This run took 160 seconds.
From 47aa8242715b336f27d2bf0cfff48bf53262e36a Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 27 Mar 2026 08:09:28 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.8.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: I06a38dd9fad9135563a15dad4f85b11aebbfe0bd
---
package-lock.json | 39 +++++++++++++++++++++------------------
1 file changed, 21 insertions(+), 18 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index dde9de8..e91cb16 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1952,9 +1952,9 @@
}
},
"node_modules/@stylistic/eslint-plugin/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -6735,9 +6735,9 @@
}
},
"node_modules/filelist": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz",
- "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==",
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.6.tgz",
+ "integrity": "sha512-5giy2PkLYY1cP39p17Ech+2xlpTRL9HLspOfEgm0L6CwBXBTgsK5ou0JtzYuepxkaQ/tvhCFIJ5uXo0OrM2DxA==",
"dev": true,
"dependencies": {
"minimatch": "^5.0.1"
@@ -8321,9 +8321,9 @@
}
},
"node_modules/jest-util/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -9977,9 +9977,9 @@
"license": "ISC"
},
"node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
"engines": {
"node": ">=8.6"
@@ -12061,9 +12061,9 @@
}
},
"node_modules/ts-declaration-location/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -12671,15 +12671,18 @@
}
},
"node_modules/yaml": {
- "version": "2.8.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz",
- "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},
"engines": {
"node": ">= 14.6"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/eemeli"
}
},
"node_modules/yaml-eslint-parser": {
--
2.47.3
$ date
--- stdout ---
Fri Mar 27 08:07:02 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-VisualEditor.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'lib/ve' (https://gerrit.wikimedia.org/r/VisualEditor/VisualEditor.git) registered for path 'lib/ve'
Cloning into '/src/repo/lib/ve'...
--- stdout ---
Submodule path 'lib/ve': checked out '5d8d5ecdb1f44faf5012cb24ae6417e475564c85'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
51c94bf32ce800df2c1b3c89022bb7c31e904074 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"@humanwhocodes/config-array": {
"name": "@humanwhocodes/config-array",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "*",
"nodes": [
"node_modules/@humanwhocodes/config-array"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"@jimp/core": {
"name": "@jimp/core",
"severity": "moderate",
"isDirect": false,
"via": [
"phin"
],
"effects": [
"@jimp/custom"
],
"range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/@jimp/core"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"@jimp/custom": {
"name": "@jimp/custom",
"severity": "moderate",
"isDirect": false,
"via": [
"@jimp/core"
],
"effects": [
"jimp"
],
"range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/@jimp/custom"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"@typescript-eslint/eslint-plugin": {
"name": "@typescript-eslint/eslint-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/type-utils",
"@typescript-eslint/utils",
"eslint"
],
"effects": [],
"range": "<=8.55.1-alpha.3",
"nodes": [
"node_modules/@typescript-eslint/eslint-plugin"
],
"fixAvailable": true
},
"@typescript-eslint/parser": {
"name": "@typescript-eslint/parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "1.1.1-alpha.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/parser"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@typescript-eslint/type-utils": {
"name": "@typescript-eslint/type-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"@typescript-eslint/utils",
"eslint"
],
"effects": [
"@typescript-eslint/eslint-plugin"
],
"range": "5.9.2-alpha.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/type-utils"
],
"fixAvailable": true
},
"@typescript-eslint/typescript-estree": {
"name": "@typescript-eslint/typescript-estree",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"@typescript-eslint/parser",
"@typescript-eslint/type-utils",
"@typescript-eslint/utils"
],
"range": "6.16.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@typescript-eslint/utils": {
"name": "@typescript-eslint/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"eslint"
],
"effects": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/type-utils"
],
"range": "<=8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/utils"
],
"fixAvailable": true
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"create-wdio",
"webdriverio"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": false
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"@wdio/cli",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": "*",
"nodes": [
"node_modules/@wdio/config"
],
"fixAvailable": false
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "*",
"nodes": [
"node_modules/@wdio/globals"
],
"fixAvailable": false
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": false
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "*",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": false
},
"archiver": {
"name": "archiver",
"severity": "moderate",
"isDirect": false,
"via": [
"archiver-utils",
"readdir-glob",
"zip-stream"
],
"effects": [
"webdriverio"
],
"range": ">=0.20.0",
"nodes": [
"node_modules/archiver"
],
"fixAvailable": false
},
"archiver-utils": {
"name": "archiver-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"archiver",
"zip-stream"
],
"range": ">=0.2.0",
"nodes": [
"node_modules/archiver-utils"
],
"fixAvailable": false
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/@wdio/config/node_modules/brace-expansion",
"node_modules/@wdio/mocha-framework/node_modules/brace-expansion",
"node_modules/archiver-utils/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/filelist/node_modules/brace-expansion",
"node_modules/mocha/node_modules/brace-expansion",
"node_modules/readdir-glob/node_modules/brace-expansion"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"create-wdio": {
"name": "create-wdio",
"severity": "moderate",
"isDirect": false,
"via": [
"ejs",
"recursive-readdir"
],
"effects": [
"@wdio/cli"
],
"range": ">=9.17.0",
"nodes": [
"node_modules/create-wdio"
],
"fixAvailable": false
},
"doiuse": {
"name": "doiuse",
"severity": "moderate",
"isDirect": false,
"via": [
"multimatch"
],
"effects": [
"stylelint-no-unsupported-browser-features"
],
"range": ">=2.2.0",
"nodes": [
"node_modules/doiuse"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"ejs": {
"name": "ejs",
"severity": "moderate",
"isDirect": false,
"via": [
"jake"
],
"effects": [],
"range": "3.1.2 - 4.0.1",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"file-entry-cache",
"minimatch"
],
"effects": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/parser",
"@typescript-eslint/type-utils",
"@typescript-eslint/utils",
"eslint-config-wikimedia",
"eslint-plugin-jsdoc",
"eslint-plugin-vue",
"grunt-eslint"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/parser",
"eslint",
"eslint-plugin-jsdoc",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.0.1",
"nodes": [
"node_modules/expect-webdriverio"
],
"fixAvailable": false
},
"file-entry-cache": {
"name": "file-entry-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"flat-cache"
],
"effects": [
"eslint"
],
"range": "4.0.0 - 7.0.2",
"nodes": [
"node_modules/file-entry-cache"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"filelist": {
"name": "filelist",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"jake"
],
"range": "0.0.5 - 1.0.6",
"nodes": [
"node_modules/filelist"
],
"fixAvailable": true
},
"flat-cache": {
"name": "flat-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"rimraf"
],
"effects": [
"file-entry-cache"
],
"range": "1.3.4 - 4.0.0",
"nodes": [
"node_modules/flat-cache"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"glob": {
"name": "glob",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"@wdio/config",
"archiver-utils",
"globule",
"grunt",
"mocha",
"rimraf"
],
"range": "4.3.0 - 10.5.0",
"nodes": [
"node_modules/@wdio/config/node_modules/glob",
"node_modules/@wdio/mocha-framework/node_modules/glob",
"node_modules/archiver-utils/node_modules/glob",
"node_modules/glob",
"node_modules/mocha/node_modules/glob"
],
"fixAvailable": false
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"glob",
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"glob",
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"jake": {
"name": "jake",
"severity": "moderate",
"isDirect": false,
"via": [
"filelist"
],
"effects": [
"ejs"
],
"range": "10.6.1 - 10.9.4",
"nodes": [
"node_modules/jake"
],
"fixAvailable": true
},
"jimp": {
"name": "jimp",
"severity": "moderate",
"isDirect": true,
"via": [
"@jimp/custom"
],
"effects": [],
"range": "0.3.6-alpha.5 - 0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/jimp"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"@typescript-eslint/typescript-estree",
"eslint",
"filelist",
"glob",
"globule",
"grunt",
"mocha",
"multimatch",
"readdir-glob",
"recursive-readdir"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/@wdio/config/node_modules/minimatch",
"node_modules/@wdio/mocha-framework/node_modules/minimatch",
"node_modules/archiver-utils/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/glob/node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"glob",
"minimatch",
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": ">=3.0.0-0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/mocha",
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"multimatch": {
"name": "multimatch",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"doiuse"
],
"range": "2.0.0 - 7.0.0",
"nodes": [
"node_modules/multimatch"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"phin": {
"name": "phin",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096967,
"name": "phin",
"dependency": "phin",
"title": "phin may include sensitive headers in subsequent requests after redirect",
"url": "https://github.com/advisories/GHSA-x565-32qp-m3vf",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
},
"range": "<3.7.1"
}
],
"effects": [
"@jimp/core"
],
"range": "<3.7.1",
"nodes": [
"node_modules/phin"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115382,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115384,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115394,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115396,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/@stylistic/eslint-plugin/node_modules/picomatch",
"node_modules/jest-util/node_modules/picomatch",
"node_modules/picomatch",
"node_modules/ts-declaration-location/node_modules/picomatch"
],
"fixAvailable": true
},
"readdir-glob": {
"name": "readdir-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"archiver"
],
"range": "<=2.0.3",
"nodes": [
"node_modules/readdir-glob"
],
"fixAvailable": false
},
"recursive-readdir": {
"name": "recursive-readdir",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"create-wdio"
],
"range": ">=2.1.0",
"nodes": [
"node_modules/recursive-readdir"
],
"fixAvailable": false
},
"rimraf": {
"name": "rimraf",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"flat-cache",
"selenium-webdriver"
],
"range": "2.3.0 - 3.0.2 || 4.2.0 - 5.0.10",
"nodes": [
"node_modules/rimraf",
"node_modules/selenium-webdriver/node_modules/rimraf"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"selenium-webdriver": {
"name": "selenium-webdriver",
"severity": "moderate",
"isDirect": true,
"via": [
"rimraf",
"tmp",
"xml2js"
],
"effects": [],
"range": "2.43.1 - 4.0.0",
"nodes": [
"node_modules/selenium-webdriver"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint-no-unsupported-browser-features"
],
"effects": [],
"range": ">=0.10.2",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"stylelint-no-unsupported-browser-features": {
"name": "stylelint-no-unsupported-browser-features",
"severity": "moderate",
"isDirect": false,
"via": [
"doiuse"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "*",
"nodes": [
"node_modules/stylelint-no-unsupported-browser-features"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config"
],
"effects": [
"@wdio/runner"
],
"range": ">=5.0.0-alpha.2",
"nodes": [
"node_modules/webdriver"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"archiver",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=5.0.0-alpha.2",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": false
},
"xml2js": {
"name": "xml2js",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096693,
"name": "xml2js",
"dependency": "xml2js",
"title": "xml2js is vulnerable to prototype pollution",
"url": "https://github.com/advisories/GHSA-776f-qx25-q3cc",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<0.5.0"
}
],
"effects": [
"selenium-webdriver"
],
"range": "<0.5.0",
"nodes": [
"node_modules/xml2js"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
},
"zip-stream": {
"name": "zip-stream",
"severity": "moderate",
"isDirect": false,
"via": [
"archiver-utils"
],
"effects": [],
"range": "0.8.0 - 6.0.1",
"nodes": [
"node_modules/zip-stream"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 44,
"high": 10,
"critical": 0,
"total": 55
},
"dependencies": {
"prod": 1,
"dev": 1013,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1013
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 37 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.6)
- Locking mediawiki/mediawiki-codesniffer (v50.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (6.0.3)
- Locking phpdocumentor/type-resolver (2.0.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (6.0.1)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.0.7)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.6)
- Locking webmozart/assert (2.1.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 37 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v8.0.6): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v8.0.7): Extracting archive
- Installing sabre/event (6.0.1): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (2.1.6): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/35 [>---------------------------] 0%
29/35 [=======================>----] 82%
35/35 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"@humanwhocodes/config-array": {
"name": "@humanwhocodes/config-array",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "*",
"nodes": [
"node_modules/@humanwhocodes/config-array"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"@jimp/core": {
"name": "@jimp/core",
"severity": "moderate",
"isDirect": false,
"via": [
"phin"
],
"effects": [
"@jimp/custom"
],
"range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/@jimp/core"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"@jimp/custom": {
"name": "@jimp/custom",
"severity": "moderate",
"isDirect": false,
"via": [
"@jimp/core"
],
"effects": [
"jimp"
],
"range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/@jimp/custom"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"@typescript-eslint/eslint-plugin": {
"name": "@typescript-eslint/eslint-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/type-utils",
"@typescript-eslint/utils",
"eslint"
],
"effects": [],
"range": "<=8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/eslint-plugin"
],
"fixAvailable": true
},
"@typescript-eslint/parser": {
"name": "@typescript-eslint/parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "1.1.1-alpha.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/parser"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@typescript-eslint/type-utils": {
"name": "@typescript-eslint/type-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"@typescript-eslint/utils",
"eslint"
],
"effects": [
"@typescript-eslint/eslint-plugin"
],
"range": "5.62.1-alpha.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/type-utils"
],
"fixAvailable": true
},
"@typescript-eslint/typescript-estree": {
"name": "@typescript-eslint/typescript-estree",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"@typescript-eslint/parser",
"@typescript-eslint/type-utils",
"@typescript-eslint/utils"
],
"range": "6.16.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@typescript-eslint/utils": {
"name": "@typescript-eslint/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"eslint"
],
"effects": [],
"range": "<=8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/utils"
],
"fixAvailable": true
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"create-wdio",
"webdriverio"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"@wdio/cli",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": "*",
"nodes": [
"node_modules/@wdio/config"
],
"fixAvailable": false
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "*",
"nodes": [
"node_modules/@wdio/globals"
],
"fixAvailable": false
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": false
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "*",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": false
},
"archiver": {
"name": "archiver",
"severity": "moderate",
"isDirect": false,
"via": [
"archiver-utils",
"readdir-glob",
"zip-stream"
],
"effects": [
"webdriverio"
],
"range": ">=0.20.0",
"nodes": [
"node_modules/archiver"
],
"fixAvailable": false
},
"archiver-utils": {
"name": "archiver-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"archiver",
"zip-stream"
],
"range": ">=0.2.0",
"nodes": [
"node_modules/archiver-utils"
],
"fixAvailable": false
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/@wdio/config/node_modules/brace-expansion",
"node_modules/@wdio/mocha-framework/node_modules/brace-expansion",
"node_modules/archiver-utils/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/filelist/node_modules/brace-expansion",
"node_modules/mocha/node_modules/brace-expansion",
"node_modules/readdir-glob/node_modules/brace-expansion"
],
"fixAvailable": false
},
"create-wdio": {
"name": "create-wdio",
"severity": "moderate",
"isDirect": false,
"via": [
"ejs",
"recursive-readdir"
],
"effects": [
"@wdio/cli"
],
"range": ">=9.17.0",
"nodes": [
"node_modules/create-wdio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"doiuse": {
"name": "doiuse",
"severity": "moderate",
"isDirect": false,
"via": [
"multimatch"
],
"effects": [
"stylelint-no-unsupported-browser-features"
],
"range": ">=2.2.0",
"nodes": [
"node_modules/doiuse"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"ejs": {
"name": "ejs",
"severity": "moderate",
"isDirect": false,
"via": [
"jake"
],
"effects": [],
"range": "3.1.2 - 4.0.1",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"file-entry-cache",
"minimatch"
],
"effects": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/parser",
"@typescript-eslint/type-utils",
"@typescript-eslint/utils",
"eslint-config-wikimedia",
"eslint-plugin-jsdoc",
"eslint-plugin-vue",
"grunt-eslint"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/parser",
"eslint",
"eslint-plugin-jsdoc",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.0.1",
"nodes": [
"node_modules/expect-webdriverio"
],
"fixAvailable": false
},
"file-entry-cache": {
"name": "file-entry-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"flat-cache"
],
"effects": [
"eslint"
],
"range": "4.0.0 - 7.0.2",
"nodes": [
"node_modules/file-entry-cache"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"filelist": {
"name": "filelist",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"jake"
],
"range": "0.0.5 - 1.0.6",
"nodes": [
"node_modules/filelist"
],
"fixAvailable": true
},
"flat-cache": {
"name": "flat-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"rimraf"
],
"effects": [
"file-entry-cache"
],
"range": "1.3.4 - 4.0.0",
"nodes": [
"node_modules/flat-cache"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"glob": {
"name": "glob",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"@wdio/config",
"archiver-utils",
"globule",
"grunt",
"mocha",
"rimraf"
],
"range": "4.3.0 - 10.5.0",
"nodes": [
"node_modules/@wdio/config/node_modules/glob",
"node_modules/@wdio/mocha-framework/node_modules/glob",
"node_modules/archiver-utils/node_modules/glob",
"node_modules/glob",
"node_modules/mocha/node_modules/glob"
],
"fixAvailable": false
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"glob",
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"glob",
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"jake": {
"name": "jake",
"severity": "moderate",
"isDirect": false,
"via": [
"filelist"
],
"effects": [
"ejs"
],
"range": "10.6.1 - 10.9.4",
"nodes": [
"node_modules/jake"
],
"fixAvailable": true
},
"jimp": {
"name": "jimp",
"severity": "moderate",
"isDirect": true,
"via": [
"@jimp/custom"
],
"effects": [],
"range": "0.3.6-alpha.5 - 0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/jimp"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"@typescript-eslint/typescript-estree",
"eslint",
"filelist",
"glob",
"globule",
"grunt",
"mocha",
"multimatch",
"readdir-glob",
"recursive-readdir"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/@wdio/config/node_modules/minimatch",
"node_modules/@wdio/mocha-framework/node_modules/minimatch",
"node_modules/archiver-utils/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/glob/node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch"
],
"fixAvailable": false
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"glob",
"minimatch",
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": ">=3.0.0-0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/mocha",
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"multimatch": {
"name": "multimatch",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"doiuse"
],
"range": "2.0.0 - 7.0.0",
"nodes": [
"node_modules/multimatch"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"phin": {
"name": "phin",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096967,
"name": "phin",
"dependency": "phin",
"title": "phin may include sensitive headers in subsequent requests after redirect",
"url": "https://github.com/advisories/GHSA-x565-32qp-m3vf",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
},
"range": "<3.7.1"
}
],
"effects": [
"@jimp/core"
],
"range": "<3.7.1",
"nodes": [
"node_modules/phin"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115382,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115384,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115394,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115396,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/@stylistic/eslint-plugin/node_modules/picomatch",
"node_modules/jest-util/node_modules/picomatch",
"node_modules/picomatch",
"node_modules/ts-declaration-location/node_modules/picomatch"
],
"fixAvailable": true
},
"readdir-glob": {
"name": "readdir-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"archiver"
],
"range": "<=2.0.3",
"nodes": [
"node_modules/readdir-glob"
],
"fixAvailable": false
},
"recursive-readdir": {
"name": "recursive-readdir",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"create-wdio"
],
"range": ">=2.1.0",
"nodes": [
"node_modules/recursive-readdir"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"rimraf": {
"name": "rimraf",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"flat-cache",
"selenium-webdriver"
],
"range": "2.3.0 - 3.0.2 || 4.2.0 - 5.0.10",
"nodes": [
"node_modules/rimraf",
"node_modules/selenium-webdriver/node_modules/rimraf"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"selenium-webdriver": {
"name": "selenium-webdriver",
"severity": "moderate",
"isDirect": true,
"via": [
"rimraf",
"tmp",
"xml2js"
],
"effects": [],
"range": "2.43.1 - 4.0.0",
"nodes": [
"node_modules/selenium-webdriver"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint-no-unsupported-browser-features"
],
"effects": [],
"range": ">=0.10.2",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"stylelint-no-unsupported-browser-features": {
"name": "stylelint-no-unsupported-browser-features",
"severity": "moderate",
"isDirect": false,
"via": [
"doiuse"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "*",
"nodes": [
"node_modules/stylelint-no-unsupported-browser-features"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config"
],
"effects": [
"@wdio/runner"
],
"range": ">=5.0.0-alpha.2",
"nodes": [
"node_modules/webdriver"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"archiver",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=5.0.0-alpha.2",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": false
},
"xml2js": {
"name": "xml2js",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096693,
"name": "xml2js",
"dependency": "xml2js",
"title": "xml2js is vulnerable to prototype pollution",
"url": "https://github.com/advisories/GHSA-776f-qx25-q3cc",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<0.5.0"
}
],
"effects": [
"selenium-webdriver"
],
"range": "<0.5.0",
"nodes": [
"node_modules/xml2js"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
},
"zip-stream": {
"name": "zip-stream",
"severity": "moderate",
"isDirect": false,
"via": [
"archiver-utils"
],
"effects": [],
"range": "0.8.0 - 6.0.1",
"nodes": [
"node_modules/zip-stream"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 44,
"high": 10,
"critical": 0,
"total": 55
},
"dependencies": {
"prod": 1,
"dev": 1013,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1013
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 1013,
"removed": 0,
"changed": 0,
"audited": 1014,
"funding": 209,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"@humanwhocodes/config-array": {
"name": "@humanwhocodes/config-array",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "*",
"nodes": [
"node_modules/@humanwhocodes/config-array"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"@jimp/core": {
"name": "@jimp/core",
"severity": "moderate",
"isDirect": false,
"via": [
"phin"
],
"effects": [
"@jimp/custom"
],
"range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/@jimp/core"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"@jimp/custom": {
"name": "@jimp/custom",
"severity": "moderate",
"isDirect": false,
"via": [
"@jimp/core"
],
"effects": [
"jimp"
],
"range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/@jimp/custom"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"@typescript-eslint/eslint-plugin": {
"name": "@typescript-eslint/eslint-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/type-utils",
"@typescript-eslint/utils",
"eslint"
],
"effects": [],
"range": "<=8.55.1-alpha.3",
"nodes": [
"node_modules/@typescript-eslint/eslint-plugin"
],
"fixAvailable": true
},
"@typescript-eslint/parser": {
"name": "@typescript-eslint/parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "1.1.1-alpha.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/parser"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@typescript-eslint/type-utils": {
"name": "@typescript-eslint/type-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"@typescript-eslint/utils",
"eslint"
],
"effects": [
"@typescript-eslint/eslint-plugin"
],
"range": "5.9.2-alpha.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/type-utils"
],
"fixAvailable": true
},
"@typescript-eslint/typescript-estree": {
"name": "@typescript-eslint/typescript-estree",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"@typescript-eslint/parser",
"@typescript-eslint/type-utils",
"@typescript-eslint/utils"
],
"range": "6.16.0 - 8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"@typescript-eslint/utils": {
"name": "@typescript-eslint/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@typescript-eslint/typescript-estree",
"eslint"
],
"effects": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/type-utils"
],
"range": "<=8.56.1-alpha.2",
"nodes": [
"node_modules/@typescript-eslint/utils"
],
"fixAvailable": true
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"create-wdio",
"webdriverio"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": false
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"@wdio/cli",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": "*",
"nodes": [
"node_modules/@wdio/config"
],
"fixAvailable": false
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "*",
"nodes": [
"node_modules/@wdio/globals"
],
"fixAvailable": false
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": false
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "*",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": false
},
"archiver": {
"name": "archiver",
"severity": "moderate",
"isDirect": false,
"via": [
"archiver-utils",
"readdir-glob",
"zip-stream"
],
"effects": [
"webdriverio"
],
"range": ">=0.20.0",
"nodes": [
"node_modules/archiver"
],
"fixAvailable": false
},
"archiver-utils": {
"name": "archiver-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"archiver",
"zip-stream"
],
"range": ">=0.2.0",
"nodes": [
"node_modules/archiver-utils"
],
"fixAvailable": false
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/@wdio/config/node_modules/brace-expansion",
"node_modules/@wdio/mocha-framework/node_modules/brace-expansion",
"node_modules/archiver-utils/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/filelist/node_modules/brace-expansion",
"node_modules/mocha/node_modules/brace-expansion",
"node_modules/readdir-glob/node_modules/brace-expansion"
],
"fixAvailable": false
},
"create-wdio": {
"name": "create-wdio",
"severity": "moderate",
"isDirect": false,
"via": [
"ejs",
"recursive-readdir"
],
"effects": [
"@wdio/cli"
],
"range": ">=9.17.0",
"nodes": [
"node_modules/create-wdio"
],
"fixAvailable": false
},
"doiuse": {
"name": "doiuse",
"severity": "moderate",
"isDirect": false,
"via": [
"multimatch"
],
"effects": [
"stylelint-no-unsupported-browser-features"
],
"range": ">=2.2.0",
"nodes": [
"node_modules/doiuse"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"ejs": {
"name": "ejs",
"severity": "moderate",
"isDirect": false,
"via": [
"jake"
],
"effects": [],
"range": "3.1.2 - 4.0.1",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"file-entry-cache",
"minimatch"
],
"effects": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/parser",
"@typescript-eslint/type-utils",
"@typescript-eslint/utils",
"eslint-config-wikimedia",
"eslint-plugin-jsdoc",
"eslint-plugin-vue",
"grunt-eslint"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"@typescript-eslint/eslint-plugin",
"@typescript-eslint/parser",
"eslint",
"eslint-plugin-jsdoc",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.0.1",
"nodes": [
"node_modules/expect-webdriverio"
],
"fixAvailable": false
},
"file-entry-cache": {
"name": "file-entry-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"flat-cache"
],
"effects": [
"eslint"
],
"range": "4.0.0 - 7.0.2",
"nodes": [
"node_modules/file-entry-cache"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"filelist": {
"name": "filelist",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"jake"
],
"range": "0.0.5 - 1.0.6",
"nodes": [
""
],
"fixAvailable": true
},
"flat-cache": {
"name": "flat-cache",
"severity": "moderate",
"isDirect": false,
"via": [
"rimraf"
],
"effects": [
"file-entry-cache"
],
"range": "1.3.4 - 4.0.0",
"nodes": [
"node_modules/flat-cache"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"glob": {
"name": "glob",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"@wdio/config",
"archiver-utils",
"globule",
"grunt",
"mocha",
"rimraf"
],
"range": "4.3.0 - 10.5.0",
"nodes": [
"node_modules/@wdio/config/node_modules/glob",
"node_modules/@wdio/mocha-framework/node_modules/glob",
"node_modules/archiver-utils/node_modules/glob",
"node_modules/glob",
"node_modules/mocha/node_modules/glob"
],
"fixAvailable": false
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"glob",
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"glob",
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"jake": {
"name": "jake",
"severity": "moderate",
"isDirect": false,
"via": [
"filelist"
],
"effects": [
"ejs"
],
"range": "10.6.1 - 10.9.4",
"nodes": [
"node_modules/jake"
],
"fixAvailable": true
},
"jimp": {
"name": "jimp",
"severity": "moderate",
"isDirect": true,
"via": [
"@jimp/custom"
],
"effects": [],
"range": "0.3.6-alpha.5 - 0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0",
"nodes": [
"node_modules/jimp"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"@typescript-eslint/typescript-estree",
"eslint",
"filelist",
"glob",
"globule",
"grunt",
"mocha",
"multimatch",
"readdir-glob",
"recursive-readdir"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/@wdio/config/node_modules/minimatch",
"node_modules/@wdio/mocha-framework/node_modules/minimatch",
"node_modules/archiver-utils/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/glob/node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch"
],
"fixAvailable": false
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"glob",
"minimatch",
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": ">=3.0.0-0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/mocha",
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"multimatch": {
"name": "multimatch",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"doiuse"
],
"range": "2.0.0 - 7.0.0",
"nodes": [
"node_modules/multimatch"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"phin": {
"name": "phin",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096967,
"name": "phin",
"dependency": "phin",
"title": "phin may include sensitive headers in subsequent requests after redirect",
"url": "https://github.com/advisories/GHSA-x565-32qp-m3vf",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
},
"range": "<3.7.1"
}
],
"effects": [
"@jimp/core"
],
"range": "<3.7.1",
"nodes": [
"node_modules/phin"
],
"fixAvailable": {
"name": "jimp",
"version": "1.6.0",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115382,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115384,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115394,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115396,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"",
"",
"",
""
],
"fixAvailable": true
},
"readdir-glob": {
"name": "readdir-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"archiver"
],
"range": "<=2.0.3",
"nodes": [
"node_modules/readdir-glob"
],
"fixAvailable": false
},
"recursive-readdir": {
"name": "recursive-readdir",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"create-wdio"
],
"range": ">=2.1.0",
"nodes": [
"node_modules/recursive-readdir"
],
"fixAvailable": false
},
"rimraf": {
"name": "rimraf",
"severity": "moderate",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"flat-cache",
"selenium-webdriver"
],
"range": "2.3.0 - 3.0.2 || 4.2.0 - 5.0.10",
"nodes": [
"node_modules/rimraf",
"node_modules/selenium-webdriver/node_modules/rimraf"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"selenium-webdriver": {
"name": "selenium-webdriver",
"severity": "moderate",
"isDirect": true,
"via": [
"rimraf",
"tmp",
"xml2js"
],
"effects": [],
"range": "2.43.1 - 4.0.0",
"nodes": [
"node_modules/selenium-webdriver"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint-no-unsupported-browser-features"
],
"effects": [],
"range": ">=0.10.2",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"stylelint-no-unsupported-browser-features": {
"name": "stylelint-no-unsupported-browser-features",
"severity": "moderate",
"isDirect": false,
"via": [
"doiuse"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "*",
"nodes": [
"node_modules/stylelint-no-unsupported-browser-features"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.10.1",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config"
],
"effects": [
"@wdio/runner"
],
"range": ">=5.0.0-alpha.2",
"nodes": [
"node_modules/webdriver"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"archiver",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=5.0.0-alpha.2",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": false
},
"xml2js": {
"name": "xml2js",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096693,
"name": "xml2js",
"dependency": "xml2js",
"title": "xml2js is vulnerable to prototype pollution",
"url": "https://github.com/advisories/GHSA-776f-qx25-q3cc",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<0.5.0"
}
],
"effects": [
"selenium-webdriver"
],
"range": "<0.5.0",
"nodes": [
"node_modules/xml2js"
],
"fixAvailable": {
"name": "selenium-webdriver",
"version": "4.41.0",
"isSemVerMajor": true
}
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
""
],
"fixAvailable": true
},
"zip-stream": {
"name": "zip-stream",
"severity": "moderate",
"isDirect": false,
"via": [
"archiver-utils"
],
"effects": [],
"range": "0.8.0 - 6.0.1",
"nodes": [
"node_modules/zip-stream"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 44,
"high": 10,
"critical": 0,
"total": 55
},
"dependencies": {
"prod": 1,
"dev": 1013,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1013
}
}
}
}
--- end ---
{"added": 1013, "removed": 0, "changed": 0, "audited": 1014, "funding": 209, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@eslint/eslintrc": {"name": "@eslint/eslintrc", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["eslint"], "range": "0.0.1 || >=0.1.1", "nodes": ["node_modules/@eslint/eslintrc"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "@humanwhocodes/config-array": {"name": "@humanwhocodes/config-array", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["eslint"], "range": "*", "nodes": ["node_modules/@humanwhocodes/config-array"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "@jimp/core": {"name": "@jimp/core", "severity": "moderate", "isDirect": false, "via": ["phin"], "effects": ["@jimp/custom"], "range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0", "nodes": ["node_modules/@jimp/core"], "fixAvailable": {"name": "jimp", "version": "1.6.0", "isSemVerMajor": true}}, "@jimp/custom": {"name": "@jimp/custom", "severity": "moderate", "isDirect": false, "via": ["@jimp/core"], "effects": ["jimp"], "range": "<=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0", "nodes": ["node_modules/@jimp/custom"], "fixAvailable": {"name": "jimp", "version": "1.6.0", "isSemVerMajor": true}}, "@typescript-eslint/eslint-plugin": {"name": "@typescript-eslint/eslint-plugin", "severity": "moderate", "isDirect": false, "via": ["@typescript-eslint/type-utils", "@typescript-eslint/utils", "eslint"], "effects": [], "range": "<=8.55.1-alpha.3", "nodes": ["node_modules/@typescript-eslint/eslint-plugin"], "fixAvailable": true}, "@typescript-eslint/parser": {"name": "@typescript-eslint/parser", "severity": "moderate", "isDirect": false, "via": ["@typescript-eslint/typescript-estree", "eslint"], "effects": ["eslint-config-wikimedia"], "range": "1.1.1-alpha.0 - 8.56.1-alpha.2", "nodes": ["node_modules/@typescript-eslint/parser"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "@typescript-eslint/type-utils": {"name": "@typescript-eslint/type-utils", "severity": "moderate", "isDirect": false, "via": ["@typescript-eslint/typescript-estree", "@typescript-eslint/utils", "eslint"], "effects": ["@typescript-eslint/eslint-plugin"], "range": "5.9.2-alpha.0 - 8.56.1-alpha.2", "nodes": ["node_modules/@typescript-eslint/type-utils"], "fixAvailable": true}, "@typescript-eslint/typescript-estree": {"name": "@typescript-eslint/typescript-estree", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["@typescript-eslint/parser", "@typescript-eslint/type-utils", "@typescript-eslint/utils"], "range": "6.16.0 - 8.56.1-alpha.2", "nodes": ["node_modules/@typescript-eslint/typescript-estree"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "@typescript-eslint/utils": {"name": "@typescript-eslint/utils", "severity": "moderate", "isDirect": false, "via": ["@typescript-eslint/typescript-estree", "eslint"], "effects": ["@typescript-eslint/eslint-plugin", "@typescript-eslint/type-utils"], "range": "<=8.56.1-alpha.2", "nodes": ["node_modules/@typescript-eslint/utils"], "fixAvailable": true}, "@wdio/cli": {"name": "@wdio/cli", "severity": "moderate", "isDirect": true, "via": ["@wdio/config", "@wdio/globals", "create-wdio", "webdriverio"], "effects": [], "range": "*", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": false}, "@wdio/config": {"name": "@wdio/config", "severity": "moderate", "isDirect": false, "via": ["glob"], "effects": ["@wdio/cli", "@wdio/runner", "webdriver", "webdriverio"], "range": "*", "nodes": ["node_modules/@wdio/config"], "fixAvailable": false}, "@wdio/globals": {"name": "@wdio/globals", "severity": "moderate", "isDirect": false, "via": ["expect-webdriverio", "webdriverio"], "effects": ["@wdio/cli", "@wdio/runner"], "range": "*", "nodes": ["node_modules/@wdio/globals"], "fixAvailable": false}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "moderate", "isDirect": true, "via": ["@wdio/runner", "expect-webdriverio"], "effects": [], "range": "*", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": false}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["mocha"], "effects": [], "range": ">=6.1.19", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "@wdio/globals", "expect-webdriverio", "webdriver", "webdriverio"], "effects": ["@wdio/local-runner"], "range": "*", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": false}, "archiver": {"name": "archiver", "severity": "moderate", "isDirect": false, "via": ["archiver-utils", "readdir-glob", "zip-stream"], "effects": ["webdriverio"], "range": ">=0.20.0", "nodes": ["node_modules/archiver"], "fixAvailable": false}, "archiver-utils": {"name": "archiver-utils", "severity": "moderate", "isDirect": false, "via": ["glob"], "effects": ["archiver", "zip-stream"], "range": ">=0.2.0", "nodes": ["node_modules/archiver-utils"], "fixAvailable": false}, "brace-expansion": {"name": "brace-expansion", "severity": "moderate", "isDirect": false, "via": [{"source": 1115432, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<5.0.5"}], "effects": ["minimatch"], "range": "<5.0.5", "nodes": ["node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion", "node_modules/@wdio/config/node_modules/brace-expansion", "node_modules/@wdio/mocha-framework/node_modules/brace-expansion", "node_modules/archiver-utils/node_modules/brace-expansion", "node_modules/brace-expansion", "node_modules/filelist/node_modules/brace-expansion", "node_modules/mocha/node_modules/brace-expansion", "node_modules/readdir-glob/node_modules/brace-expansion"], "fixAvailable": false}, "create-wdio": {"name": "create-wdio", "severity": "moderate", "isDirect": false, "via": ["ejs", "recursive-readdir"], "effects": ["@wdio/cli"], "range": ">=9.17.0", "nodes": ["node_modules/create-wdio"], "fixAvailable": false}, "doiuse": {"name": "doiuse", "severity": "moderate", "isDirect": false, "via": ["multimatch"], "effects": ["stylelint-no-unsupported-browser-features"], "range": ">=2.2.0", "nodes": ["node_modules/doiuse"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.10.1", "isSemVerMajor": true}}, "ejs": {"name": "ejs", "severity": "moderate", "isDirect": false, "via": ["jake"], "effects": [], "range": "3.1.2 - 4.0.1", "nodes": ["node_modules/ejs"], "fixAvailable": true}, "eslint": {"name": "eslint", "severity": "moderate", "isDirect": false, "via": ["@eslint/eslintrc", "@humanwhocodes/config-array", "file-entry-cache", "minimatch"], "effects": ["@typescript-eslint/eslint-plugin", "@typescript-eslint/parser", "@typescript-eslint/type-utils", "@typescript-eslint/utils", "eslint-config-wikimedia", "eslint-plugin-jsdoc", "eslint-plugin-vue", "grunt-eslint"], "range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2", "nodes": ["node_modules/eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["@typescript-eslint/eslint-plugin", "@typescript-eslint/parser", "eslint", "eslint-plugin-jsdoc", "eslint-plugin-vue"], "effects": [], "range": ">=0.9.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-jsdoc": {"name": "eslint-plugin-jsdoc", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "8.4.4 - 62.6.1", "nodes": ["node_modules/eslint-plugin-jsdoc"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-vue": {"name": "eslint-plugin-vue", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "5.0.0-beta.0 - 10.7.0", "nodes": ["node_modules/eslint-plugin-vue"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "expect-webdriverio": {"name": "expect-webdriverio", "severity": "moderate", "isDirect": false, "via": ["@wdio/globals", "webdriverio"], "effects": ["@wdio/globals", "@wdio/local-runner", "@wdio/runner"], "range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.0.1", "nodes": ["node_modules/expect-webdriverio"], "fixAvailable": false}, "file-entry-cache": {"name": "file-entry-cache", "severity": "moderate", "isDirect": false, "via": ["flat-cache"], "effects": ["eslint"], "range": "4.0.0 - 7.0.2", "nodes": ["node_modules/file-entry-cache"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "filelist": {"name": "filelist", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["jake"], "range": "0.0.5 - 1.0.6", "nodes": [""], "fixAvailable": true}, "flat-cache": {"name": "flat-cache", "severity": "moderate", "isDirect": false, "via": ["rimraf"], "effects": ["file-entry-cache"], "range": "1.3.4 - 4.0.0", "nodes": ["node_modules/flat-cache"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "gaze": {"name": "gaze", "severity": "high", "isDirect": false, "via": ["globule"], "effects": ["grunt-contrib-watch"], "range": ">=0.4.0", "nodes": ["node_modules/gaze"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "glob": {"name": "glob", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["@wdio/config", "archiver-utils", "globule", "grunt", "mocha", "rimraf"], "range": "4.3.0 - 10.5.0", "nodes": ["node_modules/@wdio/config/node_modules/glob", "node_modules/@wdio/mocha-framework/node_modules/glob", "node_modules/archiver-utils/node_modules/glob", "node_modules/glob", "node_modules/mocha/node_modules/glob"], "fixAvailable": false}, "globule": {"name": "globule", "severity": "high", "isDirect": false, "via": ["glob", "minimatch"], "effects": ["gaze"], "range": "*", "nodes": ["node_modules/globule"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["glob", "minimatch"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-contrib-watch": {"name": "grunt-contrib-watch", "severity": "high", "isDirect": true, "via": ["gaze"], "effects": [], "range": ">=0.5.0", "nodes": ["node_modules/grunt-contrib-watch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["eslint", "grunt"], "effects": [], "range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "jake": {"name": "jake", "severity": "moderate", "isDirect": false, "via": ["filelist"], "effects": ["ejs"], "range": "10.6.1 - 10.9.4", "nodes": ["node_modules/jake"], "fixAvailable": true}, "jimp": {"name": "jimp", "severity": "moderate", "isDirect": true, "via": ["@jimp/custom"], "effects": [], "range": "0.3.6-alpha.5 - 0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0", "nodes": ["node_modules/jimp"], "fixAvailable": {"name": "jimp", "version": "1.6.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, "brace-expansion"], "effects": ["@eslint/eslintrc", "@humanwhocodes/config-array", "@typescript-eslint/typescript-estree", "eslint", "filelist", "glob", "globule", "grunt", "mocha", "multimatch", "readdir-glob", "recursive-readdir"], "range": "<=10.0.2", "nodes": ["node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch", "node_modules/@wdio/config/node_modules/minimatch", "node_modules/@wdio/mocha-framework/node_modules/minimatch", "node_modules/archiver-utils/node_modules/minimatch", "node_modules/filelist/node_modules/minimatch", "node_modules/globule/node_modules/minimatch", "node_modules/grunt/node_modules/minimatch", "node_modules/minimatch", "node_modules/mocha/node_modules/glob/node_modules/minimatch", "node_modules/mocha/node_modules/minimatch", "node_modules/readdir-glob/node_modules/minimatch"], "fixAvailable": false}, "mocha": {"name": "mocha", "severity": "high", "isDirect": true, "via": ["glob", "minimatch", "serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": ">=3.0.0-0", "nodes": ["node_modules/@wdio/mocha-framework/node_modules/mocha", "node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "7.2.0", "isSemVerMajor": true}}, "multimatch": {"name": "multimatch", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["doiuse"], "range": "2.0.0 - 7.0.0", "nodes": ["node_modules/multimatch"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.10.1", "isSemVerMajor": true}}, "phin": {"name": "phin", "severity": "moderate", "isDirect": false, "via": [{"source": 1096967, "name": "phin", "dependency": "phin", "title": "phin may include sensitive headers in subsequent requests after redirect", "url": "https://github.com/advisories/GHSA-x565-32qp-m3vf", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}, "range": "<3.7.1"}], "effects": ["@jimp/core"], "range": "<3.7.1", "nodes": ["node_modules/phin"], "fixAvailable": {"name": "jimp", "version": "1.6.0", "isSemVerMajor": true}}, "picomatch": {"name": "picomatch", "severity": "high", "isDirect": false, "via": [{"source": 1115382, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, {"source": 1115384, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}, {"source": 1115394, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, {"source": 1115396, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}], "effects": [], "range": "<=2.3.1 || 4.0.0 - 4.0.3", "nodes": ["", "", "", ""], "fixAvailable": true}, "readdir-glob": {"name": "readdir-glob", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["archiver"], "range": "<=2.0.3", "nodes": ["node_modules/readdir-glob"], "fixAvailable": false}, "recursive-readdir": {"name": "recursive-readdir", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["create-wdio"], "range": ">=2.1.0", "nodes": ["node_modules/recursive-readdir"], "fixAvailable": false}, "rimraf": {"name": "rimraf", "severity": "moderate", "isDirect": false, "via": ["glob"], "effects": ["flat-cache", "selenium-webdriver"], "range": "2.3.0 - 3.0.2 || 4.2.0 - 5.0.10", "nodes": ["node_modules/rimraf", "node_modules/selenium-webdriver/node_modules/rimraf"], "fixAvailable": {"name": "selenium-webdriver", "version": "4.41.0", "isSemVerMajor": true}}, "selenium-webdriver": {"name": "selenium-webdriver", "severity": "moderate", "isDirect": true, "via": ["rimraf", "tmp", "xml2js"], "effects": [], "range": "2.43.1 - 4.0.0", "nodes": ["node_modules/selenium-webdriver"], "fixAvailable": {"name": "selenium-webdriver", "version": "4.41.0", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}], "effects": ["mocha"], "range": "<=7.0.2", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "mocha", "version": "7.2.0", "isSemVerMajor": true}}, "stylelint-config-wikimedia": {"name": "stylelint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["stylelint-no-unsupported-browser-features"], "effects": [], "range": ">=0.10.2", "nodes": ["node_modules/stylelint-config-wikimedia"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.10.1", "isSemVerMajor": true}}, "stylelint-no-unsupported-browser-features": {"name": "stylelint-no-unsupported-browser-features", "severity": "moderate", "isDirect": false, "via": ["doiuse"], "effects": ["stylelint-config-wikimedia"], "range": "*", "nodes": ["node_modules/stylelint-no-unsupported-browser-features"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.10.1", "isSemVerMajor": true}}, "tmp": {"name": "tmp", "severity": "low", "isDirect": false, "via": [{"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}], "effects": [], "range": "<=0.2.3", "nodes": ["node_modules/tmp"], "fixAvailable": true}, "webdriver": {"name": "webdriver", "severity": "moderate", "isDirect": false, "via": ["@wdio/config"], "effects": ["@wdio/runner"], "range": ">=5.0.0-alpha.2", "nodes": ["node_modules/webdriver"], "fixAvailable": false}, "webdriverio": {"name": "webdriverio", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "archiver", "webdriver"], "effects": ["@wdio/globals", "expect-webdriverio"], "range": ">=5.0.0-alpha.2", "nodes": ["node_modules/webdriverio"], "fixAvailable": false}, "xml2js": {"name": "xml2js", "severity": "moderate", "isDirect": false, "via": [{"source": 1096693, "name": "xml2js", "dependency": "xml2js", "title": "xml2js is vulnerable to prototype pollution", "url": "https://github.com/advisories/GHSA-776f-qx25-q3cc", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<0.5.0"}], "effects": ["selenium-webdriver"], "range": "<0.5.0", "nodes": ["node_modules/xml2js"], "fixAvailable": {"name": "selenium-webdriver", "version": "4.41.0", "isSemVerMajor": true}}, "yaml": {"name": "yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1115369, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}], "effects": [], "range": "2.0.0 - 2.8.2", "nodes": [""], "fixAvailable": true}, "zip-stream": {"name": "zip-stream", "severity": "moderate", "isDirect": false, "via": ["archiver-utils"], "effects": [], "range": "0.8.0 - 6.0.1", "nodes": ["node_modules/zip-stream"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 44, "high": 10, "critical": 0, "total": 55}, "dependencies": {"prod": 1, "dev": 1013, "optional": 37, "peer": 1, "peerOptional": 0, "total": 1013}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 988 packages, and audited 989 packages in 23s
209 packages are looking for funding
run `npm fund` for details
# npm audit report
brace-expansion <5.0.5
Severity: moderate
brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
fix available via `npm audit fix --force`
Will install eslint-config-wikimedia@0.8.1, which is a breaking change
node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion
node_modules/@wdio/config/node_modules/brace-expansion
node_modules/@wdio/mocha-framework/node_modules/brace-expansion
node_modules/archiver-utils/node_modules/brace-expansion
node_modules/brace-expansion
node_modules/filelist/node_modules/brace-expansion
node_modules/mocha/node_modules/brace-expansion
node_modules/readdir-glob/node_modules/brace-expansion
minimatch <=10.0.2
Depends on vulnerable versions of brace-expansion
node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch
node_modules/@wdio/config/node_modules/minimatch
node_modules/@wdio/mocha-framework/node_modules/minimatch
node_modules/archiver-utils/node_modules/minimatch
node_modules/filelist/node_modules/minimatch
node_modules/globule/node_modules/minimatch
node_modules/grunt/node_modules/minimatch
node_modules/minimatch
node_modules/mocha/node_modules/glob/node_modules/minimatch
node_modules/mocha/node_modules/minimatch
node_modules/readdir-glob/node_modules/minimatch
@eslint/eslintrc 0.0.1 || >=0.1.1
Depends on vulnerable versions of minimatch
node_modules/@eslint/eslintrc
eslint 0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2
Depends on vulnerable versions of @eslint/eslintrc
Depends on vulnerable versions of @humanwhocodes/config-array
Depends on vulnerable versions of file-entry-cache
Depends on vulnerable versions of minimatch
node_modules/eslint
@typescript-eslint/eslint-plugin <=8.56.1-alpha.2
Depends on vulnerable versions of @typescript-eslint/type-utils
Depends on vulnerable versions of @typescript-eslint/utils
Depends on vulnerable versions of eslint
node_modules/@typescript-eslint/eslint-plugin
@typescript-eslint/parser 1.1.1-alpha.0 - 8.56.1-alpha.2
Depends on vulnerable versions of @typescript-eslint/typescript-estree
Depends on vulnerable versions of eslint
node_modules/@typescript-eslint/parser
eslint-config-wikimedia >=0.9.0
Depends on vulnerable versions of @typescript-eslint/eslint-plugin
Depends on vulnerable versions of @typescript-eslint/parser
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-plugin-jsdoc
Depends on vulnerable versions of eslint-plugin-vue
node_modules/eslint-config-wikimedia
@typescript-eslint/type-utils 5.62.1-alpha.0 - 8.56.1-alpha.2
Depends on vulnerable versions of @typescript-eslint/typescript-estree
Depends on vulnerable versions of @typescript-eslint/utils
Depends on vulnerable versions of eslint
node_modules/@typescript-eslint/type-utils
@typescript-eslint/utils <=8.56.1-alpha.2
Depends on vulnerable versions of @typescript-eslint/typescript-estree
Depends on vulnerable versions of eslint
node_modules/@typescript-eslint/utils
eslint-plugin-jsdoc 8.4.4 - 62.6.1
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-jsdoc
eslint-plugin-vue 5.0.0-beta.0 - 10.7.0
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-vue
grunt-eslint <=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0
Depends on vulnerable versions of eslint
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
@humanwhocodes/config-array *
Depends on vulnerable versions of minimatch
node_modules/@humanwhocodes/config-array
@typescript-eslint/typescript-estree 6.16.0 - 8.56.1-alpha.2
Depends on vulnerable versions of minimatch
node_modules/@typescript-eslint/typescript-estree
filelist 0.0.5 - 1.0.6
Depends on vulnerable versions of minimatch
node_modules/filelist
jake 10.6.1 - 10.9.4
Depends on vulnerable versions of filelist
node_modules/jake
ejs 3.1.2 - 4.0.1
Depends on vulnerable versions of jake
node_modules/ejs
glob 4.3.0 - 10.5.0
Depends on vulnerable versions of minimatch
node_modules/@wdio/config/node_modules/glob
node_modules/@wdio/mocha-framework/node_modules/glob
node_modules/archiver-utils/node_modules/glob
node_modules/glob
node_modules/mocha/node_modules/glob
@wdio/config *
Depends on vulnerable versions of glob
node_modules/@wdio/config
@wdio/cli *
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of create-wdio
Depends on vulnerable versions of webdriverio
node_modules/@wdio/cli
@wdio/runner *
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of expect-webdriverio
Depends on vulnerable versions of webdriver
Depends on vulnerable versions of webdriverio
node_modules/@wdio/runner
@wdio/local-runner *
Depends on vulnerable versions of @wdio/runner
Depends on vulnerable versions of expect-webdriverio
node_modules/@wdio/local-runner
webdriver >=5.0.0-alpha.2
Depends on vulnerable versions of @wdio/config
node_modules/webdriver
webdriverio >=5.0.0-alpha.2
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of archiver
Depends on vulnerable versions of webdriver
node_modules/webdriverio
@wdio/globals *
Depends on vulnerable versions of expect-webdriverio
Depends on vulnerable versions of webdriverio
node_modules/@wdio/globals
expect-webdriverio 4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.0.1
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of webdriverio
node_modules/expect-webdriverio
archiver-utils >=0.2.0
Depends on vulnerable versions of glob
node_modules/archiver-utils
archiver >=0.20.0
Depends on vulnerable versions of archiver-utils
Depends on vulnerable versions of readdir-glob
Depends on vulnerable versions of zip-stream
node_modules/archiver
zip-stream 0.8.0 - 6.0.1
Depends on vulnerable versions of archiver-utils
node_modules/zip-stream
globule *
Depends on vulnerable versions of glob
Depends on vulnerable versions of minimatch
node_modules/globule
gaze >=0.4.0
Depends on vulnerable versions of globule
node_modules/gaze
grunt-contrib-watch >=0.5.0
Depends on vulnerable versions of gaze
node_modules/grunt-contrib-watch
grunt >=0.4.0-a
Depends on vulnerable versions of glob
Depends on vulnerable versions of minimatch
node_modules/grunt
mocha >=3.0.0-0
Depends on vulnerable versions of glob
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of serialize-javascript
node_modules/@wdio/mocha-framework/node_modules/mocha
node_modules/mocha
@wdio/mocha-framework >=6.1.19
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
rimraf 2.3.0 - 3.0.2 || 4.2.0 - 5.0.10
Depends on vulnerable versions of glob
node_modules/rimraf
node_modules/selenium-webdriver/node_modules/rimraf
flat-cache 1.3.4 - 4.0.0
Depends on vulnerable versions of rimraf
node_modules/flat-cache
file-entry-cache 4.0.0 - 7.0.2
Depends on vulnerable versions of flat-cache
node_modules/file-entry-cache
selenium-webdriver 2.43.1 - 4.0.0
Depends on vulnerable versions of rimraf
Depends on vulnerable versions of tmp
Depends on vulnerable versions of xml2js
node_modules/selenium-webdriver
multimatch 2.0.0 - 7.0.0
Depends on vulnerable versions of minimatch
node_modules/multimatch
doiuse >=2.2.0
Depends on vulnerable versions of multimatch
node_modules/doiuse
stylelint-no-unsupported-browser-features *
Depends on vulnerable versions of doiuse
node_modules/stylelint-no-unsupported-browser-features
stylelint-config-wikimedia >=0.10.2
Depends on vulnerable versions of stylelint-no-unsupported-browser-features
node_modules/stylelint-config-wikimedia
readdir-glob <=2.0.3
Depends on vulnerable versions of minimatch
node_modules/readdir-glob
recursive-readdir >=2.1.0
Depends on vulnerable versions of minimatch
node_modules/recursive-readdir
create-wdio >=9.17.0
Depends on vulnerable versions of ejs
Depends on vulnerable versions of recursive-readdir
node_modules/create-wdio
phin <3.7.1
Severity: moderate
phin may include sensitive headers in subsequent requests after redirect - https://github.com/advisories/GHSA-x565-32qp-m3vf
fix available via `npm audit fix --force`
Will install jimp@1.6.0, which is a breaking change
node_modules/phin
@jimp/core <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Depends on vulnerable versions of phin
node_modules/@jimp/core
@jimp/custom <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Depends on vulnerable versions of @jimp/core
node_modules/@jimp/custom
jimp 0.3.6-alpha.5 - 0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Depends on vulnerable versions of @jimp/custom
node_modules/jimp
serialize-javascript <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
fix available via `npm audit fix --force`
Will install mocha@7.2.0, which is a breaking change
node_modules/serialize-javascript
tmp <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
fix available via `npm audit fix`
node_modules/tmp
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install selenium-webdriver@4.41.0, which is a breaking change
node_modules/xml2js
53 vulnerabilities (1 low, 43 moderate, 9 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 988 packages, and audited 989 packages in 31s
209 packages are looking for funding
run `npm fund` for details
53 vulnerabilities (1 low, 43 moderate, 9 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> visualeditor@0.0.0 test
> grunt test && node build/checkModules.js && npm run minify-svg
Running "tyops:src" (tyops) task
>> No typos found; 495 files checked for 21 typos.
Running "eslint:all" (eslint) task
Running "stylelint:all" (stylelint) task
>> editcheck/modules/EditCheck.less
>> 76:2 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
>>
>> ⚠ 1 problem (0 errors, 1 warning)
⚠ 1 warning
>> Linted 85 files without errors
Running "banana:VisualEditor" (banana) task
>> 7 message directories checked.
Done.
No missing files.
> visualeditor@0.0.0 minify-svg
> svgo --config=.svgo.config.js -q -r -f images/
--- end ---
{}
{}
{}
{}
{}
{}
{"1115382": {"source": 1115382, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, "1115384": {"source": 1115384, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}, "1115394": {"source": 1115394, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, "1115396": {"source": 1115396, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}}
Upgrading n:picomatch from 2.3.1, 4.0.3 -> 2.3.2, 4.0.4
{"1109537": {"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}}
{"1115369": {"source": 1115369, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}}
Upgrading n:yaml from 2.8.1 -> 2.8.3
{}
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.8.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmphadzxxr_
--- stdout ---
[master 47aa824] build: Updating npm dependencies
1 file changed, 21 insertions(+), 18 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 47aa8242715b336f27d2bf0cfff48bf53262e36a Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 27 Mar 2026 08:09:28 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.8.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: I06a38dd9fad9135563a15dad4f85b11aebbfe0bd
---
package-lock.json | 39 +++++++++++++++++++++------------------
1 file changed, 21 insertions(+), 18 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index dde9de8..e91cb16 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1952,9 +1952,9 @@
}
},
"node_modules/@stylistic/eslint-plugin/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -6735,9 +6735,9 @@
}
},
"node_modules/filelist": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz",
- "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==",
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.6.tgz",
+ "integrity": "sha512-5giy2PkLYY1cP39p17Ech+2xlpTRL9HLspOfEgm0L6CwBXBTgsK5ou0JtzYuepxkaQ/tvhCFIJ5uXo0OrM2DxA==",
"dev": true,
"dependencies": {
"minimatch": "^5.0.1"
@@ -8321,9 +8321,9 @@
}
},
"node_modules/jest-util/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -9977,9 +9977,9 @@
"license": "ISC"
},
"node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
"engines": {
"node": ">=8.6"
@@ -12061,9 +12061,9 @@
}
},
"node_modules/ts-declaration-location/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -12671,15 +12671,18 @@
}
},
"node_modules/yaml": {
- "version": "2.8.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz",
- "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},
"engines": {
"node": ">= 14.6"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/eemeli"
}
},
"node_modules/yaml-eslint-parser": {
--
2.47.3
--- end ---