This run took 127 seconds.
From 0e6c7668811b9a3c97f3a4423b8ddf1b8b7302ac Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 9 Mar 2026 23:24:06 +0000
Subject: [PATCH] build: Updating dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
composer:
* mediawiki/mediawiki-codesniffer: 49.0.0 → 50.0.0
npm:
* svgo: 3.2.0 → 3.3.3
* basic-ftp: 5.0.5 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* fast-xml-parser: 5.3.7 → 5.4.2
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
* minimatch: 3.1.2, 5.1.6, 9.0.5 → 3.1.5, 5.1.9, 9.0.9
* https://github.com/advisories/GHSA-23c5-xmqv-rm74
* https://github.com/advisories/GHSA-3ppc-4f35-3m26
* https://github.com/advisories/GHSA-7r86-cg39-jmmj
* underscore: 1.13.7 → 1.13.8
* https://github.com/advisories/GHSA-qpx9-hpmf-5gmw
Change-Id: Ia626b11e744ddb23dfae90674d44eb0f83bf0087
---
composer.json | 2 +-
package-lock.json | 139 ++++++++++++++++++++++++----------------------
package.json | 2 +-
3 files changed, 75 insertions(+), 68 deletions(-)
diff --git a/composer.json b/composer.json
index 3638d22..1a5410c 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
{
"require-dev": {
- "mediawiki/mediawiki-codesniffer": "49.0.0",
+ "mediawiki/mediawiki-codesniffer": "50.0.0",
"mediawiki/mediawiki-phan-config": "0.18.0",
"mediawiki/minus-x": "2.0.1",
"php-parallel-lint/php-console-highlighter": "1.0.0",
diff --git a/package-lock.json b/package-lock.json
index 13dd3c0..09a8b30 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -21,7 +21,7 @@
"jsdoc-wmf-theme": "1.2.0",
"pre-commit": "1.2.2",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.2.0",
+ "svgo": "3.3.3",
"wdio-mediawiki": "6.3.0"
}
},
@@ -736,12 +736,12 @@
}
},
"node_modules/@cucumber/cucumber/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3050,16 +3050,6 @@
"integrity": "sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA==",
"dev": true
},
- "node_modules/@trysound/sax": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
- "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
- "dev": true,
- "license": "ISC",
- "engines": {
- "node": ">=10.13.0"
- }
- },
"node_modules/@types/babel__core": {
"version": "7.20.5",
"resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
@@ -3449,12 +3439,12 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3892,12 +3882,12 @@
}
},
"node_modules/@wdio/config/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3966,12 +3956,12 @@
}
},
"node_modules/@wdio/cucumber-framework/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -4621,12 +4611,12 @@
}
},
"node_modules/archiver-utils/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -5007,9 +4997,9 @@
}
},
"node_modules/basic-ftp": {
- "version": "5.0.5",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz",
- "integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -8152,10 +8142,22 @@
],
"license": "BSD-3-Clause"
},
+ "node_modules/fast-xml-builder": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.0.0.tgz",
+ "integrity": "sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ]
+ },
"node_modules/fast-xml-parser": {
- "version": "5.3.7",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.7.tgz",
- "integrity": "sha512-JzVLro9NQv92pOM/jTCR6mHlJh2FGwtomH8ZQjhFj/R29P2Fnj38OgPJVtcvYw6SuKClhgYuwUZf5b3rd8u2mA==",
+ "version": "5.4.2",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.4.2.tgz",
+ "integrity": "sha512-pw/6pIl4k0CSpElPEJhDppLzaixDEuWui2CUQQBH/ECDf7+y6YwA4Gf7Tyb0Rfe4DIMuZipYj4AEL0nACKglvQ==",
"dev": true,
"funding": [
{
@@ -8164,6 +8166,7 @@
}
],
"dependencies": {
+ "fast-xml-builder": "^1.0.0",
"strnum": "^2.1.2"
},
"bin": {
@@ -8287,9 +8290,9 @@
}
},
"node_modules/filelist/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -8682,11 +8685,10 @@
}
},
"node_modules/glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -11933,10 +11935,9 @@
}
},
"node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
- "license": "ISC",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -12030,11 +12031,10 @@
}
},
"node_modules/mocha/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -13403,9 +13403,9 @@
}
},
"node_modules/readdir-glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -13825,6 +13825,15 @@
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
"license": "MIT"
},
+ "node_modules/sax": {
+ "version": "1.5.0",
+ "resolved": "https://registry.npmjs.org/sax/-/sax-1.5.0.tgz",
+ "integrity": "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==",
+ "dev": true,
+ "engines": {
+ "node": ">=11.0.0"
+ }
+ },
"node_modules/saxes": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz",
@@ -14704,19 +14713,18 @@
"dev": true
},
"node_modules/svgo": {
- "version": "3.2.0",
- "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.2.0.tgz",
- "integrity": "sha512-4PP6CMW/V7l/GmKRKzsLR8xxjdHTV4IMvhTnpuHwwBazSIlw5W/5SmPjN8Dwyt7lKbSJrRDgp4t9ph0HgChFBQ==",
+ "version": "3.3.3",
+ "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.3.tgz",
+ "integrity": "sha512-+wn7I4p7YgJhHs38k2TNjy1vCfPIfLIJWR5MnCStsN8WuuTcBnRKcMHQLMM2ijxGZmDoZwNv8ipl5aTTen62ng==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@trysound/sax": "0.2.0",
"commander": "^7.2.0",
"css-select": "^5.1.0",
"css-tree": "^2.3.1",
"css-what": "^6.1.0",
"csso": "^5.0.5",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.0.0",
+ "sax": "^1.5.0"
},
"bin": {
"svgo": "bin/svgo"
@@ -15209,11 +15217,10 @@
"license": "MIT"
},
"node_modules/underscore": {
- "version": "1.13.7",
- "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.7.tgz",
- "integrity": "sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==",
- "dev": true,
- "license": "MIT"
+ "version": "1.13.8",
+ "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.8.tgz",
+ "integrity": "sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==",
+ "dev": true
},
"node_modules/undici": {
"version": "6.23.0",
diff --git a/package.json b/package.json
index 451d5ff..265ffbf 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
"jsdoc-wmf-theme": "1.2.0",
"pre-commit": "1.2.2",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.2.0",
+ "svgo": "3.3.3",
"wdio-mediawiki": "6.3.0"
},
"dependencies": {
--
2.47.3
$ date
--- stdout ---
Mon Mar 9 23:22:25 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-skins-MinervaNeue.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
67b824a9ddd20f3c8d3a5da90dea7f95c7150cfe refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@cucumber/cucumber": {
"name": "@cucumber/cucumber",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [],
"range": "10.3.2 - 11.2.0",
"nodes": [
"node_modules/@cucumber/cucumber"
],
"fixAvailable": true
},
"@jest/core": {
"name": "@jest/core",
"severity": "low",
"isDirect": false,
"via": [
"jest-config",
"jest-runner"
],
"effects": [
"jest",
"jest-cli"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
}
],
"effects": [],
"range": "5.0.0 - 5.3.7",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "low",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-cli": {
"name": "jest-cli",
"severity": "low",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [
"jest"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-config": {
"name": "jest-config",
"severity": "low",
"isDirect": false,
"via": [
"jest-environment-jsdom",
"jest-runner"
],
"effects": [
"@jest/core",
"jest-cli"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-runner": {
"name": "jest-runner",
"severity": "low",
"isDirect": false,
"via": [
"jest-environment-jsdom"
],
"effects": [
"@jest/core",
"jest-config"
],
"range": "27.0.4 - 27.5.1",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/minimatch",
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/@wdio/config/node_modules/minimatch",
"node_modules/@wdio/cucumber-framework/node_modules/minimatch",
"node_modules/archiver-utils/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/glob/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 12,
"moderate": 0,
"high": 8,
"critical": 1,
"total": 21
},
"dependencies": {
"prod": 410,
"dev": 834,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1244
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.6)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v49.0.0)
- Locking mediawiki/mediawiki-phan-config (0.18.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (8.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.5.2)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.6)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v7.4.7)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.6)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.1.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v49.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v8.0.6): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.7): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.1.6): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.6): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.5.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (8.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.18.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
27/36 [=====================>------] 75%
36/36 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
Upgrading c:mediawiki/mediawiki-codesniffer from 49.0.0 -> 50.0.0
$ /usr/bin/composer update
--- stderr ---
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 1 update, 0 removals
- Upgrading mediawiki/mediawiki-codesniffer (v49.0.0 => v50.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
- Upgrading mediawiki/mediawiki-codesniffer (v49.0.0 => v50.0.0): Extracting archive
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.
--- stdout ---
--- end ---
$ vendor/bin/phpcs --report=json
--- stdout ---
{"totals":{"errors":0,"warnings":0,"fixable":0},"files":{"\/src\/repo\/includes\/Menu\/PageActions\/EmptyOverflowBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/LanguagesHelper.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/PageActions\/IOverflowBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Hooks\/HookRunner.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Hooks\/SkinMinervaOptionsInitHook.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Permissions\/IMinervaPagePermissions.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/IMenuEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Main\/MainMenuDirector.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/PageActions\/UserNamespaceOverflowBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/PageActions\/PageActions.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/PageActions\/PageActionsDirector.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/LogInMenuEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Main\/IMainMenuBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/IProfileMenuEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Main\/AdvancedMainMenuBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/PageActions\/DefaultOverflowBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/AuthMenuEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/LanguageSelectorEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Group.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/ProfileMenuEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/User\/DefaultUserMenuBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/User\/IUserMenuBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/CompositeMenuEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Main\/DefaultMainMenuBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/SkinOptions.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/structure\/BundleSizeTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Main\/BuilderUtil.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/User\/UserMenuDirector.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/ServiceWiring.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/MobileFrontendHooks.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Hooks.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/User\/AdvancedUserMenuBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Skins\/FeaturesHelper.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Permissions\/MinervaPagePermissions.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/PageActions\/ToolbarBuilder.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Skins\/SkinUserPageHelper.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/unit\/menu\/User\/AdvancedUserMenuBuilderTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/LanguagesHelperTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Definitions.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/unit\/menu\/PageActions\/ToolbarBuilderTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/.phan\/config.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/skins\/FeaturesHelperTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/unit\/SkinOptionsTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Menu\/Entries\/SingleMenuEntry.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/menu\/GroupTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/unit\/menu\/Main\/DefaultMainMenuBuilderTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/permissions\/MinervaPagePermissionsTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/skins\/SkinUserPageHelperTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/skins\/SkinMinervaTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Skins\/SkinMinerva.php":{"errors":0,"warnings":0,"messages":[]}}}
--- end ---
$ /usr/bin/composer install
--- stderr ---
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Nothing to install, update or remove
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/composer test
--- stderr ---
> parallel-lint . --exclude vendor --exclude node_modules
> phpcs -sp --cache
> minus-x check .
--- stdout ---
PHP 8.4.18 | 10 parallel jobs
.................................................. 50/50 (100%)
Checked 50 files in 0.2 seconds
No syntax error found
.................................................. 50 / 50 (100%)
Time: 410ms; Memory: 34MB
MinusX
======
Processing /src/repo...
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
........
All good!
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@cucumber/cucumber": {
"name": "@cucumber/cucumber",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [],
"range": "10.3.2 - 11.2.0",
"nodes": [
"node_modules/@cucumber/cucumber"
],
"fixAvailable": true
},
"@jest/core": {
"name": "@jest/core",
"severity": "low",
"isDirect": false,
"via": [
"jest-config",
"jest-runner"
],
"effects": [
"jest",
"jest-cli"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
}
],
"effects": [],
"range": "5.0.0 - 5.3.7",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "low",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-cli": {
"name": "jest-cli",
"severity": "low",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [
"jest"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-config": {
"name": "jest-config",
"severity": "low",
"isDirect": false,
"via": [
"jest-environment-jsdom",
"jest-runner"
],
"effects": [
"@jest/core",
"jest-cli"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-runner": {
"name": "jest-runner",
"severity": "low",
"isDirect": false,
"via": [
"jest-environment-jsdom"
],
"effects": [
"@jest/core",
"jest-config"
],
"range": "27.0.4 - 27.5.1",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/minimatch",
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/@wdio/config/node_modules/minimatch",
"node_modules/@wdio/cucumber-framework/node_modules/minimatch",
"node_modules/archiver-utils/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/glob/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 12,
"moderate": 0,
"high": 8,
"critical": 1,
"total": 21
},
"dependencies": {
"prod": 410,
"dev": 834,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1244
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 1245,
"removed": 0,
"changed": 0,
"audited": 1246,
"funding": 219,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@cucumber/cucumber": {
"name": "@cucumber/cucumber",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [],
"range": "10.3.2 - 11.2.0",
"nodes": [
"node_modules/@cucumber/cucumber"
],
"fixAvailable": true
},
"@jest/core": {
"name": "@jest/core",
"severity": "low",
"isDirect": false,
"via": [
"jest-config",
"jest-runner"
],
"effects": [
"jest"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
""
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
}
],
"effects": [],
"range": "5.0.0 - 5.3.7",
"nodes": [
""
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "low",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-cli": {
"name": "jest-cli",
"severity": "low",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "low",
"isDirect": false,
"via": [
"jest-environment-jsdom",
"jest-runner"
],
"effects": [
"@jest/core",
"jest-cli"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jest-runner": {
"name": "jest-runner",
"severity": "low",
"isDirect": false,
"via": [
"jest-environment-jsdom"
],
"effects": [
"@jest/core",
"jest-config"
],
"range": "27.0.4 - 27.5.1",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest",
"version": "30.2.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
"",
"",
""
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": ">=1.1.0",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "1.0.10",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 12,
"moderate": 0,
"high": 8,
"critical": 1,
"total": 21
},
"dependencies": {
"prod": 410,
"dev": 835,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1245
}
}
}
}
--- end ---
{"added": 1245, "removed": 0, "changed": 0, "audited": 1246, "funding": 219, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@cucumber/cucumber": {"name": "@cucumber/cucumber", "severity": "low", "isDirect": false, "via": ["tmp"], "effects": [], "range": "10.3.2 - 11.2.0", "nodes": ["node_modules/@cucumber/cucumber"], "fixAvailable": true}, "@jest/core": {"name": "@jest/core", "severity": "low", "isDirect": false, "via": ["jest-config", "jest-runner"], "effects": ["jest"], "range": "27.0.1 - 27.5.1", "nodes": ["node_modules/@jest/core"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "@tootallnate/once": {"name": "@tootallnate/once", "severity": "low", "isDirect": false, "via": [{"source": 1113977, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.0.1"}], "effects": ["http-proxy-agent"], "range": "<3.0.1", "nodes": ["node_modules/@tootallnate/once"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["mocha"], "effects": [], "range": ">=6.1.19", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "basic-ftp": {"name": "basic-ftp", "severity": "critical", "isDirect": false, "via": [{"source": 1113518, "name": "basic-ftp", "dependency": "basic-ftp", "title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method", "url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c", "severity": "critical", "cwe": ["CWE-22"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": "<5.2.0"}], "effects": [], "range": "<5.2.0", "nodes": [""], "fixAvailable": true}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["pre-commit"], "range": "<6.0.6", "nodes": ["node_modules/pre-commit/node_modules/cross-spawn"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}, "fast-xml-parser": {"name": "fast-xml-parser", "severity": "low", "isDirect": false, "via": [{"source": 1114153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder", "url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3", "severity": "low", "cwe": ["CWE-120"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.3.8"}], "effects": [], "range": "5.0.0 - 5.3.7", "nodes": [""], "fixAvailable": true}, "http-proxy-agent": {"name": "http-proxy-agent", "severity": "low", "isDirect": false, "via": ["@tootallnate/once"], "effects": ["jsdom"], "range": "4.0.1 - 5.0.0", "nodes": ["node_modules/http-proxy-agent"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "jest": {"name": "jest", "severity": "low", "isDirect": true, "via": ["@jest/core", "jest-cli"], "effects": [], "range": "27.0.1 - 27.5.1", "nodes": ["node_modules/jest"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "jest-cli": {"name": "jest-cli", "severity": "low", "isDirect": false, "via": ["@jest/core", "jest-config"], "effects": [], "range": "27.0.1 - 27.5.1", "nodes": ["node_modules/jest-cli"], "fixAvailable": true}, "jest-config": {"name": "jest-config", "severity": "low", "isDirect": false, "via": ["jest-environment-jsdom", "jest-runner"], "effects": ["@jest/core", "jest-cli"], "range": "27.0.1 - 27.5.1", "nodes": ["node_modules/jest-config"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "jest-environment-jsdom": {"name": "jest-environment-jsdom", "severity": "low", "isDirect": false, "via": ["jsdom"], "effects": ["jest-config", "jest-runner"], "range": "27.0.1 - 30.0.0-rc.1", "nodes": ["node_modules/jest-environment-jsdom"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "jest-runner": {"name": "jest-runner", "severity": "low", "isDirect": false, "via": ["jest-environment-jsdom"], "effects": ["@jest/core", "jest-config"], "range": "27.0.4 - 27.5.1", "nodes": ["node_modules/jest-runner"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "low", "isDirect": false, "via": ["http-proxy-agent"], "effects": ["jest-environment-jsdom"], "range": "16.6.0 - 22.1.0", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jest", "version": "30.2.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113461, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.1.7"}, {"source": 1113465, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=9.0.0 <9.0.6"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113540, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113544, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, {"source": 1113548, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113552, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}], "effects": [], "range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6", "nodes": ["", "", "", "", "", "", "", "", "", ""], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "high", "isDirect": false, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.0.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "pre-commit": {"name": "pre-commit", "severity": "high", "isDirect": true, "via": ["cross-spawn"], "effects": [], "range": ">=1.1.0", "nodes": ["node_modules/pre-commit"], "fixAvailable": {"name": "pre-commit", "version": "1.0.10", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}], "effects": ["mocha"], "range": "<=7.0.2", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "svgo": {"name": "svgo", "severity": "high", "isDirect": true, "via": [{"source": 1114151, "name": "svgo", "dependency": "svgo", "title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)", "url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=3.0.0 <3.3.3"}], "effects": [], "range": "3.0.0 - 3.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "svgo", "version": "3.3.3", "isSemVerMajor": false}}, "tmp": {"name": "tmp", "severity": "low", "isDirect": false, "via": [{"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}], "effects": ["@cucumber/cucumber"], "range": "<=0.2.3", "nodes": ["node_modules/tmp"], "fixAvailable": true}, "underscore": {"name": "underscore", "severity": "high", "isDirect": false, "via": [{"source": 1113950, "name": "underscore", "dependency": "underscore", "title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack", "url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw", "severity": "high", "cwe": ["CWE-674", "CWE-770"], "cvss": {"score": 0, "vectorString": null}, "range": "<=1.13.7"}], "effects": [], "range": "<=1.13.7", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 12, "moderate": 0, "high": 8, "critical": 1, "total": 21}, "dependencies": {"prod": 410, "dev": 835, "optional": 37, "peer": 1, "peerOptional": 0, "total": 1245}}}}
{}
Upgrading n:svgo from 3.2.0 -> 3.3.3
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1220 packages, and audited 1221 packages in 23s
219 packages are looking for funding
run `npm fund` for details
# npm audit report
@tootallnate/once <3.0.1
@tootallnate/once vulnerable to Incorrect Control Flow Scoping - https://github.com/advisories/GHSA-vpq2-c234-7xj6
fix available via `npm audit fix --force`
Will install jest@30.2.0, which is a breaking change
node_modules/@tootallnate/once
http-proxy-agent 4.0.1 - 5.0.0
Depends on vulnerable versions of @tootallnate/once
node_modules/http-proxy-agent
jsdom 16.6.0 - 22.1.0
Depends on vulnerable versions of http-proxy-agent
node_modules/jsdom
jest-environment-jsdom 27.0.1 - 30.0.0-rc.1
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
jest-config 27.0.1 - 27.5.1
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-runner
node_modules/jest-config
@jest/core 27.0.1 - 27.5.1
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-runner
node_modules/@jest/core
jest 27.0.1 - 27.5.1
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-cli 27.0.1 - 27.5.1
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-config
node_modules/jest-cli
jest-runner 27.0.4 - 27.5.1
Depends on vulnerable versions of jest-environment-jsdom
node_modules/jest-runner
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install pre-commit@1.0.10, which is a breaking change
node_modules/pre-commit/node_modules/cross-spawn
pre-commit >=1.1.0
Depends on vulnerable versions of cross-spawn
node_modules/pre-commit
serialize-javascript <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@6.1.17, which is a breaking change
node_modules/serialize-javascript
mocha 8.0.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
@wdio/mocha-framework >=6.1.19
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
tmp <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
fix available via `npm audit fix`
node_modules/tmp
@cucumber/cucumber 10.3.2 - 11.2.0
Depends on vulnerable versions of tmp
node_modules/@cucumber/cucumber
16 vulnerabilities (11 low, 5 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1220 packages, and audited 1221 packages in 26s
219 packages are looking for funding
run `npm fund` for details
16 vulnerabilities (11 low, 5 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
skinStyles/mediawiki.diff.styles.less
337:4 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
456:2 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 111-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
skinStyles/mediawiki.special.changeslist.less
220:3 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 111-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
resources/skins.minerva.scripts/BottomDock.less
12:2 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/CSSCustomProperties.less
94:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/footer.less
76:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
116:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/header.less
112:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/icons.less
48:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
includes/Skins/ToggleList/ToggleList.less
13:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/print/styles.less
49:2 ⚠ Unexpected browser feature "css-paged-media" is not supported by Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3,15.4,15.5,15.6,16,16.1,16.2,16.3,16.4,16.5,16.6,17,17.1,17.2,17.3,17.4,17.5,17.6,18,18.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3,15.4,15.5,15.6-15.8,16,16.1,16.2,16.3,16.4,16.5,16.6-16.7,17,17.1,17.2,17.3,17.4,17.5,17.6-17.7,18,18.1, Android Browser 144 plugin/no-unsupported-browser-features
⚠ 11 problems (0 errors, 11 warnings)
The "se" translation has 1 translation with trailing whitespace:
* minerva-skin-desc
PASS tests/jest/skins.minerva.scripts/reportIfNightModeWasDisabledOnPage.test.js
Test Suites: 1 passed, 1 total
Tests: 6 passed, 6 total
Snapshots: 0 total
Time: 3.181 s
--- stdout ---
> test
> npm run lint && npm run doc && dev-scripts/svg_check.sh && npm run test:unit
> lint
> npm -s run lint:styles && npm -s run lint:js && npm -s run lint:i18n
/src/repo/resources/skins.minerva.search/searchTypeahead.js
74:1 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
/src/repo/tests/selenium/features/step_definitions/editor_steps.js
25:1 warning This line has a length of 104. Maximum allowed is 100 max-len
/src/repo/tests/selenium/features/step_definitions/reference_steps.js
27:1 warning This line has a length of 107. Maximum allowed is 100 max-len
✖ 3 problems (0 errors, 3 warnings)
Checked 1 message directory.
> doc
> jsdoc -c jsdoc.json
Checking compression: resources/skins.minerva.content.styles.images/error.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-ltr.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-rtl.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-point-of-view.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-medium.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg ... File resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg is not compressed.
Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-move.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-generic.svg ...
> test:unit
> jest --silent --passWithNoTests
-----------------------------------------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
-----------------------------------------------------|---------|----------|---------|---------|-------------------
All files | 2.49 | 4.41 | 1.7 | 2.51 |
resources | 0 | 100 | 100 | 0 |
mobile.startup.stub.js | 0 | 100 | 100 | 0 | 6
resources/skins.minerva.scripts | 3.48 | 6.03 | 2.35 | 3.5 |
AB.js | 0 | 100 | 0 | 0 | 1-80
TabScroll.js | 0 | 0 | 0 | 0 | 1-117
TitleUtil.js | 0 | 0 | 0 | 0 | 6-134
Toolbar.js | 0 | 0 | 0 | 0 | 2-78
UriUtil.js | 0 | 100 | 0 | 0 | 29-40
addPortletLink.js | 0 | 0 | 0 | 0 | 7-115
ctaDrawers.js | 0 | 0 | 0 | 0 | 1-87
downloadPageAction.js | 0 | 0 | 0 | 0 | 1-147
drawers.js | 0 | 0 | 0 | 0 | 1-48
initMobile.js | 0 | 0 | 0 | 0 | 5-409
menu.js | 0 | 100 | 0 | 0 | 1-19
mobileRedirect.js | 0 | 0 | 0 | 0 | 4-60
preInit.js | 0 | 0 | 0 | 0 | 1-24
references.js | 0 | 0 | 0 | 0 | 1-64
reportIfNightModeWasDisabledOnPage.js | 100 | 100 | 100 | 100 |
setup.js | 0 | 0 | 0 | 0 | 7-60
watchstar.js | 0 | 0 | 0 | 0 | 1-39
resources/skins.minerva.scripts/page-issues | 0 | 0 | 0 | 0 |
index.js | 0 | 0 | 0 | 0 | 6-191
parser.js | 0 | 0 | 0 | 0 | 20-219
resources/skins.minerva.scripts/page-issues/overlay | 0 | 0 | 0 | 0 |
IssueList.js | 0 | 0 | 0 | 0 | 2-17
IssueNotice.js | 0 | 100 | 0 | 0 | 2-16
pageIssuesOverlay.js | 0 | 0 | 0 | 0 | 1-50
resources/skins.minerva.scripts/page-issues/page | 0 | 0 | 0 | 0 |
PageIssueLearnMoreLink.js | 0 | 100 | 0 | 0 | 10-15
PageIssueLink.js | 0 | 100 | 0 | 0 | 10-13
pageIssueFormatter.js | 0 | 0 | 0 | 0 | 1-49
resources/skins.minerva.search | 0 | 0 | 0 | 0 |
init.js | 0 | 100 | 100 | 0 | 1-3
searchTypeahead.js | 0 | 0 | 0 | 0 | 1-99
-----------------------------------------------------|---------|----------|---------|---------|-------------------
--- end ---
{"1109537": {"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}}
{"1113518": {"source": 1113518, "name": "basic-ftp", "dependency": "basic-ftp", "title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method", "url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c", "severity": "critical", "cwe": ["CWE-22"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": "<5.2.0"}}
Upgrading n:basic-ftp from 5.0.5 -> 5.2.0
{"1114153": {"source": 1114153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder", "url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3", "severity": "low", "cwe": ["CWE-120"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.3.8"}}
Upgrading n:fast-xml-parser from 5.3.7 -> 5.4.2
{}
{"1113459": {"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, "1113461": {"source": 1113461, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.1.7"}, "1113465": {"source": 1113465, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=9.0.0 <9.0.6"}, "1113538": {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, "1113540": {"source": 1113540, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, "1113544": {"source": 1113544, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}, "1113546": {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, "1113548": {"source": 1113548, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, "1113552": {"source": 1113552, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}}
Upgrading n:minimatch from 3.1.2, 5.1.6, 9.0.5 -> 3.1.5, 5.1.9, 9.0.9
{"1109537": {"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}}
{"1113950": {"source": 1113950, "name": "underscore", "dependency": "underscore", "title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack", "url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw", "severity": "high", "cwe": ["CWE-674", "CWE-770"], "cvss": {"score": 0, "vectorString": null}, "range": "<=1.13.7"}}
Upgrading n:underscore from 1.13.7 -> 1.13.8
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 49.0.0 → 50.0.0
npm:
* svgo: 3.2.0 → 3.3.3
* basic-ftp: 5.0.5 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* fast-xml-parser: 5.3.7 → 5.4.2
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
* minimatch: 3.1.2, 5.1.6, 9.0.5 → 3.1.5, 5.1.9, 9.0.9
* https://github.com/advisories/GHSA-23c5-xmqv-rm74
* https://github.com/advisories/GHSA-3ppc-4f35-3m26
* https://github.com/advisories/GHSA-7r86-cg39-jmmj
* underscore: 1.13.7 → 1.13.8
* https://github.com/advisories/GHSA-qpx9-hpmf-5gmw
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpr628vf0k
--- stderr ---
skinStyles/mediawiki.diff.styles.less
337:4 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
456:2 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 111-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
skinStyles/mediawiki.special.changeslist.less
220:3 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 111-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
resources/skins.minerva.scripts/BottomDock.less
12:2 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/CSSCustomProperties.less
94:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/footer.less
76:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
116:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/header.less
112:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/icons.less
48:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
includes/Skins/ToggleList/ToggleList.less
13:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/print/styles.less
49:2 ⚠ Unexpected browser feature "css-paged-media" is not supported by Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3,15.4,15.5,15.6,16,16.1,16.2,16.3,16.4,16.5,16.6,17,17.1,17.2,17.3,17.4,17.5,17.6,18,18.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3,15.4,15.5,15.6-15.8,16,16.1,16.2,16.3,16.4,16.5,16.6-16.7,17,17.1,17.2,17.3,17.4,17.5,17.6-17.7,18,18.1, Android Browser 144 plugin/no-unsupported-browser-features
⚠ 11 problems (0 errors, 11 warnings)
/src/repo/resources/skins.minerva.search/searchTypeahead.js
74:1 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
/src/repo/tests/selenium/features/step_definitions/editor_steps.js
25:1 warning This line has a length of 104. Maximum allowed is 100 max-len
/src/repo/tests/selenium/features/step_definitions/reference_steps.js
27:1 warning This line has a length of 107. Maximum allowed is 100 max-len
✖ 3 problems (0 errors, 3 warnings)
The "se" translation has 1 translation with trailing whitespace:
* minerva-skin-desc
Checked 1 message directory.
Checking compression: resources/skins.minerva.content.styles.images/error.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-ltr.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-rtl.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-point-of-view.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-medium.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg ... File resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg is not compressed.
Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-move.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-generic.svg ... PASS tests/jest/skins.minerva.scripts/reportIfNightModeWasDisabledOnPage.test.js
-----------------------------------------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
-----------------------------------------------------|---------|----------|---------|---------|-------------------
All files | 2.49 | 4.41 | 1.7 | 2.51 |
resources | 0 | 100 | 100 | 0 |
mobile.startup.stub.js | 0 | 100 | 100 | 0 | 6
resources/skins.minerva.scripts | 3.48 | 6.03 | 2.35 | 3.5 |
AB.js | 0 | 100 | 0 | 0 | 1-80
TabScroll.js | 0 | 0 | 0 | 0 | 1-117
TitleUtil.js | 0 | 0 | 0 | 0 | 6-134
Toolbar.js | 0 | 0 | 0 | 0 | 2-78
UriUtil.js | 0 | 100 | 0 | 0 | 29-40
addPortletLink.js | 0 | 0 | 0 | 0 | 7-115
ctaDrawers.js | 0 | 0 | 0 | 0 | 1-87
downloadPageAction.js | 0 | 0 | 0 | 0 | 1-147
drawers.js | 0 | 0 | 0 | 0 | 1-48
initMobile.js | 0 | 0 | 0 | 0 | 5-409
menu.js | 0 | 100 | 0 | 0 | 1-19
mobileRedirect.js | 0 | 0 | 0 | 0 | 4-60
preInit.js | 0 | 0 | 0 | 0 | 1-24
references.js | 0 | 0 | 0 | 0 | 1-64
reportIfNightModeWasDisabledOnPage.js | 100 | 100 | 100 | 100 |
setup.js | 0 | 0 | 0 | 0 | 7-60
watchstar.js | 0 | 0 | 0 | 0 | 1-39
resources/skins.minerva.scripts/page-issues | 0 | 0 | 0 | 0 |
index.js | 0 | 0 | 0 | 0 | 6-191
parser.js | 0 | 0 | 0 | 0 | 20-219
resources/skins.minerva.scripts/page-issues/overlay | 0 | 0 | 0 | 0 |
IssueList.js | 0 | 0 | 0 | 0 | 2-17
IssueNotice.js | 0 | 100 | 0 | 0 | 2-16
pageIssuesOverlay.js | 0 | 0 | 0 | 0 | 1-50
resources/skins.minerva.scripts/page-issues/page | 0 | 0 | 0 | 0 |
PageIssueLearnMoreLink.js | 0 | 100 | 0 | 0 | 10-15
PageIssueLink.js | 0 | 100 | 0 | 0 | 10-13
pageIssueFormatter.js | 0 | 0 | 0 | 0 | 1-49
resources/skins.minerva.search | 0 | 0 | 0 | 0 |
init.js | 0 | 100 | 100 | 0 | 1-3
searchTypeahead.js | 0 | 0 | 0 | 0 | 1-99
-----------------------------------------------------|---------|----------|---------|---------|-------------------
Test Suites: 1 passed, 1 total
Tests: 6 passed, 6 total
Snapshots: 0 total
Time: 2.231 s
--- stdout ---
[master 0e6c766] build: Updating dependencies
3 files changed, 75 insertions(+), 68 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 0e6c7668811b9a3c97f3a4423b8ddf1b8b7302ac Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 9 Mar 2026 23:24:06 +0000
Subject: [PATCH] build: Updating dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
composer:
* mediawiki/mediawiki-codesniffer: 49.0.0 → 50.0.0
npm:
* svgo: 3.2.0 → 3.3.3
* basic-ftp: 5.0.5 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* fast-xml-parser: 5.3.7 → 5.4.2
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
* minimatch: 3.1.2, 5.1.6, 9.0.5 → 3.1.5, 5.1.9, 9.0.9
* https://github.com/advisories/GHSA-23c5-xmqv-rm74
* https://github.com/advisories/GHSA-3ppc-4f35-3m26
* https://github.com/advisories/GHSA-7r86-cg39-jmmj
* underscore: 1.13.7 → 1.13.8
* https://github.com/advisories/GHSA-qpx9-hpmf-5gmw
Change-Id: Ia626b11e744ddb23dfae90674d44eb0f83bf0087
---
composer.json | 2 +-
package-lock.json | 139 ++++++++++++++++++++++++----------------------
package.json | 2 +-
3 files changed, 75 insertions(+), 68 deletions(-)
diff --git a/composer.json b/composer.json
index 3638d22..1a5410c 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
{
"require-dev": {
- "mediawiki/mediawiki-codesniffer": "49.0.0",
+ "mediawiki/mediawiki-codesniffer": "50.0.0",
"mediawiki/mediawiki-phan-config": "0.18.0",
"mediawiki/minus-x": "2.0.1",
"php-parallel-lint/php-console-highlighter": "1.0.0",
diff --git a/package-lock.json b/package-lock.json
index 13dd3c0..09a8b30 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -21,7 +21,7 @@
"jsdoc-wmf-theme": "1.2.0",
"pre-commit": "1.2.2",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.2.0",
+ "svgo": "3.3.3",
"wdio-mediawiki": "6.3.0"
}
},
@@ -736,12 +736,12 @@
}
},
"node_modules/@cucumber/cucumber/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3050,16 +3050,6 @@
"integrity": "sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA==",
"dev": true
},
- "node_modules/@trysound/sax": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
- "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
- "dev": true,
- "license": "ISC",
- "engines": {
- "node": ">=10.13.0"
- }
- },
"node_modules/@types/babel__core": {
"version": "7.20.5",
"resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
@@ -3449,12 +3439,12 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3892,12 +3882,12 @@
}
},
"node_modules/@wdio/config/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3966,12 +3956,12 @@
}
},
"node_modules/@wdio/cucumber-framework/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -4621,12 +4611,12 @@
}
},
"node_modules/archiver-utils/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -5007,9 +4997,9 @@
}
},
"node_modules/basic-ftp": {
- "version": "5.0.5",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz",
- "integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -8152,10 +8142,22 @@
],
"license": "BSD-3-Clause"
},
+ "node_modules/fast-xml-builder": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.0.0.tgz",
+ "integrity": "sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ]
+ },
"node_modules/fast-xml-parser": {
- "version": "5.3.7",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.7.tgz",
- "integrity": "sha512-JzVLro9NQv92pOM/jTCR6mHlJh2FGwtomH8ZQjhFj/R29P2Fnj38OgPJVtcvYw6SuKClhgYuwUZf5b3rd8u2mA==",
+ "version": "5.4.2",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.4.2.tgz",
+ "integrity": "sha512-pw/6pIl4k0CSpElPEJhDppLzaixDEuWui2CUQQBH/ECDf7+y6YwA4Gf7Tyb0Rfe4DIMuZipYj4AEL0nACKglvQ==",
"dev": true,
"funding": [
{
@@ -8164,6 +8166,7 @@
}
],
"dependencies": {
+ "fast-xml-builder": "^1.0.0",
"strnum": "^2.1.2"
},
"bin": {
@@ -8287,9 +8290,9 @@
}
},
"node_modules/filelist/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -8682,11 +8685,10 @@
}
},
"node_modules/glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -11933,10 +11935,9 @@
}
},
"node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
- "license": "ISC",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -12030,11 +12031,10 @@
}
},
"node_modules/mocha/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -13403,9 +13403,9 @@
}
},
"node_modules/readdir-glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -13825,6 +13825,15 @@
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
"license": "MIT"
},
+ "node_modules/sax": {
+ "version": "1.5.0",
+ "resolved": "https://registry.npmjs.org/sax/-/sax-1.5.0.tgz",
+ "integrity": "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==",
+ "dev": true,
+ "engines": {
+ "node": ">=11.0.0"
+ }
+ },
"node_modules/saxes": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz",
@@ -14704,19 +14713,18 @@
"dev": true
},
"node_modules/svgo": {
- "version": "3.2.0",
- "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.2.0.tgz",
- "integrity": "sha512-4PP6CMW/V7l/GmKRKzsLR8xxjdHTV4IMvhTnpuHwwBazSIlw5W/5SmPjN8Dwyt7lKbSJrRDgp4t9ph0HgChFBQ==",
+ "version": "3.3.3",
+ "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.3.tgz",
+ "integrity": "sha512-+wn7I4p7YgJhHs38k2TNjy1vCfPIfLIJWR5MnCStsN8WuuTcBnRKcMHQLMM2ijxGZmDoZwNv8ipl5aTTen62ng==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@trysound/sax": "0.2.0",
"commander": "^7.2.0",
"css-select": "^5.1.0",
"css-tree": "^2.3.1",
"css-what": "^6.1.0",
"csso": "^5.0.5",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.0.0",
+ "sax": "^1.5.0"
},
"bin": {
"svgo": "bin/svgo"
@@ -15209,11 +15217,10 @@
"license": "MIT"
},
"node_modules/underscore": {
- "version": "1.13.7",
- "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.7.tgz",
- "integrity": "sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==",
- "dev": true,
- "license": "MIT"
+ "version": "1.13.8",
+ "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.8.tgz",
+ "integrity": "sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==",
+ "dev": true
},
"node_modules/undici": {
"version": "6.23.0",
diff --git a/package.json b/package.json
index 451d5ff..265ffbf 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
"jsdoc-wmf-theme": "1.2.0",
"pre-commit": "1.2.2",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.2.0",
+ "svgo": "3.3.3",
"wdio-mediawiki": "6.3.0"
},
"dependencies": {
--
2.47.3
--- end ---