This run took 36 seconds.
From 813369498eae8ff362e70fb7eee5738a5ec1d75e Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 27 Mar 2026 11:43:37 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.4.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: I563ca40daf13a97650a24dac9c0d256e8e8790f5
---
package-lock.json | 97 ++++++++++++++++++++++++-----------------------
1 file changed, 50 insertions(+), 47 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 316a0e9..c63cd3c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -488,9 +488,9 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"dependencies": {
"balanced-match": "^4.0.2"
@@ -733,9 +733,9 @@
"dev": true
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -1399,19 +1399,19 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"dependencies": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
},
"engines": {
@@ -2984,9 +2984,9 @@
"dev": true
},
"node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
"engines": {
"node": ">=8.6"
@@ -3516,9 +3516,9 @@
}
},
"node_modules/tinyglobby/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -3574,9 +3574,9 @@
}
},
"node_modules/ts-declaration-location/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -3787,15 +3787,18 @@
}
},
"node_modules/yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},
"engines": {
- "node": ">= 14"
+ "node": ">= 14.6"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/eemeli"
}
},
"node_modules/yaml-eslint-parser": {
@@ -4168,9 +4171,9 @@
"dev": true
},
"brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"requires": {
"balanced-match": "^4.0.2"
@@ -4347,9 +4350,9 @@
"dev": true
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"requires": {
"balanced-match": "^1.0.0",
@@ -4830,19 +4833,19 @@
},
"dependencies": {
"@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"requires": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
}
},
@@ -6002,9 +6005,9 @@
"dev": true
},
"picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true
},
"pluralize": {
@@ -6373,9 +6376,9 @@
"requires": {}
},
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -6406,9 +6409,9 @@
},
"dependencies": {
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -6550,9 +6553,9 @@
"dev": true
},
"yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true
},
"yaml-eslint-parser": {
--
2.47.3
$ date
--- stdout ---
Fri Mar 27 11:43:14 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WindowsAzureStorage.git /src/repo --depth=1 -b REL1_43
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
51edcbb61c7318b704ef5d096dce365d985eadbe refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint",
"eslint-plugin-unicorn"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc",
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/brace-expansion"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"minimatch"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-vue",
"grunt-eslint"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-unicorn",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jest": {
"name": "eslint-plugin-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "25.0.1 - 29.12.2",
"nodes": [
"node_modules/eslint-plugin-jest"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-unicorn": {
"name": "eslint-plugin-unicorn",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "50.0.0 - 54.0.0",
"nodes": [
"node_modules/eslint-plugin-unicorn"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"eslint",
"grunt"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115382,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115384,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115394,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115396,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/picomatch",
"node_modules/tinyglobby/node_modules/picomatch",
"node_modules/ts-declaration-location/node_modules/picomatch"
],
"fixAvailable": true
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 9,
"high": 4,
"critical": 0,
"total": 13
},
"dependencies": {
"prod": 1,
"dev": 322,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 322
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 30 installs, 0 updates, 0 removals
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.9)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking guzzlehttp/guzzle (7.10.0)
- Locking guzzlehttp/promises (2.3.0)
- Locking guzzlehttp/psr7 (2.9.0)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking microsoft/azure-storage-blob (1.5.4)
- Locking microsoft/azure-storage-common (1.5.2)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking psr/container (2.0.2)
- Locking psr/http-client (1.0.3)
- Locking psr/http-factory (1.1.0)
- Locking psr/http-message (2.0)
- Locking ralouphie/getallheaders (3.0.3)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.4.7)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 30 installs, 0 updates, 0 removals
- Downloading microsoft/azure-storage-common (1.5.2)
- Downloading microsoft/azure-storage-blob (1.5.4)
0/2 [>---------------------------] 0%
2/2 [============================] 100%
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing guzzlehttp/promises (2.3.0): Extracting archive
- Installing ralouphie/getallheaders (3.0.3): Extracting archive
- Installing psr/http-message (2.0): Extracting archive
- Installing psr/http-factory (1.1.0): Extracting archive
- Installing guzzlehttp/psr7 (2.9.0): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v8.0.6): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.7): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing psr/http-client (1.0.3): Extracting archive
- Installing guzzlehttp/guzzle (7.10.0): Extracting archive
- Installing microsoft/azure-storage-common (1.5.2): Extracting archive
- Installing microsoft/azure-storage-blob (1.5.4): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/28 [>---------------------------] 0%
28/28 [============================] 100%
2 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
18 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint",
"eslint-plugin-unicorn"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc",
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/brace-expansion"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"minimatch"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-vue",
"grunt-eslint"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-unicorn",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jest": {
"name": "eslint-plugin-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "25.0.1 - 29.12.2",
"nodes": [
"node_modules/eslint-plugin-jest"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-unicorn": {
"name": "eslint-plugin-unicorn",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "50.0.0 - 54.0.0",
"nodes": [
"node_modules/eslint-plugin-unicorn"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"eslint",
"grunt"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115382,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115384,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115394,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115396,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/picomatch",
"node_modules/tinyglobby/node_modules/picomatch",
"node_modules/ts-declaration-location/node_modules/picomatch"
],
"fixAvailable": true
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 9,
"high": 4,
"critical": 0,
"total": 13
},
"dependencies": {
"prod": 1,
"dev": 322,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 322
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 322,
"removed": 0,
"changed": 0,
"audited": 323,
"funding": 68,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint",
"eslint-plugin-unicorn"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"",
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"",
"",
"node_modules/brace-expansion"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"minimatch"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-vue",
"grunt-eslint"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-unicorn",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jest": {
"name": "eslint-plugin-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "25.0.1 - 29.12.2",
"nodes": [
"node_modules/eslint-plugin-jest"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-unicorn": {
"name": "eslint-plugin-unicorn",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "50.0.0 - 54.0.0",
"nodes": [
"node_modules/eslint-plugin-unicorn"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"eslint",
"grunt"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115382,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115384,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115394,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115396,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"",
"",
""
],
"fixAvailable": true
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 9,
"high": 4,
"critical": 0,
"total": 13
},
"dependencies": {
"prod": 1,
"dev": 322,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 322
}
}
}
}
--- end ---
{"added": 322, "removed": 0, "changed": 0, "audited": 323, "funding": 68, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@eslint/eslintrc": {"name": "@eslint/eslintrc", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["eslint", "eslint-plugin-unicorn"], "range": "0.0.1 || >=0.1.1", "nodes": ["", "node_modules/@eslint/eslintrc"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "brace-expansion": {"name": "brace-expansion", "severity": "moderate", "isDirect": false, "via": [{"source": 1115432, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<5.0.5"}], "effects": ["minimatch"], "range": "<5.0.5", "nodes": ["", "", "node_modules/brace-expansion"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "eslint": {"name": "eslint", "severity": "moderate", "isDirect": false, "via": ["@eslint/eslintrc", "minimatch"], "effects": ["eslint-config-wikimedia", "eslint-plugin-jest", "eslint-plugin-jsdoc", "eslint-plugin-vue", "grunt-eslint"], "range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2", "nodes": ["node_modules/eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint", "eslint-plugin-jest", "eslint-plugin-jsdoc", "eslint-plugin-unicorn", "eslint-plugin-vue"], "effects": [], "range": ">=0.9.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-jest": {"name": "eslint-plugin-jest", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "25.0.1 - 29.12.2", "nodes": ["node_modules/eslint-plugin-jest"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-jsdoc": {"name": "eslint-plugin-jsdoc", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "8.4.4 - 62.6.1", "nodes": ["node_modules/eslint-plugin-jsdoc"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-unicorn": {"name": "eslint-plugin-unicorn", "severity": "moderate", "isDirect": false, "via": ["@eslint/eslintrc"], "effects": ["eslint-config-wikimedia"], "range": "50.0.0 - 54.0.0", "nodes": ["node_modules/eslint-plugin-unicorn"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-vue": {"name": "eslint-plugin-vue", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "5.0.0-beta.0 - 10.7.0", "nodes": ["node_modules/eslint-plugin-vue"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["eslint", "grunt"], "effects": [], "range": "<=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, "brace-expansion"], "effects": ["@eslint/eslintrc", "eslint", "grunt"], "range": "<=10.0.2", "nodes": ["node_modules/@eslint/eslintrc/node_modules/minimatch", "node_modules/eslint-plugin-unicorn/node_modules/minimatch", "node_modules/eslint/node_modules/minimatch", "node_modules/minimatch"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "picomatch": {"name": "picomatch", "severity": "high", "isDirect": false, "via": [{"source": 1115382, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, {"source": 1115384, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}, {"source": 1115394, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, {"source": 1115396, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}], "effects": [], "range": "<=2.3.1 || 4.0.0 - 4.0.3", "nodes": ["", "", ""], "fixAvailable": true}, "yaml": {"name": "yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1115369, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}], "effects": [], "range": "2.0.0 - 2.8.2", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 9, "high": 4, "critical": 0, "total": 13}, "dependencies": {"prod": 1, "dev": 322, "optional": 0, "peer": 1, "peerOptional": 0, "total": 322}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 322 packages, and audited 323 packages in 4s
68 packages are looking for funding
run `npm fund` for details
# npm audit report
brace-expansion <5.0.5
Severity: moderate
brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/brace-expansion
minimatch <=10.0.2
Depends on vulnerable versions of brace-expansion
node_modules/@eslint/eslintrc/node_modules/minimatch
node_modules/eslint-plugin-unicorn/node_modules/minimatch
node_modules/eslint/node_modules/minimatch
node_modules/minimatch
@eslint/eslintrc 0.0.1 || >=0.1.1
Depends on vulnerable versions of minimatch
node_modules/@eslint/eslintrc
node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc
eslint 0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2
Depends on vulnerable versions of @eslint/eslintrc
Depends on vulnerable versions of minimatch
node_modules/eslint
eslint-config-wikimedia >=0.9.0
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-plugin-jest
Depends on vulnerable versions of eslint-plugin-jsdoc
Depends on vulnerable versions of eslint-plugin-unicorn
Depends on vulnerable versions of eslint-plugin-vue
node_modules/eslint-config-wikimedia
eslint-plugin-jest 25.0.1 - 29.12.2
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-jest
eslint-plugin-jsdoc 8.4.4 - 62.6.1
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-jsdoc
eslint-plugin-vue 5.0.0-beta.0 - 10.7.0
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-vue
grunt-eslint <=1.0.0 || 4.0.0 - 17.3.2 || >=18.1.0
Depends on vulnerable versions of eslint
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
eslint-plugin-unicorn 50.0.0 - 54.0.0
Depends on vulnerable versions of @eslint/eslintrc
node_modules/eslint-plugin-unicorn
grunt >=0.4.0-a
Depends on vulnerable versions of minimatch
node_modules/grunt
11 vulnerabilities (8 moderate, 3 high)
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 322 packages, and audited 323 packages in 4s
68 packages are looking for funding
run `npm fund` for details
11 vulnerabilities (8 moderate, 3 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
Running "banana:all" (banana) task
>> 1 message directory checked.
Done.
--- end ---
{"1115382": {"source": 1115382, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, "1115384": {"source": 1115384, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}, "1115394": {"source": 1115394, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, "1115396": {"source": 1115396, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}}
Upgrading n:picomatch from 2.3.1, 4.0.3 -> 2.3.2, 4.0.4
{"1115369": {"source": 1115369, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}}
Upgrading n:yaml from 2.4.1 -> 2.8.3
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.4.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpvf8aqskf
--- stdout ---
[REL1_43 8133694] build: Updating npm dependencies
1 file changed, 50 insertions(+), 47 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 813369498eae8ff362e70fb7eee5738a5ec1d75e Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 27 Mar 2026 11:43:37 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.4.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: I563ca40daf13a97650a24dac9c0d256e8e8790f5
---
package-lock.json | 97 ++++++++++++++++++++++++-----------------------
1 file changed, 50 insertions(+), 47 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 316a0e9..c63cd3c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -488,9 +488,9 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"dependencies": {
"balanced-match": "^4.0.2"
@@ -733,9 +733,9 @@
"dev": true
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -1399,19 +1399,19 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"dependencies": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
},
"engines": {
@@ -2984,9 +2984,9 @@
"dev": true
},
"node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
"engines": {
"node": ">=8.6"
@@ -3516,9 +3516,9 @@
}
},
"node_modules/tinyglobby/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -3574,9 +3574,9 @@
}
},
"node_modules/ts-declaration-location/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -3787,15 +3787,18 @@
}
},
"node_modules/yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},
"engines": {
- "node": ">= 14"
+ "node": ">= 14.6"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/eemeli"
}
},
"node_modules/yaml-eslint-parser": {
@@ -4168,9 +4171,9 @@
"dev": true
},
"brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"requires": {
"balanced-match": "^4.0.2"
@@ -4347,9 +4350,9 @@
"dev": true
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"requires": {
"balanced-match": "^1.0.0",
@@ -4830,19 +4833,19 @@
},
"dependencies": {
"@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"requires": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
}
},
@@ -6002,9 +6005,9 @@
"dev": true
},
"picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true
},
"pluralize": {
@@ -6373,9 +6376,9 @@
"requires": {}
},
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -6406,9 +6409,9 @@
},
"dependencies": {
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -6550,9 +6553,9 @@
"dev": true
},
"yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true
},
"yaml-eslint-parser": {
--
2.47.3
--- end ---