics"
],
"effects": [
"got"
],
"range": "0.1.0 - 2.1.4",
"nodes": [
"node_modules/cacheable-request"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"compression": {
"name": "compression",
"severity": "low",
"isDirect": false,
"via": [
"on-headers"
],
"effects": [],
"range": "1.0.3 - 1.8.0",
"nodes": [
"node_modules/compression"
],
"fixAvailable": true
},
"cookie": {
"name": "cookie",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1103907,
"name": "cookie",
"dependency": "cookie",
"title": "cookie accepts cookie name, path, and domain with out of bounds characters",
"url": "https://github.com/advisories/GHSA-pxg6-pf52-xh8x",
"severity": "low",
"cwe": [
"CWE-74"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.7.0"
}
],
"effects": [
"express",
"swagger-client"
],
"range": "<0.7.0",
"nodes": [
"node_modules/cookie"
],
"fixAvailable": true
},
"core-js-compat": {
"name": "core-js-compat",
"severity": "high",
"isDirect": false,
"via": [
"semver"
],
"effects": [],
"range": "3.6.0 - 3.25.0",
"nodes": [
"node_modules/core-js-compat"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1104664,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [
"execa"
],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/default-gateway/node_modules/cross-spawn",
"node_modules/eslint/node_modules/cross-spawn",
"node_modules/fkill/node_modules/cross-spawn",
"node_modules/foreground-child/node_modules/cross-spawn",
"node_modules/istanbul-lib-processinfo/node_modules/cross-spawn",
"node_modules/pid-port/node_modules/cross-spawn",
"node_modules/taskkill/node_modules/cross-spawn",
"node_modules/yorkie/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"decode-uri-component": {
"name": "decode-uri-component",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094087,
"name": "decode-uri-component",
"dependency": "decode-uri-component",
"title": "decode-uri-component vulnerable to Denial of Service (DoS)",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.2.1"
}
],
"effects": [],
"range": "<0.2.1",
"nodes": [
"node_modules/decode-uri-component"
],
"fixAvailable": true
},
"dicer": {
"name": "dicer",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1093150,
"name": "dicer",
"dependency": "dicer",
"title": "Crash in HeaderParser in dicer",
"url": "https://github.com/advisories/GHSA-wm7h-9275-46v2",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=0.3.1"
}
],
"effects": [
"busboy"
],
"range": "*",
"nodes": [
"node_modules/dicer"
],
"fixAvailable": true
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112705,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.2.2"
}
],
"effects": [],
"range": "5.0.0 - 5.2.1",
"nodes": [
"node_modules/diff"
],
"fixAvailable": true
},
"dns-packet": {
"name": "dns-packet",
"severity": "high",
"isDirect": false,
"via": [
"ip"
],
"effects": [
"multicast-dns"
],
"range": "<=5.2.4",
"nodes": [
"node_modules/dns-packet"
],
"fixAvailable": true
},
"download": {
"name": "download",
"severity": "moderate",
"isDirect": false,
"via": [
"got"
],
"effects": [
"download-git-repo"
],
"range": ">=4.0.0",
"nodes": [
"node_modules/download"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"download-git-repo": {
"name": "download-git-repo",
"severity": "high",
"isDirect": false,
"via": [
"download",
"git-clone"
],
"effects": [
"@vue/cli"
],
"range": "*",
"nodes": [
"node_modules/download-git-repo"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"ejs": {
"name": "ejs",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089270,
"name": "ejs",
"dependency": "ejs",
"title": "ejs template injection vulnerability",
"url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
"severity": "critical",
"cwe": [
"CWE-74"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<3.1.7"
},
{
"source": 1098366,
"name": "ejs",
"dependency": "ejs",
"title": "ejs lacks certain pollution protection",
"url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
"severity": "moderate",
"cwe": [
"CWE-693",
"CWE-1321"
],
"cvss": {
"score": 4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.1.10"
}
],
"effects": [],
"range": "<=3.1.9",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "low",
"isDirect": false,
"via": [
"inquirer"
],
"effects": [
"rewire"
],
"range": "4.0.0-alpha.0 - 7.2.0",
"nodes": [
"node_modules/rewire/node_modules/eslint"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "high",
"isDirect": false,
"via": [
"semver"
],
"effects": [],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": true
},
"execa": {
"name": "execa",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"yorkie"
],
"range": "0.5.0 - 0.9.0",
"nodes": [
"node_modules/yorkie/node_modules/execa"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"express": {
"name": "express",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100530,
"name": "express",
"dependency": "express",
"title": "express vulnerable to XSS via response.redirect()",
"url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx",
"severity": "low",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<4.20.0"
},
{
"source": 1111636,
"name": "express",
"dependency": "express",
"title": "Express.js Open Redirect in malformed URLs",
"url": "https://github.com/advisories/GHSA-rv95-896h-c2vc",
"severity": "moderate",
"cwe": [
"CWE-601",
"CWE-1286"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<4.19.2"
},
"body-parser",
"cookie",
"path-to-regexp",
"qs",
"send",
"serve-static"
],
"effects": [],
"range": "<=4.21.2 || 5.0.0-alpha.1 - 5.0.1",
"nodes": [
"node_modules/express"
],
"fixAvailable": true
},
"external-editor": {
"name": "external-editor",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [
"inquirer"
],
"range": ">=1.1.1",
"nodes": [
"node_modules/external-editor"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096856,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "follow-redirects' Proxy-Authorization header kept across hosts",
"url": "https://github.com/advisories/GHSA-cxjh-pqwp-8mfp",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=1.15.5"
},
{
"source": 1109569,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Follow Redirects improperly handles URLs in the url.parse() function",
"url": "https://github.com/advisories/GHSA-jchw-25xp-jwwc",
"severity": "moderate",
"cwe": [
"CWE-20",
"CWE-601"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<1.15.4"
}
],
"effects": [],
"range": "<=1.15.5",
"nodes": [
"node_modules/follow-redirects"
],
"fixAvailable": true
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109538,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "4.0.0 - 4.0.3",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"get-func-name": {
"name": "get-func-name",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1094574,
"name": "get-func-name",
"dependency": "get-func-name",
"title": "Chaijs/get-func-name vulnerable to ReDoS",
"url": "https://github.com/advisories/GHSA-4q6p-r6v2-jvc5",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.1"
}
],
"effects": [],
"range": "<2.0.1",
"nodes": [
"node_modules/get-func-name"
],
"fixAvailable": true
},
"git-clone": {
"name": "git-clone",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1093404,
"name": "git-clone",
"dependency": "git-clone",
"title": "Command injection in git-clone",
"url": "https://github.com/advisories/GHSA-8jmw-wjr8-2x66",
"severity": "high",
"cwe": [
"CWE-77",
"CWE-88"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=0.2.0"
}
],
"effects": [
"download-git-repo"
],
"range": "*",
"nodes": [
"node_modules/git-clone"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"got": {
"name": "got",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088948,
"name": "got",
"dependency": "got",
"title": "Got allows a redirect to a UNIX socket",
"url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
"severity": "moderate",
"cwe": [],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<11.8.5"
},
"cacheable-request"
],
"effects": [
"download"
],
"range": "<=11.8.3",
"nodes": [
"node_modules/got"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"http-cache-semantics": {
"name": "http-cache-semantics",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1102456,
"name": "http-cache-semantics",
"dependency": "http-cache-semantics",
"title": "http-cache-semantics vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-rc47-6667-2j5j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.1.1"
}
],
"effects": [
"cacheable-request"
],
"range": "<4.1.1",
"nodes": [
"node_modules/http-cache-semantics"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"http-proxy-middleware": {
"name": "http-proxy-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100223,
"name": "http-proxy-middleware",
"dependency": "http-proxy-middleware",
"title": "Denial of service in http-proxy-middleware",
"url": "https://github.com/advisories/GHSA-c7qv-q95q-8v27",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.0.7"
},
{
"source": 1104105,
"name": "http-proxy-middleware",
"dependency": "http-proxy-middleware",
"title": "http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed",
"url": "https://github.com/advisories/GHSA-9gqv-wp59-fq42",
"severity": "moderate",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
},
"range": ">=1.3.0 <2.0.9"
},
{
"source": 1104106,
"name": "http-proxy-middleware",
"dependency": "http-proxy-middleware",
"title": "http-proxy-middleware can call writeBody twice because \"else if\" is not used",
"url": "https://github.com/advisories/GHSA-4www-5p9h-95mh",
"severity": "moderate",
"cwe": [
"CWE-670"
],
"cvss": {
"score": 4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
},
"range": ">=1.3.0 <2.0.8"
}
],
"effects": [],
"range": "<=2.0.8",
"nodes": [
"node_modules/http-proxy-middleware"
],
"fixAvailable": true
},
"inquirer": {
"name": "inquirer",
"severity": "low",
"isDirect": false,
"via": [
"external-editor"
],
"effects": [
"eslint"
],
"range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7",
"nodes": [
"node_modules/@vue/cli/node_modules/inquirer",
"node_modules/inquirer"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097720,
"name": "ip",
"dependency": "ip",
"title": "NPM IP package incorrectly identifies some private IP addresses as public",
"url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22",
"severity": "low",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<1.1.9"
},
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"dns-packet"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112714,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.14.2"
},
{
"source": 1112715,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [
"mocha"
],
"range": "<3.14.2 || >=4.0.0 <4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/@intlify/eslint-plugin-vue-i18n/node_modules/js-yaml",
"node_modules/@vue/cli-plugin-unit-mocha/node_modules/js-yaml",
"node_modules/@vue/cli-ui/node_modules/js-yaml",
"node_modules/@vue/cli/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml",
"node_modules/mocha/node_modules/js-yaml",
"node_modules/swagger-client/node_modules/js-yaml",
"node_modules/yaml-front-matter/node_modules/js-yaml"
],
"fixAvailable": {
"name": "mocha",
"version": "11.7.5",
"isSemVerMajor": true
}
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-codemod"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"json-pointer": {
"name": "json-pointer",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1088901,
"name": "json-pointer",
"dependency": "json-pointer",
"title": "Prototype Pollution in json-pointer",
"url": "https://github.com/advisories/GHSA-v5vg-g7rq-363w",
"severity": "moderate",
"cwe": [
"CWE-843",
"CWE-1321"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=0.6.1"
},
{
"source": 1096878,
"name": "json-pointer",
"dependency": "json-pointer",
"title": "json-pointer vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-6xrf-q977-5vgc",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<0.6.2"
}
],
"effects": [],
"range": "<=0.6.1",
"nodes": [
"node_modules/json-pointer"
],
"fixAvailable": true
},
"json-schema-faker": {
"name": "json-schema-faker",
"severity": "critical",
"isDirect": false,
"via": [
"jsonpath-plus"
],
"effects": [
"@wikimedia/jsonschema-tools"
],
"range": "0.5.0-rc1 - 0.5.0-rcv.46 || 0.5.2 - 0.5.7",
"nodes": [
"node_modules/json-schema-faker"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
},
{
"source": 1096544,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": ">=2.0.0 <2.2.2"
}
],
"effects": [],
"range": "<1.0.2 || >=2.0.0 <2.2.2",
"nodes": [
"node_modules/json5",
"node_modules/loader-utils/node_modules/json5"
],
"fixAvailable": true
},
"jsonpath-plus": {
"name": "jsonpath-plus",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1102423,
"name": "jsonpath-plus",
"dependency": "jsonpath-plus",
"title": "JSONPath Plus Remote Code Execution (RCE) Vulnerability",
"url": "https://github.com/advisories/GHSA-pppg-cpfq-h7wr",
"severity": "critical",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<10.2.0"
},
{
"source": 1102895,
"name": "jsonpath-plus",
"dependency": "jsonpath-plus",
"title": "JSONPath Plus allows Remote Code Execution",
"url": "https://github.com/advisories/GHSA-hw8r-x6gr-5gjp",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<10.3.0"
}
],
"effects": [
"json-schema-faker"
],
"range": "<=10.2.0",
"nodes": [
"node_modules/jsonpath-plus"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"loader-utils": {
"name": "loader-utils",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1094088,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<1.4.1"
},
{
"source": 1094089,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "Prototype pollution in webpack loader-utils",
"url": "https://github.com/advisories/GHSA-76p3-8jx3-jpfq",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=2.0.0 <2.0.3"
},
{
"source": 1095054,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.4"
},
{
"source": 1095055,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable",
"url": "https://github.com/advisories/GHSA-3rfm-jhwj-7488",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
},
{
"source": 1109587,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.4"
},
{
"source": 1109588,
"name": "loader-utils",
"dependency": "loader-utils",
"title": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <1.4.2"
}
],
"effects": [],
"range": "<=1.4.1 || 2.0.0 - 2.0.3",
"nodes": [
"node_modules/loader-utils",
"node_modules/null-loader/node_modules/loader-utils",
"node_modules/thread-loader/node_modules/loader-utils",
"node_modules/vue-loader/node_modules/loader-utils",
"node_modules/vuetify-loader/node_modules/loader-utils"
],
"fixAvailable": true
},
"lodash": {
"name": "lodash",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
}
],
"effects": [],
"range": "4.0.0 - 4.17.21",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"marked": {
"name": "marked",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095051,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
},
{
"source": 1095052,
"name": "marked",
"dependency": "marked",
"title": "Inefficient Regular Expression Complexity in marked",
"url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<4.0.10"
}
],
"effects": [
"rapidoc"
],
"range": "<=4.0.9",
"nodes": [
"node_modules/marked"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"jscodeshift"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/eslint-webpack-plugin/node_modules/micromatch",
"node_modules/fast-glob/node_modules/micromatch",
"node_modules/http-proxy-middleware/node_modules/micromatch",
"node_modules/micromatch",
"node_modules/stylelint-config-wikimedia/node_modules/micromatch",
"node_modules/stylelint/node_modules/micromatch"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
},
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"mocha"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": {
"name": "mocha",
"version": "11.7.5",
"isSemVerMajor": true
}
},
"minimist": {
"name": "minimist",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1097678,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.0.0 <1.2.6"
}
],
"effects": [],
"range": "1.0.0 - 1.2.5",
"nodes": [
"node_modules/minimist"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"diff",
"js-yaml",
"minimatch",
"nanoid",
"serialize-javascript",
"serialize-javascript"
],
"effects": [
"@vue/cli-plugin-unit-mocha"
],
"range": "5.1.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/@vue/cli-plugin-unit-mocha/node_modules/mocha",
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "11.7.5",
"isSemVerMajor": true
}
},
"moment": {
"name": "moment",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109571,
"name": "moment",
"dependency": "moment",
"title": "Path Traversal: 'dir/../../filename' in moment.locale",
"url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-27"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<2.29.2"
},
{
"source": 1109572,
"name": "moment",
"dependency": "moment",
"title": "Moment.js vulnerable to Inefficient Regular Expression Complexity",
"url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.18.0 <2.29.4"
}
],
"effects": [],
"range": "<=2.29.3",
"nodes": [
"node_modules/moment"
],
"fixAvailable": true
},
"multicast-dns": {
"name": "multicast-dns",
"severity": "high",
"isDirect": false,
"via": [
"dns-packet"
],
"effects": [
"bonjour"
],
"range": "6.0.0 - 7.2.2",
"nodes": [
"node_modules/multicast-dns"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
},
{
"source": 1109578,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"cwe": [
"CWE-200",
"CWE-704"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha",
"shortid"
],
"range": "<=3.3.7",
"nodes": [
"node_modules/@vue/cli-plugin-unit-mocha/node_modules/nanoid",
"node_modules/nanoid",
"node_modules/postcss/node_modules/nanoid",
"node_modules/shortid/node_modules/nanoid"
],
"fixAvailable": {
"name": "mocha",
"version": "11.7.5",
"isSemVerMajor": true
}
},
"node-forge": {
"name": "node-forge",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088746,
"name": "node-forge",
"dependency": "node-forge",
"title": "Improper Verification of Cryptographic Signature in `node-forge`",
"url": "https://github.com/advisories/GHSA-2r2c-g63r-vccr",
"severity": "moderate",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<1.3.0"
},
{
"source": 1102321,
"name": "node-forge",
"dependency": "node-forge",
"title": "Improper Verification of Cryptographic Signature in node-forge",
"url": "https://github.com/advisories/GHSA-x4jg-mjrx-434g",
"severity": "high",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<1.3.0"
},
{
"source": 1102322,
"name": "node-forge",
"dependency": "node-forge",
"title": "Improper Verification of Cryptographic Signature in node-forge",
"url": "https://github.com/advisories/GHSA-cfm4-qjh2-4765",
"severity": "high",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<1.3.0"
},
{
"source": 1110996,
"name": "node-forge",
"dependency": "node-forge",
"title": "node-forge has ASN.1 Unbounded Recursion",
"url": "https://github.com/advisories/GHSA-554w-wpv2-vw27",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<1.3.2"
},
{
"source": 1110998,
"name": "node-forge",
"dependency": "node-forge",
"title": "node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization",
"url": "https://github.com/advisories/GHSA-5gfm-wpxj-wjgq",
"severity": "high",
"cwe": [
"CWE-436"
],
"cvss": {
"score": 8.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"
},
"range": "<1.3.2"
},
{
"source": 1111068,
"name": "node-forge",
"dependency": "node-forge",
"title": "node-forge is vulnerable to ASN.1 OID Integer Truncation",
"url": "https://github.com/advisories/GHSA-65ch-62r8-g69g",
"severity": "moderate",
"cwe": [
"CWE-190"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<1.3.2"
}
],
"effects": [],
"range": "<=1.3.1",
"nodes": [
"node_modules/node-forge"
],
"fixAvailable": true
},
"on-headers": {
"name": "on-headers",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1106812,
"name": "on-headers",
"dependency": "on-headers",
"title": "on-headers is vulnerable to http response header manipulation",
"url": "https://github.com/advisories/GHSA-76c9-3jph-rj3q",
"severity": "low",
"cwe": [
"CWE-241"
],
"cvss": {
"score": 3.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<1.1.0"
}
],
"effects": [
"compression"
],
"range": "<1.1.0",
"nodes": [
"node_modules/on-headers"
],
"fixAvailable": true
},
"parse-git-config": {
"name": "parse-git-config",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1103364,
"name": "parse-git-config",
"dependency": "parse-git-config",
"title": "Prototype Pollution Vulnerability in parse-git-config",
"url": "https://github.com/advisories/GHSA-8g77-54rh-46hx",
"severity": "high",
"cwe": [
"CWE-200",
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=3.0.0"
}
],
"effects": [
"@vue/cli-ui"
],
"range": "*",
"nodes": [
"node_modules/parse-git-config"
],
"fixAvailable": true
},
"path-to-regexp": {
"name": "path-to-regexp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101849,
"name": "path-to-regexp",
"dependency": "path-to-regexp",
"title": "path-to-regexp outputs backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=0.2.0 <1.9.0"
},
{
"source": 1101850,
"name": "path-to-regexp",
"dependency": "path-to-regexp",
"title": "path-to-regexp outputs backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.1.10"
},
{
"source": 1105199,
"name": "path-to-regexp",
"dependency": "path-to-regexp",
"title": "path-to-regexp contains a ReDoS",
"url": "https://github.com/advisories/GHSA-rhx6-c78j-4q9w",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.1.12"
}
],
"effects": [
"express"
],
"range": "<=0.1.11 || 0.2.0 - 1.8.0",
"nodes": [
"node_modules/nise/node_modules/path-to-regexp",
"node_modules/path-to-regexp"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109574,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@vue/component-compiler-utils"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@vue/component-compiler-utils/node_modules/postcss",
"node_modules/postcss"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"prismjs": {
"name": "prismjs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090424,
"name": "prismjs",
"dependency": "prismjs",
"title": "Cross-site Scripting in Prism",
"url": "https://github.com/advisories/GHSA-3949-f494-cm99",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"
},
"range": ">=1.14.0 <1.27.0"
},
{
"source": 1105770,
"name": "prismjs",
"dependency": "prismjs",
"title": "PrismJS DOM Clobbering vulnerability",
"url": "https://github.com/advisories/GHSA-x7hr-w5r2-h6wg",
"severity": "moderate",
"cwe": [
"CWE-79",
"CWE-94"
],
"cvss": {
"score": 4.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"
},
"range": "<1.30.0"
}
],
"effects": [],
"range": "<=1.29.0",
"nodes": [
"node_modules/prismjs"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113132,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.14.1"
},
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
}
],
"effects": [
"body-parser",
"express"
],
"range": "<=6.14.1",
"nodes": [
"node_modules/qs",
"node_modules/swagger-client/node_modules/qs"
],
"fixAvailable": true
},
"rapidoc": {
"name": "rapidoc",
"severity": "high",
"isDirect": true,
"via": [
"marked"
],
"effects": [],
"range": "<=9.1.3 || 9.1.5",
"nodes": [
"node_modules/rapidoc"
],
"fixAvailable": true
},
"rewire": {
"name": "rewire",
"severity": "low",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"@wikimedia/jsonschema-tools"
],
"range": "4.0.0 - 5.0.0",
"nodes": [
"node_modules/rewire"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"rss-parser": {
"name": "rss-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"xml2js"
],
"effects": [],
"range": "<=3.12.0",
"nodes": [
"node_modules/rss-parser"
],
"fixAvailable": true
},
"semver": {
"name": "semver",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112918,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0-alpha <5.7.2"
},
{
"source": 1112921,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1112922,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.3.1"
}
],
"effects": [
"core-js-compat",
"eslint-plugin-compat"
],
"range": "2.0.0-alpha - 5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1",
"nodes": [
"node_modules/@babel/register/node_modules/semver",
"node_modules/@intlify/eslint-plugin-vue-i18n/node_modules/semver",
"node_modules/@vue/cli-plugin-babel/node_modules/semver",
"node_modules/@vue/cli-shared-utils/node_modules/semver",
"node_modules/core-js-compat/node_modules/semver",
"node_modules/cross-spawn/node_modules/semver",
"node_modules/css-loader/node_modules/semver",
"node_modules/editorconfig/node_modules/semver",
"node_modules/eslint-plugin-compat/node_modules/semver",
"node_modules/eslint-plugin-jsdoc/node_modules/semver",
"node_modules/eslint-plugin-unicorn/node_modules/semver",
"node_modules/eslint-plugin-vue/node_modules/semver",
"node_modules/find-cache-dir/node_modules/semver",
"node_modules/jsonc-eslint-parser/node_modules/semver",
"node_modules/meow/node_modules/semver",
"node_modules/node-notifier/node_modules/semver",
"node_modules/normalize-package-data/node_modules/semver",
"node_modules/postcss-loader/node_modules/semver",
"node_modules/semver",
"node_modules/stylelint-config-recommended-vue/node_modules/semver",
"node_modules/vue-cli-plugin-vuetify/node_modules/semver",
"node_modules/vue-eslint-parser/node_modules/semver"
],
"fixAvailable": true
},
"send": {
"name": "send",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109556,
"name": "send",
"dependency": "send",
"title": "send vulnerable to template injection that can lead to XSS",
"url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg",
"severity": "low",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<0.19.0"
}
],
"effects": [
"express",
"serve-static"
],
"range": "<0.19.0",
"nodes": [
"node_modules/send"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113197,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Cross-site Scripting (XSS) in serialize-javascript",
"url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
"range": ">=6.0.0 <6.0.2"
},
{
"source": 1113633,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/@vue/cli-plugin-unit-mocha/node_modules/serialize-javascript",
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "11.7.5",
"isSemVerMajor": true
}
},
"serve-static": {
"name": "serve-static",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1100528,
"name": "serve-static",
"dependency": "serve-static",
"title": "serve-static vulnerable to template injection that can lead to XSS",
"url": "https://github.com/advisories/GHSA-cm22-4g7w-348p",
"severity": "low",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<1.16.0"
},
"send"
],
"effects": [],
"range": "<=1.16.0",
"nodes": [
"node_modules/serve-static"
],
"fixAvailable": true
},
"sha.js": {
"name": "sha.js",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109535,
"name": "sha.js",
"dependency": "sha.js",
"title": "sha.js is missing type checks leading to hash rewind and passing on crafted data",
"url": "https://github.com/advisories/GHSA-95m3-7q98-8xr5",
"severity": "critical",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<=2.4.11"
}
],
"effects": [],
"range": "<=2.4.11",
"nodes": [
"node_modules/sha.js"
],
"fixAvailable": true
},
"shelljs": {
"name": "shelljs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088208,
"name": "shelljs",
"dependency": "shelljs",
"title": "Improper Privilege Management in shelljs",
"url": "https://github.com/advisories/GHSA-64g7-mvw6-v9qj",
"severity": "moderate",
"cwe": [
"CWE-269"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.8.5"
},
{
"source": 1095126,
"name": "shelljs",
"dependency": "shelljs",
"title": "Improper Privilege Management in shelljs",
"url": "https://github.com/advisories/GHSA-4rq4-32rv-6wp6",
"severity": "high",
"cwe": [
"CWE-269"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
},
"range": "<0.8.5"
}
],
"effects": [],
"range": "<=0.8.4",
"nodes": [
"node_modules/shelljs"
],
"fixAvailable": true
},
"shortid": {
"name": "shortid",
"severity": "moderate",
"isDirect": false,
"via": [
"nanoid"
],
"effects": [],
"range": "2.2.9 - 2.2.16",
"nodes": [
"node_modules/shortid"
],
"fixAvailable": true
},
"swagger-client": {
"name": "swagger-client",
"severity": "low",
"isDirect": true,
"via": [
"cookie"
],
"effects": [],
"range": "3.3.0 - 3.29.3",
"nodes": [
"node_modules/swagger-client"
],
"fixAvailable": true
},
"terser": {
"name": "terser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091690,
"name": "terser",
"dependency": "terser",
"title": "Terser insecure use of regular expressions leads to ReDoS",
"url": "https://github.com/advisories/GHSA-4wf5-vphf-c2xc",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.14.2"
}
],
"effects": [],
"range": "5.0.0 - 5.14.1",
"nodes": [
"node_modules/terser"
],
"fixAvailable": true
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"external-editor"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": {
"name": "@wikimedia/jsonschema-tools",
"version": "0.10.2",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": true
},
"vue": {
"name": "vue",
"severity": "low",
"isDirect": true,
"via": [
{
"source": 1100238,
"name": "vue",
"dependency": "vue",
"title": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function",
"url": "https://github.com/advisories/GHSA-5j4c-8p2g-v4jx",
"severity": "low",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0-alpha.1 <3.0.0-alpha.0"
}
],
"effects": [
"@casl/vue",
"@vue/cli",
"@vue/test-utils",
"vue-async-computed",
"vue-frag",
"vuetify",
"vuex"
],
"range": "2.0.0-alpha.1 - 2.7.16",
"nodes": [
"node_modules/vue"
],
"fixAvailable": {
"name": "vue",
"version": "3.5.29",
"isSemVerMajor": true
}
},
"vue-async-computed": {
"name": "vue-async-computed",
"severity": "low",
"isDirect": true,
"via": [
"vue"
],
"effects": [],
"range": "2.0.0-rc.1 - 4.0.0-mixin.0",
"nodes": [
"node_modules/vue-async-computed"
],
"fixAvailable": {
"name": "vue-async-computed",
"version": "4.0.1",
"isSemVerMajor": true
}
},
"vue-codemod": {
"name": "vue-codemod",
"severity": "moderate",
"isDirect": false,
"via": [
"inquirer",
"jscodeshift"
],
"effects": [
"@vue/cli"
],
"range": "*",
"nodes": [
"node_modules/vue-codemod"
],
"fixAvailable": {
"name": "@vue/cli",
"version": "4.2.2",
"isSemVerMajor": true
}
},
"vue-frag": {
"name": "vue-frag",
"severity": "low",
"isDirect": true,
"via": [
"vue"
],
"effects": [],
"range": ">=1.3.1",
"nodes": [
"node_modules/vue-frag"
],
"fixAvailable": {
"name": "vue-frag",
"version": "1.3.0",
"isSemVerMajor": true
}
},
"vue-loader": {
"name": "vue-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"@vue/component-compiler-utils"
],
"effects": [
"@vue/cli-service"
],
"range": "15.0.0-beta.1 - 15.11.1",
"nodes": [
"node_modules/@vue/vue-loader-v15"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"vue-template-compiler": {
"name": "vue-template-compiler",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1111772,
"name": "vue-template-compiler",
"dependency": "vue-template-compiler",
"title": "vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)",
"url": "https://github.com/advisories/GHSA-g3ch-rx76-35fx",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 4.2,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
"range": ">=2.0.0 <3.0.0"
}
],
"effects": [
"@vue/cli-service",
"vuetify-loader"
],
"range": ">=2.0.0",
"nodes": [
"node_modules/vue-template-compiler"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
},
"vuetify": {
"name": "vuetify",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1089240,
"name": "vuetify",
"dependency": "vuetify",
"title": "Vuetify Cross-site Scripting vulnerability",
"url": "https://github.com/advisories/GHSA-q4q5-c5cv-2p68",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=2.0.0-beta.4 <2.6.10"
},
{
"source": 1111465,
"name": "vuetify",
"dependency": "vuetify",
"title": "Vuetify has a Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-3jp5-5f8r-q2wg",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 8.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"
},
"range": ">=2.2.0-beta.2 <3.0.0-alpha.10"
},
{
"source": 1111466,
"name": "vuetify",
"dependency": "vuetify",
"title": "Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component",
"url": "https://github.com/advisories/GHSA-9w3x-85mw-4fwm",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
},
"range": ">=2.0.0 <3.0.0"
},
"vue"
],
"effects": [],
"range": "<=0.2.0 || 0.8.8 - 0.14.2 || 0.16.7 - 3.0.0-beta.15",
"nodes": [
"node_modules/vuetify"
],
"fixAvailable": true
},
"vuetify-loader": {
"name": "vuetify-loader",
"severity": "moderate",
"isDirect": true,
"via": [
"vue-template-compiler"
],
"effects": [],
"range": "1.0.0 - 1.8.0",
"nodes": [
"node_modules/vuetify-loader"
],
"fixAvailable": true
},
"vuex": {
"name": "vuex",
"severity": "low",
"isDirect": true,
"via": [
"vue"
],
"effects": [],
"range": "3.1.3 - 3.6.2",
"nodes": [
"node_modules/vuex"
],
"fixAvailable": {
"name": "vuex",
"version": "4.1.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1094471,
"name": "webpack",
"dependency": "webpack",
"title": "Cross-realm object access in Webpack 5",
"url": "https://github.com/advisories/GHSA-hc6q-2mpp-qw7j",
"severity": "critical",
"cwe": [],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=5.0.0 <5.76.0"
},
{
"source": 1099351,
"name": "webpack",
"dependency": "webpack",
"title": "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS",
"url": "https://github.com/advisories/GHSA-4vvj-4cpr-p986",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"
},
"range": ">=5.0.0-alpha.0 <5.94.0"
},
{
"source": 1113041,
"name": "webpack",
"dependency": "webpack",
"title": "webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior",
"url": "https://github.com/advisories/GHSA-8fgc-7cc6-rx7x",
"severity": "low",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=5.49.0 <=5.104.0"
},
{
"source": 1113042,
"name": "webpack",
"dependency": "webpack",
"title": "webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence",
"url": "https://github.com/advisories/GHSA-38r7-794h-5758",
"severity": "low",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=5.49.0 <5.104.0"
}
],
"effects": [],
"range": "5.0.0-alpha.0 - 5.104.0",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": true
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": true
},
"webpack-dev-server": {
"name": "webpack-dev-server",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1108429,
"name": "webpack-dev-server",
"dependency": "webpack-dev-server",
"title": "webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser",
"url": "https://github.com/advisories/GHSA-9jgg-88mc-972h",
"severity": "moderate",
"cwe": [
"CWE-346"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": "<=5.2.0"
},
{
"source": 1108430,
"name": "webpack-dev-server",
"dependency": "webpack-dev-server",
"title": "webpack-dev-server users' source code may be stolen when they access a malicious web site",
"url": "https://github.com/advisories/GHSA-4v9v-hfq4-rm2v",
"severity": "moderate",
"cwe": [
"CWE-749"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": "<=5.2.0"
}
],
"effects": [],
"range": "<=5.2.0",
"nodes": [
"node_modules/webpack-dev-server"
],
"fixAvailable": true
},
"word-wrap": {
"name": "word-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1102444,
"name": "word-wrap",
"dependency": "word-wrap",
"title": "word-wrap vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.2.4"
}
],
"effects": [],
"range": "<1.2.4",
"nodes": [
"node_modules/word-wrap"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
},
{
"source": 1098393,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.10"
}
],
"effects": [],
"range": "7.0.0 - 7.5.9 || 8.0.0 - 8.17.0",
"nodes": [
"node_modules/subscriptions-transport-ws/node_modules/ws",
"node_modules/webpack-bundle-analyzer/node_modules/ws",
"node_modules/ws"
],
"fixAvailable": true
},
"xml2js": {
"name": "xml2js",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096693,
"name": "xml2js",
"dependency": "xml2js",
"title": "xml2js is vulnerable to prototype pollution",
"url": "https://github.com/advisories/GHSA-776f-qx25-q3cc",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<0.5.0"
}
],
"effects": [
"rss-parser"
],
"range": "<0.5.0",
"nodes": [
"node_modules/xml2js"
],
"fixAvailable": true
},
"yorkie": {
"name": "yorkie",
"severity": "high",
"isDirect": false,
"via": [
"execa"
],
"effects": [
"@vue/cli-plugin-eslint"
],
"range": "*",
"nodes": [
"node_modules/yorkie"
],
"fixAvailable": {
"name": "@vue/cli-plugin-eslint",
"version": "3.12.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 18,
"moderate": 30,
"high": 50,
"critical": 12,
"total": 110
},
"dependencies": {
"prod": 68,
"dev": 2087,
"optional": 3,
"peer": 3,
"peerOptional": 0,
"total": 2154
}
}
}
--- end ---
Upgrading n:eslint from ^8.10.0 -> 8.57.0
Upgrading n:eslint-config-wikimedia from ^0.22.1 -> 0.32.3
Upgrading n:grunt-banana-checker from 0.10.0 -> 0.13.0
Upgrading n:stylelint from ^14.5.3 -> 16.12.0
Upgrading n:stylelint-config-wikimedia from ^0.12.2 -> 0.18.0
Upgrading n:@vue/test-utils from ^1.3.0 -> 2.4.6
$ /usr/bin/npm install
--- stderr ---
npm WARN ERESOLVE overriding peer dependency
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated apollo-tracing@0.15.0: The `apollo-tracing` package is no longer part of Apollo Server 3. See https://www.apollographql.com/docs/apollo-server/migration/#tracing for details
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated graphql-extensions@0.15.0: The `graphql-extensions` API has been removed from Apollo Server 3. Use the plugin API instead: https://www.apollographql.com/docs/apollo-server/integrations/plugins/
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated apollo-cache-control@0.14.0: The functionality provided by the `apollo-cache-control` package is built in to `apollo-server-core` starting with Apollo Server 3. See https://www.apollographql.com/docs/apollo-server/migration/#cachecontrol for details.
npm WARN deprecated subscriptions-transport-ws@0.9.19: The `subscriptions-transport-ws` package is no longer maintained. We recommend you use `graphql-ws` instead. For help migrating Apollo software to `graphql-ws`, see https://www.apollographql.com/docs/apollo-server/data/subscriptions/#switching-from-subscriptions-transport-ws For general help using `graphql-ws`, see https://github.com/enisdenjo/graphql-ws/blob/master/README.md
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated graphql-tools@4.0.8: This package has been deprecated and now it only exports makeExecutableSchema.\nAnd it will no longer receive updates.\nWe recommend you to migrate to scoped packages such as @graphql-tools/schema, @graphql-tools/utils and etc.\nCheck out https://www.graphql-tools.com to learn what package you should use instead
npm WARN deprecated eslint@8.57.0: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.4 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 2275 packages, and audited 2276 packages in 51s
250 packages are looking for funding
run `npm fund` for details
106 vulnerabilities (18 low, 28 moderate, 48 high, 12 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(
ESLint: 8.57.0
ESLint couldn't find the config "wikimedia/client-es6" to extend from. Please check that the name of the config is correct.
The config "wikimedia/client-es6" was referenced from the config file in "/src/repo/package.json".
If you still have problems, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---
--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(
ESLint: 8.57.0
ESLint couldn't find the config "wikimedia/client-es6" to extend from. Please check that the name of the config is correct.
The config "wikimedia/client-es6" was referenced from the config file in "/src/repo/package.json".
If you still have problems, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1268, in main
libup.run()
~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1202, in run
self.npm_upgrade(plan)
~~~~~~~~~~~~~~~~^^^^^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1061, in npm_upgrade
hook(update)
~~~~^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1076, in _handle_eslint
ESLintHandler(self.ctx).handle(update)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/handlers/eslint.py", line 312, in handle
self.do_handle()
~~~~~~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/handlers/eslint.py", line 251, in do_handle
errors = json.loads(
self.check_call(
eslint_binary + files + ["-f", "json"], ignore_returncode=True
)
)
File "/usr/lib/python3.13/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
~~~~~~~~~~~~~~~~~~~~~~~^^^
File "/usr/lib/python3.13/json/decoder.py", line 345, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/json/decoder.py", line 363, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)